TR/injector.aop und TR/Symmi.6340.3 gefunden

Bene4 · 27.02.2013, 14:23

Hallo,
meine Freundin hat leider den Anhang einer email im zip-Format geöffnet und ich habe daraufhin einen antivir scan durchgeführt.
Dort wurden Trojaner gefunden. Hoffe ihr könnt mir helfen.
Den Log habe ich angehängt, da es ein erweiterter Report ist, konnte ich ihn nicht hier posten.
Hoffe das ihr damit trotzdem arbeiten könnt und mir helfen könnt, den Pc wieder zu reinigen.

cosinus · 27.02.2013, 14:55

Hallo,

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Erstmal eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

Bene4 · 27.02.2013, 20:23

OTL Logfile:
OTL EXTRAS Logfile:

Code:

ATTFilter

OTL logfile created on: 27.02.2013 20:15:03 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jana\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 60,92% Memory free
6,00 Gb Paging File | 4,62 Gb Available in Paging File | 77,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 424,66 Gb Total Space | 345,89 Gb Free Space | 81,45% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 30,87 Gb Free Space | 77,19% Space Free | Partition Type: NTFS
 
Computer Name: JANA-PC | User Name: Jana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jana\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Programme\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
PRC - C:\Programme\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)
PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Programme\Google\Chrome\Application\24.0.1312.57\ppgooglenaclpluginchrome.dll ()
MOD - C:\Programme\Google\Chrome\Application\24.0.1312.57\pdf.dll ()
MOD - C:\Programme\Google\Chrome\Application\24.0.1312.57\libglesv2.dll ()
MOD - C:\Programme\Google\Chrome\Application\24.0.1312.57\libegl.dll ()
MOD - C:\Programme\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3863.37734__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3863.37611__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3863.37668__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3863.37632__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Dashboard\2.0.3863.37736__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3863.37702__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Dashboard\2.0.3863.37712__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3863.37669__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3863.37683__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3863.37619__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3863.37663__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3863.37704__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3863.37668__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossFireX.Graphics.Dashboard\2.0.3863.37728__90ba9c70f846762e\CLI.Aspect.CrossFireX.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3863.37653__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3863.37701__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3863.37626__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Runtime\2.0.3863.37712__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3863.37620__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Runtime\2.0.3863.37736__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3863.37734__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3863.37730__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3863.37656__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3863.37633__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3863.37677__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3863.37654__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3863.37650__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3863.37662__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3863.37636__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3863.37632__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3863.37655__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3863.37660__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3863.37654__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3863.37655__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3863.37660__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3863.37636__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3863.37662__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3863.37600__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3863.37602__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3863.37605__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3863.37602__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3863.37606__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3863.37701__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3863.37604__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3863.37708__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3863.37610__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3863.37606__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3863.37604__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3863.37601__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3863.37646__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3863.37683__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3863.37668__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3863.37629__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3863.37654__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3863.37620__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3863.37702__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3863.37663__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3863.37620__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3863.37697__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3863.37677__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3863.37620__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3863.37629__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3863.37603__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3863.37660__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3863.37603__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3863.37610__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3863.37602__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0702\2.0.2594.25693__90ba9c70f846762e\DEM.Graphics.I0702.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3863.37626__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3863.37619__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.3863.37677__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3863.37703__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3863.37602__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3863.37610__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3863.37606__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3863.37605__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3863.37616__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3863.37728__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3863.37692__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3863.37625__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3863.37697__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3863.37695__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3863.37608__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3863.37609__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3863.37605__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3863.37709__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3863.37605__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3863.37614__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3863.37603__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3863.37604__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3863.37697__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3863.37625__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3863.37615__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3863.37631__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3863.37608__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3863.37606__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3863.37608__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3863.37607__90ba9c70f846762e\AEM.Server.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (cvhsvc) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
SRV - (Secunia PSI Agent) -- C:\Programme\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Programme\Secunia\PSI\sua.exe (Secunia)
SRV - (sftvsa) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Micro Star SCM) -- C:\Programme\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)
SRV - (PSI_SVC_2) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\Jana\AppData\Local\Temp\catchme.sys File not found
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (ATI Technologies, Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                           )
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-708478002-281803654-409329748-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-708478002-281803654-409329748-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-708478002-281803654-409329748-1000\..\SearchScopes,DefaultScope = {3B46B3D6-FE7D-43E6-8A6C-19F97C43CA37}
IE - HKU\S-1-5-21-708478002-281803654-409329748-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-708478002-281803654-409329748-1000\..\SearchScopes\{3B46B3D6-FE7D-43E6-8A6C-19F97C43CA37}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393DE411
IE - HKU\S-1-5-21-708478002-281803654-409329748-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-708478002-281803654-409329748-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNA&bmod=MDNA
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNA&bmod=MDNA
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AdBlock = C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.60_0\
CHR - Extension: Ghostery = C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.0_0\
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-708478002-281803654-409329748-1000..\Run: [Omyfvooqli] C:\Users\Jana\AppData\Roaming\Goqyag\azimu.exe (Samsung Electronics Co., Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-708478002-281803654-409329748-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-708478002-281803654-409329748-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{135951BA-ECD3-423F-BA85-ACB7B4E98D4E}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.27 20:02:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jana\Desktop\OTL.exe
[2013.02.27 14:28:24 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013.02.27 14:28:24 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Local\Programs
[2013.02.27 14:28:17 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013.02.27 14:28:11 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.27 14:28:11 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.27 14:28:11 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.27 14:28:10 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013.02.27 14:28:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.27 14:28:09 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013.02.27 14:28:09 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013.02.27 14:28:09 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013.02.27 14:28:09 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.27 14:28:09 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.27 14:28:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.27 14:28:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.27 14:28:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.27 14:28:08 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013.02.27 14:28:08 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.02.27 14:28:08 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013.02.27 14:28:08 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013.02.27 14:28:08 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013.02.27 14:28:08 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013.02.27 14:28:08 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013.02.27 14:28:08 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013.02.27 14:28:08 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013.02.27 14:28:07 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013.02.26 22:32:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.02.26 22:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.02.26 19:00:55 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Roaming\Talex
[2013.02.26 19:00:55 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Roaming\Lixax
[2013.02.26 19:00:55 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Roaming\Goqyag
[2013.02.26 19:00:00 | 000,000,000 | ---D | C] -- C:\Users\Jana\Rrdpnflpe
[2013.02.20 15:46:36 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.02.20 15:46:35 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.02.20 15:46:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.02.20 15:46:35 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.02.20 15:46:35 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.02.20 15:46:34 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.02.20 15:46:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.02.20 15:46:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.02.20 15:21:41 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.02.20 15:21:24 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2013.02.20 15:21:16 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.02.20 15:21:15 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.02.20 15:21:11 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.02.09 19:26:11 | 000,000,000 | ---D | C] -- C:\Users\Jana\Desktop\Karneval
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.27 20:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.27 20:06:17 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.27 20:06:17 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.27 20:06:01 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.02.27 20:06:01 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.02.27 20:03:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jana\Desktop\OTL.exe
[2013.02.27 19:58:02 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.27 19:57:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.27 19:57:40 | 2415,316,992 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.27 14:27:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.27 14:21:55 | 000,342,390 | ---- | M] () -- C:\Users\Jana\Desktop\AVSCAN-20130227-121201-4E0FCD56.zip
[2013.02.26 18:00:55 | 000,317,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.20 15:45:02 | 000,654,610 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.20 15:45:02 | 000,616,452 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.20 15:45:02 | 000,130,192 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.20 15:45:02 | 000,106,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2013.02.27 14:21:55 | 000,342,390 | ---- | C] () -- C:\Users\Jana\Desktop\AVSCAN-20130227-121201-4E0FCD56.zip
[2012.12.16 20:54:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.16 20:54:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.16 20:54:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.16 20:54:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.16 20:54:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.10.09 18:56:42 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.10.09 18:56:42 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.10.01 12:11:34 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.08.10 15:34:14 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Ashampoo
[2011.02.14 13:12:13 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\BullGuard
[2010.12.18 15:37:39 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Canneverbe Limited
[2010.12.18 15:47:03 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\dpdhl.versandhelfer.medionlap.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1
[2013.02.26 19:00:55 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Goqyag
[2013.02.27 12:06:17 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Lixax
[2012.12.09 16:00:58 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\OpenOffice.org
[2011.09.05 19:13:17 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\ProtectDISC
[2012.12.23 15:50:46 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\SoftGrid Client
[2011.02.14 13:12:13 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Software Inspection Library
[2013.02.26 19:00:55 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Talex
[2011.01.09 22:23:54 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\TP
[2010.12.20 23:19:51 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

--- --- ---

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 27.02.2013 20:15:03 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jana\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 60,92% Memory free
6,00 Gb Paging File | 4,62 Gb Available in Paging File | 77,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 424,66 Gb Total Space | 345,89 Gb Free Space | 81,45% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 30,87 Gb Free Space | 77,19% Space Free | Partition Type: NTFS
 
Computer Name: JANA-PC | User Name: Jana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-708478002-281803654-409329748-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D6CE194-0645-4A63-836A-F91A40E390D5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0F7B411E-AC8B-470C-9C6D-48F34F4825E6}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{1CD79DF9-AC8B-4A0D-A297-E92156824FD9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1E1EC31C-EEDC-437D-B506-C16E3823A82A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{351F5236-E872-4D3F-932A-169E2E8586D1}" = rport=138 | protocol=17 | dir=out | app=system | 
"{3FB8ABF8-EC6F-4248-9C62-96B1006A159C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{423F9A24-F8B6-47A9-AFAD-B831C943044A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4914306A-230B-4106-A706-D8CB1DB7A217}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4DF1C278-CC14-4774-9751-7588F05BE392}" = lport=137 | protocol=17 | dir=in | app=system | 
"{50CD42F3-0EF8-4A6B-AE2F-7CA0EFB2D3A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5FCB4CA0-4234-4B05-8D98-451B081C133E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6121F529-688C-41FE-938B-B7550849903D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6143580E-3058-4523-9030-9DDE3802C068}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{68C52244-5C69-4F10-863F-99E97BF3238A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{767B55A6-230D-4A19-88B7-80B33A862EB1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{7B31E753-28D3-4761-9141-C6C05A4CA791}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8241324F-F441-4514-913B-1B67F89FEB61}" = lport=445 | protocol=6 | dir=in | app=system | 
"{947A350F-954F-4265-8CB9-AC957CF06DEE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9BC90078-1291-4C5A-8F01-21A0DDC37774}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AAA383F5-8D1A-457C-8C9F-AF79B7FEFAB9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B2F4212B-43C4-49FA-9520-857BF95F2C3A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B99AE337-76D4-47E9-B11A-F81D6BCB79A3}" = lport=138 | protocol=17 | dir=in | app=system | 
"{CA194E91-D0D0-4297-9525-ADE3BE9B3FB5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{DB0D51F8-0074-466E-90EC-834C47C5CB48}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{DB640436-E021-4F38-A740-AC3D8930CFA9}" = lport=10243 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2770F54A-1E69-423A-BE52-767927465819}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{2DF59073-7682-464C-895D-750B61FC3FDF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{327C36DF-86ED-4644-9DAC-F86264C4A99A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4561DB4B-9A31-4FE9-A835-F355E626F542}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{568D06AE-D575-4AC9-B8E9-684DD6D93E60}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{6B3123D4-784B-485A-B21A-047A26F6F51A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6C059CCA-6CA1-45B9-B5C0-149D4A332E27}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{7025881C-7EF7-4B3C-86B3-2ADE4A707829}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7323CA0E-109D-4FA0-857E-02BCC68464C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{819845A6-F072-4D6C-96AE-D3529B124497}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{91D3F860-D7EE-4C38-B9F0-BA06B91CE6A5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{934E815B-532D-4C81-A9BF-B37005F23E84}" = protocol=6 | dir=out | app=system | 
"{9C2AC083-BDBD-49CC-B63D-0D7B2F8D624D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A43DA7E3-2C8B-4FAA-A9F7-C259338A1081}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C20FF8B2-51E1-49D4-A98D-B904587D085B}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{DAB5A0B8-C46F-4CBC-A02B-8412EA5BD114}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E1B98BA6-2EF8-4765-BA3F-AF966A255251}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E3E4ED30-0E1F-464A-8C64-433EFA0FBF06}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F57CC324-E07C-4632-BC66-D9D260C93BB9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{2AF0DEAA-379F-4831-A89F-8701DDF57CEA}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{85152495-0362-4756-A04D-5E831B38F806}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{9C518A45-73C5-4B07-A373-4BC20D3B40C3}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{9F7BB652-78DA-4E23-A5E9-0E24DFA64541}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{A0D79C77-5BAD-4F05-B533-7810473C0F91}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{FEA133BF-A6AD-427A-AD02-2FCFA0F514A2}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{1E0C7B42-CBC7-46FE-8C81-B38499D7A63D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{2EEAFDFE-82F4-4D09-A1EE-CD5E7082EB9D}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{5DC51E89-5B81-4DCA-8148-CED5B78FE00B}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{5E816D5F-4D0C-4404-A546-F5BCD26547F0}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{5F707049-7EF2-4A80-AD5D-C5D02F665FF4}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{90AF2592-886E-453E-BB7F-BF6CFE7C5C1C}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{040E8987-3C5C-EEE9-7C3C-1A25D5EFE21E}" = Catalyst Control Center Graphics Light
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{12A58E1A-7B5F-6CC8-A299-C9896DCD7982}" = CCC Help Italian
"{142C7D29-6031-806E-C3F5-9053594EF332}" = ATI Catalyst Install Manager
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1BCE0E72-5BE9-150F-04B8-75C1C67E01EB}" = CCC Help Chinese Traditional
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FDDD2DF-4EDD-BDBB-483D-8DBF60DA5BAB}" = CCC Help Finnish
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
"{275C93C7-5FE4-3157-D289-AADD3E973B75}" = CCC Help Korean
"{28C40108-8E43-7BFB-C9DF-06C8E183323A}" = Catalyst Control Center Graphics Previews Common
"{2E03C934-17D0-D1F7-0631-8EB7DDB7B8D5}" = CCC Help Thai
"{2EA73859-A140-04D7-136C-6B29704CC796}" = CCC Help Danish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5E294C-A62C-3459-BAA0-B6AAD8E83460}" = CCC Help Swedish
"{435AD583-AFB5-03A8-7F65-721327D6BB11}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4F007121-E30C-09A3-E548-ED75161611E3}" = CCC Help Greek
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6438EBAC-5305-39A5-A93E-88CDFA6CE947}" = Google Chrome
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{656A4D8E-9DFA-813E-541E-C047B130D58F}" = Catalyst Control Center Core Implementation
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76690645-425D-59BF-6CA7-CBA3D68C159F}" = Catalyst Control Center Localization All
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AF57B88-28DF-D7AA-A9A5-01D535C8023D}" = CCC Help Spanish
"{8B4C0BC1-67A3-6CA9-123B-992DCF14C5AF}" = Catalyst Control Center Graphics Full Existing
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DA00A19-9AB2-2724-36CD-5094EC6F4A45}" = Catalyst Control Center InstallProxy
"{8DBF1BC7-E29D-EF2A-3EAD-98D70C4F6C5B}" = ccc-core-static
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{923D47BD-3BE2-1B83-B9FD-9189FD4474AB}" = CCC Help Dutch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94DCFB3E-015B-C9B4-763B-D07329E89A6D}" = CCC Help Hungarian
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A39B0352-24A9-5D58-E272-91218BC8A51E}" = CCC Help Polish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9139E41-8969-54D1-AF85-D30E8DFF50FE}" = CCC Help Russian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BF3C0386-BADC-F3DF-25A5-435B10852B13}" = CCC Help French
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{CBC9CF44-0F09-42EC-6BB0-44AC5C413BCE}" = CCC Help Turkish
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0A5043-8744-A076-9515-AD6B4421152B}" = Catalyst Control Center Graphics Previews Vista
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{CFA1A443-F2D9-097D-4CE3-D965A2178B32}" = CCC Help Norwegian
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D776CF6B-93A2-DEFC-3B80-431CB59B3E76}" = CCC Help Czech
"{D7E49254-D6DD-0175-7409-F8DC8B5C1749}" = ccc-utility
"{DAAACF3B-7EFF-6A05-E2CF-2581F8B2B1B1}" = CCC Help Chinese Standard
"{DB3E28FF-969F-0C82-8C24-893823FCC203}" = CCC Help Japanese
"{DCE271F2-588E-F0B5-F0BE-7621BBAB1B6A}" = CCC Help German
"{DD70AAF2-66CA-7BDE-CF7D-AA814A8B939E}" = Catalyst Control Center Graphics Full New
"{DE656F94-4E2A-66AA-DEEA-07638647690D}" = CCC Help Portuguese
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"Xvid_is1" = Xvid 1.1.3 final uninstall
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-708478002-281803654-409329748-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 27.10.2011 10:43:54 | Computer Name = Jana-PC | Source = Application Hang | ID = 1002
Description = Programm RATOF.exe, Version 1.0.0.1 kann nicht mehr unter Windows 
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 794    Startzeit: 
01cc94b688a6a3fc    Endzeit: 11    Anwendungspfad: C:\Program Files\CRIMSON COW\RUNAWAY 
- A TWIST OF FATE\RATOF.exe    Berichts-ID:   
 
Error - 27.10.2011 11:42:01 | Computer Name = Jana-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RATOF.exe, Version: 1.0.0.1, Zeitstempel:
 0x4ae04a08  Name des fehlerhaften Moduls: RATOF.exe, Version: 1.0.0.1, Zeitstempel:
 0x4ae04a08  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0005921c  ID des fehlerhaften Prozesses:
 0x12b0  Startzeit der fehlerhaften Anwendung: 0x01cc94b6e1d379a4  Pfad der fehlerhaften
 Anwendung: C:\Program Files\CRIMSON COW\RUNAWAY - A TWIST OF FATE\RATOF.exe  Pfad
 des fehlerhaften Moduls: C:\Program Files\CRIMSON COW\RUNAWAY - A TWIST OF FATE\RATOF.exe
Berichtskennung:
 35ffac8b-00b2-11e1-8eaf-406186af320b
 
Error - 28.10.2011 11:49:09 | Computer Name = Jana-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddWin32ServiceFiles: Unable to back up image of service
 Google Software Updater since QueryServiceConfig API failed  System Error: Das System
 kann die angegebene Datei nicht finden.  .
 
Error - 13.11.2011 07:38:04 | Computer Name = Jana-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 9b0    Startzeit: 01cca1f89eb9994c    Endzeit: 16    Anwendungspfad: 
C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 20.11.2011 10:16:31 | Computer Name = Jana-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 115c    Startzeit: 01cca78e0c6d3a76    Endzeit: 20    Anwendungspfad:
 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 15.12.2011 16:19:35 | Computer Name = Jana-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Das Zeitlimit für den Vorgang wurde erreicht.  
 
Error - 23.12.2011 08:07:35 | Computer Name = Jana-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 124c    Startzeit: 01ccc166211ad5a6    Endzeit: 30    Anwendungspfad:
 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 24.12.2011 08:45:50 | Computer Name = Jana-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_LanmanServer, Version:
 6.1.7600.16385, Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version:
 0.0.0.0, Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0xc000000d
ID
 des fehlerhaften Prozesses: 0x3ec  Startzeit der fehlerhaften Anwendung: 0x01ccc239e992d52a
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 34d9709c-2e2d-11e1-a637-406186af320b
 
Error - 30.12.2011 11:32:41 | Computer Name = Jana-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet
 werden.  
 
Error - 04.01.2012 07:54:17 | Computer Name = Jana-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_LanmanServer, Version:
 6.1.7600.16385, Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: SSCORE.DLL,
 Version: 6.1.7601.17514, Zeitstempel: 0x4ce795a6  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x00001513  ID des fehlerhaften Prozesses: 0x3f0  Startzeit der fehlerhaften Anwendung:
 0x01cccad78730633f  Pfad der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\SSCORE.DLL  Berichtskennung: d3db0d29-36ca-11e1-bc34-406186af320b
 
[ System Events ]
Error - 16.01.2013 09:31:00 | Computer Name = Jana-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000
 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 16.01.2013 09:32:00 | Computer Name = Jana-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Server" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, 
ist fehlgeschlagen. Fehler:   %%1056
 
Error - 16.01.2013 09:33:00 | Computer Name = Jana-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Benutzerprofildienst" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
 ist fehlgeschlagen. Fehler:   %%1056
 
Error - 16.01.2013 09:33:03 | Computer Name = Jana-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Neustart 
des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:   %%1056
 
Error - 17.01.2013 11:44:29 | Computer Name = Jana-PC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.24  registriert werden. Der Computer mit IP-Adresse 192.168.178.1
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 09.02.2013 14:20:42 | Computer Name = Jana-PC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.24  registriert werden. Der Computer mit IP-Adresse 192.168.178.1
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 09.02.2013 14:24:14 | Computer Name = Jana-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?09.?02.?2013 um 19:22:35 unerwartet heruntergefahren.
 
Error - 27.02.2013 07:03:34 | Computer Name = Jana-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 27.02.2013 09:33:02 | Computer Name = Jana-PC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.24  registriert werden. Der Computer mit IP-Adresse 192.168.178.1
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 27.02.2013 09:34:12 | Computer Name = Jana-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
 
< End of report >

--- --- ---

cosinus · 27.02.2013, 20:55

Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus.

