MSE findet Java-Expoits und Trojaner Win32/Bublik.I

RobinSword · 05.03.2013, 10:29

Hallo zusammen!

Folgendes ist passiert:
Ich habe gestern Abend Java über das Java Control Panel manuell aktualisiert auf die aktuelle Version 7 Update 17.
Heute Vormittag bin ich in einem Forum gesurft, in dem ich sonst auch immer surfe und bekam plötzlich die Meldung, dass ein Programm namens "Java Security Update 7u17" ausgeführt werden möchte, Herausgeber: Oracle. Eine kurze Google-Suche führte zu dem Ergebnis, dass diese Meldung aufgrund der höheren Java-Sicherheitsstufe erscheint, die mit den letzten Updates aktiviert wurde. Also bestätigte ich die Meldung, da ich davon ausging, dass sich das Java-Plugin nun eben im Browser aktivieren möchte.

Kurze Zeit später poppte dann allerdings plötzlich der MSE hoch und meldete Bedrohungen. Ein Blick in den "Verlauf" zeigte mir, dass neben den Java Exploits "Java/CVE-2012-1723" und "Java/CVE-2013-0422" auch ein "Trojan:Win32/Bublik.I" gefunden wurde. Allerdings wurde alles unter Quarantäne gestellt. Also wohl kein Grund zur Sorge.

Allerdings bat mich der MSE nun auch noch, eine "uzcy.exe" an Microsoft zur weiteren Analyse zu senden. Also hab ich auch das gemacht.

Ich wollte mich schon in Sicherheit wiegen, ganz stolz auf meinen tollen Virenscanner, da sehe ich plötzlich im Task Manager, dass die uzcy.exe ausgeführt wird!!! WAAAAH!!!
Ich schieß diese also sofort ab und komm jetzt zu euch, um das weitere Vorgehen zu besprechen.

Die uzcy.exe liegt übrigens hier: C:\Users\Robert\AppData\Roaming\Etut

Irgendwie ist es schon verrückt: Da will man sein System sicherer machen, indem man Java updated und erreicht irgendwie genau das Gegenteil.

Vielen Dank schon mal.

cosinus · 05.03.2013, 11:58

Hallo,

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Erstmal eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

RobinSword · 05.03.2013, 12:50

OTL.txt

Code:

ATTFilter

OTL logfile created on: 05.03.2013 12:44:18 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Robert\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 6,28 Gb Available Physical Memory | 78,92% Memory free
15,90 Gb Paging File | 14,19 Gb Available in Paging File | 89,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238,37 Gb Total Space | 125,27 Gb Free Space | 52,55% Space Free | Partition Type: NTFS
Drive D: | 1863,01 Gb Total Space | 1738,52 Gb Free Space | 93,32% Space Free | Partition Type: NTFS
Drive E: | 3,19 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ZOCKMASCHINE | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Robert\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd)
PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\6c1f9740c6ada965092d49d95aab2a83\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMgrSvcInt#\32bfd59bc4e2103c2711ad7ef926e64b\IAStorDataMgrSvcInterfaces.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\4e38af2c9e44dfb8cd101420faaf5c21\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ebf949aee7febad1902974b1a2bd77a2\System.ServiceModel.Discovery.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b26c0ed378c4b15c60cef0baada4e0dc\System.ServiceModel.Routing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\800370766976fd4ec232b4e29781717d\System.ServiceModel.Channels.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b15622741724e17f1335c4771c3700a0\System.ServiceModel.Activities.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a0445401f2473a1aa4b66c9c0791c7f6\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\c1b67737c13c99776cde5989ec2885c8\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e7b4706dfe18f29486dbaf5d35e01765\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\SysWOW64\APOMngr.DLL ()
MOD - C:\Windows\SysWOW64\CTXFIGER.DLL ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (lxbk_device) -- C:\Windows\SysNative\lxbkcoms.exe ( )
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Freemake Improver) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake)
SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (lxbk_device) -- C:\Windows\SysWOW64\lxbkcoms.exe ( )
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (LGSHidFilt) -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys (Logitech Inc.)
DRV:64bit: - (LGSUsbFilt) -- C:\Windows\SysNative\drivers\LGSUsbFilt.sys (Logitech Inc.)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1425481659-3590505946-3856770885-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Download
IE - HKU\S-1-5-21-1425481659-3590505946-3856770885-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1425481659-3590505946-3856770885-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1425481659-3590505946-3856770885-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1425481659-3590505946-3856770885-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 73 A6 69 DC 29 9E CD 01  [binary data]
IE - HKU\S-1-5-21-1425481659-3590505946-3856770885-1000\..\SearchScopes,DefaultScope = {7081D295-1D1C-49B6-BB06-B14C64B04022}
IE - HKU\S-1-5-21-1425481659-3590505946-3856770885-1000\..\SearchScopes\{7081D295-1D1C-49B6-BB06-B14C64B04022}: "URL" = hxxp://www.google.com/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-1425481659-3590505946-3856770885-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1425481659-3590505946-3856770885-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-1425481659-3590505946-3856770885-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Download
IE - HKU\S-1-5-21-1425481659-3590505946-3856770885-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1425481659-3590505946-3856770885-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1425481659-3590505946-3856770885-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1425481659-3590505946-3856770885-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 73 A6 69 DC 29 9E CD 01  [binary data]
IE - HKU\S-1-5-21-1425481659-3590505946-3856770885-1001\..\SearchScopes,DefaultScope = {7081D295-1D1C-49B6-BB06-B14C64B04022}
IE - HKU\S-1-5-21-1425481659-3590505946-3856770885-1001\..\SearchScopes\{7081D295-1D1C-49B6-BB06-B14C64B04022}: "URL" = hxxp://www.google.com/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-1425481659-3590505946-3856770885-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2013.02.05 12:22:54 | 000,000,000 | ---D | M]
 
[2012.12.02 23:11:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\mozilla\Extensions
[2012.12.02 23:11:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ControlCenterCount] C:\Program Files (x86)\MSI\ControlCenter\ControlCenterCount.exe (MSI CO.,LTD.)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1425481659-3590505946-3856770885-1000..\Run: [Tookafiq] C:\Users\Robert\AppData\Roaming\Etut\uzcy.exe ()
O4 - HKU\S-1-5-21-1425481659-3590505946-3856770885-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1425481659-3590505946-3856770885-1001..\RunOnce: [InetReg] C:\Program Files (x86)\Creative\Produktregistrierung\German\InetReg.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1425481659-3590505946-3856770885-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8C0435D-CF47-4C67-ABBF-575A36337981}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.08.06 13:50:50 | 000,218,376 | R--- | M] () - E:\AutoStarter.exe -- [ CDFS ]
O32 - AutoRun File - [2009.07.20 14:07:04 | 000,003,496 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009.08.17 11:14:02 | 000,000,000 | ---D | M] - E:\autostarter -- [ CDFS ]
O33 - MountPoints2\{558be947-0a20-11e2-b343-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{558be947-0a20-11e2-b343-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoStarter.exe -- [2009.08.06 13:50:50 | 000,218,376 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.05 12:27:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe
[2013.03.05 09:55:43 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Malwarebytes
[2013.03.05 09:55:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.05 09:55:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.05 09:55:31 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.05 09:55:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.05 09:49:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.03.05 09:11:32 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Risen
[2013.03.05 08:58:59 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Toukk
[2013.03.05 08:58:59 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Isudm
[2013.03.05 08:58:59 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Etut
[2013.03.04 23:42:23 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.04 23:42:22 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.04 23:42:22 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.03.04 23:42:22 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.03 20:07:05 | 026,947,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.03.03 20:07:05 | 025,256,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.03.03 20:07:05 | 020,534,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.03.03 20:07:05 | 017,987,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013.03.03 20:07:05 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.03.03 20:07:05 | 015,038,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013.03.03 20:07:05 | 012,862,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013.03.03 20:07:05 | 009,422,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.03.03 20:07:05 | 007,964,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.03.03 20:07:05 | 007,569,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.03.03 20:07:05 | 006,267,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.03.03 20:07:05 | 002,911,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.03.03 20:07:05 | 002,726,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.03.03 20:07:05 | 002,528,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013.03.03 20:07:05 | 002,350,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.03.03 20:07:05 | 001,990,944 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.03.03 20:07:05 | 001,807,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6420294.dll
[2013.03.03 20:07:05 | 001,510,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6420162.dll
[2013.03.03 20:07:05 | 000,963,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013.03.03 20:07:05 | 000,420,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2013.03.03 20:07:05 | 000,364,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2013.03.03 20:07:05 | 000,250,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013.03.03 20:07:05 | 000,205,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013.03.03 20:07:05 | 000,194,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2013.03.03 20:07:05 | 000,031,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2013.03.03 18:34:34 | 000,000,000 | ---D | C] -- C:\Users\Robert\Valley
[2013.03.03 18:20:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine
[2013.03.03 18:19:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unigine
[2013.03.03 17:47:27 | 000,645,952 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStorA.sys
[2013.03.03 17:47:27 | 000,027,456 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStorF.sys
[2013.03.03 16:24:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center
[2013.03.03 16:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2013.03.03 16:08:34 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.03.03 16:08:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.03.03 16:08:34 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.03 16:08:34 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.03 16:08:33 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.03 16:08:33 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.03 16:08:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.03 16:08:33 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.03 16:08:33 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.03 16:08:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.03 16:08:33 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.03 16:08:33 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.03 16:08:32 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.03.03 16:08:32 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.03 16:08:32 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.03 12:10:06 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.03.03 12:10:06 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.03.03 12:10:06 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.03.03 12:10:02 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.03.03 12:10:02 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.03.03 12:10:02 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.03.03 12:10:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.03.03 12:10:02 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.03.03 12:10:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.03.03 12:09:59 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.07 11:42:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\directx
[2013.02.06 23:45:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.02.06 23:31:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.02.06 23:31:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013.02.06 14:31:57 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Futuremark
[2013.02.06 14:31:56 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\3DMark
[2013.02.05 12:22:54 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\Freemake
[2013.02.05 12:22:54 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[2013.02.05 12:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2013.02.05 12:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2013.02.05 12:22:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake
[2013.02.05 12:21:34 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Programs
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.05 12:27:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe
[2013.03.05 09:55:35 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.05 09:50:35 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.05 09:50:35 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.05 09:47:42 | 001,501,928 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.05 09:47:42 | 000,654,966 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.05 09:47:42 | 000,616,848 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.05 09:47:42 | 000,130,336 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.05 09:47:42 | 000,106,726 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.05 09:43:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.05 09:43:11 | 000,061,616 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000001-00001102-00000005-00231102}.rfx
[2013.03.05 09:43:11 | 000,061,616 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000001-00001102-00000005-00231102}.rfx
[2013.03.05 09:43:11 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000001-00001102-00000005-00231102}.rfx
[2013.03.05 09:42:50 | 000,001,358 | ---- | M] () -- C:\Users\Robert\Desktop\Ini.lnk
[2013.03.05 09:19:33 | 000,001,102 | ---- | M] () -- C:\Users\Robert\Desktop\Risen.lnk
[2013.03.05 08:43:30 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2013.03.05 08:43:30 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2013.03.04 23:42:20 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.04 23:42:19 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.03.04 23:42:19 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.03.04 23:42:19 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.04 23:42:19 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.04 23:42:19 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.03.03 18:56:51 | 001,065,984 | ---- | M] () -- C:\Users\Robert\AppData\Local\file__0.localstorage
[2013.03.03 18:20:18 | 000,002,121 | ---- | M] () -- C:\Users\Public\Desktop\Valley Benchmark 1.0.lnk
[2013.03.03 16:15:49 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.03 16:15:48 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.03 16:14:35 | 000,343,576 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.03 16:09:20 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.02.10 04:25:27 | 026,947,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.02.10 04:25:27 | 025,256,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.02.10 04:25:27 | 020,534,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.02.10 04:25:27 | 017,987,192 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013.02.10 04:25:27 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.02.10 04:25:27 | 015,275,744 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013.02.10 04:25:27 | 015,038,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013.02.10 04:25:27 | 012,862,400 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013.02.10 04:25:27 | 009,422,672 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.02.10 04:25:27 | 007,964,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.02.10 04:25:27 | 007,569,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.02.10 04:25:27 | 006,267,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.02.10 04:25:27 | 002,911,008 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.02.10 04:25:27 | 002,854,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2013.02.10 04:25:27 | 002,726,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.02.10 04:25:27 | 002,528,840 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013.02.10 04:25:27 | 002,350,368 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.02.10 04:25:27 | 001,990,944 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.02.10 04:25:27 | 001,807,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6420294.dll
[2013.02.10 04:25:27 | 001,510,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6420162.dll
[2013.02.10 04:25:27 | 001,114,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2013.02.10 04:25:27 | 000,963,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013.02.10 04:25:27 | 000,420,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2013.02.10 04:25:27 | 000,364,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2013.02.10 04:25:27 | 000,250,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013.02.10 04:25:27 | 000,205,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013.02.10 04:25:27 | 000,017,738 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013.02.10 02:04:31 | 006,393,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2013.02.10 02:04:31 | 003,472,672 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2013.02.10 02:04:29 | 002,555,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2013.02.10 02:04:29 | 000,237,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2013.02.10 02:04:29 | 000,063,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2013.02.09 14:25:36 | 003,035,306 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2013.02.07 11:45:05 | 000,000,000 | ---- | M] () -- C:\Windows\QTW.ini
[2013.02.06 23:31:43 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013.02.06 13:49:29 | 000,001,777 | ---- | M] () -- C:\Users\Public\Desktop\3DMark.lnk
[2013.02.05 12:22:54 | 000,001,328 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2013.02.03 23:51:03 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.05 09:55:35 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.05 09:42:50 | 000,001,358 | ---- | C] () -- C:\Users\Robert\Desktop\Ini.lnk
[2013.03.05 09:19:33 | 000,001,102 | ---- | C] () -- C:\Users\Robert\Desktop\Risen.lnk
[2013.03.03 18:34:07 | 001,065,984 | ---- | C] () -- C:\Users\Robert\AppData\Local\file__0.localstorage
[2013.03.03 18:20:18 | 000,002,121 | ---- | C] () -- C:\Users\Public\Desktop\Valley Benchmark 1.0.lnk
[2013.02.07 11:45:05 | 000,000,000 | ---- | C] () -- C:\Windows\QTW.ini
[2013.02.06 23:31:43 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013.02.06 13:49:29 | 000,001,777 | ---- | C] () -- C:\Users\Public\Desktop\3DMark.lnk
[2013.02.05 12:22:54 | 000,001,328 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2013.02.03 23:51:03 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.01.17 12:10:44 | 000,000,218 | ---- | C] () -- C:\Users\Robert\AppData\Local\recently-used.xbel
[2013.01.16 10:04:01 | 000,005,632 | ---- | C] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.06 21:49:24 | 000,040,960 | R--- | C] () -- C:\Windows\SysWow64\psfind.dll
[2012.10.01 17:15:18 | 000,000,101 | ---- | C] () -- C:\Windows\Lexstat.ini
[2012.10.01 17:14:38 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkserv.dll
[2012.10.01 17:14:38 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkusb1.dll
[2012.10.01 17:14:38 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkhbn3.dll
[2012.10.01 17:14:38 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomc.dll
[2012.10.01 17:14:38 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpmui.dll
[2012.10.01 17:14:38 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbklmpm.dll
[2012.10.01 17:14:38 | 000,537,256 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcoms.exe
[2012.10.01 17:14:38 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomm.dll
[2012.10.01 17:14:38 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxbkutil.dll
[2012.10.01 17:14:38 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkinpa.dll
[2012.10.01 17:14:38 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkiesc.dll
[2012.10.01 17:14:38 | 000,385,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkih.exe
[2012.10.01 17:14:38 | 000,381,608 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcfg.exe
[2012.10.01 17:14:38 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBKinst.dll
[2012.10.01 17:14:38 | 000,180,904 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkppls.exe
[2012.10.01 17:14:38 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkprox.dll
[2012.10.01 17:14:38 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpplc.dll
[2012.09.29 13:22:40 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012.09.29 13:22:40 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012.09.29 13:22:36 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2012.09.29 11:30:49 | 001,472,002 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.20 12:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:364682BC

< End of report >

Extras.txt:

Code:

