Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojan.Maljava entfernen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 05.04.2013, 18:03   #1
RayRay
 
Trojan.Maljava entfernen - Standard

Trojan.Maljava entfernen



Hallihallo zusammen,

wie die Überschrift schon sagt hat Norton den Schädling Trojan.Maljava entdeckt und isoliert. Bitte um Eure Hilfe, um das garstige Ding entgültig vom Computer zu verbannen.
Da die Logs offensichtlich zu lang sind, hänge ich sie an.


Vielen Dank schonmal im Voraus.

Alt 06.04.2013, 19:13   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Maljava entfernen - Standard

Trojan.Maljava entfernen



Hallo und

Zitat:
wie die Überschrift schon sagt hat Norton den Schädling Trojan.Maljava entdeckt und isoliert.
Wo sind die Logs dazu?

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520


Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 06.04.2013, 21:38   #3
RayRay
 
Trojan.Maljava entfernen - Standard

Trojan.Maljava entfernen



Hallo cosinus,

danke für deine schnelle Antwort. Trojan.Maljava ist unter Scan-Ergebnisse in Norton IS nicht zu finden. Schicke dir einfach mal den Quarantäne-Bericht und den zu behobene Sicherheitsrisiken (hoffe das meintest du).

Quarantäne.txt:
Code:
ATTFilter
Kategorie: Quarantäne
Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Pfad - Dateiname
14.01.2013 12:26:51,Hoch,710e927a-561a5a3e (Trojan.Maljava) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\martin\appdata\locallow\sun\java\deployment\cache\6.0\58\710e927a-561a5a3e
         

behobene Sicherheitsrisiken:
Code:
ATTFilter
Kategorie: Behobene Sicherheitsrisiken
Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Pfad - Dateiname
05.04.2013 11:27:18,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
04.04.2013 17:49:52,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
03.04.2013 19:51:51,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
01.04.2013 16:59:24,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
02.03.2013 13:36:36,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
30.01.2013 21:07:38,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
28.01.2013 10:27:06,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
14.01.2013 12:26:51,Hoch,710e927a-561a5a3e (Trojan.Maljava) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\martin\appdata\locallow\sun\java\deployment\cache\6.0\58\710e927a-561a5a3e
01.01.2013 22:05:24,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
28.12.2012 11:39:28,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
27.12.2012 18:28:25,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
19.12.2012 15:17:01,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
26.11.2012 20:55:47,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
17.11.2012 15:21:35,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
18.10.2012 13:47:54,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
         

OTL.txt:
Code:
ATTFilter
OTL logfile created on: 05.04.2013 16:57:53 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Martin\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,90 Gb Total Physical Memory | 4,09 Gb Available Physical Memory | 69,25% Memory free
11,81 Gb Paging File | 9,89 Gb Available in Paging File | 83,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 420,56 Gb Total Space | 346,44 Gb Free Space | 82,37% Space Free | Partition Type: NTFS
Drive D: | 25,47 Gb Total Space | 22,23 Gb Free Space | 87,30% Space Free | Partition Type: NTFS
 
Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.05 16:55:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Downloads\OTL.exe
PRC - [2013.03.14 18:30:28 | 000,148,840 | ---- | M] () -- C:\Programme\Lenovo\Lenovo Solution Center\LSC.exe
PRC - [2012.12.24 05:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe
PRC - [2012.12.12 11:28:14 | 000,163,000 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe
PRC - [2012.08.13 12:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 12:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.04.28 10:20:06 | 000,163,456 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2012.02.28 11:20:02 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.02.28 11:19:56 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.02.28 11:19:46 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2011.11.29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.01.28 23:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2007.04.19 15:45:10 | 000,074,672 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe
PRC - [2007.04.19 15:44:12 | 000,058,288 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.14 18:30:28 | 000,148,840 | ---- | M] () -- C:\Programme\Lenovo\Lenovo Solution Center\LSC.exe
MOD - [2012.11.28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.11.28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.08.10 17:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012.05.30 08:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.3.0.36\wincfi39.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.12.17 10:46:34 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2007.04.19 15:43:56 | 000,566,192 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxczcoms.exe -- (lxcz_device)
SRV - [2013.03.13 14:42:08 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.11 20:22:48 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.24 05:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe -- (NIS)
SRV - [2012.12.03 17:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.10 03:22:26 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.04.28 10:20:06 | 000,163,456 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent)
SRV - [2012.04.28 09:57:54 | 000,119,424 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2012.03.26 14:41:18 | 000,572,976 | ---- | M] (Lenovo (Beijing) Limited) [Disabled | Stopped] -- C:\Programme\Lenovo\Instant Reset\DamageGuardSvc.exe -- (DamageGuardSvc)
SRV - [2012.02.28 11:20:02 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.02.28 11:19:56 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.02.28 11:19:46 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.02.02 22:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2011.11.29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.04.19 15:43:42 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxczcoms.exe -- (lxcz_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.05 11:29:25 | 000,096,856 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SMR322.SYS -- (SMR322)
DRV:64bit: - [2013.03.04 09:54:56 | 000,088,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2013.03.04 09:54:56 | 000,046,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2013.01.31 05:18:18 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symnets.sys -- (SymNetS)
DRV:64bit: - [2013.01.31 05:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013.01.29 03:45:19 | 000,796,248 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013.01.29 03:45:19 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013.01.22 04:15:33 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symds64.sys -- (SymDS)
DRV:64bit: - [2012.12.03 17:47:14 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012.11.21 17:33:32 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012.11.16 04:22:01 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012.11.16 04:18:04 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012.10.10 03:22:28 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.09.28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.17 21:59:11 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.07.17 12:53:33 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2012.07.17 12:53:33 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2012.07.17 12:52:59 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2012.07.17 12:52:59 | 000,030,816 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2012.05.02 10:35:26 | 002,811,392 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012.04.28 10:09:24 | 000,550,528 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2012.04.28 10:08:30 | 000,281,472 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012.04.28 10:08:12 | 000,068,736 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2012.04.28 10:07:36 | 000,168,064 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012.04.28 10:07:18 | 000,036,480 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012.04.28 10:07:00 | 000,030,848 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012.04.28 10:06:42 | 000,111,232 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2012.04.28 10:06:18 | 000,341,120 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2012.03.02 12:49:18 | 000,104,048 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2012.02.27 13:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.02.27 13:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.02.27 13:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.02.10 17:36:26 | 000,217,392 | ---- | M] (Lenovo) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\DamageGuardX64.sys -- (DamageGuard)
DRV:64bit: - [2012.01.31 07:17:44 | 001,601,152 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2012.01.16 00:21:04 | 000,208,168 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011.12.13 11:04:52 | 000,023,648 | ---- | M] (Lenovo) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\dgfltrX64.sys -- (dgFltr)
DRV:64bit: - [2011.12.06 13:23:10 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011.12.06 09:31:40 | 000,952,832 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm331avs.sys -- (vm331avs)
DRV:64bit: - [2011.11.29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.11.15 12:24:20 | 000,313,960 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2011.11.09 19:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.10.10 09:56:15 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.10.10 09:56:15 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.01.28 23:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.09.23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2009.07.21 14:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013.03.22 03:52:21 | 001,387,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130322.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013.01.16 11:12:11 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130404.024\ex64.sys -- (NAVEX15)
DRV - [2013.01.16 11:12:11 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130404.024\eng64.sys -- (NAVENG)
DRV - [2012.11.30 11:51:10 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012.11.20 17:48:10 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130404.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012.10.07 12:25:17 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/webhp?sourceid=navclient&hl=de&ie=UTF-8
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_deDE500
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: toolbar%40gmx.net:2.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2013.04.05 11:33:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2012.11.21 17:37:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.11 20:22:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.11 20:22:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.09.07 10:36:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\Mozilla\Extensions
[2013.04.03 19:33:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\pyknee2k.default\extensions
[2013.04.03 19:33:57 | 000,492,403 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\pyknee2k.default\extensions\toolbar@gmx.net.xpi
[2013.03.11 20:22:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.11 20:22:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2013.03.11 20:22:45 | 000,000,000 | ---D | M] (GMX MailCheck) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net
[2013.03.11 20:22:48 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.25 00:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.25 00:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.25 00:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.25 00:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.25 00:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.25 00:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxczbmgr.exe] C:\Program Files (x86)\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B87CAA2-CB41-4A54-8349-FA671B455907}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC8E8541-F012-4A4C-AB3E-F0818F7FFBDD}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.05 11:29:25 | 000,096,856 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR322.SYS
[2013.04.04 17:31:03 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Malwarebytes
[2013.04.04 17:30:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.04 17:30:36 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.04 17:30:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.04.04 17:26:03 | 010,156,344 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Martin\Desktop\mbam-setup-1-70-0-1100.exe
[2013.03.28 13:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.03.28 13:03:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.03.28 13:03:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.03.28 13:03:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.03.28 13:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.03.23 14:40:46 | 000,000,000 | ---D | C] -- C:\Users\Martin\.jskat
[2013.03.23 14:39:43 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Downloaded Installations
[2013.03.13 13:26:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.03.11 20:22:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.05 16:54:04 | 000,000,000 | ---- | M] () -- C:\Users\Martin\defogger_reenable
[2013.04.05 16:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.05 16:26:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.05 16:05:58 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.05 16:05:58 | 000,654,610 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.05 16:05:58 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.05 16:05:58 | 000,130,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.05 16:05:58 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.05 16:02:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.05 11:38:18 | 000,031,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.05 11:38:18 | 000,031,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.05 11:31:33 | 000,125,356 | ---- | M] () -- C:\Windows\SysNative\fastboot.set
[2013.04.05 11:31:07 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.05 11:30:29 | 460,079,103 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.05 11:29:25 | 000,096,856 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR322.SYS
[2013.04.04 17:26:31 | 010,156,344 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Martin\Desktop\mbam-setup-1-70-0-1100.exe
[2013.03.30 14:08:22 | 000,002,726 | ---- | M] () -- C:\Users\Martin\AppData\Local\recently-used.xbel
[2013.03.28 13:03:50 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.03.19 11:45:40 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Lenovo Solution Center.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.05 16:54:04 | 000,000,000 | ---- | C] () -- C:\Users\Martin\defogger_reenable
[2013.03.30 14:08:22 | 000,002,726 | ---- | C] () -- C:\Users\Martin\AppData\Local\recently-used.xbel
[2013.03.28 13:03:50 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.03.19 11:45:40 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\Lenovo Solution Center.lnk
[2012.10.10 03:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.10.10 03:22:32 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012.10.10 03:22:16 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012.09.18 15:01:10 | 000,000,100 | ---- | C] () -- C:\Windows\Lexstat.ini
[2012.09.18 15:00:27 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczserv.dll
[2012.09.18 15:00:27 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczusb1.dll
[2012.09.18 15:00:27 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpmui.dll
[2012.09.18 15:00:27 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxczutil.dll
[2012.09.18 15:00:27 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczinpa.dll
[2012.09.18 15:00:27 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcziesc.dll
[2012.09.18 15:00:27 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXCZinst.dll
[2012.09.18 15:00:27 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczppls.exe
[2012.09.18 15:00:27 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczprox.dll
[2012.09.18 15:00:26 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczhbn3.dll
[2012.09.18 15:00:26 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomc.dll
[2012.09.18 15:00:26 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczlmpm.dll
[2012.09.18 15:00:26 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcoms.exe
[2012.09.18 15:00:26 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomm.dll
[2012.09.18 15:00:26 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczih.exe
[2012.09.18 15:00:26 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcfg.exe
[2012.09.18 15:00:26 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpplc.dll
[2012.09.18 13:43:31 | 000,305,152 | ---- | C] ( ) -- C:\Windows\SysWow64\LXCZhcp.dll
[2012.09.18 12:53:00 | 000,014,355 | ---- | C] () -- C:\Users\Martin\Ihre+Retourenmarke.pdf
[2012.09.05 19:43:56 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.09.05 19:39:21 | 000,000,000 | ---- | C] () -- C:\Windows\firstboot.dat
[2012.08.13 11:11:02 | 141,421,187 | ---- | C] () -- C:\Program Files (x86)\openofficeorg1.cab
[2012.08.13 11:09:30 | 003,166,208 | ---- | C] () -- C:\Program Files (x86)\openofficeorg341.msi
[2012.08.13 11:09:30 | 000,473,600 | ---- | C] () -- C:\Program Files (x86)\setup.exe
[2012.08.13 11:09:30 | 000,000,294 | ---- | C] () -- C:\Program Files (x86)\setup.ini
[2012.07.17 12:51:27 | 002,086,240 | ---- | C] () -- C:\Windows\SysWow64\LenovoVeriface.Interface.dll
[2012.07.17 12:51:27 | 001,500,512 | ---- | C] () -- C:\Windows\SysWow64\Apblend.dll
[2012.07.17 12:51:27 | 001,171,456 | ---- | C] () -- C:\Windows\SysWow64\PicNotify.dll
[2012.07.17 12:51:27 | 000,472,416 | ---- | C] () -- C:\Windows\SysWow64\Lenovo.VerifaceStub.dll
[2012.07.17 12:51:13 | 001,044,480 | ---- | C] () -- C:\Windows\SysWow64\3DImageRenderer.dll
[2012.07.17 12:38:04 | 000,001,822 | ---- | C] () -- C:\Windows\vm331Rmv.ini
[2012.07.17 12:38:04 | 000,001,822 | ---- | C] () -- C:\Windows\SysWow64\vm331Rmv.ini
[2012.05.16 07:26:34 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012.05.16 07:26:21 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.09.05 19:42:21 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Leadertech
[2012.12.08 18:04:55 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Lenovo
[2012.09.05 19:42:25 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\LSC
[2012.12.18 19:28:39 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\OpenOffice.org
[2013.02.04 15:23:19 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\PDF Architect
[2013.02.04 15:36:11 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\pdfforge
[2012.12.09 00:16:48 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ProtectDISC
[2013.03.28 19:34:19 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\SoftGrid Client
[2012.09.05 19:44:19 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TP
 