Anleitung MBAR:

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Bene4 · 28.02.2013, 13:11

GMER Logfile:

Code:

ATTFilter

GMER 2.1.19115 - hxxp://www.gmer.net
Rootkit scan 2013-02-28 13:10:07
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000059 Hitachi_ rev.PB4O 465,76GB
Running: gmer_2.1.19115.exe; Driver: C:\Users\Jana\AppData\Local\Temp\pwldypow.sys


---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                    8324D9E9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                      832871C2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                    section is writeable [0x91038000, 0x2FC71C, 0xE8000020]
.vmp2           C:\Windows\system32\drivers\acedrv11.sys                                                                    entry point in ".vmp2" section [0x9D59269D]

---- User code sections - GMER 2.1 ----

.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] ntdll.dll!NtCreateUserProcess                        77965778 4 Bytes  [68, 93, 5C, 05]
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] ntdll.dll!NtCreateUserProcess + 5                    7796577D 1 Byte  [C3]
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] ntdll.dll!LdrLoadDll                                 7798223E 6 Bytes  PUSH 00055DBE; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] kernel32.dll!GetFileAttributesExW                    778330C6 6 Bytes  PUSH 00056027; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] kernel32.dll!ExitProcess                             7784BBE2 6 Bytes  PUSH 00055FE6; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] ADVAPI32.dll!CreateProcessAsUserW                    7740C592 6 Bytes  PUSH 000560A4; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] ADVAPI32.dll!CreateProcessAsUserA                    77442538 6 Bytes  PUSH 0005608D; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] USER32.dll!SwitchDesktop                             7664476B 6 Bytes  PUSH 0004FCB8; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] USER32.dll!OpenInputDesktop                          76645C39 4 Bytes  [68, 68, FC, 04]
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] USER32.dll!OpenInputDesktop + 5                      76645C3E 1 Byte  [C3]
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] USER32.dll!RegisterClassExA                          76646293 6 Bytes  PUSH 000500C6; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] USER32.dll!GetCapture                                76649DC7 6 Bytes  PUSH 00055A98; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] USER32.dll!GetCursorPos                              7664A4B3 6 Bytes  PUSH 0005596A; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] USER32.dll!GetUpdateRect                             7664A575 6 Bytes  PUSH 0004B1B8; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] USER32.dll!DefWindowProcA                            7664BB1C 6 Bytes  PUSH 0004FD1C; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] USER32.dll!RegisterClassA                            7664BC6A 6 Bytes  PUSH 00050027; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] USER32.dll!RegisterClassW                            7664ED4A 6 Bytes  PUSH 0004FFDA; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] USER32.dll!RegisterClassExW                          76650162 6 Bytes  PUSH 00050074; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] USER32.dll!GetMessageA                               76651899 6 Bytes  PUSH 00055B5F; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] USER32.dll!PeekMessageA                              766519A5 6 Bytes  PUSH 00055BB2; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] USER32.dll!CallWindowProcW                           76651B3C 6 Bytes  PUSH 0004FF0C; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] USER32.dll!GetDCEx                                   76652D57 4 Bytes  [68, 9F, B0, 04]
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] USER32.dll!GetDCEx + 5                               76652D5C 1 Byte  [C3]
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] USER32.dll!GetWindowDC                               76654AB7 4 Bytes  [68, 39, B1, 04]
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] USER32.dll!GetWindowDC + 5                           76654ABC 1 Byte  [C3]
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] USER32.dll!DefWindowProcW                            7665507D 6 Bytes  PUSH 0004FCD6; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] USER32.dll!ReleaseDC                                 76655421 6 Bytes  PUSH 0004B178; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] USER32.dll!GetDC                                     7665544C 4 Bytes  [68, FA, B0, 04]
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] USER32.dll!GetDC + 5                                 76655451 1 Byte  [C3]
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] USER32.dll!BeginPaint                                76655D14 4 Bytes  [68, EF, AF, 04]
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] USER32.dll!BeginPaint + 5                            76655D19 1 Byte  [C3]
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] USER32.dll!EndPaint                                  76655D42 4 Bytes  [68, 5F, B0, 04]
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] USER32.dll!EndPaint + 5                              76655D47 1 Byte  [C3]
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] USER32.dll!PeekMessageW                              7665634A 6 Bytes  PUSH 00055B87; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] USER32.dll!TranslateMessage                          766564C7 6 Bytes  PUSH 0004B82C; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] USER32.dll!GetMessageW                               7665CDE8 6 Bytes  PUSH 00055B37; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] USER32.dll!GetClipboardData                          76662BA7 6 Bytes  PUSH 0004B9DB; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] USER32.dll!DefDlgProcA                               766671E4 6 Bytes  PUSH 0004FDA8; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] USER32.dll!DefMDIChildProcW                          7667150A 6 Bytes  PUSH 0004FE80; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] USER32.dll!DefFrameProcW                             7667152B 6 Bytes  PUSH 0004FDEE; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] USER32.dll!GetUpdateRgn                              76671C07 6 Bytes  PUSH 0004B24B; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] USER32.dll!DefFrameProcA                             766725B7 6 Bytes  PUSH 0004FE37; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] USER32.dll!DefMDIChildProcA                          766725DB 6 Bytes  PUSH 0004FEC6; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] USER32.dll!CallWindowProcA                           76672BD3 6 Bytes  PUSH 0004FF55; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] USER32.dll!DefDlgProcW                               76675BC1 6 Bytes  PUSH 0004FD62; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] USER32.dll!GetMessagePos                             76676703 6 Bytes  PUSH 00055938; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] USER32.dll!SetCapture                                76676932 4 Bytes  [68, EE, 59, 05]
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] USER32.dll!SetCapture + 5                            76676937 1 Byte  [C3]
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] USER32.dll!ReleaseCapture                            766769F2 6 Bytes  PUSH 00055A48; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] USER32.dll!SetCursorPos                              7668C1B0 6 Bytes  PUSH 000559B1; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] WININET.dll!InternetCloseHandle                      7652C664 6 Bytes  PUSH 00047276; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] WININET.dll!HttpQueryInfoA                           7652E13A 6 Bytes  PUSH 00047416; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] WININET.dll!InternetReadFile                         7652F8D8 6 Bytes  PUSH 000472E3; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] WININET.dll!InternetQueryDataAvailable               76533184 6 Bytes  JMP C3000473 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] WININET.dll!HttpOpenRequestA                         76555761 6 Bytes  PUSH 00046FB8; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] WININET.dll!HttpOpenRequestW                         76555FEF 6 Bytes  PUSH 00046F74; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] WININET.dll!HttpSendRequestW                         7655632D 6 Bytes  PUSH 00046FFC; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] WININET.dll!InternetReadFileExA                      7655FA49 6 Bytes  PUSH 00047311; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] WININET.dll!HttpSendRequestExW                       7656F564 6 Bytes  PUSH 000470A6; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] WININET.dll!HttpEndRequestA                          7656F639 6 Bytes  PUSH 000471E0; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] WININET.dll!InternetSetFilePointer                   76584F2F 6 Bytes  PUSH 00047390; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] WININET.dll!HttpSendRequestA                         7658525A 6 Bytes  PUSH 00047051; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] WININET.dll!HttpSendRequestExA                       765CECE5 6 Bytes  PUSH 00047143; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] WININET.dll!HttpEndRequestW                          765CEDB7 6 Bytes  PUSH 0004722B; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] WS2_32.dll!closesocket                               77753918 6 Bytes  PUSH 000506D4; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] WS2_32.dll!getaddrinfo                               77754296 6 Bytes  PUSH 000502E5; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] WS2_32.dll!WSASend                                   77754406 6 Bytes  PUSH 0005072D; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] WS2_32.dll!send                                      77756F01 6 Bytes  PUSH 0005070C; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] WS2_32.dll!gethostbyname                             77767673 6 Bytes  PUSH 00050275; RET 
.text           C:\Program Files\Internet Explorer\IELowutil.exe[1756] CRYPT32.dll!PFXImportCertStore                       75CF1224 6 Bytes  PUSH 00045C51; RET 
.text           C:\Windows\system32\taskhost.exe[2736] ntdll.dll!NtCreateUserProcess                                        77965778 6 Bytes  PUSH 01405C93; RET 
.text           C:\Windows\system32\taskhost.exe[2736] ntdll.dll!LdrLoadDll                                                 7798223E 6 Bytes  PUSH 01405DBE; RET 
.text           C:\Windows\system32\taskhost.exe[2736] kernel32.dll!GetFileAttributesExW                                    778330C6 6 Bytes  PUSH 01406027; RET 
.text           C:\Windows\system32\taskhost.exe[2736] kernel32.dll!ExitProcess                                             7784BBE2 6 Bytes  PUSH 01405FE6; RET 
.text           C:\Windows\system32\taskhost.exe[2736] USER32.dll!SwitchDesktop                                             7664476B 6 Bytes  PUSH 013FFCB8; RET 
.text           C:\Windows\system32\taskhost.exe[2736] USER32.dll!OpenInputDesktop                                          76645C39 6 Bytes  PUSH C3013FFC; RET 
.text           C:\Windows\system32\taskhost.exe[2736] USER32.dll!RegisterClassExA                                          76646293 6 Bytes  PUSH 014000C6; RET 
.text           C:\Windows\system32\taskhost.exe[2736] USER32.dll!GetCapture                                                76649DC7 6 Bytes  PUSH 01405A98; RET 
.text           C:\Windows\system32\taskhost.exe[2736] USER32.dll!GetCursorPos                                              7664A4B3 6 Bytes  PUSH 0140596A; RET 
.text           C:\Windows\system32\taskhost.exe[2736] USER32.dll!GetUpdateRect                                             7664A575 6 Bytes  PUSH 013FB1B8; RET 
.text           C:\Windows\system32\taskhost.exe[2736] USER32.dll!DefWindowProcA                                            7664BB1C 6 Bytes  PUSH 013FFD1C; RET 
.text           C:\Windows\system32\taskhost.exe[2736] USER32.dll!RegisterClassA                                            7664BC6A 6 Bytes  PUSH 01400027; RET 
.text           C:\Windows\system32\taskhost.exe[2736] USER32.dll!RegisterClassW                                            7664ED4A 6 Bytes  PUSH 013FFFDA; RET 
.text           C:\Windows\system32\taskhost.exe[2736] USER32.dll!RegisterClassExW                                          76650162 6 Bytes  PUSH 01400074; RET 
.text           C:\Windows\system32\taskhost.exe[2736] USER32.dll!GetMessageA                                               76651899 6 Bytes  PUSH 01405B5F; RET 
.text           C:\Windows\system32\taskhost.exe[2736] USER32.dll!PeekMessageA                                              766519A5 6 Bytes  PUSH 01405BB2; RET 
.text           C:\Windows\system32\taskhost.exe[2736] USER32.dll!CallWindowProcW                                           76651B3C 6 Bytes  PUSH 013FFF0C; RET 
.text           C:\Windows\system32\taskhost.exe[2736] USER32.dll!GetDCEx                                                   76652D57 6 Bytes  PUSH 013FB09F; RET 
.text           C:\Windows\system32\taskhost.exe[2736] USER32.dll!GetWindowDC                                               76654AB7 6 Bytes  PUSH 013FB139; RET 
.text           C:\Windows\system32\taskhost.exe[2736] USER32.dll!DefWindowProcW                                            7665507D 6 Bytes  PUSH 013FFCD6; RET 
.text           C:\Windows\system32\taskhost.exe[2736] USER32.dll!ReleaseDC                                                 76655421 6 Bytes  PUSH 013FB178; RET 
.text           C:\Windows\system32\taskhost.exe[2736] USER32.dll!GetDC                                                     7665544C 6 Bytes  PUSH 013FB0FA; RET 
.text           C:\Windows\system32\taskhost.exe[2736] USER32.dll!BeginPaint                                                76655D14 6 Bytes  PUSH 013FAFEF; RET 
.text           C:\Windows\system32\taskhost.exe[2736] USER32.dll!EndPaint                                                  76655D42 6 Bytes  PUSH 013FB05F; RET 
.text           C:\Windows\system32\taskhost.exe[2736] USER32.dll!PeekMessageW                                              7665634A 6 Bytes  PUSH 01405B87; RET 
.text           C:\Windows\system32\taskhost.exe[2736] USER32.dll!TranslateMessage                                          766564C7 6 Bytes  PUSH 013FB82C; RET 
.text           C:\Windows\system32\taskhost.exe[2736] USER32.dll!GetMessageW                                               7665CDE8 6 Bytes  PUSH 01405B37; RET 
.text           C:\Windows\system32\taskhost.exe[2736] USER32.dll!GetClipboardData                                          76662BA7 6 Bytes  PUSH 013FB9DB; RET 
.text           C:\Windows\system32\taskhost.exe[2736] USER32.dll!DefDlgProcA                                               766671E4 6 Bytes  PUSH 013FFDA8; RET 
.text           C:\Windows\system32\taskhost.exe[2736] USER32.dll!DefMDIChildProcW                                          7667150A 6 Bytes  PUSH 013FFE80; RET 
.text           C:\Windows\system32\taskhost.exe[2736] USER32.dll!DefFrameProcW                                             7667152B 6 Bytes  PUSH 013FFDEE; RET 
.text           C:\Windows\system32\taskhost.exe[2736] USER32.dll!GetUpdateRgn                                              76671C07 6 Bytes  PUSH 013FB24B; RET 
.text           C:\Windows\system32\taskhost.exe[2736] USER32.dll!DefFrameProcA                                             766725B7 6 Bytes  PUSH 013FFE37; RET 
.text           C:\Windows\system32\taskhost.exe[2736] USER32.dll!DefMDIChildProcA                                          766725DB 6 Bytes  PUSH 013FFEC6; RET 
.text           C:\Windows\system32\taskhost.exe[2736] USER32.dll!CallWindowProcA                                           76672BD3 6 Bytes  PUSH 013FFF55; RET 
.text           C:\Windows\system32\taskhost.exe[2736] USER32.dll!DefDlgProcW                                               76675BC1 6 Bytes  PUSH 013FFD62; RET 
.text           C:\Windows\system32\taskhost.exe[2736] USER32.dll!GetMessagePos                                             76676703 6 Bytes  PUSH 01405938; RET 
.text           C:\Windows\system32\taskhost.exe[2736] USER32.dll!SetCapture                                                76676932 6 Bytes  PUSH 014059EE; RET 
.text           C:\Windows\system32\taskhost.exe[2736] USER32.dll!ReleaseCapture                                            766769F2 6 Bytes  PUSH 01405A48; RET 
.text           C:\Windows\system32\taskhost.exe[2736] USER32.dll!SetCursorPos                                              7668C1B0 6 Bytes  PUSH 014059B1; RET 
.text           C:\Windows\system32\taskhost.exe[2736] ADVAPI32.dll!CreateProcessAsUserW                                    7740C592 6 Bytes  PUSH 014060A4; RET 
.text           C:\Windows\system32\taskhost.exe[2736] ADVAPI32.dll!CreateProcessAsUserA                                    77442538 6 Bytes  PUSH 0140608D; RET 
.text           C:\Windows\system32\taskhost.exe[2736] WS2_32.dll!closesocket                                               77753918 6 Bytes  PUSH 014006D4; RET 
.text           C:\Windows\system32\taskhost.exe[2736] WS2_32.dll!getaddrinfo                                               77754296 6 Bytes  PUSH 014002E5; RET 
.text           C:\Windows\system32\taskhost.exe[2736] WS2_32.dll!WSASend                                                   77754406 6 Bytes  PUSH 0140072D; RET 
.text           C:\Windows\system32\taskhost.exe[2736] WS2_32.dll!send                                                      77756F01 6 Bytes  PUSH 0140070C; RET 
.text           C:\Windows\system32\taskhost.exe[2736] WS2_32.dll!gethostbyname                                             77767673 6 Bytes  PUSH 01400275; RET 
.text           C:\Windows\system32\taskhost.exe[2736] CRYPT32.dll!PFXImportCertStore                                       75CF1224 6 Bytes  PUSH 013F5C51; RET 
.text           C:\Windows\system32\taskhost.exe[2736] WININET.dll!InternetCloseHandle                                      7652C664 6 Bytes  PUSH 013F7276; RET 
.text           C:\Windows\system32\taskhost.exe[2736] WININET.dll!HttpQueryInfoA                                           7652E13A 6 Bytes  PUSH 013F7416; RET 
.text           C:\Windows\system32\taskhost.exe[2736] WININET.dll!InternetReadFile                                         7652F8D8 6 Bytes  PUSH 013F72E3; RET 
.text           C:\Windows\system32\taskhost.exe[2736] WININET.dll!InternetQueryDataAvailable                               76533184 6 Bytes  JMP C3013F73 
.text           C:\Windows\system32\taskhost.exe[2736] WININET.dll!HttpOpenRequestA                                         76555761 6 Bytes  PUSH 013F6FB8; RET 
.text           C:\Windows\system32\taskhost.exe[2736] WININET.dll!HttpOpenRequestW                                         76555FEF 6 Bytes  PUSH 013F6F74; RET 
.text           C:\Windows\system32\taskhost.exe[2736] WININET.dll!HttpSendRequestW                                         7655632D 6 Bytes  PUSH 013F6FFC; RET 
.text           C:\Windows\system32\taskhost.exe[2736] WININET.dll!InternetReadFileExA                                      7655FA49 6 Bytes  PUSH 013F7311; RET 
.text           C:\Windows\system32\taskhost.exe[2736] WININET.dll!HttpSendRequestExW                                       7656F564 6 Bytes  PUSH 013F70A6; RET 
.text           C:\Windows\system32\taskhost.exe[2736] WININET.dll!HttpEndRequestA                                          7656F639 6 Bytes  PUSH 013F71E0; RET 
.text           C:\Windows\system32\taskhost.exe[2736] WININET.dll!InternetSetFilePointer                                   76584F2F 6 Bytes  PUSH 013F7390; RET 
.text           C:\Windows\system32\taskhost.exe[2736] WININET.dll!HttpSendRequestA                                         7658525A 6 Bytes  PUSH 013F7051; RET 
.text           C:\Windows\system32\taskhost.exe[2736] WININET.dll!HttpSendRequestExA                                       765CECE5 6 Bytes  PUSH 013F7143; RET 
.text           C:\Windows\system32\taskhost.exe[2736] WININET.dll!HttpEndRequestW                                          765CEDB7 6 Bytes  PUSH 013F722B; RET 
.text           C:\Windows\system32\Dwm.exe[2780] ntdll.dll!NtCreateUserProcess                                             77965778 6 Bytes  PUSH 01335C93; RET 
.text           C:\Windows\system32\Dwm.exe[2780] ntdll.dll!LdrLoadDll                                                      7798223E 6 Bytes  PUSH 01335DBE; RET 
.text           C:\Windows\system32\Dwm.exe[2780] kernel32.dll!GetFileAttributesExW                                         778330C6 6 Bytes  PUSH 01336027; RET 
.text           C:\Windows\system32\Dwm.exe[2780] kernel32.dll!ExitProcess                                                  7784BBE2 6 Bytes  PUSH 01335FE6; RET 
.text           C:\Windows\system32\Dwm.exe[2780] USER32.dll!SwitchDesktop                                                  7664476B 6 Bytes  PUSH 0132FCB8; RET 
.text           C:\Windows\system32\Dwm.exe[2780] USER32.dll!OpenInputDesktop                                               76645C39 6 Bytes  PUSH C30132FC; RET 
.text           C:\Windows\system32\Dwm.exe[2780] USER32.dll!RegisterClassExA                                               76646293 6 Bytes  PUSH 013300C6; RET 
.text           C:\Windows\system32\Dwm.exe[2780] USER32.dll!GetCapture                                                     76649DC7 6 Bytes  PUSH 01335A98; RET 
.text           C:\Windows\system32\Dwm.exe[2780] USER32.dll!GetCursorPos                                                   7664A4B3 6 Bytes  PUSH 0133596A; RET 
.text           C:\Windows\system32\Dwm.exe[2780] USER32.dll!GetUpdateRect                                                  7664A575 6 Bytes  PUSH 0132B1B8; RET 
.text           C:\Windows\system32\Dwm.exe[2780] USER32.dll!DefWindowProcA                                                 7664BB1C 6 Bytes  PUSH 0132FD1C; RET 
.text           C:\Windows\system32\Dwm.exe[2780] USER32.dll!RegisterClassA                                                 7664BC6A 6 Bytes  PUSH 01330027; RET 
.text           C:\Windows\system32\Dwm.exe[2780] USER32.dll!RegisterClassW                                                 7664ED4A 6 Bytes  PUSH 0132FFDA; RET 
.text           C:\Windows\system32\Dwm.exe[2780] USER32.dll!RegisterClassExW                                               76650162 6 Bytes  PUSH 01330074; RET 
.text           C:\Windows\system32\Dwm.exe[2780] USER32.dll!GetMessageA                                                    76651899 6 Bytes  PUSH 01335B5F; RET 
.text           C:\Windows\system32\Dwm.exe[2780] USER32.dll!PeekMessageA                                                   766519A5 6 Bytes  PUSH 01335BB2; RET 
.text           C:\Windows\system32\Dwm.exe[2780] USER32.dll!CallWindowProcW                                                76651B3C 6 Bytes  PUSH 0132FF0C; RET 
.text           C:\Windows\system32\Dwm.exe[2780] USER32.dll!GetDCEx                                                        76652D57 6 Bytes  PUSH 0132B09F; RET 
.text           C:\Windows\system32\Dwm.exe[2780] USER32.dll!GetWindowDC                                                    76654AB7 6 Bytes  PUSH 0132B139; RET 
.text           C:\Windows\system32\Dwm.exe[2780] USER32.dll!DefWindowProcW                                                 7665507D 6 Bytes  PUSH 0132FCD6; RET 
.text           C:\Windows\system32\Dwm.exe[2780] USER32.dll!ReleaseDC                                                      76655421 6 Bytes  PUSH 0132B178; RET 
.text           C:\Windows\system32\Dwm.exe[2780] USER32.dll!GetDC                                                          7665544C 6 Bytes  PUSH 0132B0FA; RET 
.text           C:\Windows\system32\Dwm.exe[2780] USER32.dll!BeginPaint                                                     76655D14 6 Bytes  PUSH 0132AFEF; RET 
.text           C:\Windows\system32\Dwm.exe[2780] USER32.dll!EndPaint                                                       76655D42 6 Bytes  PUSH 0132B05F; RET 
.text           C:\Windows\system32\Dwm.exe[2780] USER32.dll!PeekMessageW                                                   7665634A 6 Bytes  PUSH 01335B87; RET 
.text           C:\Windows\system32\Dwm.exe[2780] USER32.dll!TranslateMessage                                               766564C7 6 Bytes  PUSH 0132B82C; RET 
.text           C:\Windows\system32\Dwm.exe[2780] USER32.dll!GetMessageW                                                    7665CDE8 6 Bytes  PUSH 01335B37; RET 
.text           C:\Windows\system32\Dwm.exe[2780] USER32.dll!GetClipboardData                                               76662BA7 6 Bytes  PUSH 0132B9DB; RET 
.text           C:\Windows\system32\Dwm.exe[2780] USER32.dll!DefDlgProcA                                                    766671E4 6 Bytes  PUSH 0132FDA8; RET 
.text           C:\Windows\system32\Dwm.exe[2780] USER32.dll!DefMDIChildProcW                                               7667150A 6 Bytes  PUSH 0132FE80; RET 
.text           C:\Windows\system32\Dwm.exe[2780] USER32.dll!DefFrameProcW                                                  7667152B 6 Bytes  PUSH 0132FDEE; RET 
.text           C:\Windows\system32\Dwm.exe[2780] USER32.dll!GetUpdateRgn                                                   76671C07 6 Bytes  PUSH 0132B24B; RET 
.text           C:\Windows\system32\Dwm.exe[2780] USER32.dll!DefFrameProcA                                                  766725B7 6 Bytes  PUSH 0132FE37; RET 
.text           C:\Windows\system32\Dwm.exe[2780] USER32.dll!DefMDIChildProcA                                               766725DB 6 Bytes  PUSH 0132FEC6; RET 
.text           C:\Windows\system32\Dwm.exe[2780] USER32.dll!CallWindowProcA                                                76672BD3 6 Bytes  PUSH 0132FF55; RET 
.text           C:\Windows\system32\Dwm.exe[2780] USER32.dll!DefDlgProcW                                                    76675BC1 6 Bytes  PUSH 0132FD62; RET 
.text           C:\Windows\system32\Dwm.exe[2780] USER32.dll!GetMessagePos                                                  76676703 6 Bytes  PUSH 01335938; RET 
.text           C:\Windows\system32\Dwm.exe[2780] USER32.dll!SetCapture                                                     76676932 6 Bytes  PUSH 013359EE; RET 
.text           C:\Windows\system32\Dwm.exe[2780] USER32.dll!ReleaseCapture                                                 766769F2 6 Bytes  PUSH 01335A48; RET 
.text           C:\Windows\system32\Dwm.exe[2780] USER32.dll!SetCursorPos                                                   7668C1B0 6 Bytes  PUSH 013359B1; RET 
.text           C:\Windows\system32\Dwm.exe[2780] ADVAPI32.dll!CreateProcessAsUserW                                         7740C592 6 Bytes  PUSH 013360A4; RET 
.text           C:\Windows\system32\Dwm.exe[2780] ADVAPI32.dll!CreateProcessAsUserA                                         77442538 6 Bytes  PUSH 0133608D; RET 
.text           C:\Windows\system32\Dwm.exe[2780] CRYPT32.dll!PFXImportCertStore                                            75CF1224 6 Bytes  PUSH 01325C51; RET 
.text           C:\Windows\system32\Dwm.exe[2780] WS2_32.dll!closesocket                                                    77753918 6 Bytes  PUSH 013306D4; RET 
.text           C:\Windows\system32\Dwm.exe[2780] WS2_32.dll!getaddrinfo                                                    77754296 6 Bytes  PUSH 013302E5; RET 
.text           C:\Windows\system32\Dwm.exe[2780] WS2_32.dll!WSASend                                                        77754406 6 Bytes  PUSH 0133072D; RET 
.text           C:\Windows\system32\Dwm.exe[2780] WS2_32.dll!send                                                           77756F01 6 Bytes  PUSH 0133070C; RET 
.text           C:\Windows\system32\Dwm.exe[2780] WS2_32.dll!gethostbyname                                                  77767673 6 Bytes  PUSH 01330275; RET 
.text           C:\Windows\system32\Dwm.exe[2780] WININET.dll!InternetCloseHandle                                           7652C664 6 Bytes  PUSH 01327276; RET 
.text           C:\Windows\system32\Dwm.exe[2780] WININET.dll!HttpQueryInfoA                                                7652E13A 6 Bytes  PUSH 01327416; RET 
.text           C:\Windows\system32\Dwm.exe[2780] WININET.dll!InternetReadFile                                              7652F8D8 6 Bytes  PUSH 013272E3; RET 
.text           C:\Windows\system32\Dwm.exe[2780] WININET.dll!InternetQueryDataAvailable                                    76533184 6 Bytes  JMP C3013273 
.text           C:\Windows\system32\Dwm.exe[2780] WININET.dll!HttpOpenRequestA                                              76555761 6 Bytes  PUSH 01326FB8; RET 
.text           C:\Windows\system32\Dwm.exe[2780] WININET.dll!HttpOpenRequestW                                              76555FEF 6 Bytes  PUSH 01326F74; RET 
.text           C:\Windows\system32\Dwm.exe[2780] WININET.dll!HttpSendRequestW                                              7655632D 6 Bytes  PUSH 01326FFC; RET 
.text           C:\Windows\system32\Dwm.exe[2780] WININET.dll!InternetReadFileExA                                           7655FA49 6 Bytes  PUSH 01327311; RET 
.text           C:\Windows\system32\Dwm.exe[2780] WININET.dll!HttpSendRequestExW                                            7656F564 6 Bytes  PUSH 013270A6; RET 
.text           C:\Windows\system32\Dwm.exe[2780] WININET.dll!HttpEndRequestA                                               7656F639 6 Bytes  PUSH 013271E0; RET 
.text           C:\Windows\system32\Dwm.exe[2780] WININET.dll!InternetSetFilePointer                                        76584F2F 6 Bytes  PUSH 01327390; RET 
.text           C:\Windows\system32\Dwm.exe[2780] WININET.dll!HttpSendRequestA                                              7658525A 6 Bytes  PUSH 01327051; RET 
.text           C:\Windows\system32\Dwm.exe[2780] WININET.dll!HttpSendRequestExA                                            765CECE5 6 Bytes  PUSH 01327143; RET 
.text           C:\Windows\system32\Dwm.exe[2780] WININET.dll!HttpEndRequestW                                               765CEDB7 6 Bytes  PUSH 0132722B; RET 
.text           C:\Windows\Explorer.EXE[2844] ntdll.dll!NtCreateUserProcess                                                 77965778 6 Bytes  PUSH 02DF5C93; RET 
.text           C:\Windows\Explorer.EXE[2844] ntdll.dll!LdrLoadDll                                                          7798223E 6 Bytes  PUSH 02DF5DBE; RET 
.text           C:\Windows\Explorer.EXE[2844] kernel32.dll!GetFileAttributesExW                                             778330C6 6 Bytes  PUSH 02DF6027; RET 
.text           C:\Windows\Explorer.EXE[2844] kernel32.dll!ExitProcess                                                      7784BBE2 6 Bytes  PUSH 02DF5FE6; RET 
.text           C:\Windows\Explorer.EXE[2844] ADVAPI32.dll!CreateProcessAsUserW                                             7740C592 6 Bytes  PUSH 02DF60A4; RET 
.text           C:\Windows\Explorer.EXE[2844] ADVAPI32.dll!CreateProcessAsUserA                                             77442538 6 Bytes  PUSH 02DF608D; RET 
.text           C:\Windows\Explorer.EXE[2844] USER32.dll!SwitchDesktop                                                      7664476B 6 Bytes  PUSH 02DEFCB8; RET 
.text           C:\Windows\Explorer.EXE[2844] USER32.dll!OpenInputDesktop                                                   76645C39 6 Bytes  PUSH C302DEFC; RET 
.text           C:\Windows\Explorer.EXE[2844] USER32.dll!RegisterClassExA                                                   76646293 6 Bytes  PUSH 02DF00C6; RET 
.text           C:\Windows\Explorer.EXE[2844] USER32.dll!GetCapture                                                         76649DC7 6 Bytes  PUSH 02DF5A98; RET 
.text           C:\Windows\Explorer.EXE[2844] USER32.dll!GetCursorPos                                                       7664A4B3 6 Bytes  PUSH 02DF596A; RET 
.text           C:\Windows\Explorer.EXE[2844] USER32.dll!GetUpdateRect                                                      7664A575 6 Bytes  PUSH 02DEB1B8; RET 
.text           C:\Windows\Explorer.EXE[2844] USER32.dll!DefWindowProcA                                                     7664BB1C 6 Bytes  PUSH 02DEFD1C; RET 
.text           C:\Windows\Explorer.EXE[2844] USER32.dll!RegisterClassA                                                     7664BC6A 6 Bytes  PUSH 02DF0027; RET 
.text           C:\Windows\Explorer.EXE[2844] USER32.dll!RegisterClassW                                                     7664ED4A 6 Bytes  PUSH 02DEFFDA; RET 
.text           C:\Windows\Explorer.EXE[2844] USER32.dll!RegisterClassExW                                                   76650162 6 Bytes  PUSH 02DF0074; RET 
.text           C:\Windows\Explorer.EXE[2844] USER32.dll!GetMessageA                                                        76651899 6 Bytes  PUSH 02DF5B5F; RET 
.text           C:\Windows\Explorer.EXE[2844] USER32.dll!PeekMessageA                                                       766519A5 6 Bytes  PUSH 02DF5BB2; RET 
.text           C:\Windows\Explorer.EXE[2844] USER32.dll!CallWindowProcW                                                    76651B3C 6 Bytes  PUSH 02DEFF0C; RET 
.text           C:\Windows\Explorer.EXE[2844] USER32.dll!GetDCEx                                                            76652D57 6 Bytes  PUSH 02DEB09F; RET 
.text           C:\Windows\Explorer.EXE[2844] USER32.dll!GetWindowDC                                                        76654AB7 6 Bytes  PUSH 02DEB139; RET 
.text           C:\Windows\Explorer.EXE[2844] USER32.dll!DefWindowProcW                                                     7665507D 6 Bytes  PUSH 02DEFCD6; RET 
.text           C:\Windows\Explorer.EXE[2844] USER32.dll!ReleaseDC                                                          76655421 6 Bytes  PUSH 02DEB178; RET 
.text           C:\Windows\Explorer.EXE[2844] USER32.dll!GetDC                                                              7665544C 6 Bytes  PUSH 02DEB0FA; RET 