ATTFilter

OTL Extras logfile created on: 05.03.2013 12:44:19 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Robert\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 6,28 Gb Available Physical Memory | 78,92% Memory free
15,90 Gb Paging File | 14,19 Gb Available in Paging File | 89,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238,37 Gb Total Space | 125,27 Gb Free Space | 52,55% Space Free | Partition Type: NTFS
Drive D: | 1863,01 Gb Total Space | 1738,52 Gb Free Space | 93,32% Space Free | Partition Type: NTFS
Drive E: | 3,19 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ZOCKMASCHINE | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07D0FCBD-2E07-4353-8F99-7F124B6BB83D}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | 
"{41251877-5B18-4DDD-AE7C-108470F19B19}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | 
"{6E3C3C65-2183-4639-83DA-8E819B370A34}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{C2681C05-39D3-49DE-A5C3-6CA558FDD505}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | 
"{DFF474AE-6392-4715-B4D1-451087CF9819}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C18E87-40A2-4F89-8340-15F0FFD82F4A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe | 
"{02258109-2226-494D-B510-2E49CFCE0ABE}" = protocol=17 | dir=in | app=c:\spiele\diablo iii\diablo iii.exe | 
"{065D5930-4DC9-40DB-92B4-572D8C764F01}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{106E4824-7775-4327-9C28-D9158E62A0EB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{126567A1-B31E-49AC-8075-14679485F9AC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\indiana jones and the fate of atlantis\indiana jones and the fate of atlantis.exe | 
"{149963FC-26CE-4AD9-A3EE-D29BFE826E80}" = protocol=6 | dir=in | app=c:\windows\system32\lxbkcoms.exe | 
"{179A8C24-507C-4B33-9951-832B687EC029}" = protocol=17 | dir=in | app=c:\windows\system32\lxbkcoms.exe | 
"{20AD5364-34D3-4927-9C84-E07178F5B221}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\real myst\realmyst.exe | 
"{22EF848E-09C9-4CC4-B00A-6562B37561FD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{276EB9EF-A242-4B1E-866F-D3AA024E0B4C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{2DD2BC54-841F-43F2-961A-17955E3838D8}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe | 
"{3947582D-48FF-40CE-B542-C6DE03DE5A84}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\real myst\realmyst.exe | 
"{3BC56242-4F89-48B9-8803-FF61BA885BFF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\real myst\realmystsetup.exe | 
"{3E49FD10-9128-42A4-A5B6-52D07BE41620}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{4079516F-107E-4CD1-9102-C73745B5ED80}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{4E7E5BE8-C338-44ED-B383-9704543C0D8B}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe | 
"{505EE4A1-B60A-4EBF-ACE5-87B14DC6AA55}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\indiana jones and the fate of atlantis\indiana jones and the fate of atlantis.exe | 
"{50FD4C26-B872-4720-8501-7F19DB7DD551}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | 
"{5235D368-0F93-47A7-B9BC-EC0361B4A69D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\real myst\realmystsetup.exe | 
"{5A2C2E64-EDF6-4252-90E4-8E2F452C2072}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{5E358783-9C93-44B8-9B88-457D9E03E68E}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbkpswx.exe | 
"{5F09B92C-3628-4FDE-BA53-49C261A59018}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{6284CB33-B2DA-453F-9C72-FE972F66B822}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe | 
"{6F2C0507-A058-4F4D-92CE-D267EFB0A6AF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\riven\riven.exe | 
"{803E60D5-8440-4D3F-B201-5ECF34CB3585}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{816B75F2-2CFA-42E1-BB4B-EAAE6FD9E69C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{81833F6B-E02D-4A35-B1D0-992D08B5D170}" = protocol=6 | dir=in | app=c:\spiele\diablo iii\diablo iii.exe | 
"{8CE1108A-B60B-4105-ADBB-4B255CC946DE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\riven\riven.exe | 
"{8D15B8B0-AEBB-4167-ABDC-0647E5F65921}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{91E39AE0-9EC1-456E-95F0-474CFF518EC6}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | 
"{9389FED5-A2C3-4F3F-956C-64A31BF342BA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe | 
"{96F3C620-237B-403E-8D1A-0632CB615607}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{9D663C13-FD08-46B3-AD03-15705B5D6E60}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{A071B3CD-EBE4-4F31-9127-2FE002F10F9C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{ABC237F8-0183-4EF0-8782-6281FA7ED939}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe | 
"{ABE8282C-989C-46A5-9C1C-163FA8E28B25}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\myst masterpiece\myst.exe | 
"{B6D72131-ECBE-4ADA-BBD0-3E7904F4E443}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe | 
"{B78CFD01-B02D-44FE-8805-6C31AC5B2E31}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe | 
"{C1F303EC-9E83-4ADF-A5CA-9CB50CD50ACB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fablelauncher.exe | 
"{C2785F00-EFAE-4EED-AD86-3AB3947BC987}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbkpswx.exe | 
"{D5371201-D607-4F0E-B00A-D1BC9BEBD93E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{D5BDF1E7-6BE2-4D8D-ABB7-5989B843206B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{D6536BE1-922A-427D-99BC-372F5F031F73}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\myst masterpiece\myst.exe | 
"{E0FC890B-F202-41FA-992F-467AB8B531B0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{ECA6D257-8496-4AF4-ACFA-FE923759EEE3}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{F26BF187-5BB9-40CD-93D2-FC73C75D4B88}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fablelauncher.exe | 
"TCP Query User{009CC8AF-A15C-47F8-BC1C-DC7B479A9CDB}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe | 
"TCP Query User{375ECAF5-027C-4C0F-AC54-4345A3AE3D03}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{5304BDE0-18B8-46D6-B2EC-EAB1A5F9FE27}C:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe | 
"TCP Query User{61A75C54-F62D-4247-8021-B18C2BEAA6A0}C:\spiele\siedler 3\s3.exe" = protocol=6 | dir=in | app=c:\spiele\siedler 3\s3.exe | 
"TCP Query User{70C56423-5756-4DD5-8AC8-1086A60CAA30}C:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe | 
"TCP Query User{8B885CB8-4B0A-4F4B-88D8-E0F56CB2C350}C:\spiele\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\spiele\age of empires ii\empires2.icd | 
"TCP Query User{AB7F5763-3830-4874-AE11-FBE866909755}C:\program files (x86)\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ws_ftp\ws_ftp95.exe | 
"UDP Query User{545936B1-10BB-43F3-8953-BE5281FCE06E}C:\spiele\siedler 3\s3.exe" = protocol=17 | dir=in | app=c:\spiele\siedler 3\s3.exe | 
"UDP Query User{7B872675-A24B-4950-B5A3-62C8CBFF6C75}C:\spiele\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\spiele\age of empires ii\empires2.icd | 
"UDP Query User{99D682CC-7A46-46DD-84AB-507A4C8A6586}C:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe | 
"UDP Query User{9F3021A4-2583-4FFA-A055-ABE3153D57F8}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{AC0DB27F-2AEE-471E-8CC5-DA271C2440C3}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe | 
"UDP Query User{D5CEED9B-1381-4616-B233-0F3696415F2C}C:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe | 
"UDP Query User{ED7C7011-3365-4C31-A0BF-620B60445C41}C:\program files (x86)\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ws_ftp\ws_ftp95.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{24F93B56-61F5-415F-85B9-AA444DA34AFC}" = Microsoft-Maus- und Tastatur-Center
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7AB8C73F-03FE-48AE-990C-CCB8D6C4FAB8}" = Intel® Trusted Connect Service Client
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}" = NetSpeedMonitor 2.5.4.0 x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Lexmark X1100 Series" = Lexmark X1100 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"Microsoft Security Client" = Microsoft Security Essentials
"Recuva" = Recuva
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F04067F-0DA5-4F48-9A89-6FCFD2A9E040}" = TextPad 6
"{40FE74B5-71A1-4393-A0AB-21D6E1DA5A66}" = Gothic 2 Gold
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{4538055F-EBC6-4E67-9365-F55B1DEFE9DE}" = Gothic 3 - Götterdämmerung
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3E6E1C-CF5A-4CE9-B8D6-A2F9B7BA18FC}" = BlackBerry Desktop Software 7.1
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF14F0CD-5307-4134-BDFA-15974473C1EE}_is1" = ControlCenter
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{BBF10B37-4ED3-11D5-A818-00500435FC18}" = Gothic
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CFDF0961-77C7-4392-96EE-624DFE81C3C2}" = Watchtower Library 2012 - Deutsch
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1A6C690-C12C-4E7A-B4BD-958678215418}" = 3DMark
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio-Systemsteuerung
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
"Console Launcher" = Creative Konsole Starter
"Core Damage 0.8h" = Core Damage 0.8h
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Drakensang_Phileasson_is1" = Drakensang - Phileassons Geheimnis
"Drakensang_TRoT_is1" = Drakensang - Am Fluss der Zeit
"ESET Online Scanner" = ESET Online Scanner v3
"Fraps" = Fraps (remove only)
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.2.1
"Gothic II Breitbild-Patch" = Gothic II Breitbild-Patch
"IrfanView" = IrfanView (remove only)
"KeePass Password Safe_is1" = KeePass Password Safe 1.24
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Myst Masterpiece Edition" = Myst Masterpiece Edition
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"OpenAL" = OpenAL
"S3" = Die Siedler III Gold Edition
"Steam App 105400" = Fable III
"Steam App 207170" = Legend of Grimrock
"Steam App 22690" = Worms Reloaded Demo
"Steam App 40390" = Risen 2 - Dark Waters
"Steam App 6010" = Indiana Jones and the Fate of Atlantis
"Steam App 63600" = realMyst
"Steam App 63610" = Riven
"Steam App 63660" = Myst: Masterpiece Edition
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 9900" = Star Trek Online
"SysInfo" = Creative-Systeminformationen
"TeamViewer 8" = TeamViewer 8
"Unigine Valley Benchmark_is1" = Unigine Valley Benchmark version 1.0
"VLC media player" = VLC media player 2.0.3
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.01.2013 09:54:29 | Computer Name = Zockmaschine | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.01.2013 10:03:18 | Computer Name = Zockmaschine | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.01.2013 15:36:04 | Computer Name = Zockmaschine | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.01.2013 08:09:27 | Computer Name = Zockmaschine | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.01.2013 08:34:56 | Computer Name = Zockmaschine | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.01.2013 17:18:23 | Computer Name = Zockmaschine | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.01.2013 11:07:05 | Computer Name = Zockmaschine | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.01.2013 12:57:04 | Computer Name = Zockmaschine | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.01.2013 12:57:16 | Computer Name = Zockmaschine | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ConsoLCu.exe, Version: 2.61.0.0, 
Zeitstempel: 0x490eac5e  Name des fehlerhaften Moduls: dbacs.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x419aee55  Ausnahmecode: 0xc0000005  Fehleroffset: 0x024a8d1c
ID
 des fehlerhaften Prozesses: 0xf2c  Startzeit der fehlerhaften Anwendung: 0x01cdfb1d035e427f
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Creative\Console Launcher\ConsoLCu.exe
Pfad
 des fehlerhaften Moduls: dbacs.dll  Berichtskennung: 454d039d-6710-11e2-b82c-d43d7e051a53
 
Error - 25.01.2013 14:24:17 | Computer Name = Zockmaschine | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 01.02.2013 16:01:36 | Computer Name = Zockmaschine | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
Error - 01.02.2013 16:01:37 | Computer Name = Zockmaschine | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
Error - 02.02.2013 03:09:08 | Computer Name = Zockmaschine | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
Error - 02.02.2013 03:09:08 | Computer Name = Zockmaschine | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
Error - 02.02.2013 09:52:30 | Computer Name = Zockmaschine | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
Error - 02.02.2013 09:52:31 | Computer Name = Zockmaschine | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
Error - 03.02.2013 06:26:00 | Computer Name = Zockmaschine | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
Error - 03.02.2013 06:26:00 | Computer Name = Zockmaschine | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
Error - 03.02.2013 17:30:42 | Computer Name = Zockmaschine | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
Error - 03.02.2013 17:30:42 | Computer Name = Zockmaschine | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
 
< End of report >

cosinus · 05.03.2013, 13:04

Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus.

Anleitung MBAR:

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

RobinSword · 05.03.2013, 13:19

Hier schon mal das GMER-Log:

Code:

ATTFilter

GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-05 13:18:41
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\00000073 ATA_____ rev.1___ 238,47GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Robert\AppData\Local\Temp\awloqpog.sys