========== Purity Check ==========
 
 

< End of report >
         

Extras.txt:
Code:
ATTFilter
OTL Extras logfile created on: 05.04.2013 16:57:53 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Martin\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,90 Gb Total Physical Memory | 4,09 Gb Available Physical Memory | 69,25% Memory free
11,81 Gb Paging File | 9,89 Gb Available in Paging File | 83,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 420,56 Gb Total Space | 346,44 Gb Free Space | 82,37% Space Free | Partition Type: NTFS
Drive D: | 25,47 Gb Total Space | 22,23 Gb Free Space | 87,30% Space Free | Partition Type: NTFS
 
Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10E951EE-1A4C-45A7-8E3B-BB575D0D5BC8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1D611797-E240-472F-A726-9B5946CA5AB4}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{203B2945-828F-43B7-AA70-85B401A2F877}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{28FA5232-67DC-4E21-BF71-11972EFD560E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{2C466446-62AD-4664-B045-AA06814C5033}" = lport=138 | protocol=17 | dir=in | app=system | 
"{334186AD-6648-4F0B-8F89-EB9132C0224D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{3A1AF9C7-0042-4B30-92EB-1AE214D26F5A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3F154DF7-8C0A-4B82-9109-426B3DF3C901}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4ACF28BC-79E3-4A05-8AC9-1D74E43DFA77}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4DD4B301-8B5C-4ADF-8C2E-A78678623F73}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4EA44185-E73F-4232-939D-C8793ADDB080}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5518F040-CD4A-4852-B766-B7FBB5014484}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6C1C5B9E-976D-44C1-9779-2CF462096F8A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6E5D6A6E-C027-4478-A73A-6CC1A501F0C6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{741621B8-1607-403A-942B-A8DED66E97EA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7B040E3F-586C-4272-9226-E9674A7FCB57}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8B5B31A1-B3DA-46B0-AF5F-618C1C031CA2}" = rport=445 | protocol=6 | dir=out | app=system | 
"{925E65CC-3B6E-4387-8B28-1F0A19E12C9D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9EFD0C8C-145F-448F-BBC4-2F7E66E6224E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A056F21F-AA69-4032-BABA-CC3C89D64D71}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A4BEF393-8290-474A-A484-D9AE19ADCC82}" = rport=138 | protocol=17 | dir=out | app=system | 
"{BE576647-1775-42D3-B1DF-19E4C9510882}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{ECFEA22A-065E-4B50-B509-6483148FC81B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{027C69BC-935C-4832-A0B1-40A4B7C4FDF5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{16837B5B-BEDE-434A-8355-215E3DFA08D6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2506B921-FB5F-4A6B-8742-EC65DD4EE4A6}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{2642E0A8-5575-41A5-86B9-91F2A2788A79}" = protocol=6 | dir=out | app=system | 
"{2C59C436-EB0D-4C11-B397-9F9B94F1F11C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2F6230D5-F6E1-4CD6-BE4F-C3C33F49F425}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{36E6A2EC-576F-47FA-AE68-103F14B2FFCB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{376EEE4A-8DE4-4790-B3C1-DA142159E957}" = protocol=6 | dir=in | app=c:\windows\system32\lxczcoms.exe | 
"{3C342F44-7151-4544-A185-8257AD0CA3E3}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{41BCE86A-5B6F-4C66-AA8F-843F1FDE72B2}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxczcoms.exe | 
"{4D46AB94-9CA4-4F4A-9E7D-D8394578668D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5000343C-4F9F-416D-B142-7185D4372E07}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5DB19B99-0CC9-431F-AEB1-1F416D7F661D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7933D7F9-1602-478C-A4CD-34C3410D0E8C}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxczpswx.exe | 
"{895F9FE4-0EF5-4EA2-81CB-79850C12F57A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{92F84294-87CD-47E1-83C9-92B1E189F8C1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9640BA75-9A3B-4256-97FE-AA4B81BFDFD3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{995E25AB-22B3-48DA-8703-8511BB4C97E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9F462710-9973-49CB-BC79-FB232D32E256}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A1103C22-7BCF-4C17-9231-85296DA26A0B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{AFCA3A04-FB81-4827-8F0F-C796CC1F1590}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B2BFE2FF-D43F-46B2-B241-EF724C732C54}" = protocol=17 | dir=in | app=c:\windows\system32\lxczcoms.exe | 
"{B78138EA-0700-487D-A0BA-A2EC451C687B}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxczcoms.exe | 
"{B9D2F344-FC79-4C82-AD58-4E9F4A5213EF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{C1FB643F-1798-489B-A99B-33F0AE480695}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CA303667-69DB-43FE-A8B6-2835852380F6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CF350A99-6F22-44F2-8B45-00FD23BC6192}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D648074F-1062-4EA7-A55A-DDD67510AA77}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D90F181B-0669-4E51-A4B1-A9CA0CA55CC0}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxczpswx.exe | 
"{E5C5B5D4-78D1-46A0-939D-0FF164AF3620}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{E92028CE-D54D-411C-81E1-94B496E21E90}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F08BD6FE-1D70-4980-8A78-71C19E152C4E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F73014D9-F302-48DF-BF18-7205AD200668}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FEADC0B0-5282-4683-AB46-0B6FF509C91F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Atheros Bluetooth Suite (64)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{5DEFFC02-063C-4781-A371-077729F869B4}" = Lenovo Solution Center
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"99841829BE839365AA67B2AD0E50D371F59F8A1E" = Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = Lenovo pointing device
"GIMP-2_is1" = GIMP 2.8.2
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Lexmark 1200 Series" = Lexmark 1200 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros WLAN Client Installation Program
"{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}" = Lenovo Welcome
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39C4C6DE-641B-483F-B875-2AEDF0FB85CA}_is1" = Rampant Logic Postscript Viewer 1.1
"{3B416FDA-CB3E-4514-9616-763E5B0D1140}" = Geheimakte Tunguska
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D40F840-30CA-4747-B988-E86C4C5F3B12}" = A New Beginning
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6707C034-ED6B-4B6A-B21F-969B3606FBDE}" = Lenovo Registration
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{82225685-1513-4975-B624-155C10F3EE16}" = The Whispered World
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC2C1BDB-1E91-4F94-B99C-E716FE2E9C75}_is1" = MinGW-Get version 0.5-beta-20120426-1
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera
"{AF192694-4B15-4AC1-92F3-1B02E98C08BD}" = LockKey
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Benutzerhandbuch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Black Mirror 2_is1" = Black Mirror 2
"Deponia" = Deponia
"EdnaSE" = Edna Bricht Aus
"FormatFactory" = FormatFactory 3.0.1
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{AF192694-4B15-4AC1-92F3-1B02E98C08BD}" = LockKey
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Lizenz zum Putten!" = W&G - Lizenz zum Putten!
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Qt Eclipse Integration 1.6.1 - C:_Users_Martin_Documents_eclipse-cpp-juno-SR1-win32" = Qt Eclipse Integration 1.6.1
"Qt OpenSource 4.8.3 - C:_Qt_4.8.3" = Qt OpenSource 4.8.3
"VeriFace" = VeriFace
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.01.2013 16:09:19 | Computer Name = Martin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.01.2013 16:43:37 | Computer Name = Martin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.01.2013 06:17:48 | Computer Name = Martin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.01.2013 16:25:42 | Computer Name = Martin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.01.2013 04:57:50 | Computer Name = Martin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.01.2013 11:00:16 | Computer Name = Martin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.01.2013 16:31:26 | Computer Name = Martin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.01.2013 04:58:10 | Computer Name = Martin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.01.2013 07:26:48 | Computer Name = Martin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.01.2013 10:27:29 | Computer Name = Martin-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 03.04.2013 17:06:37 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 04.04.2013 08:30:47 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 04.04.2013 08:30:47 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 04.04.2013 10:22:20 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst eventlog erreicht.
 