.text           C:\Windows\Explorer.EXE[2844] USER32.dll!BeginPaint                                                         76655D14 6 Bytes  PUSH 02DEAFEF; RET 
.text           C:\Windows\Explorer.EXE[2844] USER32.dll!EndPaint                                                           76655D42 6 Bytes  PUSH 02DEB05F; RET 
.text           C:\Windows\Explorer.EXE[2844] USER32.dll!PeekMessageW                                                       7665634A 6 Bytes  PUSH 02DF5B87; RET 
.text           C:\Windows\Explorer.EXE[2844] USER32.dll!TranslateMessage                                                   766564C7 6 Bytes  PUSH 02DEB82C; RET 
.text           C:\Windows\Explorer.EXE[2844] USER32.dll!GetMessageW                                                        7665CDE8 6 Bytes  PUSH 02DF5B37; RET 
.text           C:\Windows\Explorer.EXE[2844] USER32.dll!GetClipboardData                                                   76662BA7 6 Bytes  PUSH 02DEB9DB; RET 
.text           C:\Windows\Explorer.EXE[2844] USER32.dll!DefDlgProcA                                                        766671E4 6 Bytes  PUSH 02DEFDA8; RET 
.text           C:\Windows\Explorer.EXE[2844] USER32.dll!DefMDIChildProcW                                                   7667150A 6 Bytes  PUSH 02DEFE80; RET 
.text           C:\Windows\Explorer.EXE[2844] USER32.dll!DefFrameProcW                                                      7667152B 6 Bytes  PUSH 02DEFDEE; RET 
.text           C:\Windows\Explorer.EXE[2844] USER32.dll!GetUpdateRgn                                                       76671C07 6 Bytes  PUSH 02DEB24B; RET 
.text           C:\Windows\Explorer.EXE[2844] USER32.dll!DefFrameProcA                                                      766725B7 6 Bytes  PUSH 02DEFE37; RET 
.text           C:\Windows\Explorer.EXE[2844] USER32.dll!DefMDIChildProcA                                                   766725DB 6 Bytes  PUSH 02DEFEC6; RET 
.text           C:\Windows\Explorer.EXE[2844] USER32.dll!CallWindowProcA                                                    76672BD3 6 Bytes  PUSH 02DEFF55; RET 
.text           C:\Windows\Explorer.EXE[2844] USER32.dll!DefDlgProcW                                                        76675BC1 6 Bytes  PUSH 02DEFD62; RET 
.text           C:\Windows\Explorer.EXE[2844] USER32.dll!GetMessagePos                                                      76676703 6 Bytes  PUSH 02DF5938; RET 
.text           C:\Windows\Explorer.EXE[2844] USER32.dll!SetCapture                                                         76676932 6 Bytes  PUSH 02DF59EE; RET 
.text           C:\Windows\Explorer.EXE[2844] USER32.dll!ReleaseCapture                                                     766769F2 6 Bytes  PUSH 02DF5A48; RET 
.text           C:\Windows\Explorer.EXE[2844] USER32.dll!SetCursorPos                                                       7668C1B0 6 Bytes  PUSH 02DF59B1; RET 
.text           C:\Windows\Explorer.EXE[2844] CRYPT32.dll!PFXImportCertStore                                                75CF1224 6 Bytes  PUSH 02DE5C51; RET 
.text           C:\Windows\Explorer.EXE[2844] WININET.dll!InternetCloseHandle                                               7652C664 6 Bytes  PUSH 02DE7276; RET 
.text           C:\Windows\Explorer.EXE[2844] WININET.dll!HttpQueryInfoA                                                    7652E13A 6 Bytes  PUSH 02DE7416; RET 
.text           C:\Windows\Explorer.EXE[2844] WININET.dll!InternetReadFile                                                  7652F8D8 6 Bytes  PUSH 02DE72E3; RET 
.text           C:\Windows\Explorer.EXE[2844] WININET.dll!InternetQueryDataAvailable                                        76533184 6 Bytes  JMP C302DE73 
.text           C:\Windows\Explorer.EXE[2844] WININET.dll!HttpOpenRequestA                                                  76555761 6 Bytes  PUSH 02DE6FB8; RET 
.text           C:\Windows\Explorer.EXE[2844] WININET.dll!HttpOpenRequestW                                                  76555FEF 6 Bytes  PUSH 02DE6F74; RET 
.text           C:\Windows\Explorer.EXE[2844] WININET.dll!HttpSendRequestW                                                  7655632D 6 Bytes  PUSH 02DE6FFC; RET 
.text           C:\Windows\Explorer.EXE[2844] WININET.dll!InternetReadFileExA                                               7655FA49 6 Bytes  PUSH 02DE7311; RET 
.text           C:\Windows\Explorer.EXE[2844] WININET.dll!HttpSendRequestExW                                                7656F564 6 Bytes  PUSH 02DE70A6; RET 
.text           C:\Windows\Explorer.EXE[2844] WININET.dll!HttpEndRequestA                                                   7656F639 6 Bytes  PUSH 02DE71E0; RET 
.text           C:\Windows\Explorer.EXE[2844] WININET.dll!InternetSetFilePointer                                            76584F2F 6 Bytes  PUSH 02DE7390; RET 
.text           C:\Windows\Explorer.EXE[2844] WININET.dll!HttpSendRequestA                                                  7658525A 6 Bytes  PUSH 02DE7051; RET 
.text           C:\Windows\Explorer.EXE[2844] WININET.dll!HttpSendRequestExA                                                765CECE5 6 Bytes  PUSH 02DE7143; RET 
.text           C:\Windows\Explorer.EXE[2844] WININET.dll!HttpEndRequestW                                                   765CEDB7 6 Bytes  PUSH 02DE722B; RET 
.text           C:\Windows\Explorer.EXE[2844] WS2_32.dll!closesocket                                                        77753918 6 Bytes  PUSH 02DF06D4; RET 
.text           C:\Windows\Explorer.EXE[2844] WS2_32.dll!getaddrinfo                                                        77754296 6 Bytes  PUSH 02DF02E5; RET 
.text           C:\Windows\Explorer.EXE[2844] WS2_32.dll!WSASend                                                            77754406 6 Bytes  PUSH 02DF072D; RET 
.text           C:\Windows\Explorer.EXE[2844] WS2_32.dll!send                                                               77756F01 6 Bytes  PUSH 02DF070C; RET 
.text           C:\Windows\Explorer.EXE[2844] WS2_32.dll!gethostbyname                                                      77767673 6 Bytes  PUSH 02DF0275; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] ntdll.dll!NtCreateUserProcess           77965778 4 Bytes  [68, 93, 5C, D2]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] ntdll.dll!NtCreateUserProcess + 5       7796577D 1 Byte  [C3]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] ntdll.dll!LdrLoadDll                    7798223E 6 Bytes  PUSH 00D25DBE; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] KERNEL32.dll!GetFileAttributesExW       778330C6 6 Bytes  PUSH 00D26027; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] KERNEL32.dll!ExitProcess                7784BBE2 6 Bytes  PUSH 00D25FE6; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] ADVAPI32.dll!CreateProcessAsUserW       7740C592 6 Bytes  PUSH 00D260A4; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] ADVAPI32.dll!CreateProcessAsUserA       77442538 6 Bytes  PUSH 00D2608D; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] USER32.dll!SwitchDesktop                7664476B 6 Bytes  PUSH 00D1FCB8; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] USER32.dll!OpenInputDesktop             76645C39 4 Bytes  [68, 68, FC, D1]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] USER32.dll!OpenInputDesktop + 5         76645C3E 1 Byte  [C3]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] USER32.dll!RegisterClassExA             76646293 6 Bytes  PUSH 00D200C6; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] USER32.dll!GetCapture                   76649DC7 6 Bytes  PUSH 00D25A98; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] USER32.dll!GetCursorPos                 7664A4B3 6 Bytes  PUSH 00D2596A; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] USER32.dll!GetUpdateRect                7664A575 6 Bytes  PUSH 00D1B1B8; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] USER32.dll!DefWindowProcA               7664BB1C 6 Bytes  PUSH 00D1FD1C; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] USER32.dll!RegisterClassA               7664BC6A 6 Bytes  PUSH 00D20027; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] USER32.dll!RegisterClassW               7664ED4A 6 Bytes  PUSH 00D1FFDA; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] USER32.dll!RegisterClassExW             76650162 6 Bytes  PUSH 00D20074; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] USER32.dll!GetMessageA                  76651899 6 Bytes  PUSH 00D25B5F; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] USER32.dll!PeekMessageA                 766519A5 6 Bytes  PUSH 00D25BB2; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] USER32.dll!CallWindowProcW              76651B3C 6 Bytes  PUSH 00D1FF0C; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] USER32.dll!GetDCEx                      76652D57 4 Bytes  [68, 9F, B0, D1]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] USER32.dll!GetDCEx + 5                  76652D5C 1 Byte  [C3]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] USER32.dll!GetWindowDC                  76654AB7 4 Bytes  [68, 39, B1, D1]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] USER32.dll!GetWindowDC + 5              76654ABC 1 Byte  [C3]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] USER32.dll!DefWindowProcW               7665507D 6 Bytes  PUSH 00D1FCD6; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] USER32.dll!ReleaseDC                    76655421 6 Bytes  PUSH 00D1B178; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] USER32.dll!GetDC                        7665544C 4 Bytes  [68, FA, B0, D1]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] USER32.dll!GetDC + 5                    76655451 1 Byte  [C3]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] USER32.dll!BeginPaint                   76655D14 4 Bytes  [68, EF, AF, D1]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] USER32.dll!BeginPaint + 5               76655D19 1 Byte  [C3]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] USER32.dll!EndPaint                     76655D42 4 Bytes  [68, 5F, B0, D1]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] USER32.dll!EndPaint + 5                 76655D47 1 Byte  [C3]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] USER32.dll!PeekMessageW                 7665634A 6 Bytes  PUSH 00D25B87; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] USER32.dll!TranslateMessage             766564C7 6 Bytes  PUSH 00D1B82C; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] USER32.dll!GetMessageW                  7665CDE8 6 Bytes  PUSH 00D25B37; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] USER32.dll!GetClipboardData             76662BA7 6 Bytes  PUSH 00D1B9DB; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] USER32.dll!DefDlgProcA                  766671E4 6 Bytes  PUSH 00D1FDA8; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] USER32.dll!DefMDIChildProcW             7667150A 6 Bytes  PUSH 00D1FE80; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] USER32.dll!DefFrameProcW                7667152B 6 Bytes  PUSH 00D1FDEE; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] USER32.dll!GetUpdateRgn                 76671C07 6 Bytes  PUSH 00D1B24B; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] USER32.dll!DefFrameProcA                766725B7 6 Bytes  PUSH 00D1FE37; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] USER32.dll!DefMDIChildProcA             766725DB 6 Bytes  PUSH 00D1FEC6; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] USER32.dll!CallWindowProcA              76672BD3 6 Bytes  PUSH 00D1FF55; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] USER32.dll!DefDlgProcW                  76675BC1 6 Bytes  PUSH 00D1FD62; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] USER32.dll!GetMessagePos                76676703 6 Bytes  PUSH 00D25938; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] USER32.dll!SetCapture                   76676932 4 Bytes  [68, EE, 59, D2]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] USER32.dll!SetCapture + 5               76676937 1 Byte  [C3]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] USER32.dll!ReleaseCapture               766769F2 6 Bytes  PUSH 00D25A48; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] USER32.dll!SetCursorPos                 7668C1B0 6 Bytes  PUSH 00D259B1; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] WS2_32.dll!closesocket                  77753918 6 Bytes  PUSH 00D206D4; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] WS2_32.dll!getaddrinfo                  77754296 6 Bytes  PUSH 00D202E5; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] WS2_32.dll!WSASend                      77754406 6 Bytes  PUSH 00D2072D; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] WS2_32.dll!send                         77756F01 6 Bytes  PUSH 00D2070C; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] WS2_32.dll!gethostbyname                77767673 6 Bytes  PUSH 00D20275; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] CRYPT32.dll!PFXImportCertStore          75CF1224 6 Bytes  PUSH 00D15C51; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] WININET.dll!InternetCloseHandle         7652C664 6 Bytes  PUSH 00D17276; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] WININET.dll!HttpQueryInfoA              7652E13A 6 Bytes  PUSH 00D17416; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] WININET.dll!InternetReadFile            7652F8D8 6 Bytes  PUSH 00D172E3; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] WININET.dll!InternetQueryDataAvailable  76533184 6 Bytes  JMP C300D173 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] WININET.dll!HttpOpenRequestA            76555761 6 Bytes  PUSH 00D16FB8; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] WININET.dll!HttpOpenRequestW            76555FEF 6 Bytes  PUSH 00D16F74; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] WININET.dll!HttpSendRequestW            7655632D 6 Bytes  PUSH 00D16FFC; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] WININET.dll!InternetReadFileExA         7655FA49 6 Bytes  PUSH 00D17311; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] WININET.dll!HttpSendRequestExW          7656F564 6 Bytes  PUSH 00D170A6; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] WININET.dll!HttpEndRequestA             7656F639 6 Bytes  PUSH 00D171E0; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] WININET.dll!InternetSetFilePointer      76584F2F 6 Bytes  PUSH 00D17390; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] WININET.dll!HttpSendRequestA            7658525A 6 Bytes  PUSH 00D17051; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] WININET.dll!HttpSendRequestExA          765CECE5 6 Bytes  PUSH 00D17143; RET 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3112] WININET.dll!HttpEndRequestW             765CEDB7 6 Bytes  PUSH 00D1722B; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] ntdll.dll!NtCreateUserProcess                           77965778 6 Bytes  PUSH 02E15C93; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] ntdll.dll!LdrLoadDll                                    7798223E 6 Bytes  PUSH 02E15DBE; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] kernel32.dll!GetFileAttributesExW                       778330C6 6 Bytes  PUSH 02E16027; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] kernel32.dll!ExitProcess                                7784BBE2 6 Bytes  PUSH 02E15FE6; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] USER32.dll!SwitchDesktop                                7664476B 6 Bytes  PUSH 02E0FCB8; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] USER32.dll!OpenInputDesktop                             76645C39 6 Bytes  PUSH C302E0FC; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] USER32.dll!RegisterClassExA                             76646293 6 Bytes  PUSH 02E100C6; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] USER32.dll!GetCapture                                   76649DC7 6 Bytes  PUSH 02E15A98; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] USER32.dll!GetCursorPos                                 7664A4B3 6 Bytes  PUSH 02E1596A; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] USER32.dll!GetUpdateRect                                7664A575 6 Bytes  PUSH 02E0B1B8; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] USER32.dll!DefWindowProcA                               7664BB1C 6 Bytes  PUSH 02E0FD1C; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] USER32.dll!RegisterClassA                               7664BC6A 6 Bytes  PUSH 02E10027; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] USER32.dll!RegisterClassW                               7664ED4A 6 Bytes  PUSH 02E0FFDA; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] USER32.dll!RegisterClassExW                             76650162 6 Bytes  PUSH 02E10074; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] USER32.dll!GetMessageA                                  76651899 6 Bytes  PUSH 02E15B5F; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] USER32.dll!PeekMessageA                                 766519A5 6 Bytes  PUSH 02E15BB2; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] USER32.dll!CallWindowProcW                              76651B3C 6 Bytes  PUSH 02E0FF0C; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] USER32.dll!GetDCEx                                      76652D57 6 Bytes  PUSH 02E0B09F; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] USER32.dll!GetWindowDC                                  76654AB7 6 Bytes  PUSH 02E0B139; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] USER32.dll!DefWindowProcW                               7665507D 6 Bytes  PUSH 02E0FCD6; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] USER32.dll!ReleaseDC                                    76655421 6 Bytes  PUSH 02E0B178; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] USER32.dll!GetDC                                        7665544C 6 Bytes  PUSH 02E0B0FA; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] USER32.dll!BeginPaint                                   76655D14 6 Bytes  PUSH 02E0AFEF; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] USER32.dll!EndPaint                                     76655D42 6 Bytes  PUSH 02E0B05F; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] USER32.dll!PeekMessageW                                 7665634A 6 Bytes  PUSH 02E15B87; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] USER32.dll!TranslateMessage                             766564C7 6 Bytes  PUSH 02E0B82C; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] USER32.dll!GetMessageW                                  7665CDE8 6 Bytes  PUSH 02E15B37; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] USER32.dll!GetClipboardData                             76662BA7 6 Bytes  PUSH 02E0B9DB; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] USER32.dll!DefDlgProcA                                  766671E4 6 Bytes  PUSH 02E0FDA8; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] USER32.dll!DefMDIChildProcW                             7667150A 6 Bytes  PUSH 02E0FE80; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] USER32.dll!DefFrameProcW                                7667152B 6 Bytes  PUSH 02E0FDEE; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] USER32.dll!GetUpdateRgn                                 76671C07 6 Bytes  PUSH 02E0B24B; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] USER32.dll!DefFrameProcA                                766725B7 6 Bytes  PUSH 02E0FE37; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] USER32.dll!DefMDIChildProcA                             766725DB 6 Bytes  PUSH 02E0FEC6; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] USER32.dll!CallWindowProcA                              76672BD3 6 Bytes  PUSH 02E0FF55; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] USER32.dll!DefDlgProcW                                  76675BC1 6 Bytes  PUSH 02E0FD62; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] USER32.dll!GetMessagePos                                76676703 6 Bytes  PUSH 02E15938; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] USER32.dll!SetCapture                                   76676932 6 Bytes  PUSH 02E159EE; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] USER32.dll!ReleaseCapture                               766769F2 6 Bytes  PUSH 02E15A48; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] USER32.dll!SetCursorPos                                 7668C1B0 6 Bytes  PUSH 02E159B1; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] ADVAPI32.dll!CreateProcessAsUserW                       7740C592 6 Bytes  PUSH 02E160A4; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] ADVAPI32.dll!CreateProcessAsUserA                       77442538 6 Bytes  PUSH 02E1608D; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] WININET.dll!InternetCloseHandle                         7652C664 6 Bytes  PUSH 02E07276; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] WININET.dll!HttpQueryInfoA                              7652E13A 6 Bytes  PUSH 02E07416; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] WININET.dll!InternetReadFile                            7652F8D8 6 Bytes  PUSH 02E072E3; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] WININET.dll!InternetQueryDataAvailable                  76533184 6 Bytes  JMP C302E073 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] WININET.dll!HttpOpenRequestA                            76555761 6 Bytes  PUSH 02E06FB8; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] WININET.dll!HttpOpenRequestW                            76555FEF 6 Bytes  PUSH 02E06F74; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] WININET.dll!HttpSendRequestW                            7655632D 6 Bytes  PUSH 02E06FFC; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] WININET.dll!InternetReadFileExA                         7655FA49 6 Bytes  PUSH 02E07311; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] WININET.dll!HttpSendRequestExW                          7656F564 6 Bytes  PUSH 02E070A6; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] WININET.dll!HttpEndRequestA                             7656F639 6 Bytes  PUSH 02E071E0; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] WININET.dll!InternetSetFilePointer                      76584F2F 6 Bytes  PUSH 02E07390; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] WININET.dll!HttpSendRequestA                            7658525A 6 Bytes  PUSH 02E07051; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] WININET.dll!HttpSendRequestExA                          765CECE5 6 Bytes  PUSH 02E07143; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] WININET.dll!HttpEndRequestW                             765CEDB7 6 Bytes  PUSH 02E0722B; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] WS2_32.dll!closesocket                                  77753918 6 Bytes  PUSH 02E106D4; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] WS2_32.dll!getaddrinfo                                  77754296 6 Bytes  PUSH 02E102E5; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] WS2_32.dll!WSASend                                      77754406 6 Bytes  PUSH 02E1072D; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] WS2_32.dll!send                                         77756F01 6 Bytes  PUSH 02E1070C; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] WS2_32.dll!gethostbyname                                77767673 6 Bytes  PUSH 02E10275; RET 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] CRYPT32.dll!PFXImportCertStore                          75CF1224 6 Bytes  PUSH 02E05C51; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] ntdll.dll!NtCreateUserProcess                   77965778 6 Bytes  PUSH 01835C93; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] ntdll.dll!LdrLoadDll                            7798223E 6 Bytes  PUSH 01835DBE; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] kernel32.dll!GetFileAttributesExW               778330C6 6 Bytes  PUSH 01836027; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] kernel32.dll!ExitProcess                        7784BBE2 6 Bytes  PUSH 01835FE6; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] USER32.dll!SwitchDesktop                        7664476B 6 Bytes  PUSH 0182FCB8; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] USER32.dll!OpenInputDesktop                     76645C39 6 Bytes  PUSH C30182FC; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] USER32.dll!RegisterClassExA                     76646293 6 Bytes  PUSH 018300C6; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] USER32.dll!GetCapture                           76649DC7 6 Bytes  PUSH 01835A98; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] USER32.dll!GetCursorPos                         7664A4B3 6 Bytes  PUSH 0183596A; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] USER32.dll!GetUpdateRect                        7664A575 6 Bytes  PUSH 0182B1B8; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] USER32.dll!DefWindowProcA                       7664BB1C 6 Bytes  PUSH 0182FD1C; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] USER32.dll!RegisterClassA                       7664BC6A 6 Bytes  PUSH 01830027; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] USER32.dll!RegisterClassW                       7664ED4A 6 Bytes  PUSH 0182FFDA; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] USER32.dll!RegisterClassExW                     76650162 6 Bytes  PUSH 01830074; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] USER32.dll!GetMessageA                          76651899 6 Bytes  PUSH 01835B5F; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] USER32.dll!PeekMessageA                         766519A5 6 Bytes  PUSH 01835BB2; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] USER32.dll!CallWindowProcW                      76651B3C 6 Bytes  PUSH 0182FF0C; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] USER32.dll!GetDCEx                              76652D57 6 Bytes  PUSH 0182B09F; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] USER32.dll!GetWindowDC                          76654AB7 6 Bytes  PUSH 0182B139; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] USER32.dll!DefWindowProcW                       7665507D 6 Bytes  PUSH 0182FCD6; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] USER32.dll!ReleaseDC                            76655421 6 Bytes  PUSH 0182B178; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] USER32.dll!GetDC                                7665544C 6 Bytes  PUSH 0182B0FA; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] USER32.dll!BeginPaint                           76655D14 6 Bytes  PUSH 0182AFEF; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] USER32.dll!EndPaint                             76655D42 6 Bytes  PUSH 0182B05F; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] USER32.dll!PeekMessageW                         7665634A 6 Bytes  PUSH 01835B87; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] USER32.dll!TranslateMessage                     766564C7 6 Bytes  PUSH 0182B82C; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] USER32.dll!GetMessageW                          7665CDE8 6 Bytes  PUSH 01835B37; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] USER32.dll!GetClipboardData                     76662BA7 6 Bytes  PUSH 0182B9DB; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] USER32.dll!DefDlgProcA                          766671E4 6 Bytes  PUSH 0182FDA8; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] USER32.dll!DefMDIChildProcW                     7667150A 6 Bytes  PUSH 0182FE80; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] USER32.dll!DefFrameProcW                        7667152B 6 Bytes  PUSH 0182FDEE; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] USER32.dll!GetUpdateRgn                         76671C07 6 Bytes  PUSH 0182B24B; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] USER32.dll!DefFrameProcA                        766725B7 6 Bytes  PUSH 0182FE37; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] USER32.dll!DefMDIChildProcA                     766725DB 6 Bytes  PUSH 0182FEC6; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] USER32.dll!CallWindowProcA                      76672BD3 6 Bytes  PUSH 0182FF55; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] USER32.dll!DefDlgProcW                          76675BC1 6 Bytes  PUSH 0182FD62; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] USER32.dll!GetMessagePos                        76676703 6 Bytes  PUSH 01835938; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] USER32.dll!SetCapture                           76676932 6 Bytes  PUSH 018359EE; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] USER32.dll!ReleaseCapture                       766769F2 6 Bytes  PUSH 01835A48; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] USER32.dll!SetCursorPos                         7668C1B0 6 Bytes  PUSH 018359B1; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] ADVAPI32.dll!CreateProcessAsUserW               7740C592 6 Bytes  PUSH 018360A4; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] ADVAPI32.dll!CreateProcessAsUserA               77442538 6 Bytes  PUSH 0183608D; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] WS2_32.dll!closesocket                          77753918 6 Bytes  PUSH 018306D4; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] WS2_32.dll!getaddrinfo                          77754296 6 Bytes  PUSH 018302E5; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] WS2_32.dll!WSASend                              77754406 6 Bytes  PUSH 0183072D; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] WS2_32.dll!send                                 77756F01 6 Bytes  PUSH 0183070C; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] WS2_32.dll!gethostbyname                        77767673 6 Bytes  PUSH 01830275; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] CRYPT32.dll!PFXImportCertStore                  75CF1224 6 Bytes  PUSH 01825C51; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] WININET.dll!InternetCloseHandle                 7652C664 6 Bytes  PUSH 01827276; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] WININET.dll!HttpQueryInfoA                      7652E13A 6 Bytes  PUSH 01827416; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] WININET.dll!InternetReadFile                    7652F8D8 6 Bytes  PUSH 018272E3; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] WININET.dll!InternetQueryDataAvailable          76533184 6 Bytes  JMP C3018273 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] WININET.dll!HttpOpenRequestA                    76555761 6 Bytes  PUSH 01826FB8; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] WININET.dll!HttpOpenRequestW                    76555FEF 6 Bytes  PUSH 01826F74; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] WININET.dll!HttpSendRequestW                    7655632D 6 Bytes  PUSH 01826FFC; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] WININET.dll!InternetReadFileExA                 7655FA49 6 Bytes  PUSH 01827311; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] WININET.dll!HttpSendRequestExW                  7656F564 6 Bytes  PUSH 018270A6; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] WININET.dll!HttpEndRequestA                     7656F639 6 Bytes  PUSH 018271E0; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] WININET.dll!InternetSetFilePointer              76584F2F 6 Bytes  PUSH 01827390; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] WININET.dll!HttpSendRequestA                    7658525A 6 Bytes  PUSH 01827051; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] WININET.dll!HttpSendRequestExA                  765CECE5 6 Bytes  PUSH 01827143; RET 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3172] WININET.dll!HttpEndRequestW                     765CEDB7 6 Bytes  PUSH 0182722B; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] ntdll.dll!NtCreateUserProcess                         77965778 6 Bytes  PUSH 01D15C93; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] ntdll.dll!LdrLoadDll                                  7798223E 6 Bytes  PUSH 01D15DBE; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] kernel32.dll!GetFileAttributesExW                     778330C6 6 Bytes  PUSH 01D16027; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] kernel32.dll!ExitProcess                              7784BBE2 6 Bytes  PUSH 01D15FE6; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] ADVAPI32.dll!CreateProcessAsUserW                     7740C592 6 Bytes  PUSH 01D160A4; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] ADVAPI32.dll!CreateProcessAsUserA                     77442538 6 Bytes  PUSH 01D1608D; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] USER32.dll!SwitchDesktop                              7664476B 6 Bytes  PUSH 01D0FCB8; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] USER32.dll!OpenInputDesktop                           76645C39 6 Bytes  PUSH C301D0FC; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] USER32.dll!RegisterClassExA                           76646293 6 Bytes  PUSH 01D100C6; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] USER32.dll!GetCapture                                 76649DC7 6 Bytes  PUSH 01D15A98; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] USER32.dll!GetCursorPos                               7664A4B3 6 Bytes  PUSH 01D1596A; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] USER32.dll!GetUpdateRect                              7664A575 6 Bytes  PUSH 01D0B1B8; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] USER32.dll!DefWindowProcA                             7664BB1C 6 Bytes  PUSH 01D0FD1C; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] USER32.dll!RegisterClassA                             7664BC6A 6 Bytes  PUSH 01D10027; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] USER32.dll!RegisterClassW                             7664ED4A 6 Bytes  PUSH 01D0FFDA; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] USER32.dll!RegisterClassExW                           76650162 6 Bytes  PUSH 01D10074; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] USER32.dll!GetMessageA                                76651899 6 Bytes  PUSH 01D15B5F; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] USER32.dll!PeekMessageA                               