---- User code sections - GMER 2.1 ----

.text   C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[1712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                        0000000076c01465 2 bytes [C0, 76]
.text   C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[1712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                       0000000076c014bb 2 bytes [C0, 76]
.text   ...                                                                                                                                                                        * 2
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess           00000000777c08fc 4 bytes [68, A0, CF, 41]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5       00000000777c0901 1 byte [C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W          00000000777d25fd 6 bytes [68, BD, 57, 42, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                    00000000777dc45a 6 bytes [68, CB, D0, 41, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A          00000000777e2a63 6 bytes [68, 03, 58, 42, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W          0000000077804128 6 bytes [68, 49, 58, 42, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A          000000007780e659 6 bytes [68, 8F, 58, 42, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW       00000000767d455c 6 bytes [68, 34, D3, 41, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\kernel32.dll!ExitProcess                00000000767d79f8 6 bytes [68, F3, D2, 41, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\USER32.dll!GetDC                        00000000761c72c4 4 bytes [68, 92, 18, 41]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\USER32.dll!GetDC + 5                    00000000761c72c9 1 byte [C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\USER32.dll!ReleaseDC                    00000000761c7446 6 bytes [68, 10, 19, 41, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\USER32.dll!TranslateMessage             00000000761c7809 6 bytes [68, A5, 5D, 42, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\USER32.dll!GetMessageW                  00000000761c78e2 6 bytes [68, 22, DE, 41, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\USER32.dll!GetMessageA                  00000000761c7bd3 6 bytes [68, 4A, DE, 41, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\USER32.dll!GetWindowDC                  00000000761c8048 4 bytes [68, D1, 18, 41]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5              00000000761c804d 1 byte [C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\USER32.dll!RegisterClassW               00000000761c8a65 6 bytes [68, C1, 5A, 42, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\USER32.dll!RegisterClassExW             00000000761cb17d 6 bytes [68, 5B, 5B, 42, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\USER32.dll!RegisterClassExA             00000000761cdb98 6 bytes [68, AD, 5B, 42, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\USER32.dll!PeekMessageW                 00000000761d05ba 6 bytes [68, 72, DE, 41, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\USER32.dll!CallWindowProcW              00000000761d0d32 6 bytes [68, F3, 59, 42, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\USER32.dll!GetCursorPos                 00000000761d1218 6 bytes [68, 55, DC, 41, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\USER32.dll!EndPaint                     00000000761d1341 4 bytes [68, F7, 17, 41]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\USER32.dll!EndPaint + 5                 00000000761d1346 1 byte [C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\USER32.dll!BeginPaint                   00000000761d1361 4 bytes [68, 87, 17, 41]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\USER32.dll!BeginPaint + 5               00000000761d1366 1 byte [C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\USER32.dll!GetMessagePos                00000000761d2a8d 6 bytes [68, 23, DC, 41, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\USER32.dll!GetCapture                   00000000761d2aac 6 bytes [68, 83, DD, 41, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\USER32.dll!GetDCEx                      00000000761d3391 4 bytes [68, 37, 18, 41]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\USER32.dll!GetDCEx + 5                  00000000761d3396 1 byte [C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\USER32.dll!RegisterClassA               00000000761d434b 6 bytes [68, 0E, 5B, 42, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\USER32.dll!PeekMessageA                 00000000761d5f74 6 bytes [68, 9D, DE, 41, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\USER32.dll!GetUpdateRgn                 00000000761d6222 6 bytes [68, E3, 19, 41, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\USER32.dll!CallWindowProcA              00000000761d792f 6 bytes [68, 3C, 5A, 42, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\USER32.dll!DefFrameProcA                00000000761d7fbb 6 bytes [68, 1E, 59, 42, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA             00000000761d810c 6 bytes [68, AD, 59, 42, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\USER32.dll!DefFrameProcW                00000000761d85c1 6 bytes [68, D5, 58, 42, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW             00000000761d86b4 6 bytes [68, 67, 59, 42, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\USER32.dll!GetUpdateRect                00000000761ed41f 6 bytes [68, 50, 19, 41, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\USER32.dll!ReleaseCapture               00000000761eed49 6 bytes [68, 33, DD, 41, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\USER32.dll!SetCapture                   00000000761eed56 4 bytes [68, D9, DC, 41]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\USER32.dll!SetCapture + 5               00000000761eed5b 1 byte [C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\USER32.dll!SwitchDesktop                0000000076209854 6 bytes [68, 9F, 57, 42, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\USER32.dll!SetCursorPos                 0000000076209cfd 6 bytes [68, 9C, DC, 41, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\USER32.dll!GetClipboardData             0000000076209f1d 6 bytes [68, 54, 5F, 42, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\USER32.dll!OpenInputDesktop             00000000762287cb 4 bytes [68, 4F, 57, 42]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5         00000000762287d0 1 byte [C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW       0000000076b5c592 6 bytes [68, B1, D3, 41, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA       0000000076b92538 6 bytes [68, 9A, D3, 41, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore          0000000074f71224 6 bytes [68, 89, 7E, 41, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\WS2_32.dll!closesocket                  00000000765b3918 6 bytes [68, 27, E3, 41, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\WS2_32.dll!getaddrinfo                  00000000765b4296 6 bytes [68, 38, DF, 41, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\WS2_32.dll!WSASend                      00000000765b4406 6 bytes [68, 80, E3, 41, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\WS2_32.dll!send                         00000000765b6f01 6 bytes [68, 5F, E3, 41, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\WS2_32.dll!gethostbyname                00000000765c7673 6 bytes [68, C8, DE, 41, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\WININET.dll!InternetCloseHandle         0000000076c1c664 6 bytes [68, DC, 08, 42, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA              0000000076c1e13a 6 bytes [68, 7C, 0A, 42, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\WININET.dll!InternetReadFile            0000000076c1f8d8 6 bytes [68, 49, 09, 42, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable  0000000076c23184 6 bytes [68, 50, 0A, 42, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA            0000000076c45761 6 bytes [68, 1E, 06, 42, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW            0000000076c45fef 6 bytes [68, DA, 05, 42, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\WININET.dll!HttpSendRequestW            0000000076c4632d 6 bytes [68, 62, 06, 42, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\WININET.dll!InternetReadFileExA         0000000076c4fa49 6 bytes [68, 77, 09, 42, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW          0000000076c5f564 6 bytes [68, 0C, 07, 42, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\WININET.dll!HttpEndRequestA             0000000076c5f639 6 bytes [68, 46, 08, 42, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer      0000000076c74f2f 6 bytes [68, F6, 09, 42, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\WININET.dll!HttpSendRequestA            0000000076c7525a 6 bytes [68, B7, 06, 42, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA          0000000076cbece5 6 bytes [68, A9, 07, 42, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2396] C:\Windows\syswow64\WININET.dll!HttpEndRequestW             0000000076cbedb7 6 bytes [68, 91, 08, 42, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess                                                                                   00000000777c08fc 4 bytes [68, A0, CF, EE]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5                                                                               00000000777c0901 1 byte [C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W                                                                                  00000000777d25fd 6 bytes [68, BD, 57, EF, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                                            00000000777dc45a 6 bytes [68, CB, D0, EE, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A                                                                                  00000000777e2a63 6 bytes [68, 03, 58, EF, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W                                                                                  0000000077804128 6 bytes [68, 49, 58, EF, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A                                                                                  000000007780e659 6 bytes [68, 8F, 58, EF, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW                                                                               00000000767d455c 6 bytes [68, 34, D3, EE, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\kernel32.dll!ExitProcess                                                                                        00000000767d79f8 6 bytes [68, F3, D2, EE, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW                                                                               0000000076b5c592 6 bytes [68, B1, D3, EE, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                                                               0000000076b92538 6 bytes [68, 9A, D3, EE, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\USER32.dll!GetDC                                                                                                00000000761c72c4 4 bytes [68, 92, 18, EE]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\USER32.dll!GetDC + 5                                                                                            00000000761c72c9 1 byte [C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\USER32.dll!ReleaseDC                                                                                            00000000761c7446 6 bytes [68, 10, 19, EE, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\USER32.dll!TranslateMessage                                                                                     00000000761c7809 6 bytes [68, A5, 5D, EF, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\USER32.dll!GetMessageW                                                                                          00000000761c78e2 6 bytes [68, 22, DE, EE, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\USER32.dll!GetMessageA                                                                                          00000000761c7bd3 6 bytes [68, 4A, DE, EE, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\USER32.dll!GetWindowDC                                                                                          00000000761c8048 4 bytes [68, D1, 18, EE]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5                                                                                      00000000761c804d 1 byte [C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\USER32.dll!RegisterClassW                                                                                       00000000761c8a65 6 bytes [68, C1, 5A, EF, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\USER32.dll!RegisterClassExW                                                                                     00000000761cb17d 6 bytes [68, 5B, 5B, EF, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\USER32.dll!RegisterClassExA                                                                                     00000000761cdb98 6 bytes [68, AD, 5B, EF, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\USER32.dll!PeekMessageW                                                                                         00000000761d05ba 6 bytes [68, 72, DE, EE, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\USER32.dll!CallWindowProcW                                                                                      00000000761d0d32 6 bytes [68, F3, 59, EF, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\USER32.dll!GetCursorPos                                                                                         00000000761d1218 6 bytes [68, 55, DC, EE, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\USER32.dll!EndPaint                                                                                             00000000761d1341 4 bytes [68, F7, 17, EE]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\USER32.dll!EndPaint + 5                                                                                         00000000761d1346 1 byte [C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\USER32.dll!BeginPaint                                                                                           00000000761d1361 4 bytes [68, 87, 17, EE]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\USER32.dll!BeginPaint + 5                                                                                       00000000761d1366 1 byte [C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\USER32.dll!GetMessagePos                                                                                        00000000761d2a8d 6 bytes [68, 23, DC, EE, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\USER32.dll!GetCapture                                                                                           00000000761d2aac 6 bytes [68, 83, DD, EE, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\USER32.dll!GetDCEx                                                                                              00000000761d3391 4 bytes [68, 37, 18, EE]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\USER32.dll!GetDCEx + 5                                                                                          00000000761d3396 1 byte [C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\USER32.dll!RegisterClassA                                                                                       00000000761d434b 6 bytes [68, 0E, 5B, EF, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\USER32.dll!PeekMessageA                                                                                         00000000761d5f74 6 bytes [68, 9D, DE, EE, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\USER32.dll!GetUpdateRgn                                                                                         00000000761d6222 6 bytes [68, E3, 19, EE, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\USER32.dll!CallWindowProcA                                                                                      00000000761d792f 6 bytes [68, 3C, 5A, EF, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\USER32.dll!DefFrameProcA                                                                                        00000000761d7fbb 6 bytes [68, 1E, 59, EF, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA                                                                                     00000000761d810c 6 bytes [68, AD, 59, EF, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\USER32.dll!DefFrameProcW                                                                                        00000000761d85c1 6 bytes [68, D5, 58, EF, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW                                                                                     00000000761d86b4 6 bytes [68, 67, 59, EF, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\USER32.dll!GetUpdateRect                                                                                        00000000761ed41f 6 bytes [68, 50, 19, EE, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\USER32.dll!ReleaseCapture                                                                                       00000000761eed49 6 bytes [68, 33, DD, EE, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\USER32.dll!SetCapture                                                                                           00000000761eed56 4 bytes [68, D9, DC, EE]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\USER32.dll!SetCapture + 5                                                                                       00000000761eed5b 1 byte [C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\USER32.dll!SwitchDesktop                                                                                        0000000076209854 6 bytes [68, 9F, 57, EF, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\USER32.dll!SetCursorPos                                                                                         0000000076209cfd 6 bytes [68, 9C, DC, EE, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                                                     0000000076209f1d 6 bytes [68, 54, 5F, EF, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\USER32.dll!OpenInputDesktop                                                                                     00000000762287cb 4 bytes [68, 4F, 57, EF]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5                                                                                 00000000762287d0 1 byte [C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\WS2_32.dll!closesocket                                                                                          00000000765b3918 6 bytes [68, 27, E3, EE, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\WS2_32.dll!getaddrinfo                                                                                          00000000765b4296 6 bytes [68, 38, DF, EE, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\WS2_32.dll!WSASend                                                                                              00000000765b4406 6 bytes [68, 80, E3, EE, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\WS2_32.dll!send                                                                                                 00000000765b6f01 6 bytes [68, 5F, E3, EE, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                                                                        00000000765c7673 6 bytes [68, C8, DE, EE, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore                                                                                  0000000074f71224 6 bytes [68, 89, 7E, EE, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\WININET.dll!InternetCloseHandle                                                                                 0000000076c1c664 6 bytes [68, DC, 08, EF, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA                                                                                      0000000076c1e13a 6 bytes [68, 7C, 0A, EF, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\WININET.dll!InternetReadFile                                                                                    0000000076c1f8d8 6 bytes [68, 49, 09, EF, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable                                                                          0000000076c23184 6 bytes [68, 50, 0A, EF, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA                                                                                    0000000076c45761 6 bytes [68, 1E, 06, EF, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW                                                                                    0000000076c45fef 6 bytes [68, DA, 05, EF, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\WININET.dll!HttpSendRequestW                                                                                    0000000076c4632d 6 bytes [68, 62, 06, EF, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\WININET.dll!InternetReadFileExA                                                                                 0000000076c4fa49 6 bytes [68, 77, 09, EF, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW                                                                                  0000000076c5f564 6 bytes [68, 0C, 07, EF, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\WININET.dll!HttpEndRequestA                                                                                     0000000076c5f639 6 bytes [68, 46, 08, EF, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer                                                                              0000000076c74f2f 6 bytes [68, F6, 09, EF, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\WININET.dll!HttpSendRequestA                                                                                    0000000076c7525a 6 bytes [68, B7, 06, EF, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA                                                                                  0000000076cbece5 6 bytes [68, A9, 07, EF, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\syswow64\WININET.dll!HttpEndRequestW                                                                                     0000000076cbedb7 6 bytes [68, 91, 08, EF, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\SysWOW64\WINMM.dll!PlaySoundW                                                                                            0000000074bd2ef2 6 bytes [68, EF, D3, EE, 00, C3]
.text   C:\Windows\SysWOW64\Ctxfihlp.exe[2420] C:\Windows\SysWOW64\WINMM.dll!PlaySound                                                                                             0000000074bf441d 6 bytes [68, C8, D3, EE, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                       0000000076c01465 2 bytes [C0, 76]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                      0000000076c014bb 2 bytes [C0, 76]
.text   ...                                                                                                                                                                        * 2
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess                            00000000777c08fc 4 bytes [68, A0, CF, 2B]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5                        00000000777c0901 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W                           00000000777d25fd 6 bytes [68, BD, 57, 2C, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                     00000000777dc45a 6 bytes [68, CB, D0, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A                           00000000777e2a63 6 bytes [68, 03, 58, 2C, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W                           0000000077804128 6 bytes [68, 49, 58, 2C, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A                           000000007780e659 6 bytes [68, 8F, 58, 2C, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW                        00000000767d455c 6 bytes [68, 34, D3, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\kernel32.dll!ExitProcess                                 00000000767d79f8 6 bytes [68, F3, D2, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW                        0000000076b5c592 6 bytes [68, B1, D3, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                        0000000076b92538 6 bytes [68, 9A, D3, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\USER32.dll!GetDC                                         00000000761c72c4 4 bytes [68, 92, 18, 2B]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\USER32.dll!GetDC + 5                                     00000000761c72c9 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\USER32.dll!ReleaseDC                                     00000000761c7446 6 bytes [68, 10, 19, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\USER32.dll!TranslateMessage                              00000000761c7809 6 bytes [68, A5, 5D, 2C, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\USER32.dll!GetMessageW                                   00000000761c78e2 6 bytes [68, 22, DE, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\USER32.dll!GetMessageA                                   00000000761c7bd3 6 bytes [68, 4A, DE, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\USER32.dll!GetWindowDC                                   00000000761c8048 4 bytes [68, D1, 18, 2B]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5                               00000000761c804d 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\USER32.dll!RegisterClassW                                00000000761c8a65 6 bytes [68, C1, 5A, 2C, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\USER32.dll!RegisterClassExW                              00000000761cb17d 6 bytes [68, 5B, 5B, 2C, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\USER32.dll!RegisterClassExA                              00000000761cdb98 6 bytes [68, AD, 5B, 2C, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\USER32.dll!PeekMessageW                                  00000000761d05ba 6 bytes [68, 72, DE, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\USER32.dll!CallWindowProcW                               00000000761d0d32 6 bytes [68, F3, 59, 2C, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\USER32.dll!GetCursorPos                                  00000000761d1218 6 bytes [68, 55, DC, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\USER32.dll!EndPaint                                      00000000761d1341 4 bytes [68, F7, 17, 2B]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\USER32.dll!EndPaint + 5                                  00000000761d1346 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\USER32.dll!BeginPaint                                    00000000761d1361 4 bytes [68, 87, 17, 2B]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\USER32.dll!BeginPaint + 5                                00000000761d1366 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\USER32.dll!GetMessagePos                                 00000000761d2a8d 6 bytes [68, 23, DC, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\USER32.dll!GetCapture                                    00000000761d2aac 6 bytes [68, 83, DD, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\USER32.dll!GetDCEx                                       00000000761d3391 4 bytes [68, 37, 18, 2B]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\USER32.dll!GetDCEx + 5                                   00000000761d3396 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\USER32.dll!RegisterClassA                                00000000761d434b 6 bytes [68, 0E, 5B, 2C, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\USER32.dll!PeekMessageA                                  00000000761d5f74 6 bytes [68, 9D, DE, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\USER32.dll!GetUpdateRgn                                  00000000761d6222 6 bytes [68, E3, 19, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\USER32.dll!CallWindowProcA                               00000000761d792f 6 bytes [68, 3C, 5A, 2C, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\USER32.dll!DefFrameProcA                                 00000000761d7fbb 6 bytes [68, 1E, 59, 2C, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA                              00000000761d810c 6 bytes [68, AD, 59, 2C, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\USER32.dll!DefFrameProcW                                 00000000761d85c1 6 bytes [68, D5, 58, 2C, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW                              00000000761d86b4 6 bytes [68, 67, 59, 2C, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\USER32.dll!GetUpdateRect                                 00000000761ed41f 6 bytes [68, 50, 19, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\USER32.dll!ReleaseCapture                                00000000761eed49 6 bytes [68, 33, DD, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\USER32.dll!SetCapture                                    00000000761eed56 4 bytes [68, D9, DC, 2B]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\USER32.dll!SetCapture + 5                                00000000761eed5b 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\USER32.dll!SwitchDesktop                                 0000000076209854 6 bytes [68, 9F, 57, 2C, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\USER32.dll!SetCursorPos                                  0000000076209cfd 6 bytes [68, 9C, DC, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\USER32.dll!GetClipboardData                              0000000076209f1d 6 bytes [68, 54, 5F, 2C, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\USER32.dll!OpenInputDesktop                              00000000762287cb 4 bytes [68, 4F, 57, 2C]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5                          00000000762287d0 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore                           0000000074f71224 6 bytes [68, 89, 7E, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      0000000076c01465 2 bytes [C0, 76]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                     0000000076c014bb 2 bytes [C0, 76]
.text   ...                                                                                                                                                                        * 2
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\WS2_32.dll!closesocket                                   00000000765b3918 6 bytes [68, 27, E3, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\WS2_32.dll!getaddrinfo                                   00000000765b4296 6 bytes [68, 38, DF, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\WS2_32.dll!WSASend                                       00000000765b4406 6 bytes [68, 80, E3, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\WS2_32.dll!send                                          00000000765b6f01 6 bytes [68, 5F, E3, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                 00000000765c7673 6 bytes [68, C8, DE, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\WININET.dll!InternetCloseHandle                          0000000076c1c664 6 bytes [68, DC, 08, 2C, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA                               0000000076c1e13a 6 bytes [68, 7C, 0A, 2C, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\WININET.dll!InternetReadFile                             0000000076c1f8d8 6 bytes [68, 49, 09, 2C, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable                   0000000076c23184 6 bytes [68, 50, 0A, 2C, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA                             0000000076c45761 6 bytes [68, 1E, 06, 2C, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW                             0000000076c45fef 6 bytes [68, DA, 05, 2C, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\WININET.dll!HttpSendRequestW                             0000000076c4632d 6 bytes [68, 62, 06, 2C, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\WININET.dll!InternetReadFileExA                          0000000076c4fa49 6 bytes [68, 77, 09, 2C, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW                           0000000076c5f564 6 bytes [68, 0C, 07, 2C, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\WININET.dll!HttpEndRequestA                              0000000076c5f639 6 bytes [68, 46, 08, 2C, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer                       0000000076c74f2f 6 bytes [68, F6, 09, 2C, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\WININET.dll!HttpSendRequestA                             0000000076c7525a 6 bytes [68, B7, 06, 2C, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA                           0000000076cbece5 6 bytes [68, A9, 07, 2C, 00, C3]
.text   C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2648] C:\Windows\syswow64\WININET.dll!HttpEndRequestW                              0000000076cbedb7 6 bytes [68, 91, 08, 2C, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess                                                                     00000000777c08fc 4 bytes [68, A0, CF, 06]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5                                                                 00000000777c0901 1 byte [C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W                                                                    00000000777d25fd 6 bytes [68, BD, 57, 07, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                              00000000777dc45a 6 bytes [68, CB, D0, 06, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A                                                                    00000000777e2a63 6 bytes [68, 03, 58, 07, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W                                                                    0000000077804128 6 bytes [68, 49, 58, 07, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A                                                                    000000007780e659 6 bytes [68, 8F, 58, 07, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW                                                                 00000000767d455c 6 bytes [68, 34, D3, 06, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\kernel32.dll!ExitProcess                                                                          00000000767d79f8 6 bytes [68, F3, D2, 06, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW                                                                 0000000076b5c592 6 bytes [68, B1, D3, 06, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                                                 0000000076b92538 6 bytes [68, 9A, D3, 06, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\USER32.dll!GetDC                                                                                  00000000761c72c4 4 bytes [68, 92, 18, 06]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\USER32.dll!GetDC + 5                                                                              00000000761c72c9 1 byte [C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\USER32.dll!ReleaseDC                                                                              00000000761c7446 6 bytes [68, 10, 19, 06, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\USER32.dll!TranslateMessage                                                                       00000000761c7809 6 bytes [68, A5, 5D, 07, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\USER32.dll!GetMessageW                                                                            00000000761c78e2 6 bytes [68, 22, DE, 06, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\USER32.dll!GetMessageA                                                                            00000000761c7bd3 6 bytes [68, 4A, DE, 06, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\USER32.dll!GetWindowDC                                                                            00000000761c8048 4 bytes [68, D1, 18, 06]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5                                                                        00000000761c804d 1 byte [C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\USER32.dll!RegisterClassW                                                                         00000000761c8a65 6 bytes [68, C1, 5A, 07, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\USER32.dll!RegisterClassExW                                                                       00000000761cb17d 6 bytes [68, 5B, 5B, 07, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\USER32.dll!RegisterClassExA                                                                       00000000761cdb98 6 bytes [68, AD, 5B, 07, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\USER32.dll!PeekMessageW                                                                           00000000761d05ba 6 bytes [68, 72, DE, 06, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\USER32.dll!CallWindowProcW                                                                        00000000761d0d32 6 bytes [68, F3, 59, 07, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\USER32.dll!GetCursorPos                                                                           00000000761d1218 6 bytes [68, 55, DC, 06, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\USER32.dll!EndPaint                                                                               00000000761d1341 4 bytes [68, F7, 17, 06]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\USER32.dll!EndPaint + 5                                                                           00000000761d1346 1 byte [C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\USER32.dll!BeginPaint                                                                             00000000761d1361 4 bytes [68, 87, 17, 06]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\USER32.dll!BeginPaint + 5                                                                         00000000761d1366 1 byte [C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\USER32.dll!GetMessagePos                                                                          00000000761d2a8d 6 bytes [68, 23, DC, 06, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\USER32.dll!GetCapture                                                                             00000000761d2aac 6 bytes [68, 83, DD, 06, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\USER32.dll!GetDCEx                                                                                00000000761d3391 4 bytes [68, 37, 18, 06]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\USER32.dll!GetDCEx + 5                                                                            00000000761d3396 1 byte [C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\USER32.dll!RegisterClassA                                                                         00000000761d434b 6 bytes [68, 0E, 5B, 07, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\USER32.dll!PeekMessageA                                                                           00000000761d5f74 6 bytes [68, 9D, DE, 06, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\USER32.dll!GetUpdateRgn                                                                           00000000761d6222 6 bytes [68, E3, 19, 06, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\USER32.dll!CallWindowProcA                                                                        00000000761d792f 6 bytes [68, 3C, 5A, 07, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\USER32.dll!DefFrameProcA                                                                          00000000761d7fbb 6 bytes [68, 1E, 59, 07, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA                                                                       00000000761d810c 6 bytes [68, AD, 59, 07, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\USER32.dll!DefFrameProcW                                                                          00000000761d85c1 6 bytes [68, D5, 58, 07, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW                                                                       00000000761d86b4 6 bytes [68, 67, 59, 07, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\USER32.dll!GetUpdateRect                                                                          00000000761ed41f 6 bytes [68, 50, 19, 06, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\USER32.dll!ReleaseCapture                                                                         00000000761eed49 6 bytes [68, 33, DD, 06, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\USER32.dll!SetCapture                                                                             00000000761eed56 4 bytes [68, D9, DC, 06]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\USER32.dll!SetCapture + 5                                                                         00000000761eed5b 1 byte [C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\USER32.dll!SwitchDesktop                                                                          0000000076209854 6 bytes [68, 9F, 57, 07, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\USER32.dll!SetCursorPos                                                                           0000000076209cfd 6 bytes [68, 9C, DC, 06, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                                       0000000076209f1d 6 bytes [68, 54, 5F, 07, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\USER32.dll!OpenInputDesktop                                                                       00000000762287cb 4 bytes [68, 4F, 57, 07]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5                                                                   00000000762287d0 1 byte [C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\WS2_32.dll!closesocket                                                                            00000000765b3918 6 bytes [68, 27, E3, 06, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\WS2_32.dll!getaddrinfo                                                                            00000000765b4296 6 bytes [68, 38, DF, 06, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\WS2_32.dll!WSASend                                                                                00000000765b4406 6 bytes [68, 80, E3, 06, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\WS2_32.dll!send                                                                                   00000000765b6f01 6 bytes [68, 5F, E3, 06, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                                                          00000000765c7673 6 bytes [68, C8, DE, 06, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore                                                                    0000000074f71224 6 bytes [68, 89, 7E, 06, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\WININET.dll!InternetCloseHandle                                                                   0000000076c1c664 6 bytes [68, DC, 08, 07, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA                                                                        0000000076c1e13a 6 bytes [68, 7C, 0A, 07, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\WININET.dll!InternetReadFile                                                                      0000000076c1f8d8 6 bytes [68, 49, 09, 07, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable                                                            0000000076c23184 6 bytes [68, 50, 0A, 07, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA                                                                      0000000076c45761 6 bytes [68, 1E, 06, 07, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW                                                                      0000000076c45fef 6 bytes [68, DA, 05, 07, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\WININET.dll!HttpSendRequestW                                                                      0000000076c4632d 6 bytes [68, 62, 06, 07, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\WININET.dll!InternetReadFileExA                                                                   0000000076c4fa49 6 bytes [68, 77, 09, 07, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW                                                                    0000000076c5f564 6 bytes [68, 0C, 07, 07, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\WININET.dll!HttpEndRequestA                                                                       0000000076c5f639 6 bytes [68, 46, 08, 07, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer                                                                0000000076c74f2f 6 bytes [68, F6, 09, 07, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\WININET.dll!HttpSendRequestA                                                                      0000000076c7525a 6 bytes [68, B7, 06, 07, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA                                                                    0000000076cbece5 6 bytes [68, A9, 07, 07, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[2920] C:\Windows\syswow64\WININET.dll!HttpEndRequestW                                                                       0000000076cbedb7 6 bytes [68, 91, 08, 07, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess                                                   00000000777c08fc 4 bytes [68, A0, CF, 1A]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5                                               00000000777c0901 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W                                                  00000000777d25fd 6 bytes [68, BD, 57, 1B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                            00000000777dc45a 6 bytes [68, CB, D0, 1A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A                                                  00000000777e2a63 6 bytes [68, 03, 58, 1B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W                                                  0000000077804128 6 bytes [68, 49, 58, 1B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A                                                  000000007780e659 6 bytes [68, 8F, 58, 1B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW                                               00000000767d455c 6 bytes [68, 34, D3, 1A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\kernel32.dll!ExitProcess                                                        00000000767d79f8 6 bytes [68, F3, D2, 1A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW                                               0000000076b5c592 6 bytes [68, B1, D3, 1A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                               0000000076b92538 6 bytes [68, 9A, D3, 1A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\USER32.dll!GetDC                                                                00000000761c72c4 4 bytes [68, 92, 18, 1A]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\USER32.dll!GetDC + 5                                                            00000000761c72c9 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\USER32.dll!ReleaseDC                                                            00000000761c7446 6 bytes [68, 10, 19, 1A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\USER32.dll!TranslateMessage                                                     00000000761c7809 6 bytes [68, A5, 5D, 1B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\USER32.dll!GetMessageW                                                          00000000761c78e2 6 bytes [68, 22, DE, 1A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\USER32.dll!GetMessageA                                                          00000000761c7bd3 6 bytes [68, 4A, DE, 1A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\USER32.dll!GetWindowDC                                                          00000000761c8048 4 bytes [68, D1, 18, 1A]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5                                                      00000000761c804d 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\USER32.dll!RegisterClassW                                                       00000000761c8a65 6 bytes [68, C1, 5A, 1B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\USER32.dll!RegisterClassExW                                                     00000000761cb17d 6 bytes [68, 5B, 5B, 1B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\USER32.dll!RegisterClassExA                                                     00000000761cdb98 6 bytes [68, AD, 5B, 1B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\USER32.dll!PeekMessageW                                                         00000000761d05ba 6 bytes [68, 72, DE, 1A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\USER32.dll!CallWindowProcW                                                      00000000761d0d32 6 bytes [68, F3, 59, 1B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\USER32.dll!GetCursorPos                                                         00000000761d1218 6 bytes [68, 55, DC, 1A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\USER32.dll!EndPaint                                                             00000000761d1341 4 bytes [68, F7, 17, 1A]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\USER32.dll!EndPaint + 5                                                         00000000761d1346 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\USER32.dll!BeginPaint                                                           00000000761d1361 4 bytes [68, 87, 17, 1A]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\USER32.dll!BeginPaint + 5                                                       00000000761d1366 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\USER32.dll!GetMessagePos                                                        00000000761d2a8d 6 bytes [68, 23, DC, 1A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\USER32.dll!GetCapture                                                           00000000761d2aac 6 bytes [68, 83, DD, 1A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\USER32.dll!GetDCEx                                                              00000000761d3391 4 bytes [68, 37, 18, 1A]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\USER32.dll!GetDCEx + 5                                                          00000000761d3396 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\USER32.dll!RegisterClassA                                                       00000000761d434b 6 bytes [68, 0E, 5B, 1B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\USER32.dll!PeekMessageA                                                         00000000761d5f74 6 bytes [68, 9D, DE, 1A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\USER32.dll!GetUpdateRgn                                                         00000000761d6222 6 bytes [68, E3, 19, 1A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\USER32.dll!CallWindowProcA                                                      00000000761d792f 6 bytes [68, 3C, 5A, 1B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\USER32.dll!DefFrameProcA                                                        00000000761d7fbb 6 bytes [68, 1E, 59, 1B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA                                                     00000000761d810c 6 bytes [68, AD, 59, 1B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\USER32.dll!DefFrameProcW                                                        00000000761d85c1 6 bytes [68, D5, 58, 1B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW                                                     00000000761d86b4 6 bytes [68, 67, 59, 1B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\USER32.dll!GetUpdateRect                                                        00000000761ed41f 6 bytes [68, 50, 19, 1A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\USER32.dll!ReleaseCapture                                                       00000000761eed49 6 bytes [68, 33, DD, 1A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\USER32.dll!SetCapture                                                           00000000761eed56 4 bytes [68, D9, DC, 1A]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\USER32.dll!SetCapture + 5                                                       00000000761eed5b 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\USER32.dll!SwitchDesktop                                                        0000000076209854 6 bytes [68, 9F, 57, 1B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\USER32.dll!SetCursorPos                                                         0000000076209cfd 6 bytes [68, 9C, DC, 1A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                     0000000076209f1d 6 bytes [68, 54, 5F, 1B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\USER32.dll!OpenInputDesktop                                                     00000000762287cb 4 bytes [68, 4F, 57, 1B]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5                                                 00000000762287d0 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\WININET.dll!InternetCloseHandle                                                 0000000076c1c664 6 bytes [68, DC, 08, 1B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA                                                      0000000076c1e13a 6 bytes [68, 7C, 0A, 1B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\WININET.dll!InternetReadFile                                                    0000000076c1f8d8 6 bytes [68, 49, 09, 1B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable                                          0000000076c23184 6 bytes [68, 50, 0A, 1B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA                                                    0000000076c45761 6 bytes [68, 1E, 06, 1B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW                                                    0000000076c45fef 6 bytes [68, DA, 05, 1B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\WININET.dll!HttpSendRequestW                                                    0000000076c4632d 6 bytes [68, 62, 06, 1B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\WININET.dll!InternetReadFileExA                                                 0000000076c4fa49 6 bytes [68, 77, 09, 1B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW                                                  0000000076c5f564 6 bytes [68, 0C, 07, 1B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\WININET.dll!HttpEndRequestA                                                     0000000076c5f639 6 bytes [68, 46, 08, 1B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer                                              0000000076c74f2f 6 bytes [68, F6, 09, 1B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\WININET.dll!HttpSendRequestA                                                    0000000076c7525a 6 bytes [68, B7, 06, 1B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA                                                  0000000076cbece5 6 bytes [68, A9, 07, 1B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\WININET.dll!HttpEndRequestW                                                     0000000076cbedb7 6 bytes [68, 91, 08, 1B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\WS2_32.dll!closesocket                                                          00000000765b3918 6 bytes [68, 27, E3, 1A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\WS2_32.dll!getaddrinfo                                                          00000000765b4296 6 bytes [68, 38, DF, 1A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\WS2_32.dll!WSASend                                                              00000000765b4406 6 bytes [68, 80, E3, 1A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\WS2_32.dll!send                                                                 00000000765b6f01 6 bytes [68, 5F, E3, 1A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                                        00000000765c7673 6 bytes [68, C8, DE, 1A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3028] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore                                                  0000000074f71224 6 bytes [68, 89, 7E, 1A, 00, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess                                                                                   00000000777c08fc 6 bytes [68, A0, CF, 6E, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W                                                                                  00000000777d25fd 6 bytes [68, BD, 57, 6F, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                                            00000000777dc45a 6 bytes [68, CB, D0, 6E, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A                                                                                  00000000777e2a63 6 bytes [68, 03, 58, 6F, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W                                                                                  0000000077804128 6 bytes [68, 49, 58, 6F, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A                                                                                  000000007780e659 6 bytes [68, 8F, 58, 6F, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW                                                                               00000000767d455c 6 bytes [68, 34, D3, 6E, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\kernel32.dll!ExitProcess                                                                                        00000000767d79f8 6 bytes [68, F3, D2, 6E, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW                                                                               0000000076b5c592 6 bytes [68, B1, D3, 6E, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                                                               0000000076b92538 6 bytes [68, 9A, D3, 6E, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\USER32.dll!GetDC                                                                                                00000000761c72c4 6 bytes [68, 92, 18, 6E, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\USER32.dll!ReleaseDC                                                                                            00000000761c7446 6 bytes [68, 10, 19, 6E, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\USER32.dll!TranslateMessage                                                                                     00000000761c7809 6 bytes [68, A5, 5D, 6F, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\USER32.dll!GetMessageW                                                                                          00000000761c78e2 6 bytes [68, 22, DE, 6E, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\USER32.dll!GetMessageA                                                                                          00000000761c7bd3 6 bytes [68, 4A, DE, 6E, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\USER32.dll!GetWindowDC                                                                                          00000000761c8048 6 bytes [68, D1, 18, 6E, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\USER32.dll!RegisterClassW                                                                                       00000000761c8a65 6 bytes [68, C1, 5A, 6F, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\USER32.dll!RegisterClassExW                                                                                     00000000761cb17d 6 bytes [68, 5B, 5B, 6F, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\USER32.dll!RegisterClassExA                                                                                     00000000761cdb98 6 bytes [68, AD, 5B, 6F, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\USER32.dll!PeekMessageW                                                                                         00000000761d05ba 6 bytes [68, 72, DE, 6E, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\USER32.dll!CallWindowProcW                                                                                      00000000761d0d32 6 bytes [68, F3, 59, 6F, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\USER32.dll!GetCursorPos                                                                                         00000000761d1218 6 bytes [68, 55, DC, 6E, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\USER32.dll!EndPaint                                                                                             00000000761d1341 6 bytes [68, F7, 17, 6E, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\USER32.dll!BeginPaint                                                                                           00000000761d1361 6 bytes [68, 87, 17, 6E, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\USER32.dll!GetMessagePos                                                                                        00000000761d2a8d 6 bytes [68, 23, DC, 6E, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\USER32.dll!GetCapture                                                                                           00000000761d2aac 6 bytes [68, 83, DD, 6E, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\USER32.dll!GetDCEx                                                                                              00000000761d3391 6 bytes [68, 37, 18, 6E, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\USER32.dll!RegisterClassA                                                                                       00000000761d434b 6 bytes [68, 0E, 5B, 6F, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\USER32.dll!PeekMessageA                                                                                         00000000761d5f74 6 bytes [68, 9D, DE, 6E, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\USER32.dll!GetUpdateRgn                                                                                         00000000761d6222 6 bytes [68, E3, 19, 6E, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\USER32.dll!CallWindowProcA                                                                                      00000000761d792f 6 bytes [68, 3C, 5A, 6F, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\USER32.dll!DefFrameProcA                                                                                        00000000761d7fbb 6 bytes [68, 1E, 59, 6F, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA                                                                                     00000000761d810c 6 bytes [68, AD, 59, 6F, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\USER32.dll!DefFrameProcW                                                                                        00000000761d85c1 6 bytes [68, D5, 58, 6F, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW                                                                                     00000000761d86b4 6 bytes [68, 67, 59, 6F, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\USER32.dll!GetUpdateRect                                                                                        00000000761ed41f 6 bytes [68, 50, 19, 6E, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\USER32.dll!ReleaseCapture                                                                                       00000000761eed49 6 bytes [68, 33, DD, 6E, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\USER32.dll!SetCapture                                                                                           00000000761eed56 6 bytes [68, D9, DC, 6E, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\USER32.dll!SwitchDesktop                                                                                        0000000076209854 6 bytes [68, 9F, 57, 6F, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\USER32.dll!SetCursorPos                                                                                         0000000076209cfd 6 bytes [68, 9C, DC, 6E, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                                                     0000000076209f1d 6 bytes [68, 54, 5F, 6F, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\USER32.dll!OpenInputDesktop                                                                                     00000000762287cb 6 bytes [68, 4F, 57, 6F, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\SysWOW64\WINMM.dll!PlaySoundW                                                                                            0000000074bd2ef2 6 bytes [68, EF, D3, 6E, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\SysWOW64\WINMM.dll!PlaySound                                                                                             0000000074bf441d 6 bytes [68, C8, D3, 6E, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore                                                                                  0000000074f71224 6 bytes [68, 89, 7E, 6E, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\WS2_32.dll!closesocket                                                                                          00000000765b3918 6 bytes [68, 27, E3, 6E, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\WS2_32.dll!getaddrinfo                                                                                          00000000765b4296 6 bytes [68, 38, DF, 6E, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\WS2_32.dll!WSASend                                                                                              00000000765b4406 6 bytes [68, 80, E3, 6E, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\WS2_32.dll!send                                                                                                 00000000765b6f01 6 bytes [68, 5F, E3, 6E, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                                                                        00000000765c7673 6 bytes [68, C8, DE, 6E, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\WININET.dll!InternetCloseHandle                                                                                 0000000076c1c664 6 bytes [68, DC, 08, 6F, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA                                                                                      0000000076c1e13a 6 bytes [68, 7C, 0A, 6F, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\WININET.dll!InternetReadFile                                                                                    0000000076c1f8d8 6 bytes [68, 49, 09, 6F, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable                                                                          0000000076c23184 6 bytes [68, 50, 0A, 6F, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA                                                                                    0000000076c45761 6 bytes [68, 1E, 06, 6F, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW                                                                                    0000000076c45fef 6 bytes [68, DA, 05, 6F, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\WININET.dll!HttpSendRequestW                                                                                    0000000076c4632d 6 bytes [68, 62, 06, 6F, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\WININET.dll!InternetReadFileExA                                                                                 0000000076c4fa49 6 bytes [68, 77, 09, 6F, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW                                                                                  0000000076c5f564 6 bytes [68, 0C, 07, 6F, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\WININET.dll!HttpEndRequestA                                                                                     0000000076c5f639 6 bytes [68, 46, 08, 6F, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer                                                                              0000000076c74f2f 6 bytes [68, F6, 09, 6F, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\WININET.dll!HttpSendRequestA                                                                                    0000000076c7525a 6 bytes [68, B7, 06, 6F, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA                                                                                  0000000076cbece5 6 bytes [68, A9, 07, 6F, 03, C3]
.text   C:\Windows\SysWOW64\CTXFISPI.EXE[3308] C:\Windows\syswow64\WININET.dll!HttpEndRequestW                                                                                     0000000076cbedb7 6 bytes [68, 91, 08, 6F, 03, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                          0000000076c01465 2 bytes [C0, 76]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                         0000000076c014bb 2 bytes [C0, 76]
.text   ...                                                                                                                                                                        * 2
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                     0000000076c01465 2 bytes [C0, 76]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                    0000000076c014bb 2 bytes [C0, 76]
.text   ...                                                                                                                                                                        * 2
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                               0000000076c01465 2 bytes [C0, 76]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                              0000000076c014bb 2 bytes [C0, 76]
.text   ...                                                                                                                                                                        * 2