Error - 04.04.2013 11:40:48 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 04.04.2013 11:40:48 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 05.04.2013 04:52:28 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 05.04.2013 04:52:28 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 05.04.2013 05:33:05 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 05.04.2013 05:33:05 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
 
< End of report >
         
__________________

Alt 06.04.2013, 21:42   #4
RayRay
 
Trojan.Maljava entfernen - Standard

Trojan.Maljava entfernen



Und hier noch die gmer.log. Die hatte in den letzten Beitrag nicht mehr reingepasst.

gmer.log:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-05 18:20:30
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0011 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Martin\AppData\Local\Temp\axriypoc.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                          00000000778efc90 5 bytes JMP 000000010011091c
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                        00000000778efdf4 5 bytes JMP 0000000100110048
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                 00000000778efe88 5 bytes JMP 00000001001102ee
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                              00000000778effe4 5 bytes JMP 00000001001104b2
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                      00000000778f0018 5 bytes JMP 00000001001109fe
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                              00000000778f0048 5 bytes JMP 0000000100110ae0
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                           00000000778f0064 5 bytes JMP 000000010002004c
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                              00000000778f077c 5 bytes JMP 000000010011012a
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                  00000000778f086c 5 bytes JMP 0000000100110758
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                            00000000778f0884 5 bytes JMP 0000000100110676
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                00000000778f0dd4 5 bytes JMP 00000001001103d0
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                          00000000778f1900 5 bytes JMP 0000000100110594
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                      00000000778f1bc4 5 bytes JMP 000000010011083a
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                             00000000778f1d50 5 bytes JMP 000000010011020c
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                 0000000076d61492 7 bytes JMP 000000010012059e
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                            0000000076bf524f 7 bytes JMP 0000000100110f52
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                0000000076bf53d0 7 bytes JMP 0000000100120210
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                               0000000076bf5677 1 byte JMP 0000000100120048
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                               0000000076bf5679 5 bytes {JMP 0xffffffff8952a9d1}
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                      0000000076bf589a 7 bytes JMP 0000000100110ca6
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                      0000000076bf5a1d 7 bytes JMP 00000001001203d8
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                 0000000076bf5c9b 7 bytes JMP 000000010012012c
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                   0000000076bf5d87 7 bytes JMP 00000001001202f4
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                  0000000076bf7240 7 bytes JMP 0000000100110e6e
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                          00000000778efc90 5 bytes JMP 000000010011091c
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                        00000000778efdf4 5 bytes JMP 0000000100110048
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                 00000000778efe88 5 bytes JMP 00000001001102ee
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                              00000000778effe4 5 bytes JMP 00000001001104b2
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                      00000000778f0018 5 bytes JMP 00000001001109fe
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                              00000000778f0048 5 bytes JMP 0000000100110ae0
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                           00000000778f0064 5 bytes JMP 000000010003004c
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                              00000000778f077c 5 bytes JMP 000000010011012a
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                  00000000778f086c 5 bytes JMP 0000000100110758
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                            00000000778f0884 5 bytes JMP 0000000100110676
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                00000000778f0dd4 5 bytes JMP 00000001001103d0
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                          00000000778f1900 5 bytes JMP 0000000100110594
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                      00000000778f1bc4 5 bytes JMP 000000010011083a
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                             00000000778f1d50 5 bytes JMP 000000010011020c
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206            0000000076bf524f 7 bytes JMP 0000000100110f52
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                0000000076bf53d0 7 bytes JMP 0000000100120210
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149               0000000076bf5677 1 byte JMP 0000000100120048
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151               0000000076bf5679 5 bytes {JMP 0xffffffff8952a9d1}
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                      0000000076bf589a 7 bytes JMP 0000000100110ca6
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                      0000000076bf5a1d 7 bytes JMP 00000001001203d8
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                 0000000076bf5c9b 7 bytes JMP 000000010012012c
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                   0000000076bf5d87 7 bytes JMP 00000001001202f4
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123  0000000076bf7240 7 bytes JMP 0000000100110e6e
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                 0000000076d61492 7 bytes JMP 00000001001204bc
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                00000000778efc90 5 bytes JMP 000000010011091c
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                              00000000778efdf4 5 bytes JMP 0000000100110048
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                       00000000778efe88 5 bytes JMP 00000001001102ee
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                    00000000778effe4 5 bytes JMP 00000001001104b2
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                            00000000778f0018 5 bytes JMP 00000001001109fe
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                    00000000778f0048 5 bytes JMP 0000000100110ae0
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                 00000000778f0064 5 bytes JMP 000000010003004c
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                    00000000778f077c 5 bytes JMP 000000010011012a
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                        00000000778f086c 5 bytes JMP 0000000100110758
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                  00000000778f0884 5 bytes JMP 0000000100110676
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                      00000000778f0dd4 5 bytes JMP 00000001001103d0
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                00000000778f1900 5 bytes JMP 0000000100110594
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                            00000000778f1bc4 5 bytes JMP 000000010011083a
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                   00000000778f1d50 5 bytes JMP 000000010011020c
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                  0000000076bf524f 7 bytes JMP 0000000100110f52
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                      0000000076bf53d0 7 bytes JMP 0000000100120210
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                     0000000076bf5677 1 byte JMP 0000000100120048
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                     0000000076bf5679 5 bytes {JMP 0xffffffff8952a9d1}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                            0000000076bf589a 7 bytes JMP 0000000100110ca6
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                            0000000076bf5a1d 7 bytes JMP 00000001001203d8
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                       0000000076bf5c9b 7 bytes JMP 000000010012012c
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                         0000000076bf5d87 7 bytes JMP 00000001001202f4
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123        0000000076bf7240 7 bytes JMP 0000000100110e6e
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                       0000000076d61492 7 bytes JMP 00000001001204bc
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                         0000000075d21465 2 bytes [D2, 75]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        0000000075d214bb 2 bytes [D2, 75]
.text  ...                                                                                                                                                                          * 2
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                              00000000778efc90 5 bytes JMP 00000001001d091c
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                            00000000778efdf4 5 bytes JMP 00000001001d0048
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                     00000000778efe88 5 bytes JMP 00000001001d02ee
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                  00000000778effe4 5 bytes JMP 00000001001d04b2
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                          00000000778f0018 5 bytes JMP 00000001001d09fe
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                  00000000778f0048 5 bytes JMP 00000001001d0ae0
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                               00000000778f0064 5 bytes JMP 000000010002004c
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                  00000000778f077c 5 bytes JMP 00000001001d012a
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                      00000000778f086c 5 bytes JMP 00000001001d0758
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                00000000778f0884 5 bytes JMP 00000001001d0676
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                    00000000778f0dd4 5 bytes JMP 00000001001d03d0
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                              00000000778f1900 5 bytes JMP 00000001001d0594
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                          00000000778f1bc4 5 bytes JMP 00000001001d083a
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                 00000000778f1d50 5 bytes JMP 00000001001d020c
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                     0000000076d61492 7 bytes JMP 00000001002604bc
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                                0000000076bf524f 7 bytes JMP 00000001001d0f52
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                    0000000076bf53d0 7 bytes JMP 0000000100260210