766519A5 6 Bytes  PUSH 01D15BB2; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] USER32.dll!CallWindowProcW                            76651B3C 6 Bytes  PUSH 01D0FF0C; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] USER32.dll!GetDCEx                                    76652D57 6 Bytes  PUSH 01D0B09F; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] USER32.dll!GetWindowDC                                76654AB7 6 Bytes  PUSH 01D0B139; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] USER32.dll!DefWindowProcW                             7665507D 6 Bytes  PUSH 01D0FCD6; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] USER32.dll!ReleaseDC                                  76655421 6 Bytes  PUSH 01D0B178; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] USER32.dll!GetDC                                      7665544C 6 Bytes  PUSH 01D0B0FA; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] USER32.dll!BeginPaint                                 76655D14 6 Bytes  PUSH 01D0AFEF; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] USER32.dll!EndPaint                                   76655D42 6 Bytes  PUSH 01D0B05F; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] USER32.dll!PeekMessageW                               7665634A 6 Bytes  PUSH 01D15B87; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] USER32.dll!TranslateMessage                           766564C7 6 Bytes  PUSH 01D0B82C; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] USER32.dll!GetMessageW                                7665CDE8 6 Bytes  PUSH 01D15B37; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] USER32.dll!GetClipboardData                           76662BA7 6 Bytes  PUSH 01D0B9DB; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] USER32.dll!DefDlgProcA                                766671E4 6 Bytes  PUSH 01D0FDA8; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] USER32.dll!DefMDIChildProcW                           7667150A 6 Bytes  PUSH 01D0FE80; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] USER32.dll!DefFrameProcW                              7667152B 6 Bytes  PUSH 01D0FDEE; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] USER32.dll!GetUpdateRgn                               76671C07 6 Bytes  PUSH 01D0B24B; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] USER32.dll!DefFrameProcA                              766725B7 6 Bytes  PUSH 01D0FE37; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] USER32.dll!DefMDIChildProcA                           766725DB 6 Bytes  PUSH 01D0FEC6; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] USER32.dll!CallWindowProcA                            76672BD3 6 Bytes  PUSH 01D0FF55; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] USER32.dll!DefDlgProcW                                76675BC1 6 Bytes  PUSH 01D0FD62; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] USER32.dll!GetMessagePos                              76676703 6 Bytes  PUSH 01D15938; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] USER32.dll!SetCapture                                 76676932 6 Bytes  PUSH 01D159EE; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] USER32.dll!ReleaseCapture                             766769F2 6 Bytes  PUSH 01D15A48; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] USER32.dll!SetCursorPos                               7668C1B0 6 Bytes  PUSH 01D159B1; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] CRYPT32.dll!PFXImportCertStore                        75CF1224 6 Bytes  PUSH 01D05C51; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] WS2_32.dll!closesocket                                77753918 6 Bytes  PUSH 01D106D4; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] WS2_32.dll!getaddrinfo                                77754296 6 Bytes  PUSH 01D102E5; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] WS2_32.dll!WSASend                                    77754406 6 Bytes  PUSH 01D1072D; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] WS2_32.dll!send                                       77756F01 6 Bytes  PUSH 01D1070C; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] WS2_32.dll!gethostbyname                              77767673 6 Bytes  PUSH 01D10275; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] WININET.dll!InternetCloseHandle                       7652C664 6 Bytes  PUSH 01D07276; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] WININET.dll!HttpQueryInfoA                            7652E13A 6 Bytes  PUSH 01D07416; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] WININET.dll!InternetReadFile                          7652F8D8 6 Bytes  PUSH 01D072E3; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] WININET.dll!InternetQueryDataAvailable                76533184 6 Bytes  JMP C301D073 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] WININET.dll!HttpOpenRequestA                          76555761 6 Bytes  PUSH 01D06FB8; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] WININET.dll!HttpOpenRequestW                          76555FEF 6 Bytes  PUSH 01D06F74; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] WININET.dll!HttpSendRequestW                          7655632D 6 Bytes  PUSH 01D06FFC; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] WININET.dll!InternetReadFileExA                       7655FA49 6 Bytes  PUSH 01D07311; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] WININET.dll!HttpSendRequestExW                        7656F564 6 Bytes  PUSH 01D070A6; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] WININET.dll!HttpEndRequestA                           7656F639 6 Bytes  PUSH 01D071E0; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] WININET.dll!InternetSetFilePointer                    76584F2F 6 Bytes  PUSH 01D07390; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] WININET.dll!HttpSendRequestA                          7658525A 6 Bytes  PUSH 01D07051; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] WININET.dll!HttpSendRequestExA                        765CECE5 6 Bytes  PUSH 01D07143; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3180] WININET.dll!HttpEndRequestW                           765CEDB7 6 Bytes  PUSH 01D0722B; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] ntdll.dll!NtCreateUserProcess                          77965778 6 Bytes  PUSH 015F5C93; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] ntdll.dll!LdrLoadDll                                   7798223E 6 Bytes  PUSH 015F5DBE; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] kernel32.dll!GetFileAttributesExW                      778330C6 6 Bytes  PUSH 015F6027; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] kernel32.dll!ExitProcess                               7784BBE2 6 Bytes  PUSH 015F5FE6; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] USER32.dll!SwitchDesktop                               7664476B 6 Bytes  PUSH 015EFCB8; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] USER32.dll!OpenInputDesktop                            76645C39 6 Bytes  PUSH C3015EFC; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] USER32.dll!RegisterClassExA                            76646293 6 Bytes  PUSH 015F00C6; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] USER32.dll!GetCapture                                  76649DC7 6 Bytes  PUSH 015F5A98; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] USER32.dll!GetCursorPos                                7664A4B3 6 Bytes  PUSH 015F596A; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] USER32.dll!GetUpdateRect                               7664A575 6 Bytes  PUSH 015EB1B8; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] USER32.dll!DefWindowProcA                              7664BB1C 6 Bytes  PUSH 015EFD1C; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] USER32.dll!RegisterClassA                              7664BC6A 6 Bytes  PUSH 015F0027; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] USER32.dll!RegisterClassW                              7664ED4A 6 Bytes  PUSH 015EFFDA; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] USER32.dll!RegisterClassExW                            76650162 6 Bytes  PUSH 015F0074; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] USER32.dll!GetMessageA                                 76651899 6 Bytes  PUSH 015F5B5F; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] USER32.dll!PeekMessageA                                766519A5 6 Bytes  PUSH 015F5BB2; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] USER32.dll!CallWindowProcW                             76651B3C 6 Bytes  PUSH 015EFF0C; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] USER32.dll!GetDCEx                                     76652D57 6 Bytes  PUSH 015EB09F; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] USER32.dll!GetWindowDC                                 76654AB7 6 Bytes  PUSH 015EB139; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] USER32.dll!DefWindowProcW                              7665507D 6 Bytes  PUSH 015EFCD6; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] USER32.dll!ReleaseDC                                   76655421 6 Bytes  PUSH 015EB178; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] USER32.dll!GetDC                                       7665544C 6 Bytes  PUSH 015EB0FA; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] USER32.dll!BeginPaint                                  76655D14 6 Bytes  PUSH 015EAFEF; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] USER32.dll!EndPaint                                    76655D42 6 Bytes  PUSH 015EB05F; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] USER32.dll!PeekMessageW                                7665634A 6 Bytes  PUSH 015F5B87; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] USER32.dll!TranslateMessage                            766564C7 6 Bytes  PUSH 015EB82C; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] USER32.dll!GetMessageW                                 7665CDE8 6 Bytes  PUSH 015F5B37; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] USER32.dll!GetClipboardData                            76662BA7 6 Bytes  PUSH 015EB9DB; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] USER32.dll!DefDlgProcA                                 766671E4 6 Bytes  PUSH 015EFDA8; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] USER32.dll!DefMDIChildProcW                            7667150A 6 Bytes  PUSH 015EFE80; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] USER32.dll!DefFrameProcW                               7667152B 6 Bytes  PUSH 015EFDEE; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] USER32.dll!GetUpdateRgn                                76671C07 6 Bytes  PUSH 015EB24B; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] USER32.dll!DefFrameProcA                               766725B7 6 Bytes  PUSH 015EFE37; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] USER32.dll!DefMDIChildProcA                            766725DB 6 Bytes  PUSH 015EFEC6; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] USER32.dll!CallWindowProcA                             76672BD3 6 Bytes  PUSH 015EFF55; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] USER32.dll!DefDlgProcW                                 76675BC1 6 Bytes  PUSH 015EFD62; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] USER32.dll!GetMessagePos                               76676703 6 Bytes  PUSH 015F5938; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] USER32.dll!SetCapture                                  76676932 6 Bytes  PUSH 015F59EE; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] USER32.dll!ReleaseCapture                              766769F2 6 Bytes  PUSH 015F5A48; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] USER32.dll!SetCursorPos                                7668C1B0 6 Bytes  PUSH 015F59B1; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] ADVAPI32.dll!CreateProcessAsUserW                      7740C592 6 Bytes  PUSH 015F60A4; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] ADVAPI32.dll!CreateProcessAsUserA                      77442538 6 Bytes  PUSH 015F608D; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] CRYPT32.dll!PFXImportCertStore                         75CF1224 6 Bytes  PUSH 015E5C51; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] WS2_32.dll!closesocket                                 77753918 6 Bytes  PUSH 015F06D4; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] WS2_32.dll!getaddrinfo                                 77754296 6 Bytes  PUSH 015F02E5; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] WS2_32.dll!WSASend                                     77754406 6 Bytes  PUSH 015F072D; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] WS2_32.dll!send                                        77756F01 6 Bytes  PUSH 015F070C; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] WS2_32.dll!gethostbyname                               77767673 6 Bytes  PUSH 015F0275; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] WININET.dll!InternetCloseHandle                        7652C664 6 Bytes  PUSH 015E7276; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] WININET.dll!HttpQueryInfoA                             7652E13A 6 Bytes  PUSH 015E7416; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] WININET.dll!InternetReadFile                           7652F8D8 6 Bytes  PUSH 015E72E3; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] WININET.dll!InternetQueryDataAvailable                 76533184 6 Bytes  JMP C3015E73 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] WININET.dll!HttpOpenRequestA                           76555761 6 Bytes  PUSH 015E6FB8; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] WININET.dll!HttpOpenRequestW                           76555FEF 6 Bytes  PUSH 015E6F74; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] WININET.dll!HttpSendRequestW                           7655632D 6 Bytes  PUSH 015E6FFC; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] WININET.dll!InternetReadFileExA                        7655FA49 6 Bytes  PUSH 015E7311; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] WININET.dll!HttpSendRequestExW                         7656F564 6 Bytes  PUSH 015E70A6; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] WININET.dll!HttpEndRequestA                            7656F639 6 Bytes  PUSH 015E71E0; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] WININET.dll!InternetSetFilePointer                     76584F2F 6 Bytes  PUSH 015E7390; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] WININET.dll!HttpSendRequestA                           7658525A 6 Bytes  PUSH 015E7051; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] WININET.dll!HttpSendRequestExA                         765CECE5 6 Bytes  PUSH 015E7143; RET 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3188] WININET.dll!HttpEndRequestW                            765CEDB7 6 Bytes  PUSH 015E722B; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] ntdll.dll!NtCreateUserProcess              77965778 4 Bytes  [68, 93, 5C, 32]
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] ntdll.dll!NtCreateUserProcess + 5          7796577D 1 Byte  [C3]
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] ntdll.dll!LdrLoadDll                       7798223E 6 Bytes  PUSH 00325DBE; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] kernel32.dll!GetFileAttributesExW          778330C6 6 Bytes  PUSH 00326027; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] kernel32.dll!ExitProcess                   7784BBE2 6 Bytes  PUSH 00325FE6; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] ADVAPI32.dll!CreateProcessAsUserW          7740C592 6 Bytes  PUSH 003260A4; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] ADVAPI32.dll!CreateProcessAsUserA          77442538 6 Bytes  PUSH 0032608D; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] USER32.dll!SwitchDesktop                   7664476B 6 Bytes  PUSH 0031FCB8; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] USER32.dll!OpenInputDesktop                76645C39 4 Bytes  [68, 68, FC, 31]
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] USER32.dll!OpenInputDesktop + 5            76645C3E 1 Byte  [C3]
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] USER32.dll!RegisterClassExA                76646293 6 Bytes  PUSH 003200C6; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] USER32.dll!GetCapture                      76649DC7 6 Bytes  PUSH 00325A98; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] USER32.dll!GetCursorPos                    7664A4B3 6 Bytes  PUSH 0032596A; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] USER32.dll!GetUpdateRect                   7664A575 6 Bytes  PUSH 0031B1B8; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] USER32.dll!DefWindowProcA                  7664BB1C 6 Bytes  PUSH 0031FD1C; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] USER32.dll!RegisterClassA                  7664BC6A 6 Bytes  PUSH 00320027; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] USER32.dll!RegisterClassW                  7664ED4A 6 Bytes  PUSH 0031FFDA; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] USER32.dll!RegisterClassExW                76650162 6 Bytes  PUSH 00320074; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] USER32.dll!GetMessageA                     76651899 6 Bytes  PUSH 00325B5F; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] USER32.dll!PeekMessageA                    766519A5 6 Bytes  PUSH 00325BB2; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] USER32.dll!CallWindowProcW                 76651B3C 6 Bytes  PUSH 0031FF0C; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] USER32.dll!GetDCEx                         76652D57 4 Bytes  [68, 9F, B0, 31]
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] USER32.dll!GetDCEx + 5                     76652D5C 1 Byte  [C3]
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] USER32.dll!GetWindowDC                     76654AB7 4 Bytes  [68, 39, B1, 31]
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] USER32.dll!GetWindowDC + 5                 76654ABC 1 Byte  [C3]
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] USER32.dll!DefWindowProcW                  7665507D 6 Bytes  PUSH 0031FCD6; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] USER32.dll!ReleaseDC                       76655421 6 Bytes  PUSH 0031B178; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] USER32.dll!GetDC                           7665544C 4 Bytes  [68, FA, B0, 31]
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] USER32.dll!GetDC + 5                       76655451 1 Byte  [C3]
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] USER32.dll!BeginPaint                      76655D14 4 Bytes  [68, EF, AF, 31]
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] USER32.dll!BeginPaint + 5                  76655D19 1 Byte  [C3]
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] USER32.dll!EndPaint                        76655D42 4 Bytes  [68, 5F, B0, 31]
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] USER32.dll!EndPaint + 5                    76655D47 1 Byte  [C3]
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] USER32.dll!PeekMessageW                    7665634A 6 Bytes  PUSH 00325B87; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] USER32.dll!TranslateMessage                766564C7 6 Bytes  PUSH 0031B82C; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] USER32.dll!GetMessageW                     7665CDE8 6 Bytes  PUSH 00325B37; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] USER32.dll!GetClipboardData                76662BA7 6 Bytes  PUSH 0031B9DB; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] USER32.dll!DefDlgProcA                     766671E4 6 Bytes  PUSH 0031FDA8; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] USER32.dll!DefMDIChildProcW                7667150A 6 Bytes  PUSH 0031FE80; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] USER32.dll!DefFrameProcW                   7667152B 6 Bytes  PUSH 0031FDEE; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] USER32.dll!GetUpdateRgn                    76671C07 6 Bytes  PUSH 0031B24B; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] USER32.dll!DefFrameProcA                   766725B7 6 Bytes  PUSH 0031FE37; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] USER32.dll!DefMDIChildProcA                766725DB 6 Bytes  PUSH 0031FEC6; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] USER32.dll!CallWindowProcA                 76672BD3 6 Bytes  PUSH 0031FF55; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] USER32.dll!DefDlgProcW                     76675BC1 6 Bytes  PUSH 0031FD62; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] USER32.dll!GetMessagePos                   76676703 6 Bytes  PUSH 00325938; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] USER32.dll!SetCapture                      76676932 4 Bytes  [68, EE, 59, 32]
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] USER32.dll!SetCapture + 5                  76676937 1 Byte  [C3]
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] USER32.dll!ReleaseCapture                  766769F2 6 Bytes  PUSH 00325A48; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] USER32.dll!SetCursorPos                    7668C1B0 6 Bytes  PUSH 003259B1; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] WININET.dll!InternetCloseHandle            7652C664 6 Bytes  PUSH 00317276; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] WININET.dll!HttpQueryInfoA                 7652E13A 6 Bytes  PUSH 00317416; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] WININET.dll!InternetReadFile               7652F8D8 6 Bytes  PUSH 003172E3; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] WININET.dll!InternetQueryDataAvailable     76533184 6 Bytes  JMP C3003173 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] WININET.dll!HttpOpenRequestA               76555761 6 Bytes  PUSH 00316FB8; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] WININET.dll!HttpOpenRequestW               76555FEF 6 Bytes  PUSH 00316F74; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] WININET.dll!HttpSendRequestW               7655632D 6 Bytes  PUSH 00316FFC; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] WININET.dll!InternetReadFileExA            7655FA49 6 Bytes  PUSH 00317311; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] WININET.dll!HttpSendRequestExW             7656F564 6 Bytes  PUSH 003170A6; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] WININET.dll!HttpEndRequestA                7656F639 6 Bytes  PUSH 003171E0; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] WININET.dll!InternetSetFilePointer         76584F2F 6 Bytes  PUSH 00317390; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] WININET.dll!HttpSendRequestA               7658525A 6 Bytes  PUSH 00317051; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] WININET.dll!HttpSendRequestExA             765CECE5 6 Bytes  PUSH 00317143; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] WININET.dll!HttpEndRequestW                765CEDB7 6 Bytes  PUSH 0031722B; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] WS2_32.dll!closesocket                     77753918 6 Bytes  PUSH 003206D4; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] WS2_32.dll!getaddrinfo                     77754296 6 Bytes  PUSH 003202E5; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] WS2_32.dll!WSASend                         77754406 6 Bytes  PUSH 0032072D; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] WS2_32.dll!send                            77756F01 6 Bytes  PUSH 0032070C; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] WS2_32.dll!gethostbyname                   77767673 6 Bytes  PUSH 00320275; RET 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3216] CRYPT32.dll!PFXImportCertStore             75CF1224 6 Bytes  PUSH 00315C51; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] ntdll.dll!NtCreateUserProcess                                   77965778 4 Bytes  [68, 93, 5C, 11]
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] ntdll.dll!NtCreateUserProcess + 5                               7796577D 1 Byte  [C3]
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] ntdll.dll!LdrLoadDll                                            7798223E 6 Bytes  PUSH 00115DBE; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] kernel32.dll!GetFileAttributesExW                               778330C6 6 Bytes  PUSH 00116027; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] kernel32.dll!ExitProcess                                        7784BBE2 6 Bytes  PUSH 00115FE6; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] USER32.dll!SwitchDesktop                                        7664476B 6 Bytes  PUSH 0010FCB8; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] USER32.dll!OpenInputDesktop                                     76645C39 4 Bytes  [68, 68, FC, 10]
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] USER32.dll!OpenInputDesktop + 5                                 76645C3E 1 Byte  [C3]
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] USER32.dll!RegisterClassExA                                     76646293 6 Bytes  PUSH 001100C6; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] USER32.dll!GetCapture                                           76649DC7 6 Bytes  PUSH 00115A98; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] USER32.dll!GetCursorPos                                         7664A4B3 6 Bytes  PUSH 0011596A; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] USER32.dll!GetUpdateRect                                        7664A575 6 Bytes  PUSH 0010B1B8; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] USER32.dll!DefWindowProcA                                       7664BB1C 6 Bytes  PUSH 0010FD1C; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] USER32.dll!RegisterClassA                                       7664BC6A 6 Bytes  PUSH 00110027; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] USER32.dll!RegisterClassW                                       7664ED4A 6 Bytes  PUSH 0010FFDA; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] USER32.dll!RegisterClassExW                                     76650162 6 Bytes  PUSH 00110074; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] USER32.dll!GetMessageA                                          76651899 6 Bytes  PUSH 00115B5F; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] USER32.dll!PeekMessageA                                         766519A5 6 Bytes  PUSH 00115BB2; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] USER32.dll!CallWindowProcW                                      76651B3C 6 Bytes  PUSH 0010FF0C; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] USER32.dll!GetDCEx                                              76652D57 4 Bytes  [68, 9F, B0, 10]
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] USER32.dll!GetDCEx + 5                                          76652D5C 1 Byte  [C3]
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] USER32.dll!GetWindowDC                                          76654AB7 4 Bytes  [68, 39, B1, 10]
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] USER32.dll!GetWindowDC + 5                                      76654ABC 1 Byte  [C3]
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] USER32.dll!DefWindowProcW                                       7665507D 6 Bytes  PUSH 0010FCD6; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] USER32.dll!ReleaseDC                                            76655421 6 Bytes  PUSH 0010B178; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] USER32.dll!GetDC                                                7665544C 4 Bytes  [68, FA, B0, 10]
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] USER32.dll!GetDC + 5                                            76655451 1 Byte  [C3]
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] USER32.dll!BeginPaint                                           76655D14 4 Bytes  [68, EF, AF, 10]
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] USER32.dll!BeginPaint + 5                                       76655D19 1 Byte  [C3]
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] USER32.dll!EndPaint                                             76655D42 4 Bytes  [68, 5F, B0, 10]
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] USER32.dll!EndPaint + 5                                         76655D47 1 Byte  [C3]
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] USER32.dll!PeekMessageW                                         7665634A 6 Bytes  PUSH 00115B87; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] USER32.dll!TranslateMessage                                     766564C7 6 Bytes  PUSH 0010B82C; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] USER32.dll!GetMessageW                                          7665CDE8 6 Bytes  PUSH 00115B37; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] USER32.dll!GetClipboardData                                     76662BA7 6 Bytes  PUSH 0010B9DB; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] USER32.dll!DefDlgProcA                                          766671E4 6 Bytes  PUSH 0010FDA8; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] USER32.dll!DefMDIChildProcW                                     7667150A 6 Bytes  PUSH 0010FE80; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] USER32.dll!DefFrameProcW                                        7667152B 6 Bytes  PUSH 0010FDEE; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] USER32.dll!GetUpdateRgn                                         76671C07 6 Bytes  PUSH 0010B24B; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] USER32.dll!DefFrameProcA                                        766725B7 6 Bytes  PUSH 0010FE37; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] USER32.dll!DefMDIChildProcA                                     766725DB 6 Bytes  PUSH 0010FEC6; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] USER32.dll!CallWindowProcA                                      76672BD3 6 Bytes  PUSH 0010FF55; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] USER32.dll!DefDlgProcW                                          76675BC1 6 Bytes  PUSH 0010FD62; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] USER32.dll!GetMessagePos                                        76676703 6 Bytes  PUSH 00115938; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] USER32.dll!SetCapture                                           76676932 4 Bytes  [68, EE, 59, 11]
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] USER32.dll!SetCapture + 5                                       76676937 1 Byte  [C3]
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] USER32.dll!ReleaseCapture                                       766769F2 6 Bytes  PUSH 00115A48; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] USER32.dll!SetCursorPos                                         7668C1B0 6 Bytes  PUSH 001159B1; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] WS2_32.dll!closesocket                                          77753918 6 Bytes  PUSH 001106D4; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] WS2_32.dll!getaddrinfo                                          77754296 6 Bytes  PUSH 001102E5; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] WS2_32.dll!WSASend                                              77754406 6 Bytes  PUSH 0011072D; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] WS2_32.dll!send                                                 77756F01 6 Bytes  PUSH 0011070C; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] WS2_32.dll!gethostbyname                                        77767673 6 Bytes  PUSH 00110275; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] ADVAPI32.dll!CreateProcessAsUserW                               7740C592 6 Bytes  PUSH 001160A4; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] ADVAPI32.dll!CreateProcessAsUserA                               77442538 6 Bytes  PUSH 0011608D; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] CRYPT32.dll!PFXImportCertStore                                  75CF1224 6 Bytes  PUSH 00105C51; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] WININET.dll!InternetCloseHandle                                 7652C664 6 Bytes  PUSH 00107276; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] WININET.dll!HttpQueryInfoA                                      7652E13A 6 Bytes  PUSH 00107416; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] WININET.dll!InternetReadFile                                    7652F8D8 6 Bytes  PUSH 001072E3; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] WININET.dll!InternetQueryDataAvailable                          76533184 6 Bytes  JMP C3001073 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] WININET.dll!HttpOpenRequestA                                    76555761 6 Bytes  PUSH 00106FB8; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] WININET.dll!HttpOpenRequestW                                    76555FEF 6 Bytes  PUSH 00106F74; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] WININET.dll!HttpSendRequestW                                    7655632D 6 Bytes  PUSH 00106FFC; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] WININET.dll!InternetReadFileExA                                 7655FA49 6 Bytes  PUSH 00107311; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] WININET.dll!HttpSendRequestExW                                  7656F564 6 Bytes  PUSH 001070A6; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] WININET.dll!HttpEndRequestA                                     7656F639 6 Bytes  PUSH 001071E0; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] WININET.dll!InternetSetFilePointer                              76584F2F 6 Bytes  PUSH 00107390; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] WININET.dll!HttpSendRequestA                                    7658525A 6 Bytes  PUSH 00107051; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] WININET.dll!HttpSendRequestExA                                  765CECE5 6 Bytes  PUSH 00107143; RET 
.text           C:\Windows\system32\wbem\unsecapp.exe[3380] WININET.dll!HttpEndRequestW                                     765CEDB7 6 Bytes  PUSH 0010722B; RET 