---- Threads - GMER 2.1 ----

Thread  C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1632:4556]                                                                                                 000007fef58b3e0c
Thread  C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1632:4572]                                                                                                 000007fef58b3e0c
Thread  C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1632:4576]                                                                                                 000007fef12fc0d0

---- EOF - GMER 2.1 ----

MBAR Log 1.Scan:

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.05.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Robert :: ZOCKMASCHINE [administrator]

05.03.2013 13:23:50
mbar-log-2013-03-05 (13-23-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29697
Time elapsed: 1 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Tookafiq (IPH.Trojan.Zbot.Rke) -> Data: C:\Users\Robert\AppData\Roaming\Etut\uzcy.exe -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Users\Robert\AppData\Roaming\Etut\uzcy.exe (IPH.Trojan.Zbot.Rke) -> Delete on reboot.

(end)

MBAR Log 2.Scan:

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.05.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Robert :: ZOCKMASCHINE [administrator]

05.03.2013 13:26:55
mbar-log-2013-03-05 (13-26-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29626
Time elapsed: 1 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

cosinus · 05.03.2013, 13:59

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

RobinSword · 05.03.2013, 17:56

aswMBR Logfile:
Hiermit kann ich nicht dienen, da das Programm immer während des Scanvorgangs abstürzt.

TDSSKiller Logfile:

Code:

ATTFilter

17:54:28.0691 4204  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:54:29.0159 4204  ============================================================
17:54:29.0159 4204  Current date / time: 2013/03/05 17:54:29.0159
17:54:29.0159 4204  SystemInfo:
17:54:29.0159 4204  
17:54:29.0159 4204  OS Version: 6.1.7601 ServicePack: 1.0
17:54:29.0159 4204  Product type: Workstation
17:54:29.0159 4204  ComputerName: ZOCKMASCHINE
17:54:29.0159 4204  UserName: Robert
17:54:29.0159 4204  Windows directory: C:\Windows
17:54:29.0159 4204  System windows directory: C:\Windows
17:54:29.0159 4204  Running under WOW64
17:54:29.0159 4204  Processor architecture: Intel x64
17:54:29.0159 4204  Number of processors: 8
17:54:29.0159 4204  Page size: 0x1000
17:54:29.0159 4204  Boot type: Normal boot
17:54:29.0159 4204  ============================================================
17:54:29.0299 4204  Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:54:29.0299 4204  Drive \Device\Harddisk1\DR1 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:54:29.0299 4204  ============================================================
17:54:29.0299 4204  \Device\Harddisk0\DR0:
17:54:29.0299 4204  MBR partitions:
17:54:29.0299 4204  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
17:54:29.0299 4204  \Device\Harddisk1\DR1:
17:54:29.0299 4204  MBR partitions:
17:54:29.0299 4204  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:54:29.0299 4204  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1DCC0000
17:54:29.0299 4204  ============================================================
17:54:29.0299 4204  C: <-> \Device\Harddisk1\DR1\Partition2
17:54:29.0736 4204  D: <-> \Device\Harddisk0\DR0\Partition1
17:54:29.0736 4204  ============================================================
17:54:29.0736 4204  Initialize success
17:54:29.0736 4204  ============================================================
17:55:18.0377 5060  ============================================================
17:55:18.0377 5060  Scan started
17:55:18.0377 5060  Mode: Manual; SigCheck; TDLFS; 
17:55:18.0377 5060  ============================================================
17:55:18.0440 5060  ================ Scan system memory ========================
17:55:18.0440 5060  System memory - ok
17:55:18.0440 5060  ================ Scan services =============================
17:55:18.0471 5060  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:55:18.0502 5060  1394ohci - ok
17:55:18.0502 5060  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:55:18.0502 5060  ACPI - ok
17:55:18.0518 5060  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:55:18.0533 5060  AcpiPmi - ok
17:55:18.0533 5060  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:55:18.0533 5060  AdobeARMservice - ok
17:55:18.0533 5060  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
17:55:18.0549 5060  adp94xx - ok
17:55:18.0549 5060  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
17:55:18.0564 5060  adpahci - ok
17:55:18.0564 5060  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
17:55:18.0564 5060  adpu320 - ok
17:55:18.0564 5060  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:55:18.0611 5060  AeLookupSvc - ok
17:55:18.0611 5060  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
17:55:18.0627 5060  AFD - ok
17:55:18.0627 5060  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
17:55:18.0627 5060  agp440 - ok
17:55:18.0627 5060  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
17:55:18.0642 5060  ALG - ok
17:55:18.0642 5060  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:55:18.0642 5060  aliide - ok
17:55:18.0658 5060  ALSysIO - ok
17:55:18.0658 5060  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
17:55:18.0658 5060  amdide - ok
17:55:18.0658 5060  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
17:55:18.0674 5060  AmdK8 - ok
17:55:18.0674 5060  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
17:55:18.0674 5060  AmdPPM - ok
17:55:18.0674 5060  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:55:18.0689 5060  amdsata - ok
17:55:18.0689 5060  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
17:55:18.0689 5060  amdsbs - ok
17:55:18.0689 5060  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:55:18.0705 5060  amdxata - ok
17:55:18.0705 5060  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
17:55:18.0736 5060  AppID - ok
17:55:18.0736 5060  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:55:18.0752 5060  AppIDSvc - ok
17:55:18.0752 5060  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
17:55:18.0767 5060  Appinfo - ok
17:55:18.0783 5060  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:55:18.0783 5060  Apple Mobile Device - ok
17:55:18.0783 5060  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
17:55:18.0798 5060  arc - ok
17:55:18.0798 5060  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
17:55:18.0798 5060  arcsas - ok
17:55:18.0798 5060  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:55:18.0814 5060  AsyncMac - ok
17:55:18.0814 5060  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
17:55:18.0830 5060  atapi - ok
17:55:18.0830 5060  [ FC0E8778C000291CAF60EB88C011E931 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
17:55:18.0830 5060  atksgt - ok
17:55:18.0845 5060  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:55:18.0861 5060  AudioEndpointBuilder - ok
17:55:18.0876 5060  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:55:18.0892 5060  AudioSrv - ok
17:55:18.0892 5060  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:55:18.0908 5060  AxInstSV - ok
17:55:18.0908 5060  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
17:55:18.0923 5060  b06bdrv - ok
17:55:18.0923 5060  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
17:55:18.0939 5060  b57nd60a - ok
17:55:18.0939 5060  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:55:18.0939 5060  BDESVC - ok
17:55:18.0939 5060  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:55:18.0970 5060  Beep - ok
17:55:18.0970 5060  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
17:55:18.0986 5060  BFE - ok
17:55:19.0001 5060  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
17:55:19.0017 5060  BITS - ok
17:55:19.0032 5060  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:55:19.0032 5060  blbdrive - ok
17:55:19.0032 5060  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:55:19.0048 5060  Bonjour Service - ok
17:55:19.0048 5060  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:55:19.0048 5060  bowser - ok
17:55:19.0048 5060  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
17:55:19.0064 5060  BrFiltLo - ok
17:55:19.0064 5060  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
17:55:19.0064 5060  BrFiltUp - ok
17:55:19.0079 5060  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
17:55:19.0079 5060  Browser - ok
17:55:19.0079 5060  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:55:19.0095 5060  Brserid - ok
17:55:19.0095 5060  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:55:19.0095 5060  BrSerWdm - ok
17:55:19.0095 5060  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:55:19.0110 5060  BrUsbMdm - ok
17:55:19.0110 5060  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:55:19.0110 5060  BrUsbSer - ok
17:55:19.0110 5060  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
17:55:19.0126 5060  BTHMODEM - ok
17:55:19.0126 5060  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
17:55:19.0142 5060  bthserv - ok
17:55:19.0142 5060  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:55:19.0173 5060  cdfs - ok
17:55:19.0173 5060  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:55:19.0173 5060  cdrom - ok
17:55:19.0173 5060  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
17:55:19.0188 5060  CertPropSvc - ok
17:55:19.0204 5060  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
17:55:19.0204 5060  circlass - ok
17:55:19.0204 5060  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
17:55:19.0220 5060  CLFS - ok
17:55:19.0220 5060  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:55:19.0220 5060  clr_optimization_v2.0.50727_32 - ok
17:55:19.0235 5060  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:55:19.0235 5060  clr_optimization_v2.0.50727_64 - ok
17:55:19.0235 5060  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:55:19.0251 5060  clr_optimization_v4.0.30319_32 - ok
17:55:19.0251 5060  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:55:19.0251 5060  clr_optimization_v4.0.30319_64 - ok
17:55:19.0266 5060  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
17:55:19.0266 5060  CmBatt - ok
17:55:19.0266 5060  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:55:19.0266 5060  cmdide - ok
17:55:19.0282 5060  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
17:55:19.0282 5060  CNG - ok
17:55:19.0298 5060  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
17:55:19.0298 5060  Compbatt - ok
17:55:19.0298 5060  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
17:55:19.0298 5060  CompositeBus - ok
17:55:19.0313 5060  COMSysApp - ok
17:55:19.0313 5060  cpuz135 - ok
17:55:19.0313 5060  cpuz136 - ok
17:55:19.0313 5060  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
17:55:19.0313 5060  crcdisk - ok
17:55:19.0313 5060  [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
17:55:19.0329 5060  Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
17:55:19.0329 5060  Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
17:55:19.0329 5060  [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
17:55:19.0329 5060  Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
17:55:19.0329 5060  Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
17:55:19.0329 5060  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:55:19.0344 5060  CryptSvc - ok
17:55:19.0344 5060  [ 229E3B8F266ABDAFD54E4A372B9D5DDC ] CT20XUT         C:\Windows\system32\drivers\CT20XUT.SYS
17:55:19.0344 5060  CT20XUT - ok
17:55:19.0344 5060  [ 229E3B8F266ABDAFD54E4A372B9D5DDC ] CT20XUT.SYS     C:\Windows\System32\drivers\CT20XUT.SYS
17:55:19.0360 5060  CT20XUT.SYS - ok
17:55:19.0360 5060  [ EB3843A91A10150C9E05607CBCB44090 ] ctac32k         C:\Windows\system32\drivers\ctac32k.sys
17:55:19.0376 5060  ctac32k - ok
17:55:19.0376 5060  [ BC06EFB59A2316537765462DFE40F764 ] ctaud2k         C:\Windows\system32\drivers\ctaud2k.sys
17:55:19.0376 5060  ctaud2k - ok
17:55:19.0391 5060  [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
17:55:19.0391 5060  CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
17:55:19.0391 5060  CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
17:55:19.0407 5060  [ 63B2B6CE9D3EF182981FB64BD5433DA4 ] CTEXFIFX        C:\Windows\system32\drivers\CTEXFIFX.SYS
17:55:19.0422 5060  CTEXFIFX - ok
17:55:19.0422 5060  [ 63B2B6CE9D3EF182981FB64BD5433DA4 ] CTEXFIFX.SYS    C:\Windows\System32\drivers\CTEXFIFX.SYS
17:55:19.0438 5060  CTEXFIFX.SYS - ok
17:55:19.0438 5060  [ 6D115CC80873B85FD80DDA1C41F75A2C ] CTHWIUT         C:\Windows\system32\drivers\CTHWIUT.SYS
17:55:19.0454 5060  CTHWIUT - ok
17:55:19.0454 5060  [ 6D115CC80873B85FD80DDA1C41F75A2C ] CTHWIUT.SYS     C:\Windows\System32\drivers\CTHWIUT.SYS
17:55:19.0454 5060  CTHWIUT.SYS - ok
17:55:19.0454 5060  [ EBC9548EF5838CB5AA8F18B3AC28AF12 ] ctprxy2k        C:\Windows\system32\drivers\ctprxy2k.sys
17:55:19.0454 5060  ctprxy2k - ok
17:55:19.0469 5060  [ 459BEE1682121842285C162E2D98D81A ] ctsfm2k         C:\Windows\system32\drivers\ctsfm2k.sys
17:55:19.0469 5060  ctsfm2k - ok
17:55:19.0469 5060  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:55:19.0500 5060  DcomLaunch - ok
17:55:19.0500 5060  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
17:55:19.0516 5060  defragsvc - ok
17:55:19.0516 5060  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:55:19.0532 5060  DfsC - ok
17:55:19.0547 5060  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:55:19.0547 5060  Dhcp - ok
17:55:19.0547 5060  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
17:55:19.0563 5060  discache - ok
17:55:19.0578 5060  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
17:55:19.0578 5060  Disk - ok
17:55:19.0578 5060  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:55:19.0594 5060  Dnscache - ok
17:55:19.0594 5060  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:55:19.0610 5060  dot3svc - ok
17:55:19.0610 5060  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
17:55:19.0625 5060  DPS - ok
17:55:19.0625 5060  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:55:19.0641 5060  drmkaud - ok
17:55:19.0641 5060  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:55:19.0656 5060  DXGKrnl - ok
17:55:19.0656 5060  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
17:55:19.0672 5060  EapHost - ok
17:55:19.0703 5060  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
17:55:19.0734 5060  ebdrv - ok
17:55:19.0734 5060  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
17:55:19.0734 5060  EFS - ok
17:55:19.0750 5060  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:55:19.0750 5060  ehRecvr - ok
17:55:19.0766 5060  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
17:55:19.0766 5060  ehSched - ok
17:55:19.0766 5060  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
17:55:19.0781 5060  elxstor - ok
17:55:19.0781 5060  [ C26133B6165928FBD156C6FE570F9ED2 ] emupia          C:\Windows\system32\drivers\emupia2k.sys
17:55:19.0781 5060  emupia - ok
17:55:19.0797 5060  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:55:19.0797 5060  ErrDev - ok
17:55:19.0797 5060  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
17:55:19.0828 5060  EventSystem - ok
17:55:19.0828 5060  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
17:55:19.0844 5060  exfat - ok
17:55:19.0844 5060  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:55:19.0859 5060  fastfat - ok
17:55:19.0875 5060  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
17:55:19.0875 5060  Fax - ok
17:55:19.0890 5060  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
17:55:19.0890 5060  fdc - ok
17:55:19.0890 5060  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
17:55:19.0906 5060  fdPHost - ok
17:55:19.0906 5060  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:55:19.0922 5060  FDResPub - ok
17:55:19.0937 5060  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:55:19.0937 5060  FileInfo - ok
17:55:19.0937 5060  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:55:19.0953 5060  Filetrace - ok
17:55:19.0953 5060  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
17:55:19.0968 5060  flpydisk - ok
17:55:19.0968 5060  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:55:19.0968 5060  FltMgr - ok
17:55:19.0984 5060  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
17:55:20.0000 5060  FontCache - ok
17:55:20.0000 5060  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:55:20.0000 5060  FontCache3.0.0.0 - ok
17:55:20.0015 5060  [ 1E312F89F2D2ADF95AC456CA29DB9C97 ] Freemake Improver C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
17:55:20.0015 5060  Freemake Improver ( UnsignedFile.Multi.Generic ) - warning
17:55:20.0015 5060  Freemake Improver - detected UnsignedFile.Multi.Generic (1)
17:55:20.0015 5060  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:55:20.0015 5060  FsDepends - ok
17:55:20.0015 5060  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:55:20.0031 5060  Fs_Rec - ok
17:55:20.0031 5060  [ 290EBA98AD0CE0D1B880B5D71194B069 ] Futuremark SystemInfo Service C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
17:55:20.0031 5060  Futuremark SystemInfo Service - ok
17:55:20.0031 5060  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:55:20.0046 5060  fvevol - ok
17:55:20.0046 5060  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
17:55:20.0046 5060  gagp30kx - ok
17:55:20.0062 5060  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:55:20.0062 5060  GEARAspiWDM - ok
17:55:20.0062 5060  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
17:55:20.0093 5060  gpsvc - ok
17:55:20.0093 5060  [ A3F010D5DBFB589A3B3288C05C2EA3F9 ] ha20x2k         C:\Windows\system32\drivers\ha20x2k.sys
17:55:20.0109 5060  ha20x2k - ok
17:55:20.0109 5060  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:55:20.0124 5060  hcw85cir - ok
17:55:20.0124 5060  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:55:20.0140 5060  HdAudAddService - ok
17:55:20.0140 5060  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
17:55:20.0140 5060  HDAudBus - ok
17:55:20.0140 5060  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
17:55:20.0156 5060  HidBatt - ok
17:55:20.0156 5060  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
17:55:20.0156 5060  HidBth - ok
17:55:20.0171 5060  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
17:55:20.0171 5060  HidIr - ok
17:55:20.0171 5060  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
17:55:20.0187 5060  hidserv - ok
17:55:20.0187 5060  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:55:20.0202 5060  HidUsb - ok
17:55:20.0202 5060  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:55:20.0218 5060  hkmsvc - ok
17:55:20.0218 5060  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:55:20.0234 5060  HomeGroupListener - ok
17:55:20.0234 5060  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:55:20.0249 5060  HomeGroupProvider - ok
17:55:20.0249 5060  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:55:20.0249 5060  HpSAMD - ok
17:55:20.0249 5060  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:55:20.0280 5060  HTTP - ok
17:55:20.0280 5060  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:55:20.0280 5060  hwpolicy - ok
17:55:20.0280 5060  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
17:55:20.0296 5060  i8042prt - ok
17:55:20.0296 5060  [ 6C024B3AE192D72B216166802AF345DD ] iaStorA         C:\Windows\system32\DRIVERS\iaStorA.sys
17:55:20.0312 5060  iaStorA - ok
17:55:20.0312 5060  [ 7F7A03D03FA18A0DB2DAC37A8D620E7F ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
17:55:20.0312 5060  IAStorDataMgrSvc ( UnsignedFile.Multi.Generic ) - warning
17:55:20.0312 5060  IAStorDataMgrSvc - detected UnsignedFile.Multi.Generic (1)
17:55:20.0312 5060  [ 661594437CA343CC89C586283442AF73 ] iaStorF         C:\Windows\system32\DRIVERS\iaStorF.sys
17:55:20.0312 5060  iaStorF - ok
17:55:20.0327 5060  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:55:20.0327 5060  iaStorV - ok
17:55:20.0327 5060  [ 33D4D4A24791587E83F7EE05A446FB7E ] ICCS            C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
17:55:20.0343 5060  ICCS ( UnsignedFile.Multi.Generic ) - warning
17:55:20.0343 5060  ICCS - detected UnsignedFile.Multi.Generic (1)
17:55:20.0343 5060  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:55:20.0358 5060  idsvc - ok
17:55:20.0358 5060  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
17:55:20.0358 5060  iirsp - ok
17:55:20.0374 5060  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
17:55:20.0390 5060  IKEEXT - ok
17:55:20.0421 5060  [ 9CC645EB9697AA4F2D5A39835C80A0A2 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:55:20.0452 5060  IntcAzAudAddService - ok
17:55:20.0468 5060  [ C2712BF2D18C0D4214065A170E80C664 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
17:55:20.0483 5060  Intel(R) Capability Licensing Service Interface - ok
17:55:20.0483 5060  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
17:55:20.0483 5060  intelide - ok
17:55:20.0483 5060  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:55:20.0483 5060  intelppm - ok
17:55:20.0499 5060  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:55:20.0514 5060  IPBusEnum - ok
17:55:20.0514 5060  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:55:20.0530 5060  IpFilterDriver - ok
17:55:20.0530 5060  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:55:20.0546 5060  iphlpsvc - ok
17:55:20.0546 5060  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:55:20.0561 5060  IPMIDRV - ok
17:55:20.0561 5060  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:55:20.0577 5060  IPNAT - ok
17:55:20.0577 5060  [ 0F261EC4F514926177C70C1832374231 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
17:55:20.0592 5060  iPod Service - ok
17:55:20.0592 5060  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:55:20.0592 5060  IRENUM - ok
17:55:20.0608 5060  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:55:20.0608 5060  isapnp - ok
17:55:20.0608 5060  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:55:20.0624 5060  iScsiPrt - ok
17:55:20.0624 5060  [ B2381712638B0B714D0EEAB9A1F7C640 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
17:55:20.0624 5060  iusb3hcs - ok
17:55:20.0624 5060  [ FD2C6457232E95C014DAD21DEBC64867 ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
17:55:20.0639 5060  iusb3hub - ok
17:55:20.0639 5060  [ F6A2B5D030BE7EDF8ADC12C9A40825A8 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
17:55:20.0655 5060  iusb3xhc - ok
17:55:20.0655 5060  [ 1F95EC569F77B275F07FA9FCFF7F6B59 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
17:55:20.0655 5060  jhi_service - ok
17:55:20.0655 5060  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:55:20.0670 5060  kbdclass - ok
17:55:20.0670 5060  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:55:20.0670 5060  kbdhid - ok
17:55:20.0670 5060  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
17:55:20.0686 5060  KeyIso - ok
17:55:20.0686 5060  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:55:20.0686 5060  KSecDD - ok
17:55:20.0686 5060  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:55:20.0702 5060  KSecPkg - ok
17:55:20.0702 5060  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
17:55:20.0717 5060  ksthunk - ok
17:55:20.0717 5060  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:55:20.0748 5060  KtmRm - ok
17:55:20.0748 5060  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:55:20.0764 5060  LanmanServer - ok
17:55:20.0764 5060  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:55:20.0780 5060  LanmanWorkstation - ok
17:55:20.0795 5060  [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
17:55:20.0795 5060  LGBusEnum - ok
17:55:20.0795 5060  [ F7205E939F50B1C8D16F895916BE6756 ] LGSHidFilt      C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
17:55:20.0795 5060  LGSHidFilt - ok
17:55:20.0795 5060  [ 09521A95BEAB989F1A3E003ACD4E914A ] LGSUsbFilt      C:\Windows\system32\DRIVERS\LGSUsbFilt.Sys
17:55:20.0811 5060  LGSUsbFilt - ok
17:55:20.0811 5060  [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
17:55:20.0811 5060  LGVirHid - ok
17:55:20.0811 5060  [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
17:55:20.0811 5060  lirsgt - ok
17:55:20.0826 5060  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:55:20.0842 5060  lltdio - ok
17:55:20.0842 5060  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:55:20.0858 5060  lltdsvc - ok
17:55:20.0858 5060  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:55:20.0873 5060  lmhosts - ok
17:55:20.0889 5060  [ B4614E581CEE9E21EC9651A84CDB80F0 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:55:20.0889 5060  LMS - ok
17:55:20.0889 5060  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
17:55:20.0904 5060  LSI_FC - ok
17:55:20.0904 5060  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
17:55:20.0904 5060  LSI_SAS - ok
17:55:20.0904 5060  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
17:55:20.0904 5060  LSI_SAS2 - ok
17:55:20.0920 5060  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
17:55:20.0920 5060  LSI_SCSI - ok
17:55:20.0920 5060  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
17:55:20.0936 5060  luafv - ok
17:55:20.0936 5060  lxbk_device - ok
17:55:20.0936 5060  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:55:20.0951 5060  Mcx2Svc - ok
17:55:20.0951 5060  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
17:55:20.0951 5060  megasas - ok
17:55:20.0967 5060  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
17:55:20.0967 5060  MegaSR - ok
17:55:20.0967 5060  [ D71FD7A4FDB01C554AE144037B688DF1 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
17:55:20.0967 5060  MEIx64 - ok
17:55:20.0982 5060  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
17:55:20.0998 5060  MMCSS - ok
17:55:20.0998 5060  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
17:55:21.0014 5060  Modem - ok
17:55:21.0014 5060  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:55:21.0029 5060  monitor - ok
17:55:21.0029 5060  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:55:21.0029 5060  mouclass - ok
17:55:21.0029 5060  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:55:21.0045 5060  mouhid - ok
17:55:21.0045 5060  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:55:21.0045 5060  mountmgr - ok
17:55:21.0045 5060  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
17:55:21.0060 5060  MpFilter - ok
17:55:21.0060 5060  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:55:21.0060 5060  mpio - ok
17:55:21.0060 5060  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:55:21.0092 5060  mpsdrv - ok
17:55:21.0092 5060  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:55:21.0107 5060  MpsSvc - ok
17:55:21.0123 5060  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:55:21.0123 5060  MRxDAV - ok
17:55:21.0123 5060  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:55:21.0138 5060  mrxsmb - ok
17:55:21.0138 5060  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:55:21.0138 5060  mrxsmb10 - ok
17:55:21.0154 5060  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:55:21.0154 5060  mrxsmb20 - ok
17:55:21.0154 5060  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:55:21.0170 5060  msahci - ok
17:55:21.0170 5060  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:55:21.0170 5060  msdsm - ok
17:55:21.0170 5060  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
17:55:21.0185 5060  MSDTC - ok
17:55:21.0185 5060  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:55:21.0201 5060  Msfs - ok
17:55:21.0201 5060  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:55:21.0216 5060  mshidkmdf - ok
17:55:21.0216 5060  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:55:21.0232 5060  msisadrv - ok
17:55:21.0232 5060  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:55:21.0248 5060  MSiSCSI - ok
17:55:21.0248 5060  msiserver - ok