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                   0000000076bf5677 1 byte JMP 0000000100260048
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                                   0000000076bf5679 5 bytes {JMP 0xffffffff8966a9d1}
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                          0000000076bf589a 7 bytes JMP 00000001001d0ca6
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                          0000000076bf5a1d 7 bytes JMP 00000001002603d8
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                     0000000076bf5c9b 7 bytes JMP 000000010026012c
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                       0000000076bf5d87 7 bytes JMP 00000001002602f4
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                      0000000076bf7240 7 bytes JMP 00000001001d0e6e
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                         0000000075d21465 2 bytes [D2, 75]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        0000000075d214bb 2 bytes [D2, 75]
.text  ...                                                                                                                                                                          * 2
.text  C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                               00000000778efc90 5 bytes JMP 000000010027091c
.text  C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                             00000000778efdf4 5 bytes JMP 0000000100270048
.text  C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                      00000000778efe88 5 bytes JMP 00000001002702ee
.text  C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                   00000000778effe4 5 bytes JMP 00000001002704b2
.text  C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                           00000000778f0018 5 bytes JMP 00000001002709fe
.text  C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                   00000000778f0048 5 bytes JMP 0000000100270ae0
.text  C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                00000000778f0064 5 bytes JMP 000000010002004c
.text  C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                   00000000778f077c 5 bytes JMP 000000010027012a
.text  C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                       00000000778f086c 5 bytes JMP 0000000100270758
.text  C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                 00000000778f0884 5 bytes JMP 0000000100270676
.text  C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                     00000000778f0dd4 5 bytes JMP 00000001002703d0
.text  C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                               00000000778f1900 5 bytes JMP 0000000100270594
.text  C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                           00000000778f1bc4 5 bytes JMP 000000010027083a
.text  C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                  00000000778f1d50 5 bytes JMP 000000010027020c
.text  C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                      0000000076d61492 7 bytes JMP 000000010028059e
.text  C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                                 0000000076bf524f 7 bytes JMP 0000000100270f52
.text  C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                     0000000076bf53d0 7 bytes JMP 0000000100280210
.text  C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                    0000000076bf5677 1 byte JMP 0000000100280048
.text  C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                                    0000000076bf5679 5 bytes {JMP 0xffffffff8968a9d1}
.text  C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                           0000000076bf589a 7 bytes JMP 0000000100270ca6
.text  C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                           0000000076bf5a1d 7 bytes JMP 00000001002803d8
.text  C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                      0000000076bf5c9b 7 bytes JMP 000000010028012c
.text  C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                        0000000076bf5d87 7 bytes JMP 00000001002802f4
.text  C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                       0000000076bf7240 7 bytes JMP 0000000100270e6e
.text  C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                               00000000778efc90 5 bytes JMP 000000010028091c
.text  C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                             00000000778efdf4 5 bytes JMP 0000000100280048
.text  C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                      00000000778efe88 5 bytes JMP 00000001002802ee
.text  C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                   00000000778effe4 5 bytes JMP 00000001002804b2
.text  C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                           00000000778f0018 5 bytes JMP 00000001002809fe
.text  C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                   00000000778f0048 5 bytes JMP 0000000100280ae0
.text  C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                00000000778f0064 5 bytes JMP 000000010002004c
.text  C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                   00000000778f077c 5 bytes JMP 000000010028012a
.text  C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                       00000000778f086c 5 bytes JMP 0000000100280758
.text  C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                 00000000778f0884 5 bytes JMP 0000000100280676
.text  C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                     00000000778f0dd4 5 bytes JMP 00000001002803d0
.text  C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                               00000000778f1900 5 bytes JMP 0000000100280594
.text  C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                           00000000778f1bc4 5 bytes JMP 000000010028083a
.text  C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                  00000000778f1d50 5 bytes JMP 000000010028020c
.text  C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                      0000000076d61492 7 bytes JMP 00000001002904bc
.text  C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                                 0000000076bf524f 7 bytes JMP 0000000100280f52
.text  C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                     0000000076bf53d0 7 bytes JMP 0000000100290210
.text  C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                    0000000076bf5677 1 byte JMP 0000000100290048
.text  C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                                    0000000076bf5679 5 bytes {JMP 0xffffffff8969a9d1}
.text  C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                           0000000076bf589a 7 bytes JMP 0000000100280ca6
.text  C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                           0000000076bf5a1d 7 bytes JMP 00000001002903d8
.text  C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                      0000000076bf5c9b 7 bytes JMP 000000010029012c
.text  C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                        0000000076bf5d87 7 bytes JMP 00000001002902f4
.text  C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                       0000000076bf7240 7 bytes JMP 0000000100280e6e
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                         00000000778efc90 5 bytes JMP 000000010028091c
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                       00000000778efdf4 5 bytes JMP 0000000100280048
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                00000000778efe88 5 bytes JMP 00000001002802ee
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                             00000000778effe4 5 bytes JMP 00000001002804b2
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                     00000000778f0018 5 bytes JMP 00000001002809fe
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                             00000000778f0048 5 bytes JMP 0000000100280ae0
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                          00000000778f0064 5 bytes JMP 000000010002004c
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                             00000000778f077c 5 bytes JMP 000000010028012a
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                 00000000778f086c 5 bytes JMP 0000000100280758
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                           00000000778f0884 5 bytes JMP 0000000100280676
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                               00000000778f0dd4 5 bytes JMP 00000001002803d0
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                         00000000778f1900 5 bytes JMP 0000000100280594
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                     00000000778f1bc4 5 bytes JMP 000000010028083a
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                            00000000778f1d50 5 bytes JMP 000000010028020c
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                           00000000778efc90 5 bytes JMP 00000001000e091c
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                         00000000778efdf4 5 bytes JMP 00000001000e0048
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                  00000000778efe88 5 bytes JMP 00000001000e02ee
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                               00000000778effe4 5 bytes JMP 00000001000e04b2
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                       00000000778f0018 5 bytes JMP 00000001000e09fe
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                               00000000778f0048 5 bytes JMP 00000001000e0ae0
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                            00000000778f0064 5 bytes JMP 000000010002004c
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                               00000000778f077c 5 bytes JMP 00000001000e012a
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                   00000000778f086c 5 bytes JMP 00000001000e0758
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                             00000000778f0884 5 bytes JMP 00000001000e0676
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                 00000000778f0dd4 5 bytes JMP 00000001000e03d0
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                           00000000778f1900 5 bytes JMP 00000001000e0594
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                       00000000778f1bc4 5 bytes JMP 00000001000e083a
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                              00000000778f1d50 5 bytes JMP 00000001000e020c
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                  0000000076d61492 7 bytes JMP 000000010026059e
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                             0000000076bf524f 7 bytes JMP 00000001000e0f52
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                 0000000076bf53d0 7 bytes JMP 0000000100260210
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                0000000076bf5677 1 byte JMP 0000000100260048
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                                0000000076bf5679 5 bytes {JMP 0xffffffff8966a9d1}
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                       0000000076bf589a 7 bytes JMP 00000001000e0ca6
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                       0000000076bf5a1d 7 bytes JMP 00000001002603d8
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                  0000000076bf5c9b 7 bytes JMP 000000010026012c
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                    0000000076bf5d87 7 bytes JMP 00000001002602f4