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                     Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                     Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

---- Threads - GMER 2.1 ----

Thread          System [4:5840]                                                                                             AB03CF2E

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                                       unknown MBR code

---- EOF - GMER 2.1 ----

--- --- ---

Code:

ATTFilter

 Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.28.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Jana :: JANA-PC [administrator]

28.02.2013 13:32:02
mbar-log-2013-02-28 (13-32-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 27886
Time elapsed: 10 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Omyfvooqli (Trojan.Agent.MU) -> Data: C:\Users\Jana\AppData\Roaming\Goqyag\azimu.exe -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
c:\Users\Jana\AppData\Roaming\Goqyag\azimu.exe (Trojan.Agent.MU) -> Delete on reboot.
c:\Users\Jana\AppData\Local\Temp\{703B-1A0F854-1A0FC54} (Trojan.FakeMS) -> Delete on reboot.

(end)

ein weiterer Scan hat keine Funde gezeigt

cosinus · 28.02.2013, 14:38

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Bene4 · 28.02.2013, 15:32

Code:

ATTFilter

 aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-28 15:18:22
-----------------------------
15:18:22.043    OS Version: Windows 6.1.7601 Service Pack 1
15:18:22.043    Number of processors: 2 586 0x603
15:18:22.043    ComputerName: JANA-PC  UserName: Jana
15:18:23.135    Initialize success
15:18:36.925    AVAST engine defs: 13022800
15:18:41.949    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005a
15:18:41.949    Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 11
15:18:41.980    Disk 0 MBR read successfully
15:18:41.980    Disk 0 MBR scan
15:18:41.995    Disk 0 unknown MBR code
15:18:41.995    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
15:18:42.011    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       434852 MB offset 206848
15:18:42.042    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        40960 MB offset 890783744
15:18:42.073    Disk 0 Partition 4 00     12  Compaq diag NTFS         1026 MB offset 974669824
15:18:42.089    Disk 0 scanning sectors +976771072
15:18:42.136    Disk 0 scanning C:\Windows\system32\drivers
15:18:54.007    Service scanning
15:19:25.613    Modules scanning
15:19:37.844    Disk 0 trace - called modules:
15:19:37.859    ntkrnlpa.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys halmacpi.dll amdsata.sys amdppm.sys 
15:19:37.859    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x866c51e8]
15:19:37.875    3 CLASSPNP.SYS[8b60459e] -> nt!IofCallDriver -> [0x86675020]
15:19:37.875    5 amdxata.sys[8b4016b3] -> nt!IofCallDriver -> \Device\0000005a[0x86552430]
15:19:39.279    AVAST engine scan C:\Windows
15:19:42.633    AVAST engine scan C:\Windows\system32
15:23:06.634    AVAST engine scan C:\Windows\system32\drivers
15:23:21.111    AVAST engine scan C:\Users\Jana
15:27:55.469    AVAST engine scan C:\ProgramData
15:29:53.795    Scan finished successfully
15:30:45.868    Disk 0 MBR has been saved successfully to "C:\Users\Jana\Desktop\MBR.dat"
15:30:45.868    The log file has been saved successfully to "C:\Users\Jana\Desktop\aswMBR.txt"

Code:

ATTFilter

 15:33:40.0898 4012  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:33:41.0355 4012  ============================================================
15:33:41.0355 4012  Current date / time: 2013/02/28 15:33:41.0355
15:33:41.0355 4012  SystemInfo:
15:33:41.0355 4012  
15:33:41.0355 4012  OS Version: 6.1.7601 ServicePack: 1.0
15:33:41.0355 4012  Product type: Workstation
15:33:41.0355 4012  ComputerName: JANA-PC
15:33:41.0356 4012  UserName: Jana
15:33:41.0356 4012  Windows directory: C:\Windows
15:33:41.0356 4012  System windows directory: C:\Windows
15:33:41.0356 4012  Processor architecture: Intel x86
15:33:41.0356 4012  Number of processors: 2
15:33:41.0356 4012  Page size: 0x1000
15:33:41.0356 4012  Boot type: Normal boot
15:33:41.0356 4012  ============================================================
15:33:42.0598 4012  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:33:42.0600 4012  ============================================================
15:33:42.0600 4012  \Device\Harddisk0\DR0:
15:33:42.0600 4012  MBR partitions:
15:33:42.0600 4012  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:33:42.0600 4012  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x35152000
15:33:42.0600 4012  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x35184800, BlocksNum 0x5000000
15:33:42.0600 4012  ============================================================
15:33:42.0637 4012  C: <-> \Device\Harddisk0\DR0\Partition2
15:33:42.0793 4012  D: <-> \Device\Harddisk0\DR0\Partition3
15:33:42.0793 4012  ============================================================
15:33:42.0794 4012  Initialize success
15:33:42.0794 4012  ============================================================
15:35:02.0196 5496  ============================================================
15:35:02.0196 5496  Scan started
15:35:02.0196 5496  Mode: Manual; SigCheck; TDLFS; 
15:35:02.0196 5496  ============================================================
15:35:03.0210 5496  ================ Scan system memory ========================
15:35:03.0210 5496  System memory - ok
15:35:03.0226 5496  ================ Scan services =============================
15:35:03.0585 5496  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:35:03.0663 5496  1394ohci - ok
15:35:03.0710 5496  [ E6F53D6C0DEA3D375362265E175CA638 ] acedrv11        C:\Windows\system32\drivers\acedrv11.sys
15:35:03.0756 5496  acedrv11 - ok
15:35:03.0819 5496  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:35:03.0850 5496  ACPI - ok
15:35:03.0897 5496  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:35:03.0959 5496  AcpiPmi - ok
15:35:04.0084 5496  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:35:04.0115 5496  AdobeARMservice - ok
15:35:04.0224 5496  [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:35:04.0256 5496  AdobeFlashPlayerUpdateSvc - ok
15:35:04.0302 5496  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
15:35:04.0318 5496  adp94xx - ok
15:35:04.0349 5496  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
15:35:04.0365 5496  adpahci - ok
15:35:04.0380 5496  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
15:35:04.0396 5496  adpu320 - ok
15:35:04.0427 5496  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:35:04.0427 5496  AeLookupSvc - ok
15:35:04.0474 5496  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
15:35:04.0521 5496  AFD - ok
15:35:04.0536 5496  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
15:35:04.0552 5496  agp440 - ok
15:35:04.0599 5496  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
15:35:04.0614 5496  aic78xx - ok
15:35:04.0661 5496  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
15:35:04.0677 5496  ALG - ok
15:35:04.0724 5496  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:35:04.0739 5496  aliide - ok
15:35:04.0755 5496  [ 57470ED01EF69E113C10F5520D3F60A4 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:35:04.0786 5496  AMD External Events Utility - ok
15:35:04.0802 5496  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
15:35:04.0817 5496  amdagp - ok
15:35:04.0848 5496  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
15:35:04.0848 5496  amdide - ok
15:35:04.0895 5496  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
15:35:04.0926 5496  AmdK8 - ok
15:35:05.0082 5496  [ 10F568F7B5B0D3748259187168F56386 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
15:35:05.0254 5496  amdkmdag - ok
15:35:05.0285 5496  [ 0C3B556EE8DE7983A3C1BE6334926329 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
15:35:05.0316 5496  amdkmdap - ok
15:35:05.0363 5496  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:35:05.0394 5496  AmdPPM - ok
15:35:05.0426 5496  [ AF8E6573058C7B88651E76B4426F9E05 ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
15:35:05.0441 5496  amdsata - ok
15:35:05.0472 5496  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:35:05.0488 5496  amdsbs - ok
15:35:05.0504 5496  [ 1FB960FB68C75AAE203C50D6B8004C16 ] amdxata         C:\Windows\system32\DRIVERS\amdxata.sys
15:35:05.0519 5496  amdxata - ok
15:35:05.0582 5496  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
15:35:05.0613 5496  AntiVirSchedulerService - ok
15:35:05.0675 5496  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:35:05.0706 5496  AntiVirService - ok
15:35:05.0753 5496  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
15:35:05.0909 5496  AppID - ok
15:35:05.0956 5496  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:35:06.0034 5496  AppIDSvc - ok
15:35:06.0050 5496  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
15:35:06.0096 5496  Appinfo - ok
15:35:06.0159 5496  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
15:35:06.0190 5496  arc - ok
15:35:06.0206 5496  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:35:06.0221 5496  arcsas - ok
15:35:06.0252 5496  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:35:06.0346 5496  AsyncMac - ok
15:35:06.0377 5496  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
15:35:06.0393 5496  atapi - ok
15:35:06.0440 5496  [ 35207458C90F55C61247DE139A6A243A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
15:35:06.0455 5496  AtiHDAudioService - ok
15:35:06.0486 5496  [ 4FFE74E33BD9170950116F0CA46EAC89 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
15:35:06.0502 5496  AtiPcie - ok
15:35:06.0549 5496  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:35:06.0596 5496  AudioEndpointBuilder - ok
15:35:06.0596 5496  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
15:35:06.0627 5496  Audiosrv - ok
15:35:06.0689 5496  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
15:35:06.0705 5496  avgntflt - ok
15:35:06.0736 5496  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
15:35:06.0767 5496  avipbb - ok
15:35:06.0798 5496  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
15:35:06.0814 5496  avkmgr - ok
15:35:06.0845 5496  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:35:06.0876 5496  AxInstSV - ok
15:35:06.0908 5496  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
15:35:06.0939 5496  b06bdrv - ok
15:35:06.0970 5496  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
15:35:06.0986 5496  b57nd60x - ok
15:35:07.0017 5496  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:35:07.0048 5496  BDESVC - ok
15:35:07.0079 5496  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:35:07.0126 5496  Beep - ok
15:35:07.0188 5496  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
15:35:07.0251 5496  BFE - ok
15:35:07.0266 5496  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\system32\qmgr.dll
15:35:07.0313 5496  BITS - ok
15:35:07.0344 5496  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:35:07.0376 5496  blbdrive - ok
15:35:07.0422 5496  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:35:07.0454 5496  bowser - ok
15:35:07.0469 5496  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:35:07.0485 5496  BrFiltLo - ok
15:35:07.0516 5496  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:35:07.0532 5496  BrFiltUp - ok
15:35:07.0610 5496  [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
15:35:07.0656 5496  BridgeMP - ok
15:35:07.0688 5496  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
15:35:07.0750 5496  Browser - ok
15:35:07.0797 5496  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:35:07.0844 5496  Brserid - ok
15:35:07.0875 5496  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:35:07.0906 5496  BrSerWdm - ok
15:35:07.0922 5496  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:35:07.0953 5496  BrUsbMdm - ok
15:35:07.0984 5496  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:35:08.0015 5496  BrUsbSer - ok
15:35:08.0031 5496  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:35:08.0062 5496  BTHMODEM - ok
15:35:08.0093 5496  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
15:35:08.0124 5496  bthserv - ok
15:35:08.0234 5496  catchme - ok
15:35:08.0280 5496  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:35:08.0327 5496  cdfs - ok
15:35:08.0390 5496  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
15:35:08.0436 5496  cdrom - ok
15:35:08.0499 5496  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:35:08.0561 5496  CertPropSvc - ok
15:35:08.0624 5496  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:35:08.0655 5496  circlass - ok
15:35:08.0670 5496  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
15:35:08.0686 5496  CLFS - ok
15:35:08.0748 5496  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:35:08.0780 5496  clr_optimization_v2.0.50727_32 - ok
15:35:08.0811 5496  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:35:08.0826 5496  clr_optimization_v4.0.30319_32 - ok
15:35:08.0842 5496  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:35:08.0858 5496  CmBatt - ok
15:35:08.0873 5496  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:35:08.0873 5496  cmdide - ok
15:35:08.0904 5496  [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG             C:\Windows\system32\Drivers\cng.sys
15:35:08.0936 5496  CNG - ok
15:35:08.0967 5496  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:35:08.0982 5496  Compbatt - ok
15:35:09.0029 5496  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:35:09.0076 5496  CompositeBus - ok
15:35:09.0092 5496  COMSysApp - ok
15:35:09.0123 5496  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
15:35:09.0138 5496  crcdisk - ok
15:35:09.0185 5496  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:35:09.0216 5496  CryptSvc - ok
15:35:09.0310 5496  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
15:35:09.0341 5496  cvhsvc - ok
15:35:09.0372 5496  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:35:09.0419 5496  DcomLaunch - ok
15:35:09.0450 5496  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
15:35:09.0497 5496  defragsvc - ok
15:35:09.0544 5496  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:35:09.0591 5496  DfsC - ok
15:35:09.0638 5496  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:35:09.0684 5496  Dhcp - ok
15:35:09.0700 5496  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
15:35:09.0731 5496  discache - ok
15:35:09.0778 5496  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:35:09.0794 5496  Disk - ok
15:35:09.0825 5496  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:35:09.0887 5496  Dnscache - ok
15:35:09.0934 5496  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:35:10.0012 5496  dot3svc - ok
15:35:10.0059 5496  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
15:35:10.0121 5496  DPS - ok
15:35:10.0152 5496  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:35:10.0184 5496  drmkaud - ok
15:35:10.0230 5496  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:35:10.0262 5496  DXGKrnl - ok
15:35:10.0293 5496  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
15:35:10.0340 5496  EapHost - ok
15:35:10.0464 5496  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
15:35:10.0589 5496  ebdrv - ok
15:35:10.0605 5496  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
15:35:10.0636 5496  EFS - ok
15:35:10.0683 5496  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:35:10.0745 5496  ehRecvr - ok
15:35:10.0776 5496  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
15:35:10.0808 5496  ehSched - ok
15:35:10.0839 5496  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
15:35:10.0870 5496  elxstor - ok
15:35:10.0901 5496  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:35:10.0932 5496  ErrDev - ok
15:35:10.0995 5496  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
15:35:11.0057 5496  EventSystem - ok
15:35:11.0088 5496  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
15:35:11.0135 5496  exfat - ok
15:35:11.0151 5496  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:35:11.0182 5496  fastfat - ok
15:35:11.0213 5496  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
15:35:11.0244 5496  Fax - ok
15:35:11.0276 5496  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:35:11.0291 5496  fdc - ok
15:35:11.0307 5496  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
15:35:11.0338 5496  fdPHost - ok
15:35:11.0354 5496  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
15:35:11.0447 5496  FDResPub - ok
15:35:11.0478 5496  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:35:11.0494 5496  FileInfo - ok
15:35:11.0510 5496  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:35:11.0541 5496  Filetrace - ok
15:35:11.0572 5496  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:35:11.0588 5496  flpydisk - ok
15:35:11.0619 5496  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:35:11.0634 5496  FltMgr - ok
15:35:11.0681 5496  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
15:35:11.0728 5496  FontCache - ok
15:35:11.0775 5496  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:35:11.0806 5496  FontCache3.0.0.0 - ok
15:35:11.0822 5496  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:35:11.0837 5496  FsDepends - ok
15:35:11.0868 5496  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:35:11.0884 5496  Fs_Rec - ok
15:35:11.0915 5496  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:35:11.0946 5496  fvevol - ok
15:35:11.0978 5496  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:35:12.0009 5496  gagp30kx - ok
15:35:12.0071 5496  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
15:35:12.0134 5496  gpsvc - ok
15:35:12.0196 5496  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
15:35:12.0212 5496  gupdate - ok
15:35:12.0258 5496  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
15:35:12.0290 5496  gupdatem - ok
15:35:12.0305 5496  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:35:12.0336 5496  hcw85cir - ok
15:35:12.0352 5496  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:35:12.0383 5496  HdAudAddService - ok
15:35:12.0399 5496  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
15:35:12.0430 5496  HDAudBus - ok
15:35:12.0461 5496  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
15:35:12.0508 5496  HidBatt - ok
15:35:12.0539 5496  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:35:12.0555 5496  HidBth - ok
15:35:12.0586 5496  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
15:35:12.0602 5496  HidIr - ok
15:35:12.0648 5496  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\System32\hidserv.dll
15:35:12.0711 5496  hidserv - ok
15:35:12.0742 5496  [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:35:12.0742 5496  HidUsb - ok
15:35:12.0789 5496  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:35:12.0836 5496  hkmsvc - ok
15:35:12.0851 5496  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:35:12.0882 5496  HomeGroupListener - ok
15:35:12.0914 5496  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:35:12.0945 5496  HomeGroupProvider - ok
15:35:12.0976 5496  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:35:12.0992 5496  HpSAMD - ok
15:35:13.0038 5496  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:35:13.0085 5496  HTTP - ok
15:35:13.0116 5496  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:35:13.0132 5496  hwpolicy - ok
15:35:13.0163 5496  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
15:35:13.0194 5496  i8042prt - ok
15:35:13.0226 5496  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:35:13.0241 5496  iaStorV - ok
15:35:13.0304 5496  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:35:13.0350 5496  idsvc - ok
15:35:13.0382 5496  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
15:35:13.0382 5496  iirsp - ok
15:35:13.0444 5496  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
15:35:13.0491 5496  IKEEXT - ok
15:35:13.0616 5496  [ 5A4AAD2240CB8B50FFEAEDB2BF747ABD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
15:35:13.0740 5496  IntcAzAudAddService - ok
15:35:13.0818 5496  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
15:35:13.0850 5496  intelide - ok
15:35:13.0865 5496  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:35:13.0943 5496  intelppm - ok
15:35:13.0990 5496  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:35:14.0115 5496  IPBusEnum - ok
15:35:14.0130 5496  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:35:14.0177 5496  IpFilterDriver - ok
15:35:14.0224 5496  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:35:14.0271 5496  iphlpsvc - ok
15:35:14.0318 5496  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:35:14.0349 5496  IPMIDRV - ok
15:35:14.0380 5496  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:35:14.0411 5496  IPNAT - ok
15:35:14.0442 5496  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:35:14.0458 5496  IRENUM - ok
15:35:14.0474 5496  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:35:14.0489 5496  isapnp - ok
15:35:14.0520 5496  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:35:14.0567 5496  iScsiPrt - ok
15:35:14.0598 5496  [ 858CE8CCD0FA4845AEB1A9C89EC3A0F2 ] JMCR            C:\Windows\system32\DRIVERS\jmcr.sys
15:35:14.0614 5496  JMCR - ok
15:35:14.0645 5496  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
15:35:14.0645 5496  kbdclass - ok
15:35:14.0692 5496  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
15:35:14.0723 5496  kbdhid - ok
15:35:14.0739 5496  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
15:35:14.0754 5496  KeyIso - ok
15:35:14.0786 5496  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:35:14.0786 5496  KSecDD - ok
15:35:14.0817 5496  [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:35:14.0832 5496  KSecPkg - ok
15:35:14.0864 5496  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:35:14.0926 5496  KtmRm - ok
15:35:14.0957 5496  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\System32\srvsvc.dll
15:35:15.0004 5496  LanmanServer - ok
15:35:15.0020 5496  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:35:15.0082 5496  LanmanWorkstation - ok
15:35:15.0129 5496  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:35:15.0160 5496  lltdio - ok
15:35:15.0176 5496  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:35:15.0222 5496  lltdsvc - ok
15:35:15.0238 5496  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:35:15.0269 5496  lmhosts - ok
15:35:15.0300 5496  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:35:15.0347 5496  LSI_FC - ok
15:35:15.0347 5496  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
15:35:15.0363 5496  LSI_SAS - ok
15:35:15.0378 5496  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:35:15.0378 5496  LSI_SAS2 - ok
15:35:15.0410 5496  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:35:15.0425 5496  LSI_SCSI - ok
15:35:15.0441 5496  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
15:35:15.0472 5496  luafv - ok
15:35:15.0519 5496  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:35:15.0534 5496  Mcx2Svc - ok
15:35:15.0550 5496  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
15:35:15.0550 5496  megasas - ok
15:35:15.0597 5496  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:35:15.0628 5496  MegaSR - ok
15:35:15.0675 5496  [ 71C6748EE8DE938532057EF10B4B7E44 ] Micro Star SCM  C:\Program Files\System Control Manager\MSIService.exe
15:35:15.0706 5496  Micro Star SCM ( UnsignedFile.Multi.Generic ) - warning
15:35:15.0706 5496  Micro Star SCM - detected UnsignedFile.Multi.Generic (1)
15:35:15.0753 5496  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
15:35:15.0800 5496  MMCSS - ok
15:35:15.0831 5496  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
15:35:15.0862 5496  Modem - ok
15:35:15.0893 5496  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:35:15.0909 5496  monitor - ok
15:35:15.0956 5496  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:35:15.0987 5496  mouclass - ok
15:35:16.0018 5496  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:35:16.0049 5496  mouhid - ok
15:35:16.0080 5496  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:35:16.0096 5496  mountmgr - ok
15:35:16.0127 5496  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:35:16.0143 5496  mpio - ok
15:35:16.0174 5496  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:35:16.0236 5496  mpsdrv - ok
15:35:16.0268 5496  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:35:16.0346 5496  MpsSvc - ok
15:35:16.0377 5496  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:35:16.0408 5496  MRxDAV - ok
15:35:16.0455 5496  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:35:16.0502 5496  mrxsmb - ok
15:35:16.0533 5496  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:35:16.0564 5496  mrxsmb10 - ok
15:35:16.0580 5496  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:35:16.0595 5496  mrxsmb20 - ok
15:35:16.0642 5496  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
15:35:16.0658 5496  msahci - ok
15:35:16.0689 5496  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:35:16.0704 5496  msdsm - ok
15:35:16.0720 5496  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
15:35:16.0751 5496  MSDTC - ok
15:35:16.0782 5496  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:35:16.0814 5496  Msfs - ok
15:35:16.0829 5496  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:35:16.0876 5496  mshidkmdf - ok
15:35:16.0907 5496  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:35:16.0923 5496  msisadrv - ok
15:35:16.0954 5496  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:35:16.0985 5496  MSiSCSI - ok
15:35:16.0985 5496  msiserver - ok
15:35:17.0032 5496  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:35:17.0063 5496  MSKSSRV - ok
15:35:17.0063 5496  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:35:17.0110 5496  MSPCLOCK - ok
15:35:17.0126 5496  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:35:17.0204 5496  MSPQM - ok