17:55:21.0248 5060  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:55:21.0263 5060  MSKSSRV - ok
17:55:21.0279 5060  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
17:55:21.0279 5060  MsMpSvc - ok
17:55:21.0294 5060  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:55:21.0310 5060  MSPCLOCK - ok
17:55:21.0310 5060  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:55:21.0341 5060  MSPQM - ok
17:55:21.0341 5060  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:55:21.0341 5060  MsRPC - ok
17:55:21.0341 5060  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
17:55:21.0357 5060  mssmbios - ok
17:55:21.0357 5060  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:55:21.0372 5060  MSTEE - ok
17:55:21.0372 5060  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
17:55:21.0388 5060  MTConfig - ok
17:55:21.0388 5060  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:55:21.0388 5060  Mup - ok
17:55:21.0388 5060  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
17:55:21.0419 5060  napagent - ok
17:55:21.0419 5060  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:55:21.0435 5060  NativeWifiP - ok
17:55:21.0435 5060  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:55:21.0450 5060  NDIS - ok
17:55:21.0450 5060  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:55:21.0466 5060  NdisCap - ok
17:55:21.0482 5060  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:55:21.0497 5060  NdisTapi - ok
17:55:21.0497 5060  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:55:21.0513 5060  Ndisuio - ok
17:55:21.0513 5060  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:55:21.0528 5060  NdisWan - ok
17:55:21.0528 5060  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:55:21.0544 5060  NDProxy - ok
17:55:21.0560 5060  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:55:21.0575 5060  NetBIOS - ok
17:55:21.0575 5060  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:55:21.0591 5060  NetBT - ok
17:55:21.0591 5060  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
17:55:21.0606 5060  Netlogon - ok
17:55:21.0606 5060  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
17:55:21.0622 5060  Netman - ok
17:55:21.0638 5060  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
17:55:21.0653 5060  netprofm - ok
17:55:21.0653 5060  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:55:21.0653 5060  NetTcpPortSharing - ok
17:55:21.0653 5060  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
17:55:21.0669 5060  nfrd960 - ok
17:55:21.0669 5060  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:55:21.0669 5060  NisDrv - ok
17:55:21.0684 5060  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
17:55:21.0684 5060  NisSrv - ok
17:55:21.0684 5060  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:55:21.0700 5060  NlaSvc - ok
17:55:21.0700 5060  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:55:21.0716 5060  Npfs - ok
17:55:21.0716 5060  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
17:55:21.0747 5060  nsi - ok
17:55:21.0747 5060  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:55:21.0762 5060  nsiproxy - ok
17:55:21.0778 5060  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:55:21.0794 5060  Ntfs - ok
17:55:21.0794 5060  NTIOLib_1_0_1 - ok
17:55:21.0794 5060  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
17:55:21.0809 5060  Null - ok
17:55:21.0809 5060  [ B4F53BCA4C688FF47F04FA90098F896E ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
17:55:21.0825 5060  NVHDA - ok
17:55:21.0887 5060  [ 0A2F27B5BCC45B64E152DD6AE0815198 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:55:21.0981 5060  nvlddmkm - ok
17:55:21.0981 5060  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:55:21.0981 5060  nvraid - ok
17:55:21.0981 5060  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:55:21.0996 5060  nvstor - ok
17:55:21.0996 5060  [ 574087EA9105F23FB522A4FDDD5292D9 ] nvsvc           C:\Windows\system32\nvvsvc.exe
17:55:22.0012 5060  nvsvc - ok
17:55:22.0028 5060  [ ABA5A88740635D37A2B6CEB27DBC738A ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:55:22.0043 5060  nvUpdatusService - ok
17:55:22.0043 5060  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:55:22.0043 5060  nv_agp - ok
17:55:22.0043 5060  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:55:22.0059 5060  ohci1394 - ok
17:55:22.0059 5060  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:55:22.0059 5060  ose - ok
17:55:22.0090 5060  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:55:22.0137 5060  osppsvc - ok
17:55:22.0152 5060  [ 0E2DE427EBE106E7E5B52869D5C99F68 ] ossrv           C:\Windows\system32\drivers\ctoss2k.sys
17:55:22.0152 5060  ossrv - ok
17:55:22.0152 5060  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:55:22.0168 5060  p2pimsvc - ok
17:55:22.0168 5060  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:55:22.0184 5060  p2psvc - ok
17:55:22.0184 5060  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
17:55:22.0184 5060  Parport - ok
17:55:22.0184 5060  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:55:22.0199 5060  partmgr - ok
17:55:22.0199 5060  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:55:22.0215 5060  PcaSvc - ok
17:55:22.0215 5060  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
17:55:22.0215 5060  pci - ok
17:55:22.0215 5060  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
17:55:22.0230 5060  pciide - ok
17:55:22.0230 5060  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
17:55:22.0230 5060  pcmcia - ok
17:55:22.0230 5060  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
17:55:22.0246 5060  pcw - ok
17:55:22.0246 5060  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:55:22.0262 5060  PEAUTH - ok
17:55:22.0277 5060  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:55:22.0293 5060  PerfHost - ok
17:55:22.0308 5060  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
17:55:22.0324 5060  pla - ok
17:55:22.0340 5060  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:55:22.0340 5060  PlugPlay - ok
17:55:22.0340 5060  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:55:22.0355 5060  PNRPAutoReg - ok
17:55:22.0355 5060  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:55:22.0355 5060  PNRPsvc - ok
17:55:22.0371 5060  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:55:22.0386 5060  PolicyAgent - ok
17:55:22.0386 5060  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
17:55:22.0418 5060  Power - ok
17:55:22.0418 5060  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:55:22.0433 5060  PptpMiniport - ok
17:55:22.0433 5060  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
17:55:22.0433 5060  Processor - ok
17:55:22.0449 5060  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
17:55:22.0449 5060  ProfSvc - ok
17:55:22.0449 5060  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:55:22.0449 5060  ProtectedStorage - ok
17:55:22.0464 5060  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:55:22.0480 5060  Psched - ok
17:55:22.0480 5060  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
17:55:22.0511 5060  ql2300 - ok
17:55:22.0511 5060  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
17:55:22.0511 5060  ql40xx - ok
17:55:22.0511 5060  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
17:55:22.0527 5060  QWAVE - ok
17:55:22.0527 5060  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:55:22.0542 5060  QWAVEdrv - ok
17:55:22.0542 5060  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:55:22.0558 5060  RasAcd - ok
17:55:22.0558 5060  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:55:22.0574 5060  RasAgileVpn - ok
17:55:22.0574 5060  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
17:55:22.0589 5060  RasAuto - ok
17:55:22.0605 5060  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:55:22.0620 5060  Rasl2tp - ok
17:55:22.0620 5060  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
17:55:22.0636 5060  RasMan - ok
17:55:22.0636 5060  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:55:22.0667 5060  RasPppoe - ok
17:55:22.0667 5060  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:55:22.0683 5060  RasSstp - ok
17:55:22.0683 5060  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:55:22.0698 5060  rdbss - ok
17:55:22.0698 5060  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
17:55:22.0714 5060  rdpbus - ok
17:55:22.0714 5060  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:55:22.0730 5060  RDPCDD - ok
17:55:22.0730 5060  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:55:22.0745 5060  RDPENCDD - ok
17:55:22.0745 5060  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:55:22.0761 5060  RDPREFMP - ok
17:55:22.0776 5060  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:55:22.0776 5060  RdpVideoMiniport - ok
17:55:22.0776 5060  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:55:22.0792 5060  RDPWD - ok
17:55:22.0792 5060  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:55:22.0792 5060  rdyboost - ok
17:55:22.0792 5060  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:55:22.0823 5060  RemoteAccess - ok
17:55:22.0823 5060  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:55:22.0839 5060  RemoteRegistry - ok
17:55:22.0839 5060  [ AD42432D22940B4215177BE113E4919C ] RimUsb          C:\Windows\system32\Drivers\RimUsb_AMD64.sys
17:55:22.0839 5060  RimUsb - ok
17:55:22.0854 5060  [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort     C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
17:55:22.0854 5060  RimVSerPort - ok
17:55:22.0854 5060  [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys
17:55:22.0870 5060  ROOTMODEM - ok
17:55:22.0870 5060  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:55:22.0901 5060  RpcEptMapper - ok
17:55:22.0901 5060  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
17:55:22.0901 5060  RpcLocator - ok
17:55:22.0901 5060  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
17:55:22.0932 5060  RpcSs - ok
17:55:22.0932 5060  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:55:22.0948 5060  rspndr - ok
17:55:22.0948 5060  [ 39A719875F572241C585A629EE62EB14 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
17:55:22.0964 5060  RTL8167 - ok
17:55:22.0964 5060  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
17:55:22.0964 5060  SamSs - ok
17:55:22.0964 5060  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:55:22.0979 5060  sbp2port - ok
17:55:22.0979 5060  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:55:22.0995 5060  SCardSvr - ok
17:55:22.0995 5060  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:55:23.0010 5060  scfilter - ok
17:55:23.0026 5060  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
17:55:23.0042 5060  Schedule - ok
17:55:23.0057 5060  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:55:23.0073 5060  SCPolicySvc - ok
17:55:23.0073 5060  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:55:23.0073 5060  SDRSVC - ok
17:55:23.0073 5060  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:55:23.0088 5060  secdrv - ok
17:55:23.0104 5060  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
17:55:23.0120 5060  seclogon - ok
17:55:23.0120 5060  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
17:55:23.0135 5060  SENS - ok
17:55:23.0135 5060  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:55:23.0151 5060  SensrSvc - ok
17:55:23.0151 5060  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
17:55:23.0151 5060  Serenum - ok
17:55:23.0151 5060  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:55:23.0166 5060  Serial - ok
17:55:23.0166 5060  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
17:55:23.0166 5060  sermouse - ok
17:55:23.0166 5060  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:55:23.0198 5060  SessionEnv - ok
17:55:23.0198 5060  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:55:23.0198 5060  sffdisk - ok
17:55:23.0198 5060  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:55:23.0213 5060  sffp_mmc - ok
17:55:23.0213 5060  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:55:23.0213 5060  sffp_sd - ok
17:55:23.0213 5060  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
17:55:23.0229 5060  sfloppy - ok
17:55:23.0229 5060  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:55:23.0244 5060  SharedAccess - ok
17:55:23.0260 5060  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:55:23.0276 5060  ShellHWDetection - ok
17:55:23.0276 5060  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
17:55:23.0276 5060  SiSRaid2 - ok
17:55:23.0291 5060  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
17:55:23.0291 5060  SiSRaid4 - ok
17:55:23.0291 5060  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:55:23.0307 5060  Smb - ok
17:55:23.0307 5060  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:55:23.0322 5060  SNMPTRAP - ok
17:55:23.0322 5060  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:55:23.0322 5060  spldr - ok
17:55:23.0338 5060  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
17:55:23.0338 5060  Spooler - ok
17:55:23.0369 5060  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
17:55:23.0400 5060  sppsvc - ok
17:55:23.0416 5060  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:55:23.0432 5060  sppuinotify - ok
17:55:23.0432 5060  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:55:23.0447 5060  srv - ok
17:55:23.0447 5060  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:55:23.0463 5060  srv2 - ok
17:55:23.0463 5060  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:55:23.0463 5060  srvnet - ok
17:55:23.0463 5060  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:55:23.0494 5060  SSDPSRV - ok
17:55:23.0494 5060  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:55:23.0510 5060  SstpSvc - ok
17:55:23.0510 5060  Steam Client Service - ok
17:55:23.0510 5060  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
17:55:23.0525 5060  stexstor - ok
17:55:23.0525 5060  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
17:55:23.0541 5060  stisvc - ok
17:55:23.0541 5060  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
17:55:23.0541 5060  swenum - ok
17:55:23.0541 5060  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
17:55:23.0572 5060  swprv - ok
17:55:23.0588 5060  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
17:55:23.0603 5060  SysMain - ok
17:55:23.0603 5060  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:55:23.0619 5060  TabletInputService - ok
17:55:23.0619 5060  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:55:23.0634 5060  TapiSrv - ok
17:55:23.0634 5060  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
17:55:23.0666 5060  TBS - ok
17:55:23.0666 5060  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:55:23.0697 5060  Tcpip - ok
17:55:23.0712 5060  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:55:23.0728 5060  TCPIP6 - ok
17:55:23.0728 5060  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:55:23.0728 5060  tcpipreg - ok
17:55:23.0744 5060  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:55:23.0744 5060  TDPIPE - ok
17:55:23.0744 5060  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:55:23.0744 5060  TDTCP - ok
17:55:23.0759 5060  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:55:23.0775 5060  tdx - ok
17:55:23.0790 5060  [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8     C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
17:55:23.0822 5060  TeamViewer8 - ok
17:55:23.0822 5060  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
17:55:23.0837 5060  TermDD - ok
17:55:23.0837 5060  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
17:55:23.0853 5060  TermService - ok
17:55:23.0868 5060  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
17:55:23.0868 5060  Themes - ok
17:55:23.0868 5060  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
17:55:23.0884 5060  THREADORDER - ok
17:55:23.0900 5060  [ 0407143F2BBC1A5DD5B518AC0704FCBF ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
17:55:23.0900 5060  TomTomHOMEService - ok
17:55:23.0900 5060  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
17:55:23.0915 5060  TrkWks - ok
17:55:23.0915 5060  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:55:23.0931 5060  TrustedInstaller - ok
17:55:23.0946 5060  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:55:23.0962 5060  tssecsrv - ok
17:55:23.0962 5060  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:55:23.0962 5060  TsUsbFlt - ok
17:55:23.0962 5060  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
17:55:23.0978 5060  TsUsbGD - ok
17:55:23.0978 5060  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:55:23.0993 5060  tunnel - ok
17:55:23.0993 5060  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
17:55:24.0009 5060  uagp35 - ok
17:55:24.0009 5060  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:55:24.0024 5060  udfs - ok
17:55:24.0024 5060  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:55:24.0040 5060  UI0Detect - ok
17:55:24.0040 5060  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:55:24.0040 5060  uliagpkx - ok
17:55:24.0040 5060  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:55:24.0056 5060  umbus - ok
17:55:24.0056 5060  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
17:55:24.0056 5060  UmPass - ok
17:55:24.0056 5060  [ 15DBB0153EA1B0F66070CA231D51584D ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
17:55:24.0071 5060  UNS - ok
17:55:24.0071 5060  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
17:55:24.0087 5060  upnphost - ok
17:55:24.0087 5060  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
17:55:24.0102 5060  USBAAPL64 - ok
17:55:24.0102 5060  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:55:24.0102 5060  usbccgp - ok
17:55:24.0118 5060  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:55:24.0118 5060  usbcir - ok
17:55:24.0118 5060  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
17:55:24.0118 5060  usbehci - ok
17:55:24.0134 5060  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:55:24.0134 5060  usbhub - ok
17:55:24.0134 5060  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:55:24.0149 5060  usbohci - ok
17:55:24.0149 5060  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:55:24.0149 5060  usbprint - ok
17:55:24.0149 5060  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
17:55:24.0165 5060  usbscan - ok
17:55:24.0165 5060  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:55:24.0165 5060  USBSTOR - ok
17:55:24.0180 5060  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
17:55:24.0180 5060  usbuhci - ok
17:55:24.0180 5060  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
17:55:24.0196 5060  UxSms - ok
17:55:24.0196 5060  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
17:55:24.0212 5060  VaultSvc - ok
17:55:24.0212 5060  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:55:24.0212 5060  vdrvroot - ok
17:55:24.0212 5060  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
17:55:24.0243 5060  vds - ok
17:55:24.0243 5060  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:55:24.0243 5060  vga - ok
17:55:24.0243 5060  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:55:24.0258 5060  VgaSave - ok
17:55:24.0274 5060  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:55:24.0274 5060  vhdmp - ok
17:55:24.0274 5060  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
17:55:24.0274 5060  viaide - ok
17:55:24.0290 5060  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:55:24.0290 5060  volmgr - ok
17:55:24.0290 5060  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:55:24.0305 5060  volmgrx - ok
17:55:24.0305 5060  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:55:24.0305 5060  volsnap - ok
17:55:24.0305 5060  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
17:55:24.0321 5060  vsmraid - ok
17:55:24.0336 5060  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
17:55:24.0352 5060  VSS - ok
17:55:24.0368 5060  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
17:55:24.0368 5060  vwifibus - ok
17:55:24.0368 5060  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
17:55:24.0399 5060  W32Time - ok
17:55:24.0399 5060  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
17:55:24.0399 5060  WacomPen - ok
17:55:24.0399 5060  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:55:24.0414 5060  WANARP - ok
17:55:24.0414 5060  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:55:24.0430 5060  Wanarpv6 - ok
17:55:24.0446 5060  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
17:55:24.0461 5060  wbengine - ok
17:55:24.0461 5060  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:55:24.0477 5060  WbioSrvc - ok
17:55:24.0477 5060  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:55:24.0492 5060  wcncsvc - ok
17:55:24.0492 5060  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:55:24.0508 5060  WcsPlugInService - ok
17:55:24.0508 5060  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
17:55:24.0508 5060  Wd - ok
17:55:24.0524 5060  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:55:24.0524 5060  Wdf01000 - ok
17:55:24.0524 5060  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:55:24.0555 5060  WdiServiceHost - ok
17:55:24.0555 5060  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:55:24.0555 5060  WdiSystemHost - ok
17:55:24.0570 5060  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
17:55:24.0570 5060  WebClient - ok
17:55:24.0570 5060  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:55:24.0602 5060  Wecsvc - ok
17:55:24.0602 5060  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:55:24.0617 5060  wercplsupport - ok
17:55:24.0617 5060  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:55:24.0633 5060  WerSvc - ok
17:55:24.0633 5060  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:55:24.0664 5060  WfpLwf - ok
17:55:24.0664 5060  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:55:24.0664 5060  WIMMount - ok
17:55:24.0664 5060  WinDefend - ok
17:55:24.0664 5060  WinHttpAutoProxySvc - ok
17:55:24.0680 5060  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:55:24.0695 5060  Winmgmt - ok
17:55:24.0711 5060  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
17:55:24.0742 5060  WinRM - ok
17:55:24.0742 5060  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:55:24.0742 5060  WinUsb - ok
17:55:24.0758 5060  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:55:24.0773 5060  Wlansvc - ok
17:55:24.0789 5060  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:55:24.0820 5060  wlidsvc - ok
17:55:24.0820 5060  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
17:55:24.0820 5060  WmiAcpi - ok
17:55:24.0820 5060  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:55:24.0836 5060  wmiApSrv - ok
17:55:24.0836 5060  WMPNetworkSvc - ok
17:55:24.0836 5060  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:55:24.0851 5060  WPCSvc - ok
17:55:24.0851 5060  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:55:24.0851 5060  WPDBusEnum - ok
17:55:24.0851 5060  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:55:24.0867 5060  ws2ifsl - ok
17:55:24.0882 5060  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
17:55:24.0882 5060  wscsvc - ok
17:55:24.0882 5060  WSearch - ok
17:55:24.0898 5060  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:55:24.0929 5060  wuauserv - ok
17:55:24.0929 5060  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:55:24.0945 5060  WudfPf - ok
17:55:24.0945 5060  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:55:24.0945 5060  WUDFRd - ok
17:55:24.0960 5060  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:55:24.0960 5060  wudfsvc - ok
17:55:24.0960 5060  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:55:24.0976 5060  WwanSvc - ok
17:55:24.0976 5060  ================ Scan global ===============================
17:55:24.0976 5060  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:55:24.0976 5060  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:55:24.0976 5060  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:55:24.0992 5060  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:55:24.0992 5060  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:55:24.0992 5060  [Global] - ok
17:55:24.0992 5060  ================ Scan MBR ==================================
17:55:24.0992 5060  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:55:25.0522 5060  \Device\Harddisk0\DR0 - ok
17:55:25.0522 5060  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
17:55:25.0600 5060  \Device\Harddisk1\DR1 - ok
17:55:25.0600 5060  ================ Scan VBR ==================================
17:55:25.0600 5060  [ 792D3E642705E793E8FBC8F190AEAC67 ] \Device\Harddisk0\DR0\Partition1
17:55:25.0600 5060  \Device\Harddisk0\DR0\Partition1 - ok
17:55:25.0600 5060  [ D2BEA6FF5722C63CA42A13867E1D5CA4 ] \Device\Harddisk1\DR1\Partition1
17:55:25.0600 5060  \Device\Harddisk1\DR1\Partition1 - ok
17:55:25.0600 5060  [ 22A7AADACC4A131D55FD252977F93728 ] \Device\Harddisk1\DR1\Partition2
17:55:25.0600 5060  \Device\Harddisk1\DR1\Partition2 - ok
17:55:25.0600 5060  ============================================================
17:55:25.0600 5060  Scan finished
17:55:25.0600 5060  ============================================================
17:55:25.0600 5052  Detected object count: 6
17:55:25.0600 5052  Actual detected object count: 6
17:55:41.0340 5052  Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:55:41.0340 5052  Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:55:41.0340 5052  Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:55:41.0340 5052  Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:55:41.0340 5052  CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
17:55:41.0340 5052  CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:55:41.0340 5052  Freemake Improver ( UnsignedFile.Multi.Generic ) - skipped by user
17:55:41.0340 5052  Freemake Improver ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:55:41.0340 5052  IAStorDataMgrSvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:55:41.0340 5052  IAStorDataMgrSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:55:41.0340 5052  ICCS ( UnsignedFile.Multi.Generic ) - skipped by user
17:55:41.0340 5052  ICCS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:55:45.0365 4196  Deinitialize success