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                   0000000076bf7240 7 bytes JMP 00000001000e0e6e
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                        00000000778efc90 5 bytes JMP 000000010010091c
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                      00000000778efdf4 5 bytes JMP 0000000100100048
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                               00000000778efe88 5 bytes JMP 00000001001002ee
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                            00000000778effe4 5 bytes JMP 00000001001004b2
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                    00000000778f0018 5 bytes JMP 00000001001009fe
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                            00000000778f0048 5 bytes JMP 0000000100100ae0
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                         00000000778f0064 5 bytes JMP 000000010002004c
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                            00000000778f077c 5 bytes JMP 000000010010012a
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                00000000778f086c 5 bytes JMP 0000000100100758
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                          00000000778f0884 5 bytes JMP 0000000100100676
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                              00000000778f0dd4 5 bytes JMP 00000001001003d0
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                        00000000778f1900 5 bytes JMP 0000000100100594
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                    00000000778f1bc4 5 bytes JMP 000000010010083a
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                           00000000778f1d50 5 bytes JMP 000000010010020c
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                          0000000076bf524f 7 bytes JMP 0000000100100f52
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                              0000000076bf53d0 7 bytes JMP 0000000100110210
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                             0000000076bf5677 1 byte JMP 0000000100110048
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                             0000000076bf5679 5 bytes {JMP 0xffffffff8951a9d1}
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                    0000000076bf589a 7 bytes JMP 0000000100100ca6
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                    0000000076bf5a1d 7 bytes JMP 00000001001103d8
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                               0000000076bf5c9b 7 bytes JMP 000000010011012c
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                 0000000076bf5d87 7 bytes JMP 00000001001102f4
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                0000000076bf7240 7 bytes JMP 0000000100100e6e
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                               0000000076d61492 7 bytes JMP 0000000100110762
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                 0000000075d21465 2 bytes [D2, 75]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                0000000075d214bb 2 bytes [D2, 75]
.text  ...                                                                                                                                                                          * 2
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                           00000000778efc90 5 bytes JMP 00000001017b091c
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                         00000000778efdf4 5 bytes JMP 00000001017b0048
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                  00000000778efe88 5 bytes JMP 00000001017b02ee
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                               00000000778effe4 5 bytes JMP 00000001017b04b2
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                       00000000778f0018 5 bytes JMP 00000001017b09fe
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                               00000000778f0048 5 bytes JMP 00000001017b0ae0
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                            00000000778f0064 5 bytes JMP 000000010179004c
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                               00000000778f077c 5 bytes JMP 00000001017b012a
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                   00000000778f086c 5 bytes JMP 00000001017b0758
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                             00000000778f0884 5 bytes JMP 00000001017b0676
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                 00000000778f0dd4 5 bytes JMP 00000001017b03d0
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                           00000000778f1900 5 bytes JMP 00000001017b0594
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                       00000000778f1bc4 5 bytes JMP 00000001017b083a
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                              00000000778f1d50 5 bytes JMP 00000001017b020c
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                  0000000076d61492 7 bytes JMP 00000001017c059e
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                             0000000076bf524f 7 bytes JMP 00000001017b0f52
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                 0000000076bf53d0 7 bytes JMP 00000001017c0210
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                0000000076bf5677 1 byte JMP 00000001017c0048
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                                0000000076bf5679 5 bytes {JMP 0xffffffff8abca9d1}
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                       0000000076bf589a 7 bytes JMP 00000001017b0ca6
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                       0000000076bf5a1d 7 bytes JMP 00000001017c03d8
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                  0000000076bf5c9b 7 bytes JMP 00000001017c012c
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                    0000000076bf5d87 7 bytes JMP 00000001017c02f4
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                   0000000076bf7240 7 bytes JMP 00000001017b0e6e
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                    0000000075d21465 2 bytes [D2, 75]
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                   0000000075d214bb 2 bytes [D2, 75]
.text  ...                                                                                                                                                                          * 2
.text  C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                00000000778efc90 5 bytes JMP 00000001003f091c
.text  C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                              00000000778efdf4 5 bytes JMP 00000001003f0048
.text  C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                                       00000000778efe88 5 bytes JMP 00000001003f02ee
.text  C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                    00000000778effe4 5 bytes JMP 00000001003f04b2
.text  C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                            00000000778f0018 5 bytes JMP 00000001003f09fe
.text  C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                                    00000000778f0048 5 bytes JMP 00000001003f0ae0
.text  C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                                 00000000778f0064 5 bytes JMP 00000001003d004c
.text  C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                                    00000000778f077c 5 bytes JMP 00000001003f012a
.text  C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                                        00000000778f086c 5 bytes JMP 00000001003f0758
.text  C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                  00000000778f0884 5 bytes JMP 00000001003f0676
.text  C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                      00000000778f0dd4 5 bytes JMP 00000001003f03d0
.text  C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                                00000000778f1900 5 bytes JMP 00000001003f0594
.text  C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                            00000000778f1bc4 5 bytes JMP 00000001003f083a
.text  C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                                   00000000778f1d50 5 bytes JMP 00000001003f020c
.text  C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                                                  0000000076bf524f 7 bytes JMP 00000001003f0f52
.text  C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                                      0000000076bf53d0 7 bytes JMP 0000000100590210
.text  C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                                     0000000076bf5677 1 byte JMP 0000000100590048
.text  C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                                                     0000000076bf5679 5 bytes {JMP 0xffffffff8999a9d1}
.text  C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                                            0000000076bf589a 7 bytes JMP 00000001003f0ca6
.text  C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                                            0000000076bf5a1d 7 bytes JMP 00000001005903d8
.text  C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                                       0000000076bf5c9b 7 bytes JMP 000000010059012c
.text  C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                                         0000000076bf5d87 7 bytes JMP 00000001005902f4
.text  C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                                        0000000076bf7240 7 bytes JMP 00000001003f0e6e
.text  C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                                       0000000076d61492 7 bytes JMP 000000010059059e
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                        00000000778efc90 5 bytes JMP 000000010010091c
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                      00000000778efdf4 5 bytes JMP 0000000100100048
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                               00000000778efe88 5 bytes JMP 00000001001002ee
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                            00000000778effe4 5 bytes JMP 00000001001004b2
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                    00000000778f0018 5 bytes JMP 00000001001009fe
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                            00000000778f0048 5 bytes JMP 0000000100100ae0
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                         00000000778f0064 5 bytes JMP 000000010002004c
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                            00000000778f077c 5 bytes JMP 000000010010012a
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                                00000000778f086c 5 bytes JMP 0000000100100758
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                          00000000778f0884 5 bytes JMP 0000000100100676
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                              00000000778f0dd4 5 bytes JMP 00000001001003d0
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                        00000000778f1900 5 bytes JMP 0000000100100594
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                    00000000778f1bc4 5 bytes JMP 000000010010083a
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                           00000000778f1d50 5 bytes JMP 000000010010020c
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                                          0000000076bf524f 7 bytes JMP 0000000100100f52