15:35:17.0235 5496  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:35:17.0250 5496  MsRPC - ok
15:35:17.0282 5496  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:35:17.0313 5496  mssmbios - ok
15:35:17.0360 5496  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:35:17.0375 5496  MSTEE - ok
15:35:17.0406 5496  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:35:17.0422 5496  MTConfig - ok
15:35:17.0438 5496  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:35:17.0453 5496  Mup - ok
15:35:17.0500 5496  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
15:35:17.0531 5496  napagent - ok
15:35:17.0562 5496  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:35:17.0578 5496  NativeWifiP - ok
15:35:17.0625 5496  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:35:17.0672 5496  NDIS - ok
15:35:17.0703 5496  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:35:17.0734 5496  NdisCap - ok
15:35:17.0750 5496  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:35:17.0796 5496  NdisTapi - ok
15:35:17.0828 5496  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:35:17.0906 5496  Ndisuio - ok
15:35:17.0937 5496  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:35:17.0968 5496  NdisWan - ok
15:35:17.0984 5496  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:35:18.0015 5496  NDProxy - ok
15:35:18.0062 5496  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:35:18.0124 5496  NetBIOS - ok
15:35:18.0155 5496  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:35:18.0233 5496  NetBT - ok
15:35:18.0249 5496  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
15:35:18.0264 5496  Netlogon - ok
15:35:18.0296 5496  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
15:35:18.0342 5496  Netman - ok
15:35:18.0358 5496  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
15:35:18.0405 5496  netprofm - ok
15:35:18.0436 5496  [ 76B1157EF850830C5ECE61D3E591CA8B ] netr73          C:\Windows\system32\DRIVERS\netr73.sys
15:35:18.0467 5496  netr73 - ok
15:35:18.0498 5496  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:35:18.0514 5496  NetTcpPortSharing - ok
15:35:18.0545 5496  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
15:35:18.0561 5496  nfrd960 - ok
15:35:18.0592 5496  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:35:18.0623 5496  NlaSvc - ok
15:35:18.0670 5496  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:35:18.0701 5496  Npfs - ok
15:35:18.0732 5496  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
15:35:18.0764 5496  nsi - ok
15:35:18.0764 5496  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:35:18.0795 5496  nsiproxy - ok
15:35:18.0842 5496  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:35:18.0888 5496  Ntfs - ok
15:35:18.0904 5496  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
15:35:18.0935 5496  Null - ok
15:35:18.0966 5496  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:35:18.0982 5496  nvraid - ok
15:35:18.0998 5496  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:35:19.0013 5496  nvstor - ok
15:35:19.0044 5496  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:35:19.0060 5496  nv_agp - ok
15:35:19.0076 5496  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:35:19.0122 5496  ohci1394 - ok
15:35:19.0232 5496  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:35:19.0263 5496  ose - ok
15:35:19.0403 5496  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:35:19.0544 5496  osppsvc - ok
15:35:19.0575 5496  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:35:19.0622 5496  p2pimsvc - ok
15:35:19.0668 5496  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:35:19.0700 5496  p2psvc - ok
15:35:19.0715 5496  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:35:19.0746 5496  Parport - ok
15:35:19.0762 5496  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:35:19.0778 5496  partmgr - ok
15:35:19.0809 5496  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
15:35:19.0824 5496  Parvdm - ok
15:35:19.0840 5496  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:35:19.0856 5496  PcaSvc - ok
15:35:19.0871 5496  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
15:35:19.0887 5496  pci - ok
15:35:19.0918 5496  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
15:35:19.0934 5496  pciide - ok
15:35:19.0949 5496  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:35:19.0980 5496  pcmcia - ok
15:35:19.0996 5496  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
15:35:20.0012 5496  pcw - ok
15:35:20.0043 5496  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:35:20.0090 5496  PEAUTH - ok
15:35:20.0324 5496  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
15:35:20.0417 5496  pla - ok
15:35:20.0448 5496  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:35:20.0480 5496  PlugPlay - ok
15:35:20.0495 5496  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:35:20.0526 5496  PNRPAutoReg - ok
15:35:20.0558 5496  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:35:20.0573 5496  PNRPsvc - ok
15:35:20.0604 5496  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:35:20.0636 5496  PolicyAgent - ok
15:35:20.0667 5496  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
15:35:20.0698 5496  Power - ok
15:35:20.0729 5496  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:35:20.0760 5496  PptpMiniport - ok
15:35:20.0776 5496  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
15:35:20.0792 5496  Processor - ok
15:35:20.0823 5496  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
15:35:20.0885 5496  ProfSvc - ok
15:35:20.0901 5496  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:35:20.0916 5496  ProtectedStorage - ok
15:35:20.0948 5496  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:35:20.0963 5496  Psched - ok
15:35:21.0010 5496  [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI             C:\Windows\system32\DRIVERS\psi_mf.sys
15:35:21.0026 5496  PSI - ok
15:35:21.0041 5496  [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2       c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
15:35:21.0057 5496  PSI_SVC_2 - ok
15:35:21.0104 5496  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:35:21.0150 5496  ql2300 - ok
15:35:21.0166 5496  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:35:21.0182 5496  ql40xx - ok
15:35:21.0213 5496  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
15:35:21.0228 5496  QWAVE - ok
15:35:21.0260 5496  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:35:21.0275 5496  QWAVEdrv - ok
15:35:21.0291 5496  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:35:21.0338 5496  RasAcd - ok
15:35:21.0369 5496  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:35:21.0400 5496  RasAgileVpn - ok
15:35:21.0431 5496  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
15:35:21.0478 5496  RasAuto - ok
15:35:21.0494 5496  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:35:21.0540 5496  Rasl2tp - ok
15:35:21.0572 5496  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
15:35:21.0618 5496  RasMan - ok
15:35:21.0634 5496  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:35:21.0665 5496  RasPppoe - ok
15:35:21.0681 5496  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:35:21.0743 5496  RasSstp - ok
15:35:21.0774 5496  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:35:21.0821 5496  rdbss - ok
15:35:21.0837 5496  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:35:21.0852 5496  rdpbus - ok
15:35:21.0884 5496  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:35:21.0915 5496  RDPCDD - ok
15:35:21.0962 5496  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:35:22.0024 5496  RDPENCDD - ok
15:35:22.0040 5496  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:35:22.0055 5496  RDPREFMP - ok
15:35:22.0118 5496  [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:35:22.0164 5496  RdpVideoMiniport - ok
15:35:22.0196 5496  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:35:22.0242 5496  RDPWD - ok
15:35:22.0289 5496  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:35:22.0320 5496  rdyboost - ok
15:35:22.0352 5496  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:35:22.0383 5496  RemoteAccess - ok
15:35:22.0414 5496  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:35:22.0445 5496  RemoteRegistry - ok
15:35:22.0461 5496  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:35:22.0508 5496  RpcEptMapper - ok
15:35:22.0523 5496  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
15:35:22.0554 5496  RpcLocator - ok
15:35:22.0570 5496  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
15:35:22.0601 5496  RpcSs - ok
15:35:22.0648 5496  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:35:22.0679 5496  rspndr - ok
15:35:22.0710 5496  [ E38B785802C666782D2880738D01AC10 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys
15:35:22.0726 5496  RTHDMIAzAudService - ok
15:35:22.0773 5496  [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
15:35:22.0788 5496  RTL8167 - ok
15:35:22.0835 5496  [ B5E9979FBB26FC059BD87A81F763D5DA ] rtl8192se       C:\Windows\system32\DRIVERS\rtl8192se.sys
15:35:22.0866 5496  rtl8192se - ok
15:35:22.0882 5496  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
15:35:22.0898 5496  SamSs - ok
15:35:22.0929 5496  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:35:22.0944 5496  sbp2port - ok
15:35:22.0976 5496  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:35:23.0007 5496  SCardSvr - ok
15:35:23.0007 5496  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:35:23.0038 5496  scfilter - ok
15:35:23.0085 5496  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
15:35:23.0147 5496  Schedule - ok
15:35:23.0163 5496  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:35:23.0194 5496  SCPolicySvc - ok
15:35:23.0241 5496  [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus           C:\Windows\system32\drivers\sdbus.sys
15:35:23.0288 5496  sdbus - ok
15:35:23.0334 5496  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:35:23.0366 5496  SDRSVC - ok
15:35:23.0397 5496  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:35:23.0444 5496  secdrv - ok
15:35:23.0490 5496  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
15:35:23.0584 5496  seclogon - ok
15:35:23.0693 5496  [ 5B66DB4877BBAC9F7493AA8D84421E49 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
15:35:23.0740 5496  Secunia PSI Agent - ok
15:35:23.0771 5496  [ 0E88FDF474F2CDD370A4A6CE77D018F0 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
15:35:23.0787 5496  Secunia Update Agent - ok
15:35:23.0802 5496  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\system32\sens.dll
15:35:23.0849 5496  SENS - ok
15:35:23.0849 5496  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:35:23.0880 5496  SensrSvc - ok
15:35:23.0896 5496  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:35:23.0912 5496  Serenum - ok
15:35:23.0927 5496  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:35:23.0958 5496  Serial - ok
15:35:23.0974 5496  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:35:24.0005 5496  sermouse - ok
15:35:24.0036 5496  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:35:24.0068 5496  SessionEnv - ok
15:35:24.0114 5496  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:35:24.0130 5496  sffdisk - ok
15:35:24.0130 5496  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:35:24.0192 5496  sffp_mmc - ok
15:35:24.0224 5496  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:35:24.0239 5496  sffp_sd - ok
15:35:24.0270 5496  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
15:35:24.0286 5496  sfloppy - ok
15:35:24.0333 5496  [ D9B734638DD8DBA9D59AAD3189CD0FAD ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
15:35:24.0364 5496  Sftfs - ok
15:35:24.0442 5496  [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist         C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
15:35:24.0473 5496  sftlist - ok
15:35:24.0520 5496  [ 2F61BD46C0BFF4EB36E1E359CA17BFC5 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
15:35:24.0536 5496  Sftplay - ok
15:35:24.0567 5496  [ 518BAC0179F94304F422696B47C0EC12 ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
15:35:24.0582 5496  Sftredir - ok
15:35:24.0598 5496  [ 747325236D88B3F05FFD27FF9EC711C5 ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
15:35:24.0598 5496  Sftvol - ok
15:35:24.0645 5496  [ A5812F0281CA5081BF696626F9BF324D ] sftvsa          C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
15:35:24.0676 5496  sftvsa - ok
15:35:24.0707 5496  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:35:24.0785 5496  SharedAccess - ok
15:35:24.0816 5496  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:35:24.0894 5496  ShellHWDetection - ok
15:35:24.0941 5496  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
15:35:24.0941 5496  sisagp - ok
15:35:24.0972 5496  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:35:24.0988 5496  SiSRaid2 - ok
15:35:25.0019 5496  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:35:25.0019 5496  SiSRaid4 - ok
15:35:25.0066 5496  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:35:25.0113 5496  Smb - ok
15:35:25.0144 5496  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:35:25.0160 5496  SNMPTRAP - ok
15:35:25.0175 5496  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:35:25.0175 5496  spldr - ok
15:35:25.0238 5496  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
15:35:25.0269 5496  Spooler - ok
15:35:25.0378 5496  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
15:35:25.0503 5496  sppsvc - ok
15:35:25.0534 5496  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:35:25.0581 5496  sppuinotify - ok
15:35:25.0612 5496  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:35:25.0643 5496  srv - ok
15:35:25.0674 5496  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:35:25.0706 5496  srv2 - ok
15:35:25.0737 5496  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:35:25.0784 5496  srvnet - ok
15:35:25.0830 5496  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:35:25.0877 5496  SSDPSRV - ok
15:35:25.0908 5496  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
15:35:25.0924 5496  ssmdrv - ok
15:35:25.0940 5496  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:35:25.0971 5496  SstpSvc - ok
15:35:26.0002 5496  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:35:26.0018 5496  stexstor - ok
15:35:26.0064 5496  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
15:35:26.0096 5496  StiSvc - ok
15:35:26.0127 5496  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:35:26.0142 5496  swenum - ok
15:35:26.0174 5496  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
15:35:26.0205 5496  swprv - ok
15:35:26.0252 5496  [ D7DC30B8B41E7A913C3FCCC0631E72EC ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
15:35:26.0267 5496  SynTP - ok
15:35:26.0345 5496  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
15:35:26.0376 5496  SysMain - ok
15:35:26.0439 5496  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:35:26.0486 5496  TabletInputService - ok
15:35:26.0517 5496  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:35:26.0548 5496  TapiSrv - ok
15:35:26.0579 5496  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
15:35:26.0610 5496  TBS - ok
15:35:26.0673 5496  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:35:26.0720 5496  Tcpip - ok
15:35:26.0751 5496  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:35:26.0782 5496  TCPIP6 - ok
15:35:26.0829 5496  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:35:26.0860 5496  tcpipreg - ok
15:35:26.0907 5496  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:35:26.0938 5496  TDPIPE - ok
15:35:26.0969 5496  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:35:27.0000 5496  TDTCP - ok
15:35:27.0016 5496  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:35:27.0063 5496  tdx - ok
15:35:27.0094 5496  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:35:27.0094 5496  TermDD - ok
15:35:27.0141 5496  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
15:35:27.0219 5496  TermService - ok
15:35:27.0250 5496  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
15:35:27.0281 5496  Themes - ok
15:35:27.0297 5496  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
15:35:27.0328 5496  THREADORDER - ok
15:35:27.0328 5496  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
15:35:27.0375 5496  TrkWks - ok
15:35:27.0437 5496  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:35:27.0515 5496  TrustedInstaller - ok
15:35:27.0546 5496  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:35:27.0578 5496  tssecsrv - ok
15:35:27.0593 5496  [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:35:27.0624 5496  TsUsbFlt - ok
15:35:27.0687 5496  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:35:27.0765 5496  tunnel - ok
15:35:27.0780 5496  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:35:27.0796 5496  uagp35 - ok
15:35:27.0827 5496  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:35:27.0858 5496  udfs - ok
15:35:27.0905 5496  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:35:27.0921 5496  UI0Detect - ok
15:35:27.0968 5496  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:35:27.0968 5496  uliagpkx - ok
15:35:27.0999 5496  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
15:35:28.0014 5496  umbus - ok
15:35:28.0046 5496  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:35:28.0061 5496  UmPass - ok
15:35:28.0092 5496  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
15:35:28.0139 5496  upnphost - ok
15:35:28.0155 5496  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:35:28.0186 5496  usbccgp - ok
15:35:28.0217 5496  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:35:28.0264 5496  usbcir - ok
15:35:28.0295 5496  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:35:28.0311 5496  usbehci - ok
15:35:28.0358 5496  [ FB0E8B624D1F7E214EDB3D6E56B4EC88 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
15:35:28.0358 5496  usbfilter - ok
15:35:28.0389 5496  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:35:28.0436 5496  usbhub - ok
15:35:28.0451 5496  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
15:35:28.0482 5496  usbohci - ok
15:35:28.0514 5496  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:35:28.0529 5496  usbprint - ok
15:35:28.0545 5496  [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:35:28.0576 5496  USBSTOR - ok
15:35:28.0607 5496  [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
15:35:28.0654 5496  usbuhci - ok
15:35:28.0716 5496  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
15:35:28.0763 5496  usbvideo - ok
15:35:28.0794 5496  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
15:35:28.0857 5496  UxSms - ok
15:35:28.0872 5496  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
15:35:28.0888 5496  VaultSvc - ok
15:35:28.0904 5496  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:35:28.0919 5496  vdrvroot - ok
15:35:28.0966 5496  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
15:35:29.0013 5496  vds - ok
15:35:29.0028 5496  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:35:29.0060 5496  vga - ok
15:35:29.0075 5496  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:35:29.0106 5496  VgaSave - ok
15:35:29.0138 5496  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:35:29.0184 5496  vhdmp - ok
15:35:29.0200 5496  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
15:35:29.0216 5496  viaagp - ok
15:35:29.0231 5496  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
15:35:29.0247 5496  ViaC7 - ok
15:35:29.0262 5496  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
15:35:29.0278 5496  viaide - ok
15:35:29.0294 5496  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:35:29.0309 5496  volmgr - ok
15:35:29.0340 5496  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:35:29.0356 5496  volmgrx - ok
15:35:29.0372 5496  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:35:29.0387 5496  volsnap - ok
15:35:29.0403 5496  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
15:35:29.0418 5496  vsmraid - ok
15:35:29.0450 5496  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
15:35:29.0512 5496  VSS - ok
15:35:29.0528 5496  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:35:29.0559 5496  vwifibus - ok
15:35:29.0559 5496  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:35:29.0590 5496  vwififlt - ok
15:35:29.0621 5496  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
15:35:29.0668 5496  W32Time - ok
15:35:29.0684 5496  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:35:29.0715 5496  WacomPen - ok
15:35:29.0762 5496  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:35:29.0777 5496  WANARP - ok
15:35:29.0793 5496  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:35:29.0808 5496  Wanarpv6 - ok
15:35:29.0840 5496  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
15:35:29.0871 5496  wbengine - ok
15:35:29.0902 5496  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:35:29.0949 5496  WbioSrvc - ok
15:35:29.0980 5496  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:35:30.0011 5496  wcncsvc - ok
15:35:30.0027 5496  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:35:30.0042 5496  WcsPlugInService - ok
15:35:30.0058 5496  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:35:30.0058 5496  Wd - ok
15:35:30.0105 5496  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:35:30.0152 5496  Wdf01000 - ok
15:35:30.0167 5496  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:35:30.0183 5496  WdiServiceHost - ok
15:35:30.0183 5496  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:35:30.0198 5496  WdiSystemHost - ok
15:35:30.0230 5496  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
15:35:30.0261 5496  WebClient - ok
15:35:30.0292 5496  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:35:30.0323 5496  Wecsvc - ok
15:35:30.0339 5496  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:35:30.0386 5496  wercplsupport - ok
15:35:30.0401 5496  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:35:30.0432 5496  WerSvc - ok
15:35:30.0464 5496  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:35:30.0495 5496  WfpLwf - ok
15:35:30.0510 5496  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:35:30.0510 5496  WIMMount - ok
15:35:30.0573 5496  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
15:35:30.0635 5496  WinDefend - ok
15:35:30.0651 5496  WinHttpAutoProxySvc - ok
15:35:30.0713 5496  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:35:30.0776 5496  Winmgmt - ok
15:35:30.0822 5496  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
15:35:30.0885 5496  WinRM - ok
15:35:30.0916 5496  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:35:30.0963 5496  WinUsb - ok
15:35:31.0010 5496  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:35:31.0041 5496  Wlansvc - ok
15:35:31.0103 5496  [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:35:31.0134 5496  wlcrasvc - ok
15:35:31.0181 5496  [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:35:31.0228 5496  wlidsvc - ok
15:35:31.0259 5496  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:35:31.0290 5496  WmiAcpi - ok
15:35:31.0322 5496  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:35:31.0353 5496  wmiApSrv - ok
15:35:31.0446 5496  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
15:35:31.0493 5496  WMPNetworkSvc - ok
15:35:31.0524 5496  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:35:31.0571 5496  WPCSvc - ok
15:35:31.0587 5496  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:35:31.0634 5496  WPDBusEnum - ok
15:35:31.0665 5496  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:35:31.0727 5496  ws2ifsl - ok
15:35:31.0743 5496  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\system32\wscsvc.dll
15:35:31.0774 5496  wscsvc - ok
15:35:31.0790 5496  WSearch - ok
15:35:31.0852 5496  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
15:35:31.0899 5496  wuauserv - ok
15:35:31.0930 5496  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:35:31.0946 5496  WudfPf - ok
15:35:31.0977 5496  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:35:31.0992 5496  WUDFRd - ok
15:35:32.0008 5496  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:35:32.0024 5496  wudfsvc - ok
15:35:32.0055 5496  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:35:32.0117 5496  WwanSvc - ok
15:35:32.0148 5496  ================ Scan global ===============================
15:35:32.0180 5496  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
15:35:32.0195 5496  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
15:35:32.0211 5496  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
15:35:32.0226 5496  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
15:35:32.0258 5496  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
15:35:32.0258 5496  [Global] - ok
15:35:32.0258 5496  ================ Scan MBR ==================================
15:35:32.0273 5496  [ 8A1C59E4DFEF87510470928550466632 ] \Device\Harddisk0\DR0
15:35:35.0346 5496  \Device\Harddisk0\DR0 - ok
15:35:35.0346 5496  ================ Scan VBR ==================================
15:35:35.0346 5496  [ 1732D7A3140A25274C725C9A24E4274D ] \Device\Harddisk0\DR0\Partition1
15:35:35.0346 5496  \Device\Harddisk0\DR0\Partition1 - ok
15:35:35.0378 5496  [ E5C1FF61EC9401CD73CD28840071555E ] \Device\Harddisk0\DR0\Partition2
15:35:35.0378 5496  \Device\Harddisk0\DR0\Partition2 - ok
15:35:35.0409 5496  [ 7656470482D2836BB1FEC5DECAF408DC ] \Device\Harddisk0\DR0\Partition3
15:35:35.0409 5496  \Device\Harddisk0\DR0\Partition3 - ok
15:35:35.0409 5496  ============================================================
15:35:35.0409 5496  Scan finished
15:35:35.0409 5496  ============================================================
15:35:35.0424 5084  Detected object count: 1
15:35:35.0424 5084  Actual detected object count: 1
15:35:43.0802 5084  Micro Star SCM ( UnsignedFile.Multi.Generic ) - skipped by user
15:35:43.0802 5084  Micro Star SCM ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 28.02.2013, 15:39