cosinus · 06.03.2013, 01:24

Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

RobinSword · 06.03.2013, 07:55

Jetzt hat's geklappt.

aswMBR Lof:

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-06 07:54:17
-----------------------------
07:54:17.938    OS Version: Windows x64 6.1.7601 Service Pack 1
07:54:17.938    Number of processors: 8 586 0x3A09
07:54:17.938    ComputerName: ZOCKMASCHINE  UserName: Robert
07:54:18.141    Initialize success
07:54:23.148    AVAST engine defs: 13030500
07:54:47.481    Disk 0  \Device\Harddisk0\DR0 -> \Device\00000072
07:54:47.497    Disk 0 Vendor: ATA_____ AB51 Size: 1907729MB BusType: 11
07:54:47.497    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\00000073
07:54:47.497    Disk 1 Vendor: ATA_____ 1___ Size: 244198MB BusType: 11
07:54:47.497    Disk 1 MBR read successfully
07:54:47.497    Disk 1 MBR scan
07:54:47.497    Disk 1 Windows 7 default MBR code
07:54:47.497    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
07:54:47.497    Disk 1 Partition 2 00     07    HPFS/NTFS NTFS       244096 MB offset 206848
07:54:47.497    Disk 1 scanning C:\Windows\system32\drivers
07:54:49.353    Service scanning
07:54:54.220    Modules scanning
07:54:54.220    Disk 1 trace - called modules:
07:54:54.220    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys hal.dll iaStorA.sys 
07:54:54.220    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8006fef790]
07:54:54.220    3 CLASSPNP.SYS[fffff88001c9643f] -> nt!IofCallDriver -> [0xfffffa8006eed990]
07:54:54.236    5 iaStorF.sys[fffff8800188f168] -> nt!IofCallDriver -> \Device\00000073[0xfffffa80066ff9c0]
07:54:54.236    Scan finished successfully
07:55:07.434    Disk 1 MBR has been saved successfully to "C:\Users\Robert\Desktop\MBR.dat"
07:55:07.449    The log file has been saved successfully to "C:\Users\Robert\Desktop\aswMBR.txt"

cosinus · 06.03.2013, 11:42

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

RobinSword · 06.03.2013, 20:45

Combofix-Log:

Code:

ATTFilter

ComboFix 13-03-05.01 - Robert 06.03.2013  20:41:51.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8143.6745 [GMT 1:00]
ausgeführt von:: c:\users\Robert\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-06 bis 2013-03-06  ))))))))))))))))))))))))))))))
.
.
2013-03-06 19:43 . 2013-03-06 19:43	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-03-06 19:43 . 2013-03-06 19:43	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-06 19:33 . 2013-03-06 19:33	8782	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2013-03-06 06:56 . 2013-02-08 00:28	9162192	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{22E16FAA-F8F6-4309-B6BE-0DEDE7DAFF85}\mpengine.dll
2013-03-05 16:58 . 2013-02-08 00:28	9162192	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-05 08:55 . 2013-03-05 08:55	--------	d-----w-	c:\users\Robert\AppData\Roaming\Malwarebytes
2013-03-05 08:55 . 2013-03-05 08:55	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-05 08:55 . 2013-03-05 08:55	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-05 08:55 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-03-05 08:49 . 2013-03-05 08:49	--------	d-----w-	c:\program files (x86)\ESET
2013-03-05 08:11 . 2013-03-05 08:11	--------	d-----w-	c:\users\Robert\AppData\Local\Risen
2013-03-05 07:58 . 2013-03-05 12:24	--------	d-----w-	c:\users\Robert\AppData\Roaming\Etut
2013-03-05 07:58 . 2013-03-05 08:43	--------	d-----w-	c:\users\Robert\AppData\Roaming\Isudm
2013-03-05 07:58 . 2013-03-05 07:58	--------	d-----w-	c:\users\Robert\AppData\Roaming\Toukk
2013-03-05 07:43 . 2013-03-05 07:43	--------	d-----w-	c:\windows\1C4551A64743409391E41477CD655043.TMP
2013-03-04 22:42 . 2013-03-04 22:42	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-03 17:34 . 2013-03-03 17:38	--------	d-----w-	c:\users\Robert\Valley
2013-03-03 17:19 . 2013-03-03 17:19	--------	d-----w-	c:\program files (x86)\Unigine
2013-03-03 16:47 . 2012-08-16 12:33	645952	----a-w-	c:\windows\system32\drivers\iaStorA.sys
2013-03-03 16:47 . 2012-08-16 12:33	27456	----a-w-	c:\windows\system32\drivers\iaStorF.sys
2013-03-03 15:24 . 2013-03-03 15:24	--------	d-----w-	c:\program files\Microsoft Mouse and Keyboard Center
2013-03-03 15:09 . 2013-01-09 01:10	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-03-03 15:09 . 2013-01-08 22:01	768000	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-03-03 11:10 . 2013-01-05 05:53	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-03 11:10 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-03-03 11:10 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-03-03 11:10 . 2013-01-04 05:46	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-03-03 11:10 . 2013-01-04 04:51	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-03-03 11:10 . 2013-01-04 03:26	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-03-03 11:10 . 2013-01-04 02:47	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-03-03 11:10 . 2013-01-04 02:47	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-03-03 11:10 . 2013-01-04 02:47	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-03-03 11:10 . 2013-01-04 02:47	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-03-03 11:09 . 2013-01-03 06:00	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-03-03 11:09 . 2013-01-03 06:00	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-15 22:31 . 2013-02-15 22:31	186432	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-07 10:42 . 2013-02-07 10:42	--------	d-----w-	c:\program files (x86)\directx
2013-02-06 22:45 . 2013-02-06 22:45	--------	d-----w-	c:\program files (x86)\AGEIA Technologies
2013-02-06 22:31 . 2013-02-06 22:31	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2013-02-06 22:31 . 2013-02-06 22:31	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2013-02-06 22:31 . 2013-02-06 22:31	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-02-06 22:31 . 2013-02-06 22:31	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-02-06 22:31 . 2013-02-06 22:31	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-02-06 22:31 . 2013-02-06 22:31	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-02-06 22:31 . 2013-02-06 22:31	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-02-06 22:31 . 2013-02-06 22:31	--------	d-----w-	c:\program files (x86)\QuickTime
2013-02-06 13:31 . 2013-02-06 13:31	--------	d-----w-	c:\users\Robert\AppData\Local\Futuremark
2013-02-05 11:22 . 2013-02-05 11:22	--------	d-----w-	c:\programdata\Freemake
2013-02-05 11:22 . 2013-02-05 11:22	--------	d-----w-	c:\program files (x86)\Freemake
2013-02-05 11:21 . 2013-02-05 11:21	--------	d-----w-	c:\users\Robert\AppData\Local\Programs
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-05 07:43 . 2012-11-19 07:42	43680	----a-w-	c:\windows\system32\drivers\lirsgt.sys
2013-03-05 07:43 . 2012-11-19 07:42	314016	----a-w-	c:\windows\system32\drivers\atksgt.sys
2013-03-04 22:42 . 2012-09-29 14:21	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-03-04 22:42 . 2012-09-29 14:21	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-03-03 15:15 . 2012-09-29 14:35	691568	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-03 15:15 . 2012-09-29 14:35	71024	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-03 15:10 . 2012-09-29 11:07	70004024	----a-w-	c:\windows\system32\MRT.exe
2013-02-10 03:25 . 2012-09-29 10:48	2854344	----a-w-	c:\windows\system32\nvapi64.dll
2013-02-10 03:25 . 2012-09-29 10:48	15275744	----a-w-	c:\windows\system32\nvwgf2umx.dll
2013-02-10 03:25 . 2012-09-29 10:48	1114144	----a-w-	c:\windows\system32\nvumdshimx.dll
2013-02-10 01:04 . 2012-09-29 10:48	6393120	----a-w-	c:\windows\system32\nvcpl.dll
2013-02-10 01:04 . 2012-09-29 10:48	3472672	----a-w-	c:\windows\system32\nvsvc64.dll
2013-02-10 01:04 . 2012-09-29 10:48	877856	----a-w-	c:\windows\system32\nvvsvc.exe
2013-02-10 01:04 . 2012-09-29 10:48	63776	----a-w-	c:\windows\system32\nvshext.dll
2013-02-10 01:04 . 2012-09-29 10:48	2555680	----a-w-	c:\windows\system32\nvsvcr.dll
2013-02-10 01:04 . 2012-09-29 10:48	237856	----a-w-	c:\windows\system32\nvmctray.dll
2013-02-09 13:25 . 2012-09-29 10:48	3035306	----a-w-	c:\windows\system32\nvcoproc.bin
2013-01-30 10:53 . 2010-11-21 03:27	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-01-29 17:15 . 2013-01-29 17:15	862664	----a-w-	c:\windows\SysWow64\msvcr110.dll
2013-01-29 17:15 . 2013-01-29 17:15	828872	----a-w-	c:\windows\system32\msvcr110.dll
2013-01-29 17:15 . 2013-01-29 17:15	661448	----a-w-	c:\windows\system32\msvcp110.dll
2013-01-29 17:15 . 2013-01-29 17:15	534480	----a-w-	c:\windows\SysWow64\msvcp110.dll
2013-01-29 17:15 . 2013-01-29 17:15	354264	----a-w-	c:\windows\system32\vccorlib110.dll
2013-01-29 17:15 . 2013-01-29 17:15	251864	----a-w-	c:\windows\SysWow64\vccorlib110.dll
2013-01-22 17:20 . 2009-08-18 11:49	564632	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2013-01-22 17:20 . 2009-08-18 10:24	19696	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-01-21 10:12 . 2013-01-21 10:12	2177664	----a-w-	c:\windows\system32\coin93.dll
2013-01-20 14:59 . 2013-01-20 14:59	230320	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2013-01-20 14:59 . 2012-08-30 20:03	130008	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-19 16:41 . 2013-01-19 16:46	8192	----a-w-	c:\windows\system32\drivers\IntelMEFWVer.dll
2013-01-19 16:41 . 2012-07-12 17:56	62784	----a-w-	c:\windows\system32\drivers\HECIx64.sys
2013-01-06 17:09 . 2013-01-06 17:09	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2013-01-04 04:43 . 2013-03-03 11:10	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-12-29 10:34 . 2012-09-29 10:48	1813432	----a-w-	c:\windows\system32\nvdispco64.dll
2012-12-29 10:34 . 2012-09-29 10:48	1504696	----a-w-	c:\windows\system32\nvdispgenco64.dll
2012-12-18 08:31 . 2012-09-29 10:48	1510328	----a-w-	c:\windows\system32\nvhdagenco6420103.dll
2012-12-16 17:11 . 2012-12-21 14:31	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 14:31	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 14:31	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 14:31	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-09 04:28	441856	----a-w-	c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 04:28	2746368	----a-w-	c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 04:28	308736	----a-w-	c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 04:28	2576384	----a-w-	c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 04:28	30720	----a-w-	c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 04:28	43520	----a-w-	c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 04:28	23552	----a-w-	c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 04:28	45568	----a-w-	c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 04:28	44544	----a-w-	c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 04:28	20480	----a-w-	c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 04:28	20480	----a-w-	c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 04:28	20480	----a-w-	c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 04:28	46592	----a-w-	c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 04:28	40960	----a-w-	c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 04:28	21504	----a-w-	c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 04:28	15360	----a-w-	c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 04:28	55296	----a-w-	c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 04:28	51712	----a-w-	c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 04:28	43520	----a-w-	c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 04:28	30720	----a-w-	c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 04:28	45568	----a-w-	c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 04:28	44544	----a-w-	c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 04:28	20480	----a-w-	c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 04:28	23552	----a-w-	c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 04:28	20480	----a-w-	c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 04:28	46592	----a-w-	c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 04:28	20480	----a-w-	c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 04:28	21504	----a-w-	c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 04:28	40960	----a-w-	c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 04:28	15360	----a-w-	c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 04:28	55296	----a-w-	c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 04:28	51712	----a-w-	c:\windows\SysWow64\esrb.rs
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-09-29 291608]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-08-23 56128]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-05 25600]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"ControlCenterCount"="c:\program files (x86)\MSI\ControlCenter\ControlCenterCount.exe" [2012-03-26 872448]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2013-01-31 100864]
R3 ALSysIO;ALSysIO;c:\users\Robert\AppData\Local\Temp\ALSysIO64.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-11-19 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-09-29 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-05-05 202840]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-05-05 1417304]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-05-05 94808]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-12-17 137488]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2012-10-02 66360]
R3 LGSUsbFilt;Logitech Gaming KMDF USB Filter Driver;c:\windows\system32\DRIVERS\LGSUsbFilt.Sys [2012-10-02 43832]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 NTIOLib_1_0_1;NTIOLib_1_0_1;c:\program files (x86)\MSI\CLICKBIOSII\NTIOLib_X64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2012-08-16 645952]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2012-08-16 27456]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-09-29 19224]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage-Technologie;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-08-16 7168]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-07-27 636952]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-01-19 164736]
S2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe [2008-02-19 565928]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-08-28 92632]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-01-19 363904]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-05-05 202840]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-05-05 1417304]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-05-05 94808]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-09-29 356632]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-09-29 789272]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-16 676968]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Myst Masterpiece Edition - c:\windows\IsUn0407.exe
AddRemove-S3 - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Philips]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-06  20:44:27
ComboFix-quarantined-files.txt  2013-03-06 19:44
.
Vor Suchlauf: 13 Verzeichnis(se), 134.160.003.072 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 134.451.748.864 Bytes frei
.
- - End Of File - - 076E0953AD91084D8CFAA58D0F68A5AA

cosinus · 06.03.2013, 22:54

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

RobinSword · 07.03.2013, 09:30

JRT-Log:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.8 (03.04.2013:1)
OS: Windows 7 Home Premium x64
Ran by Robert on 07.03.2013 at  8:48:44,99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.03.2013 at  8:52:05,47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AdwCleaner-Log:

Code:

ATTFilter

# AdwCleaner v2.114 - Datei am 07/03/2013 um 09:23:43 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Robert - ZOCKMASCHINE
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Robert\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[S1].txt - [572 octets] - [07/03/2013 09:23:43]

########## EOF - C:\AdwCleaner[S1].txt - [631 octets] ##########

OTL.txt:

Code:

ATTFilter

OTL logfile created on: 07.03.2013 09:25:59 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Robert\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 6,73 Gb Available Physical Memory | 84,63% Memory free
15,90 Gb Paging File | 14,60 Gb Available in Paging File | 91,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238,37 Gb Total Space | 125,28 Gb Free Space | 52,56% Space Free | Partition Type: NTFS
Drive D: | 1863,01 Gb Total Space | 1738,52 Gb Free Space | 93,32% Space Free | Partition Type: NTFS
 
Computer Name: ZOCKMASCHINE | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Robert\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd)
PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\6c1f9740c6ada965092d49d95aab2a83\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMgrSvcInt#\32bfd59bc4e2103c2711ad7ef926e64b\IAStorDataMgrSvcInterfaces.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\4e38af2c9e44dfb8cd101420faaf5c21\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ebf949aee7febad1902974b1a2bd77a2\System.ServiceModel.Discovery.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b26c0ed378c4b15c60cef0baada4e0dc\System.ServiceModel.Routing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\800370766976fd4ec232b4e29781717d\System.ServiceModel.Channels.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b15622741724e17f1335c4771c3700a0\System.ServiceModel.Activities.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a0445401f2473a1aa4b66c9c0791c7f6\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\c1b67737c13c99776cde5989ec2885c8\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e7b4706dfe18f29486dbaf5d35e01765\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\SysWOW64\APOMngr.DLL ()
MOD - C:\Windows\SysWOW64\CTXFIGER.DLL ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (lxbk_device) -- C:\Windows\SysNative\lxbkcoms.exe ( )
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Freemake Improver) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake)
SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (lxbk_device) -- C:\Windows\SysWOW64\lxbkcoms.exe ( )
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (LGSHidFilt) -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys (Logitech Inc.)
DRV:64bit: - (LGSUsbFilt) -- C:\Windows\SysNative\drivers\LGSUsbFilt.sys (Logitech Inc.)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1425481659-3590505946-3856770885-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Download
IE - HKU\S-1-5-21-1425481659-3590505946-3856770885-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1425481659-3590505946-3856770885-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1425481659-3590505946-3856770885-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 73 A6 69 DC 29 9E CD 01  [binary data]
IE - HKU\S-1-5-21-1425481659-3590505946-3856770885-1000\..\SearchScopes,DefaultScope = {7081D295-1D1C-49B6-BB06-B14C64B04022}
IE - HKU\S-1-5-21-1425481659-3590505946-3856770885-1000\..\SearchScopes\{7081D295-1D1C-49B6-BB06-B14C64B04022}: "URL" = hxxp://www.google.com/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-1425481659-3590505946-3856770885-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1425481659-3590505946-3856770885-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2013.02.05 12:22:54 | 000,000,000 | ---D | M]
 
[2012.12.02 23:11:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\mozilla\Extensions
[2012.12.02 23:11:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
 