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                              0000000076bf53d0 7 bytes JMP 0000000100110210
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                             0000000076bf5677 1 byte JMP 0000000100110048
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                                             0000000076bf5679 5 bytes {JMP 0xffffffff8951a9d1}
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                                    0000000076bf589a 7 bytes JMP 0000000100100ca6
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                                    0000000076bf5a1d 7 bytes JMP 00000001001103d8
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                               0000000076bf5c9b 7 bytes JMP 000000010011012c
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                                 0000000076bf5d87 7 bytes JMP 00000001001102f4
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                                0000000076bf7240 7 bytes JMP 0000000100100e6e
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                               0000000076d61492 7 bytes JMP 00000001001104bc
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                    00000000778efc90 5 bytes JMP 000000010038091c
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                  00000000778efdf4 5 bytes JMP 0000000100380048
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                           00000000778efe88 5 bytes JMP 00000001003802ee
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                        00000000778effe4 5 bytes JMP 00000001003804b2
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                00000000778f0018 5 bytes JMP 00000001003809fe
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                        00000000778f0048 5 bytes JMP 0000000100380ae0
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                     00000000778f0064 5 bytes JMP 000000010002004c
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                        00000000778f077c 5 bytes JMP 000000010038012a
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                            00000000778f086c 5 bytes JMP 0000000100380758
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                      00000000778f0884 5 bytes JMP 0000000100380676
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                          00000000778f0dd4 5 bytes JMP 00000001003803d0
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                    00000000778f1900 5 bytes JMP 0000000100380594
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                00000000778f1bc4 5 bytes JMP 000000010038083a
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                       00000000778f1d50 5 bytes JMP 000000010038020c
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                        00000000778efc90 5 bytes JMP 000000010010091c
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                      00000000778efdf4 5 bytes JMP 0000000100100048
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                               00000000778efe88 5 bytes JMP 00000001001002ee
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                            00000000778effe4 5 bytes JMP 00000001001004b2
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                    00000000778f0018 5 bytes JMP 00000001001009fe
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                            00000000778f0048 5 bytes JMP 0000000100100ae0
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                         00000000778f0064 5 bytes JMP 000000010002004c
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                            00000000778f077c 5 bytes JMP 000000010010012a
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                00000000778f086c 5 bytes JMP 0000000100100758
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                          00000000778f0884 5 bytes JMP 0000000100100676
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                              00000000778f0dd4 5 bytes JMP 00000001001003d0
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                        00000000778f1900 5 bytes JMP 0000000100100594
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                    00000000778f1bc4 5 bytes JMP 000000010010083a
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                           00000000778f1d50 5 bytes JMP 000000010010020c
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                          0000000076bf524f 7 bytes JMP 0000000100100f52
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                              0000000076bf53d0 7 bytes JMP 0000000100110210
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                             0000000076bf5677 1 byte JMP 0000000100110048
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                             0000000076bf5679 5 bytes {JMP 0xffffffff8951a9d1}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                    0000000076bf589a 7 bytes JMP 0000000100100ca6
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                    0000000076bf5a1d 7 bytes JMP 00000001001103d8
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                               0000000076bf5c9b 7 bytes JMP 000000010011012c
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                 0000000076bf5d87 7 bytes JMP 00000001001102f4
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                0000000076bf7240 7 bytes JMP 0000000100100e6e
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                               0000000076d61492 7 bytes JMP 00000001001104bc
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                        00000000778efc90 5 bytes JMP 000000010018091c
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                      00000000778efdf4 5 bytes JMP 0000000100180048
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                               00000000778efe88 5 bytes JMP 00000001001802ee
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                            00000000778effe4 5 bytes JMP 00000001001804b2
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                    00000000778f0018 5 bytes JMP 00000001001809fe
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                            00000000778f0048 5 bytes JMP 0000000100180ae0
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                         00000000778f0064 5 bytes JMP 000000010016004c
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                            00000000778f077c 5 bytes JMP 000000010018012a
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                00000000778f086c 5 bytes JMP 0000000100180758
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                          00000000778f0884 5 bytes JMP 0000000100180676
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                              00000000778f0dd4 5 bytes JMP 00000001001803d0
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                        00000000778f1900 5 bytes JMP 0000000100180594
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                    00000000778f1bc4 5 bytes JMP 000000010018083a
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                           00000000778f1d50 5 bytes JMP 000000010018020c
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                          0000000076bf524f 7 bytes JMP 0000000100180f52
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                              0000000076bf53d0 7 bytes JMP 0000000100190210
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                             0000000076bf5677 1 byte JMP 0000000100190048
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                             0000000076bf5679 5 bytes {JMP 0xffffffff8959a9d1}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                    0000000076bf589a 7 bytes JMP 0000000100180ca6
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                    0000000076bf5a1d 7 bytes JMP 00000001001903d8
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                               0000000076bf5c9b 7 bytes JMP 000000010019012c
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                 0000000076bf5d87 7 bytes JMP 00000001001902f4
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                0000000076bf7240 7 bytes JMP 0000000100180e6e
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                               0000000076d61492 7 bytes JMP 00000001001904bc
.text  C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                            00000000778efc90 5 bytes JMP 000000010028091c
.text  C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                          00000000778efdf4 5 bytes JMP 0000000100280048
.text  C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                                   00000000778efe88 5 bytes JMP 00000001002802ee
.text  C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                00000000778effe4 5 bytes JMP 00000001002804b2
.text  C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                        00000000778f0018 5 bytes JMP 00000001002809fe
.text  C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                                00000000778f0048 5 bytes JMP 0000000100280ae0
.text  C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                             00000000778f0064 5 bytes JMP 000000010002004c
.text  C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                                00000000778f077c 5 bytes JMP 000000010028012a
.text  C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                                    00000000778f086c 5 bytes JMP 0000000100280758
.text  C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                              00000000778f0884 5 bytes JMP 0000000100280676
.text  C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                  00000000778f0dd4 5 bytes JMP 00000001002803d0
.text  C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                            00000000778f1900 5 bytes JMP 0000000100280594
.text  C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                        00000000778f1bc4 5 bytes JMP 000000010028083a
.text  C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                               00000000778f1d50 5 bytes JMP 000000010028020c
.text  C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                                              0000000076bf524f 7 bytes JMP 0000000100280f52
.text  C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                                  0000000076bf53d0 7 bytes JMP 0000000100290210
.text  C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                                 0000000076bf5677 1 byte JMP 0000000100290048
.text  C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                                                 0000000076bf5679 5 bytes {JMP 0xffffffff8969a9d1}
.text  C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                                        0000000076bf589a 7 bytes JMP 0000000100280ca6
.text  C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                                        0000000076bf5a1d 7 bytes JMP 00000001002903d8
.text  C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                                   0000000076bf5c9b 7 bytes JMP 000000010029012c
.text  C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                                     0000000076bf5d87 7 bytes JMP 00000001002902f4
.text  C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                                    0000000076bf7240 7 bytes JMP 0000000100280e6e
.text  C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                                   0000000076d61492 7 bytes JMP 00000001002904bc