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Bene4 · 01.03.2013, 12:51

Combofix Logfile:

Code:

ATTFilter

ComboFix 13-02-26.01 - Jana 01.03.2013  12:29:39.2.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3071.1846 [GMT 1:00]
ausgeführt von:: c:\users\Jana\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-01 bis 2013-03-01  ))))))))))))))))))))))))))))))
.
.
2013-03-01 11:38 . 2013-03-01 11:38	--------	d-----w-	c:\users\Public\AppData\Local\temp
2013-03-01 11:38 . 2013-03-01 11:38	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-01 11:26 . 2013-02-08 00:45	6954968	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{8EE9E89F-DEA1-45E2-A785-A4FA7906650C}\mpengine.dll
2013-02-26 21:32 . 2013-02-26 21:32	--------	d-----w-	c:\program files\7-Zip
2013-02-26 18:00 . 2013-02-28 12:33	--------	d-----w-	c:\users\Jana\AppData\Roaming\Goqyag
2013-02-26 18:00 . 2013-02-27 11:06	--------	d-----w-	c:\users\Jana\AppData\Roaming\Lixax
2013-02-26 18:00 . 2013-02-26 18:00	--------	d-----w-	c:\users\Jana\AppData\Roaming\Talex
2013-02-26 18:00 . 2013-02-27 13:04	--------	d-----w-	c:\users\Jana\Rrdpnflpe
2013-02-20 14:21 . 2013-01-04 03:00	2347008	----a-w-	c:\windows\system32\win32k.sys
2013-02-20 14:21 . 2013-01-03 05:05	1293672	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-20 14:21 . 2013-01-03 05:04	187752	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-20 14:21 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-02-20 14:21 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-20 14:21 . 2013-01-04 04:50	169984	----a-w-	c:\windows\system32\winsrv.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 19:06 . 2012-05-23 19:39	691568	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-02-27 19:06 . 2011-12-29 12:15	71024	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-26 18:07 . 2013-01-26 18:07	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-01-26 18:07 . 2012-12-13 10:29	859552	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-01-26 18:07 . 2010-10-26 12:59	780192	----a-w-	c:\windows\system32\deployJava1.dll
2013-01-17 00:28 . 2010-10-26 12:21	232336	------w-	c:\windows\system32\MpSigStub.exe
2012-12-16 14:13 . 2012-12-20 19:51	295424	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-20 19:51	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-14 15:49 . 2012-12-14 08:16	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-07 12:26 . 2013-01-15 18:17	308736	----a-w-	c:\windows\system32\Wpc.dll
2012-12-07 12:20 . 2013-01-15 18:17	2576384	----a-w-	c:\windows\system32\gameux.dll
2012-12-07 10:46 . 2013-01-15 18:17	43520	----a-w-	c:\windows\system32\csrr.rs
2012-12-07 10:46 . 2013-01-15 18:17	30720	----a-w-	c:\windows\system32\usk.rs
2012-12-07 10:46 . 2013-01-15 18:17	45568	----a-w-	c:\windows\system32\oflc-nz.rs
2012-12-07 10:46 . 2013-01-15 18:17	44544	----a-w-	c:\windows\system32\pegibbfc.rs
2012-12-07 10:46 . 2013-01-15 18:17	20480	----a-w-	c:\windows\system32\pegi-pt.rs
2012-12-07 10:46 . 2013-01-15 18:17	23552	----a-w-	c:\windows\system32\oflc.rs
2012-12-07 10:46 . 2013-01-15 18:17	20480	----a-w-	c:\windows\system32\pegi-fi.rs
2012-12-07 10:46 . 2013-01-15 18:17	46592	----a-w-	c:\windows\system32\fpb.rs
2012-12-07 10:46 . 2013-01-15 18:17	20480	----a-w-	c:\windows\system32\pegi.rs
2012-12-07 10:46 . 2013-01-15 18:17	21504	----a-w-	c:\windows\system32\grb.rs
2012-12-07 10:46 . 2013-01-15 18:17	40960	----a-w-	c:\windows\system32\cob-au.rs
2012-12-07 10:46 . 2013-01-15 18:17	15360	----a-w-	c:\windows\system32\djctq.rs
2012-12-07 10:46 . 2013-01-15 18:17	55296	----a-w-	c:\windows\system32\cero.rs
2012-12-07 10:46 . 2013-01-15 18:17	51712	----a-w-	c:\windows\system32\esrb.rs
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-30 102400]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-22 1725736]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2010-07-19 2482176]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-08 9267816]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-06-08 1481320]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-12 348664]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSpeedUp]
2011-10-09 10:49	2389	----a-w-	c:\program files\PC Beschleunigen\PCSpeedUp.lnk
.
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 netr73;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr73.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
GPSvcGroup	REG_MULTI_SZ   	GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-04 20:13	1607120	----a-w-	c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-13 19:06]
.
2013-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-16 19:26]
.
2013-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-16 19:26]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-01  12:47:25
ComboFix-quarantined-files.txt  2013-03-01 11:47
ComboFix2.txt  2012-12-16 20:17
.
Vor Suchlauf: 7 Verzeichnis(se), 370.804.613.120 Bytes frei
Nach Suchlauf: 8 Verzeichnis(se), 371.215.388.672 Bytes frei
.
- - End Of File - - B28CCDE220152C8E39DCDAA9C9153095

--- --- ---

cosinus · 01.03.2013, 15:23

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

Bene4 · 01.03.2013, 16:13

JRT Logfile:

Code:

ATTFilter

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.6 (02.27.2013:1)
OS: Windows 7 Home Premium x86
Ran by Jana on 01.03.2013 at 16:09:41,67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.03.2013 at 16:12:20,60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--- --- ---

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v2.113 - Datei am 01/03/2013 um 16:14:37 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Jana - JANA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Jana\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\CToolbar_RASMANCS

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v24.0.1312.57

Datei : C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [2053 octets] - [16/12/2012 22:47:32]
AdwCleaner[S1].txt - [1746 octets] - [17/12/2012 11:53:41]
AdwCleaner[S2].txt - [1284 octets] - [01/03/2013 16:14:37]

########## EOF - C:\AdwCleaner[S2].txt - [1344 octets] ##########

--- --- ---

cosinus · 01.03.2013, 16:22

Was ist mit OTL?