O1 HOSTS File: ([2013.03.06 20:43:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ControlCenterCount] C:\Program Files (x86)\MSI\ControlCenter\ControlCenterCount.exe (MSI CO.,LTD.)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1425481659-3590505946-3856770885-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1425481659-3590505946-3856770885-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8C0435D-CF47-4C67-ABBF-575A36337981}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.07 08:48:44 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.06 23:02:47 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.06 23:02:15 | 000,547,723 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Robert\Desktop\JRT.exe
[2013.03.06 20:46:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.06 20:43:37 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.03.06 20:41:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.06 20:41:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.06 20:41:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.06 20:41:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.06 20:41:20 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.06 20:40:08 | 005,036,545 | R--- | C] (Swearware) -- C:\Users\Robert\Desktop\ComboFix.exe
[2013.03.05 15:26:46 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Robert\Desktop\tdsskiller.exe
[2013.03.05 15:17:02 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\Robot
[2013.03.05 14:50:17 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Robert\Desktop\aswMBR.exe
[2013.03.05 13:20:35 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\mbar-1.01.0.1021
[2013.03.05 12:27:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe
[2013.03.05 09:55:43 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Malwarebytes
[2013.03.05 09:55:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.05 09:55:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.05 09:55:31 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.05 09:55:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.05 09:49:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.03.05 09:11:32 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Risen
[2013.03.05 08:58:59 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Toukk
[2013.03.05 08:58:59 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Isudm
[2013.03.05 08:58:59 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Etut
[2013.03.04 23:42:23 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.04 23:42:22 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.04 23:42:22 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.03.04 23:42:22 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.03 20:07:05 | 026,947,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.03.03 20:07:05 | 025,256,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.03.03 20:07:05 | 020,534,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.03.03 20:07:05 | 017,987,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013.03.03 20:07:05 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.03.03 20:07:05 | 015,038,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013.03.03 20:07:05 | 012,862,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013.03.03 20:07:05 | 009,422,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.03.03 20:07:05 | 007,964,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.03.03 20:07:05 | 007,569,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.03.03 20:07:05 | 006,267,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.03.03 20:07:05 | 002,911,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.03.03 20:07:05 | 002,726,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.03.03 20:07:05 | 002,528,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013.03.03 20:07:05 | 002,350,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.03.03 20:07:05 | 001,990,944 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.03.03 20:07:05 | 001,807,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6420294.dll
[2013.03.03 20:07:05 | 001,510,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6420162.dll
[2013.03.03 20:07:05 | 000,963,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013.03.03 20:07:05 | 000,420,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2013.03.03 20:07:05 | 000,364,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2013.03.03 20:07:05 | 000,250,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013.03.03 20:07:05 | 000,205,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013.03.03 20:07:05 | 000,194,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2013.03.03 20:07:05 | 000,031,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2013.03.03 18:34:34 | 000,000,000 | ---D | C] -- C:\Users\Robert\Valley
[2013.03.03 18:20:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine
[2013.03.03 18:19:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unigine
[2013.03.03 17:47:27 | 000,645,952 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStorA.sys
[2013.03.03 17:47:27 | 000,027,456 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStorF.sys
[2013.03.03 16:24:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center
[2013.03.03 16:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2013.03.03 16:08:34 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.03.03 16:08:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.03.03 16:08:34 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.03 16:08:34 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.03 16:08:33 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.03 16:08:33 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.03 16:08:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.03 16:08:33 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.03 16:08:33 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.03 16:08:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.03 16:08:33 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.03 16:08:33 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.03 16:08:32 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.03.03 16:08:32 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.03 16:08:32 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.03 12:10:06 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.03.03 12:10:06 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.03.03 12:10:06 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.03.03 12:10:02 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.03.03 12:10:02 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.03.03 12:10:02 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.03.03 12:10:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.03.03 12:10:02 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.03.03 12:10:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.03.03 12:09:59 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.07 11:42:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\directx
[2013.02.06 23:45:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.02.06 23:31:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.02.06 23:31:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013.02.06 14:31:57 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Futuremark
[2013.02.06 14:31:56 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\3DMark
[2013.02.05 12:22:54 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\Freemake
[2013.02.05 12:22:54 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[2013.02.05 12:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2013.02.05 12:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2013.02.05 12:22:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake
[2013.02.05 12:21:34 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Programs
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.07 09:24:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.07 09:24:07 | 000,061,616 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000001-00001102-00000005-00231102}.rfx
[2013.03.07 09:24:07 | 000,061,616 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000001-00001102-00000005-00231102}.rfx
[2013.03.07 09:24:07 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000001-00001102-00000005-00231102}.rfx
[2013.03.07 08:53:27 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.07 08:53:27 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.07 08:52:10 | 001,501,928 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.07 08:52:10 | 000,654,966 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.07 08:52:10 | 000,616,848 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.07 08:52:10 | 000,130,336 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.07 08:52:10 | 000,106,726 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.06 23:02:47 | 000,547,723 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Robert\Desktop\JRT.exe
[2013.03.06 23:02:34 | 000,597,667 | ---- | M] () -- C:\Users\Robert\Desktop\adwcleaner.exe
[2013.03.06 20:43:37 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.03.06 20:40:32 | 005,036,545 | R--- | M] (Swearware) -- C:\Users\Robert\Desktop\ComboFix.exe
[2013.03.06 07:55:07 | 000,000,512 | ---- | M] () -- C:\Users\Robert\Desktop\MBR.dat
[2013.03.05 17:32:29 | 000,002,338 | ---- | M] () -- C:\Users\Robert\Desktop\Fable III Handbuch.lnk
[2013.03.05 15:26:46 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Robert\Desktop\tdsskiller.exe
[2013.03.05 14:51:34 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Robert\Desktop\aswMBR.exe
[2013.03.05 13:15:16 | 000,377,856 | ---- | M] () -- C:\Users\Robert\Desktop\gmer_2.1.19155.exe
[2013.03.05 12:27:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe
[2013.03.05 09:55:35 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.05 09:42:50 | 000,001,358 | ---- | M] () -- C:\Users\Robert\Desktop\Ini.lnk
[2013.03.05 09:19:33 | 000,001,102 | ---- | M] () -- C:\Users\Robert\Desktop\Risen.lnk
[2013.03.05 08:43:30 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2013.03.05 08:43:30 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2013.03.04 23:42:20 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.04 23:42:19 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.03.04 23:42:19 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.03.04 23:42:19 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.04 23:42:19 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.04 23:42:19 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.03.03 18:56:51 | 001,065,984 | ---- | M] () -- C:\Users\Robert\AppData\Local\file__0.localstorage
[2013.03.03 18:20:18 | 000,002,121 | ---- | M] () -- C:\Users\Public\Desktop\Valley Benchmark 1.0.lnk
[2013.03.03 16:15:49 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.03 16:15:48 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.03 16:14:35 | 000,343,576 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.03 16:09:20 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.02.10 04:25:27 | 026,947,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.02.10 04:25:27 | 025,256,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.02.10 04:25:27 | 020,534,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.02.10 04:25:27 | 017,987,192 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013.02.10 04:25:27 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.02.10 04:25:27 | 015,275,744 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013.02.10 04:25:27 | 015,038,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013.02.10 04:25:27 | 012,862,400 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013.02.10 04:25:27 | 009,422,672 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.02.10 04:25:27 | 007,964,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.02.10 04:25:27 | 007,569,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.02.10 04:25:27 | 006,267,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.02.10 04:25:27 | 002,911,008 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.02.10 04:25:27 | 002,854,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2013.02.10 04:25:27 | 002,726,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.02.10 04:25:27 | 002,528,840 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013.02.10 04:25:27 | 002,350,368 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.02.10 04:25:27 | 001,990,944 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.02.10 04:25:27 | 001,807,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6420294.dll
[2013.02.10 04:25:27 | 001,510,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6420162.dll
[2013.02.10 04:25:27 | 001,114,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2013.02.10 04:25:27 | 000,963,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013.02.10 04:25:27 | 000,420,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2013.02.10 04:25:27 | 000,364,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2013.02.10 04:25:27 | 000,250,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013.02.10 04:25:27 | 000,205,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013.02.10 04:25:27 | 000,017,738 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013.02.10 02:04:31 | 006,393,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2013.02.10 02:04:31 | 003,472,672 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2013.02.10 02:04:29 | 002,555,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2013.02.10 02:04:29 | 000,237,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2013.02.10 02:04:29 | 000,063,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2013.02.09 14:25:36 | 003,035,306 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2013.02.07 11:45:05 | 000,000,000 | ---- | M] () -- C:\Windows\QTW.ini
[2013.02.06 23:31:43 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013.02.06 13:49:29 | 000,001,777 | ---- | M] () -- C:\Users\Public\Desktop\3DMark.lnk
[2013.02.05 12:22:54 | 000,001,328 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.06 23:02:34 | 000,597,667 | ---- | C] () -- C:\Users\Robert\Desktop\adwcleaner.exe
[2013.03.06 20:41:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.06 20:41:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.06 20:41:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.06 20:41:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.06 20:41:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.06 07:55:07 | 000,000,512 | ---- | C] () -- C:\Users\Robert\Desktop\MBR.dat
[2013.03.05 17:32:29 | 000,002,338 | ---- | C] () -- C:\Users\Robert\Desktop\Fable III Handbuch.lnk
[2013.03.05 13:15:16 | 000,377,856 | ---- | C] () -- C:\Users\Robert\Desktop\gmer_2.1.19155.exe
[2013.03.05 09:55:35 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.05 09:42:50 | 000,001,358 | ---- | C] () -- C:\Users\Robert\Desktop\Ini.lnk
[2013.03.05 09:19:33 | 000,001,102 | ---- | C] () -- C:\Users\Robert\Desktop\Risen.lnk
[2013.03.03 18:34:07 | 001,065,984 | ---- | C] () -- C:\Users\Robert\AppData\Local\file__0.localstorage
[2013.03.03 18:20:18 | 000,002,121 | ---- | C] () -- C:\Users\Public\Desktop\Valley Benchmark 1.0.lnk
[2013.02.07 11:45:05 | 000,000,000 | ---- | C] () -- C:\Windows\QTW.ini
[2013.02.06 23:31:43 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013.02.06 13:49:29 | 000,001,777 | ---- | C] () -- C:\Users\Public\Desktop\3DMark.lnk
[2013.02.05 12:22:54 | 000,001,328 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2013.01.17 12:10:44 | 000,000,218 | ---- | C] () -- C:\Users\Robert\AppData\Local\recently-used.xbel
[2013.01.16 10:04:01 | 000,005,632 | ---- | C] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.06 21:49:24 | 000,040,960 | R--- | C] () -- C:\Windows\SysWow64\psfind.dll
[2012.10.01 17:15:18 | 000,000,101 | ---- | C] () -- C:\Windows\Lexstat.ini
[2012.10.01 17:14:38 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkserv.dll
[2012.10.01 17:14:38 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkusb1.dll
[2012.10.01 17:14:38 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkhbn3.dll
[2012.10.01 17:14:38 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomc.dll
[2012.10.01 17:14:38 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpmui.dll
[2012.10.01 17:14:38 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbklmpm.dll
[2012.10.01 17:14:38 | 000,537,256 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcoms.exe
[2012.10.01 17:14:38 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomm.dll
[2012.10.01 17:14:38 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxbkutil.dll
[2012.10.01 17:14:38 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkinpa.dll
[2012.10.01 17:14:38 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkiesc.dll
[2012.10.01 17:14:38 | 000,385,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkih.exe
[2012.10.01 17:14:38 | 000,381,608 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcfg.exe
[2012.10.01 17:14:38 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBKinst.dll
[2012.10.01 17:14:38 | 000,180,904 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkppls.exe
[2012.10.01 17:14:38 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkprox.dll
[2012.10.01 17:14:38 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpplc.dll
[2012.09.29 13:22:40 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012.09.29 13:22:40 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012.09.29 13:22:36 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2012.09.29 11:30:49 | 001,472,002 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.20 12:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:364682BC

< End of report >

Extras.txt:

Code:

ATTFilter

OTL Extras logfile created on: 07.03.2013 09:25:59 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Robert\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 6,73 Gb Available Physical Memory | 84,63% Memory free
15,90 Gb Paging File | 14,60 Gb Available in Paging File | 91,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238,37 Gb Total Space | 125,28 Gb Free Space | 52,56% Space Free | Partition Type: NTFS
Drive D: | 1863,01 Gb Total Space | 1738,52 Gb Free Space | 93,32% Space Free | Partition Type: NTFS
 
Computer Name: ZOCKMASCHINE | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07D0FCBD-2E07-4353-8F99-7F124B6BB83D}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | 
"{41251877-5B18-4DDD-AE7C-108470F19B19}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | 
"{6E3C3C65-2183-4639-83DA-8E819B370A34}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{C2681C05-39D3-49DE-A5C3-6CA558FDD505}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | 
"{DFF474AE-6392-4715-B4D1-451087CF9819}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C18E87-40A2-4F89-8340-15F0FFD82F4A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe | 
"{02258109-2226-494D-B510-2E49CFCE0ABE}" = protocol=17 | dir=in | app=c:\spiele\diablo iii\diablo iii.exe | 
"{065D5930-4DC9-40DB-92B4-572D8C764F01}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{106E4824-7775-4327-9C28-D9158E62A0EB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{126567A1-B31E-49AC-8075-14679485F9AC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\indiana jones and the fate of atlantis\indiana jones and the fate of atlantis.exe | 
"{149963FC-26CE-4AD9-A3EE-D29BFE826E80}" = protocol=6 | dir=in | app=c:\windows\system32\lxbkcoms.exe | 
"{179A8C24-507C-4B33-9951-832B687EC029}" = protocol=17 | dir=in | app=c:\windows\system32\lxbkcoms.exe | 
"{20AD5364-34D3-4927-9C84-E07178F5B221}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\real myst\realmyst.exe | 
"{22EF848E-09C9-4CC4-B00A-6562B37561FD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{276EB9EF-A242-4B1E-866F-D3AA024E0B4C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{2DD2BC54-841F-43F2-961A-17955E3838D8}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe | 
"{3947582D-48FF-40CE-B542-C6DE03DE5A84}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\real myst\realmyst.exe | 
"{3BC56242-4F89-48B9-8803-FF61BA885BFF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\real myst\realmystsetup.exe | 
"{3E49FD10-9128-42A4-A5B6-52D07BE41620}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{4079516F-107E-4CD1-9102-C73745B5ED80}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{4E7E5BE8-C338-44ED-B383-9704543C0D8B}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe | 
"{505EE4A1-B60A-4EBF-ACE5-87B14DC6AA55}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\indiana jones and the fate of atlantis\indiana jones and the fate of atlantis.exe | 
"{50FD4C26-B872-4720-8501-7F19DB7DD551}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | 
"{5235D368-0F93-47A7-B9BC-EC0361B4A69D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\real myst\realmystsetup.exe | 
"{5A2C2E64-EDF6-4252-90E4-8E2F452C2072}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{5E358783-9C93-44B8-9B88-457D9E03E68E}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbkpswx.exe | 
"{5F09B92C-3628-4FDE-BA53-49C261A59018}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{6284CB33-B2DA-453F-9C72-FE972F66B822}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe | 
"{6F2C0507-A058-4F4D-92CE-D267EFB0A6AF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\riven\riven.exe | 
"{803E60D5-8440-4D3F-B201-5ECF34CB3585}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{816B75F2-2CFA-42E1-BB4B-EAAE6FD9E69C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{81833F6B-E02D-4A35-B1D0-992D08B5D170}" = protocol=6 | dir=in | app=c:\spiele\diablo iii\diablo iii.exe | 
"{8CE1108A-B60B-4105-ADBB-4B255CC946DE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\riven\riven.exe | 
"{8D15B8B0-AEBB-4167-ABDC-0647E5F65921}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{91E39AE0-9EC1-456E-95F0-474CFF518EC6}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | 
"{9389FED5-A2C3-4F3F-956C-64A31BF342BA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe | 
"{96F3C620-237B-403E-8D1A-0632CB615607}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{9D663C13-FD08-46B3-AD03-15705B5D6E60}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{A071B3CD-EBE4-4F31-9127-2FE002F10F9C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{ABC237F8-0183-4EF0-8782-6281FA7ED939}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe | 
"{ABE8282C-989C-46A5-9C1C-163FA8E28B25}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\myst masterpiece\myst.exe | 
"{B6D72131-ECBE-4ADA-BBD0-3E7904F4E443}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe | 
"{B78CFD01-B02D-44FE-8805-6C31AC5B2E31}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe | 
"{C1F303EC-9E83-4ADF-A5CA-9CB50CD50ACB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fablelauncher.exe | 
"{C2785F00-EFAE-4EED-AD86-3AB3947BC987}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbkpswx.exe | 
"{D5371201-D607-4F0E-B00A-D1BC9BEBD93E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{D5BDF1E7-6BE2-4D8D-ABB7-5989B843206B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{D6536BE1-922A-427D-99BC-372F5F031F73}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\myst masterpiece\myst.exe | 
"{E0FC890B-F202-41FA-992F-467AB8B531B0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{ECA6D257-8496-4AF4-ACFA-FE923759EEE3}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{F26BF187-5BB9-40CD-93D2-FC73C75D4B88}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fablelauncher.exe | 
"TCP Query User{009CC8AF-A15C-47F8-BC1C-DC7B479A9CDB}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe | 
"TCP Query User{375ECAF5-027C-4C0F-AC54-4345A3AE3D03}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{5304BDE0-18B8-46D6-B2EC-EAB1A5F9FE27}C:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe | 
"TCP Query User{61A75C54-F62D-4247-8021-B18C2BEAA6A0}C:\spiele\siedler 3\s3.exe" = protocol=6 | dir=in | app=c:\spiele\siedler 3\s3.exe | 
"TCP Query User{70C56423-5756-4DD5-8AC8-1086A60CAA30}C:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe | 
"TCP Query User{8B885CB8-4B0A-4F4B-88D8-E0F56CB2C350}C:\spiele\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\spiele\age of empires ii\empires2.icd | 
"TCP Query User{AB7F5763-3830-4874-AE11-FBE866909755}C:\program files (x86)\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ws_ftp\ws_ftp95.exe | 
"UDP Query User{545936B1-10BB-43F3-8953-BE5281FCE06E}C:\spiele\siedler 3\s3.exe" = protocol=17 | dir=in | app=c:\spiele\siedler 3\s3.exe | 
"UDP Query User{7B872675-A24B-4950-B5A3-62C8CBFF6C75}C:\spiele\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\spiele\age of empires ii\empires2.icd | 
"UDP Query User{99D682CC-7A46-46DD-84AB-507A4C8A6586}C:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe | 
"UDP Query User{9F3021A4-2583-4FFA-A055-ABE3153D57F8}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{AC0DB27F-2AEE-471E-8CC5-DA271C2440C3}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe | 
"UDP Query User{D5CEED9B-1381-4616-B233-0F3696415F2C}C:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe | 
"UDP Query User{ED7C7011-3365-4C31-A0BF-620B60445C41}C:\program files (x86)\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ws_ftp\ws_ftp95.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{24F93B56-61F5-415F-85B9-AA444DA34AFC}" = Microsoft-Maus- und Tastatur-Center
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7AB8C73F-03FE-48AE-990C-CCB8D6C4FAB8}" = Intel® Trusted Connect Service Client
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}" = NetSpeedMonitor 2.5.4.0 x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Lexmark X1100 Series" = Lexmark X1100 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"Microsoft Security Client" = Microsoft Security Essentials
"Recuva" = Recuva
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F04067F-0DA5-4F48-9A89-6FCFD2A9E040}" = TextPad 6
"{40FE74B5-71A1-4393-A0AB-21D6E1DA5A66}" = Gothic 2 Gold
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{4538055F-EBC6-4E67-9365-F55B1DEFE9DE}" = Gothic 3 - Götterdämmerung
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3E6E1C-CF5A-4CE9-B8D6-A2F9B7BA18FC}" = BlackBerry Desktop Software 7.1
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF14F0CD-5307-4134-BDFA-15974473C1EE}_is1" = ControlCenter
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{BBF10B37-4ED3-11D5-A818-00500435FC18}" = Gothic
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CFDF0961-77C7-4392-96EE-624DFE81C3C2}" = Watchtower Library 2012 - Deutsch
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1A6C690-C12C-4E7A-B4BD-958678215418}" = 3DMark
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio-Systemsteuerung
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
"Console Launcher" = Creative Konsole Starter
"Core Damage 0.8h" = Core Damage 0.8h
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Drakensang_Phileasson_is1" = Drakensang - Phileassons Geheimnis
"Drakensang_TRoT_is1" = Drakensang - Am Fluss der Zeit
"ESET Online Scanner" = ESET Online Scanner v3
"Fraps" = Fraps (remove only)
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.2.1
"Gothic II Breitbild-Patch" = Gothic II Breitbild-Patch
"IrfanView" = IrfanView (remove only)
"KeePass Password Safe_is1" = KeePass Password Safe 1.24
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Myst Masterpiece Edition" = Myst Masterpiece Edition
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"OpenAL" = OpenAL
"S3" = Die Siedler III Gold Edition
"Steam App 105400" = Fable III
"Steam App 207170" = Legend of Grimrock
"Steam App 22690" = Worms Reloaded Demo
"Steam App 40390" = Risen 2 - Dark Waters
"Steam App 6010" = Indiana Jones and the Fate of Atlantis
"Steam App 63600" = realMyst
"Steam App 63610" = Riven
"Steam App 63660" = Myst: Masterpiece Edition
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 9900" = Star Trek Online
"SysInfo" = Creative-Systeminformationen
"TeamViewer 8" = TeamViewer 8
"Unigine Valley Benchmark_is1" = Unigine Valley Benchmark version 1.0
"VLC media player" = VLC media player 2.0.3
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.03.2013 04:26:19 | Computer Name = Zockmaschine | Source = WinMgmt | ID = 10
Description = 
 
 
< End of report >

cosinus · 07.03.2013, 11:19

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
[2013.03.05 08:58:59 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Toukk
[2013.03.05 08:58:59 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Isudm
[2013.03.05 08:58:59 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Etut
[2013.03.06 07:55:07 | 000,000,512 | ---- | C] () -- C:\Users\Robert\Desktop\MBR.dat
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:364682BC
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

RobinSword · 07.03.2013, 20:43

OTL-Log:

Code:

ATTFilter

All processes killed
========== OTL ==========
C:\Users\Robert\AppData\Roaming\Toukk folder moved successfully.
C:\Users\Robert\AppData\Roaming\Isudm folder moved successfully.
C:\Users\Robert\AppData\Roaming\Etut folder moved successfully.
C:\Users\Robert\Desktop\MBR.dat moved successfully.
ADS C:\ProgramData\TEMP:364682BC deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Robert\Desktop\cmd.bat deleted successfully.
C:\Users\Robert\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Robert
->Temp folder emptied: 153412 bytes
->Temporary Internet Files folder emptied: 241060830 bytes
->Java cache emptied: 6426096 bytes
->Flash cache emptied: 1265 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 401408 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 21798 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36095868 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 271,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 03072013_204032

Files\Folders moved on Reboot...
C:\Users\Robert\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

06.03.2013, 01:24	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	MSE findet Java-Expoits und Trojaner Win32/Bublik.I Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. __________________ Logfiles bitte immer in CODE-Tags posten

MSE findet Java-Expoits und Trojaner Win32/Bublik.I

Plagegeister aller Art und deren Bekämpfung: MSE findet Java-Expoits und Trojaner Win32/Bublik.I