Bene4 · 01.03.2013, 16:26

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 01.03.2013 16:19:47 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jana\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 66,47% Memory free
6,00 Gb Paging File | 4,88 Gb Available in Paging File | 81,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 424,66 Gb Total Space | 345,54 Gb Free Space | 81,37% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 30,87 Gb Free Space | 77,19% Space Free | Partition Type: NTFS
 
Computer Name: JANA-PC | User Name: Jana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jana\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Programme\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
PRC - C:\Programme\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)
PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3863.37734__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3863.37611__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3863.37668__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3863.37632__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Dashboard\2.0.3863.37736__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3863.37702__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Dashboard\2.0.3863.37712__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3863.37669__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3863.37683__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3863.37619__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3863.37663__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3863.37704__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3863.37668__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossFireX.Graphics.Dashboard\2.0.3863.37728__90ba9c70f846762e\CLI.Aspect.CrossFireX.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3863.37653__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3863.37701__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3863.37626__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Runtime\2.0.3863.37712__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3863.37620__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Runtime\2.0.3863.37736__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3863.37734__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3863.37730__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3863.37656__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3863.37633__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3863.37677__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3863.37654__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3863.37650__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3863.37662__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3863.37636__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3863.37632__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3863.37655__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3863.37660__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3863.37654__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3863.37655__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3863.37660__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3863.37636__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3863.37662__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3863.37600__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3863.37602__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3863.37605__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3863.37602__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3863.37606__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3863.37701__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3863.37604__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3863.37708__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3863.37610__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3863.37606__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3863.37604__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3863.37601__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3863.37646__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3863.37683__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3863.37668__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3863.37629__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3863.37654__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3863.37620__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3863.37702__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3863.37663__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3863.37620__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3863.37697__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3863.37677__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3863.37620__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3863.37629__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3863.37603__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3863.37660__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3863.37603__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3863.37610__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3863.37602__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0702\2.0.2594.25693__90ba9c70f846762e\DEM.Graphics.I0702.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3863.37626__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3863.37619__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.3863.37677__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3863.37703__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3863.37602__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3863.37610__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3863.37606__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3863.37605__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3863.37616__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3863.37728__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3863.37692__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3863.37625__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3863.37697__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3863.37695__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3863.37608__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3863.37609__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3863.37605__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3863.37709__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3863.37605__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3863.37614__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3863.37603__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3863.37604__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3863.37697__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3863.37625__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3863.37615__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3863.37631__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3863.37608__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3863.37606__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3863.37608__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3863.37607__90ba9c70f846762e\AEM.Server.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (cvhsvc) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
SRV - (Secunia PSI Agent) -- C:\Programme\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Programme\Secunia\PSI\sua.exe (Secunia)
SRV - (sftvsa) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Micro Star SCM) -- C:\Programme\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)
SRV - (PSI_SVC_2) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\Jana\AppData\Local\Temp\catchme.sys File not found
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (ATI Technologies, Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                           )
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-708478002-281803654-409329748-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-708478002-281803654-409329748-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-708478002-281803654-409329748-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-708478002-281803654-409329748-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-708478002-281803654-409329748-1000\..\SearchScopes\{3B46B3D6-FE7D-43E6-8A6C-19F97C43CA37}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393DE411
IE - HKU\S-1-5-21-708478002-281803654-409329748-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-708478002-281803654-409329748-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNA&bmod=MDNA
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNA&bmod=MDNA
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AdBlock = C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.60_0\
CHR - Extension: Ghostery = C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.0_0\
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-708478002-281803654-409329748-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-708478002-281803654-409329748-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{135951BA-ECD3-423F-BA85-ACB7B4E98D4E}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.01 16:09:39 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.01 16:09:31 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.01 16:08:44 | 000,547,491 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Jana\Desktop\JRT (1).exe
[2013.03.01 12:47:41 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.03.01 12:46:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.01 12:25:32 | 005,036,023 | R--- | C] (Swearware) -- C:\Users\Jana\Desktop\ComboFix.exe
[2013.02.28 15:33:11 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jana\Desktop\tdsskiller.exe
[2013.02.28 15:11:18 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Jana\Desktop\aswMBR.exe
[2013.02.28 13:13:14 | 000,000,000 | ---D | C] -- C:\Users\Jana\Desktop\mbar-1.01.0.1020
[2013.02.27 20:02:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jana\Desktop\OTL.exe
[2013.02.27 14:28:24 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013.02.27 14:28:24 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Local\Programs
[2013.02.27 14:28:17 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013.02.27 14:28:11 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.27 14:28:11 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.27 14:28:11 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.27 14:28:10 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013.02.27 14:28:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.27 14:28:09 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013.02.27 14:28:09 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013.02.27 14:28:09 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013.02.27 14:28:09 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.27 14:28:09 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.27 14:28:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.27 14:28:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.27 14:28:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.27 14:28:08 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013.02.27 14:28:08 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.02.27 14:28:08 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013.02.27 14:28:08 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013.02.27 14:28:08 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013.02.27 14:28:08 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013.02.27 14:28:08 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013.02.27 14:28:08 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013.02.27 14:28:08 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013.02.27 14:28:07 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013.02.26 22:32:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.02.26 22:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.02.26 19:00:55 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Roaming\Talex
[2013.02.26 19:00:55 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Roaming\Lixax
[2013.02.26 19:00:55 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Roaming\Goqyag
[2013.02.26 19:00:00 | 000,000,000 | ---D | C] -- C:\Users\Jana\Rrdpnflpe
[2013.02.20 15:46:36 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.02.20 15:46:35 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.02.20 15:46:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.02.20 15:46:35 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.02.20 15:46:35 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.02.20 15:46:34 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.02.20 15:46:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.02.20 15:46:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.02.20 15:21:41 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.02.20 15:21:24 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2013.02.20 15:21:16 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.02.20 15:21:15 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.02.20 15:21:11 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.02.09 19:26:11 | 000,000,000 | ---D | C] -- C:\Users\Jana\Desktop\Karneval
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.01 16:16:05 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.01 16:15:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.01 16:15:45 | 2415,316,992 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.01 16:14:00 | 000,594,019 | ---- | M] () -- C:\Users\Jana\Desktop\adwcleaner.exe
[2013.03.01 16:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.01 16:11:34 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.01 16:11:34 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.01 16:08:54 | 000,547,491 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Jana\Desktop\JRT (1).exe
[2013.03.01 12:47:32 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.01 12:26:05 | 005,036,023 | R--- | M] (Swearware) -- C:\Users\Jana\Desktop\ComboFix.exe
[2013.02.28 15:33:21 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jana\Desktop\tdsskiller.exe
[2013.02.28 15:30:45 | 000,000,512 | ---- | M] () -- C:\Users\Jana\Desktop\MBR.dat
[2013.02.28 15:12:41 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Jana\Desktop\aswMBR.exe
[2013.02.28 13:12:57 | 013,711,621 | ---- | M] () -- C:\Users\Jana\Desktop\mbar-1.01.0.1020.zip
[2013.02.28 12:41:10 | 000,377,856 | ---- | M] () -- C:\Users\Jana\Desktop\gmer_2.1.19115.exe
[2013.02.27 20:06:01 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.02.27 20:06:01 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.02.27 20:03:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jana\Desktop\OTL.exe
[2013.02.27 14:21:55 | 000,342,390 | ---- | M] () -- C:\Users\Jana\Desktop\AVSCAN-20130227-121201-4E0FCD56.zip
[2013.02.26 18:00:55 | 000,317,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.20 15:45:02 | 000,654,610 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.20 15:45:02 | 000,616,452 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.20 15:45:02 | 000,130,192 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.20 15:45:02 | 000,106,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2013.03.01 16:13:51 | 000,594,019 | ---- | C] () -- C:\Users\Jana\Desktop\adwcleaner.exe
[2013.02.28 15:30:45 | 000,000,512 | ---- | C] () -- C:\Users\Jana\Desktop\MBR.dat
[2013.02.28 13:12:21 | 013,711,621 | ---- | C] () -- C:\Users\Jana\Desktop\mbar-1.01.0.1020.zip
[2013.02.28 12:41:08 | 000,377,856 | ---- | C] () -- C:\Users\Jana\Desktop\gmer_2.1.19115.exe
[2013.02.27 14:21:55 | 000,342,390 | ---- | C] () -- C:\Users\Jana\Desktop\AVSCAN-20130227-121201-4E0FCD56.zip
[2012.12.16 20:54:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.16 20:54:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.16 20:54:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.16 20:54:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.16 20:54:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.10.09 18:56:42 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.10.09 18:56:42 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.10.01 12:11:34 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.08.10 15:34:14 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Ashampoo
[2011.02.14 13:12:13 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\BullGuard
[2010.12.18 15:37:39 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Canneverbe Limited
[2010.12.18 15:47:03 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\dpdhl.versandhelfer.medionlap.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1
[2013.02.28 13:33:57 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Goqyag
[2013.02.27 12:06:17 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Lixax
[2012.12.09 16:00:58 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\OpenOffice.org
[2011.09.05 19:13:17 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\ProtectDISC
[2012.12.23 15:50:46 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\SoftGrid Client
[2011.02.14 13:12:13 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Software Inspection Library
[2013.02.26 19:00:55 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Talex
[2011.01.09 22:23:54 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\TP
[2010.12.20 23:19:51 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 01.03.2013 16:19:47 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jana\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 66,47% Memory free
6,00 Gb Paging File | 4,88 Gb Available in Paging File | 81,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 424,66 Gb Total Space | 345,54 Gb Free Space | 81,37% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 30,87 Gb Free Space | 77,19% Space Free | Partition Type: NTFS
 
Computer Name: JANA-PC | User Name: Jana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-708478002-281803654-409329748-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D6CE194-0645-4A63-836A-F91A40E390D5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0F7B411E-AC8B-470C-9C6D-48F34F4825E6}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{1CD79DF9-AC8B-4A0D-A297-E92156824FD9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1E1EC31C-EEDC-437D-B506-C16E3823A82A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{351F5236-E872-4D3F-932A-169E2E8586D1}" = rport=138 | protocol=17 | dir=out | app=system | 
"{3FB8ABF8-EC6F-4248-9C62-96B1006A159C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{423F9A24-F8B6-47A9-AFAD-B831C943044A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4914306A-230B-4106-A706-D8CB1DB7A217}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4DF1C278-CC14-4774-9751-7588F05BE392}" = lport=137 | protocol=17 | dir=in | app=system | 
"{50CD42F3-0EF8-4A6B-AE2F-7CA0EFB2D3A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5FCB4CA0-4234-4B05-8D98-451B081C133E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6121F529-688C-41FE-938B-B7550849903D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6143580E-3058-4523-9030-9DDE3802C068}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{68C52244-5C69-4F10-863F-99E97BF3238A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{767B55A6-230D-4A19-88B7-80B33A862EB1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{7B31E753-28D3-4761-9141-C6C05A4CA791}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8241324F-F441-4514-913B-1B67F89FEB61}" = lport=445 | protocol=6 | dir=in | app=system | 
"{947A350F-954F-4265-8CB9-AC957CF06DEE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9BC90078-1291-4C5A-8F01-21A0DDC37774}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AAA383F5-8D1A-457C-8C9F-AF79B7FEFAB9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B2F4212B-43C4-49FA-9520-857BF95F2C3A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B99AE337-76D4-47E9-B11A-F81D6BCB79A3}" = lport=138 | protocol=17 | dir=in | app=system | 
"{CA194E91-D0D0-4297-9525-ADE3BE9B3FB5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{DB0D51F8-0074-466E-90EC-834C47C5CB48}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{DB640436-E021-4F38-A740-AC3D8930CFA9}" = lport=10243 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2770F54A-1E69-423A-BE52-767927465819}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{2DF59073-7682-464C-895D-750B61FC3FDF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{327C36DF-86ED-4644-9DAC-F86264C4A99A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4561DB4B-9A31-4FE9-A835-F355E626F542}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{568D06AE-D575-4AC9-B8E9-684DD6D93E60}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{6B3123D4-784B-485A-B21A-047A26F6F51A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6C059CCA-6CA1-45B9-B5C0-149D4A332E27}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{7025881C-7EF7-4B3C-86B3-2ADE4A707829}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7323CA0E-109D-4FA0-857E-02BCC68464C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{819845A6-F072-4D6C-96AE-D3529B124497}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{91D3F860-D7EE-4C38-B9F0-BA06B91CE6A5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{934E815B-532D-4C81-A9BF-B37005F23E84}" = protocol=6 | dir=out | app=system | 
"{9C2AC083-BDBD-49CC-B63D-0D7B2F8D624D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A43DA7E3-2C8B-4FAA-A9F7-C259338A1081}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C20FF8B2-51E1-49D4-A98D-B904587D085B}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{DAB5A0B8-C46F-4CBC-A02B-8412EA5BD114}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E1B98BA6-2EF8-4765-BA3F-AF966A255251}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E3E4ED30-0E1F-464A-8C64-433EFA0FBF06}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F57CC324-E07C-4632-BC66-D9D260C93BB9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{2AF0DEAA-379F-4831-A89F-8701DDF57CEA}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{85152495-0362-4756-A04D-5E831B38F806}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{9C518A45-73C5-4B07-A373-4BC20D3B40C3}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{9F7BB652-78DA-4E23-A5E9-0E24DFA64541}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{A0D79C77-5BAD-4F05-B533-7810473C0F91}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{FEA133BF-A6AD-427A-AD02-2FCFA0F514A2}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{1E0C7B42-CBC7-46FE-8C81-B38499D7A63D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{2EEAFDFE-82F4-4D09-A1EE-CD5E7082EB9D}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{5DC51E89-5B81-4DCA-8148-CED5B78FE00B}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{5E816D5F-4D0C-4404-A546-F5BCD26547F0}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{5F707049-7EF2-4A80-AD5D-C5D02F665FF4}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{90AF2592-886E-453E-BB7F-BF6CFE7C5C1C}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{040E8987-3C5C-EEE9-7C3C-1A25D5EFE21E}" = Catalyst Control Center Graphics Light
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{12A58E1A-7B5F-6CC8-A299-C9896DCD7982}" = CCC Help Italian
"{142C7D29-6031-806E-C3F5-9053594EF332}" = ATI Catalyst Install Manager
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1BCE0E72-5BE9-150F-04B8-75C1C67E01EB}" = CCC Help Chinese Traditional
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FDDD2DF-4EDD-BDBB-483D-8DBF60DA5BAB}" = CCC Help Finnish
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
"{275C93C7-5FE4-3157-D289-AADD3E973B75}" = CCC Help Korean
"{28C40108-8E43-7BFB-C9DF-06C8E183323A}" = Catalyst Control Center Graphics Previews Common
"{2E03C934-17D0-D1F7-0631-8EB7DDB7B8D5}" = CCC Help Thai
"{2EA73859-A140-04D7-136C-6B29704CC796}" = CCC Help Danish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5E294C-A62C-3459-BAA0-B6AAD8E83460}" = CCC Help Swedish
"{435AD583-AFB5-03A8-7F65-721327D6BB11}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4F007121-E30C-09A3-E548-ED75161611E3}" = CCC Help Greek
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6438EBAC-5305-39A5-A93E-88CDFA6CE947}" = Google Chrome
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{656A4D8E-9DFA-813E-541E-C047B130D58F}" = Catalyst Control Center Core Implementation
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76690645-425D-59BF-6CA7-CBA3D68C159F}" = Catalyst Control Center Localization All
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AF57B88-28DF-D7AA-A9A5-01D535C8023D}" = CCC Help Spanish
"{8B4C0BC1-67A3-6CA9-123B-992DCF14C5AF}" = Catalyst Control Center Graphics Full Existing
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DA00A19-9AB2-2724-36CD-5094EC6F4A45}" = Catalyst Control Center InstallProxy
"{8DBF1BC7-E29D-EF2A-3EAD-98D70C4F6C5B}" = ccc-core-static
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{923D47BD-3BE2-1B83-B9FD-9189FD4474AB}" = CCC Help Dutch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94DCFB3E-015B-C9B4-763B-D07329E89A6D}" = CCC Help Hungarian
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A39B0352-24A9-5D58-E272-91218BC8A51E}" = CCC Help Polish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9139E41-8969-54D1-AF85-D30E8DFF50FE}" = CCC Help Russian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BF3C0386-BADC-F3DF-25A5-435B10852B13}" = CCC Help French
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{CBC9CF44-0F09-42EC-6BB0-44AC5C413BCE}" = CCC Help Turkish
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0A5043-8744-A076-9515-AD6B4421152B}" = Catalyst Control Center Graphics Previews Vista
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{CFA1A443-F2D9-097D-4CE3-D965A2178B32}" = CCC Help Norwegian
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D776CF6B-93A2-DEFC-3B80-431CB59B3E76}" = CCC Help Czech
"{D7E49254-D6DD-0175-7409-F8DC8B5C1749}" = ccc-utility
"{DAAACF3B-7EFF-6A05-E2CF-2581F8B2B1B1}" = CCC Help Chinese Standard
"{DB3E28FF-969F-0C82-8C24-893823FCC203}" = CCC Help Japanese
"{DCE271F2-588E-F0B5-F0BE-7621BBAB1B6A}" = CCC Help German
"{DD70AAF2-66CA-7BDE-CF7D-AA814A8B939E}" = Catalyst Control Center Graphics Full New
"{DE656F94-4E2A-66AA-DEEA-07638647690D}" = CCC Help Portuguese
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"Xvid_is1" = Xvid 1.1.3 final uninstall
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-708478002-281803654-409329748-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
< End of report >

--- --- ---

cosinus · 01.03.2013, 16:29

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
[2013.02.26 19:00:55 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Roaming\Talex
[2013.02.26 19:00:55 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Roaming\Lixax
[2013.02.26 19:00:55 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Roaming\Goqyag
[2013.02.26 19:00:00 | 000,000,000 | ---D | C] -- C:\Users\Jana\Rrdpnflpe
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Bene4 · 01.03.2013, 16:43

Code:

ATTFilter

 All processes killed
========== OTL ==========
C:\Users\Jana\AppData\Roaming\Talex folder moved successfully.
C:\Users\Jana\AppData\Roaming\Lixax folder moved successfully.
C:\Users\Jana\AppData\Roaming\Goqyag folder moved successfully.
C:\Users\Jana\Rrdpnflpe folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Jana\Desktop\cmd.bat deleted successfully.
C:\Users\Jana\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Jana
->Temp folder emptied: 4953194 bytes
->Temporary Internet Files folder emptied: 153681481 bytes
->Java cache emptied: 1 bytes
->Google Chrome cache emptied: 202497038 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2664 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 344,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 03012013_163901

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

01.03.2013, 16:22	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	TR/injector.aop und TR/Symmi.6340.3 gefunden Was ist mit OTL? __________________ Logfiles bitte immer in CODE-Tags posten

TR/injector.aop und TR/Symmi.6340.3 gefunden

Plagegeister aller Art und deren Bekämpfung: TR/injector.aop und TR/Symmi.6340.3 gefunden