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\446d57d161d9                                                                                                  
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\446d57d161d9@001d28f3f936                                                                                     0x74 0xEB 0x86 0x1D ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\446d57d161d9 (not active ControlSet)                                                                              
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\446d57d161d9@001d28f3f936                                                                                         0x74 0xEB 0x86 0x1D ...

---- Files - GMER 2.1 ----

File   C:\SysPart\Boot?                                                                                                                                                             0 bytes

---- EOF - GMER 2.1 ----
         

Alt 07.04.2013, 02:01   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Maljava entfernen - Standard

Trojan.Maljava entfernen



Bevor wir uns an die weitere Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.04.2013, 10:52   #6
RayRay
 
Trojan.Maljava entfernen - Standard

Trojan.Maljava entfernen



Hallo cosinus,

hier die benötigten Logs.
mbar:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org

Database version: v2013.04.07.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Martin :: MARTIN-PC [administrator]

07.04.2013 10:58:42
mbar-log-2013-04-07 (10-58-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29908
Time elapsed: 10 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

aswMBR:
Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-07 11:03:27
-----------------------------
11:03:27.980    OS Version: Windows x64 6.1.7601 Service Pack 1
11:03:27.980    Number of processors: 4 586 0x3A09
11:03:27.980    ComputerName: MARTIN-PC  UserName: Martin
11:03:29.962    Initialize success
11:07:21.814    AVAST engine defs: 13040700
11:07:38.241    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:07:38.241    Disk 0 Vendor: ST950032 0011 Size: 476940MB BusType: 3
11:07:38.366    Disk 0 MBR read successfully
11:07:38.366    Disk 0 MBR scan
11:07:38.382    Disk 0 Windows 7 default MBR code
11:07:38.382    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          200 MB offset 2048
11:07:38.413    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       430658 MB offset 411648
11:07:38.444    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        26080 MB offset 882399232
11:07:38.460    Disk 0 Partition 4 00     12  Compaq diag NTFS        20001 MB offset 935811072
11:07:38.616    Disk 0 scanning C:\Windows\system32\drivers
11:07:52.063    Service scanning
11:08:18.912    Modules scanning
11:08:18.912    Disk 0 trace - called modules:
11:08:19.443    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
11:08:19.443    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80087de060]
11:08:19.458    3 CLASSPNP.SYS[fffff8800145143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005f6b050]
11:08:20.613    AVAST engine scan C:\Windows
11:08:22.828    AVAST engine scan C:\Windows\system32
11:11:17.756    AVAST engine scan C:\Windows\system32\drivers
11:11:43.405    AVAST engine scan C:\Users\Martin
11:20:40.593    AVAST engine scan C:\ProgramData
11:23:13.602    Scan finished successfully
11:23:36.393    Disk 0 MBR has been saved successfully to "C:\Users\Martin\Desktop\MBR.dat"
11:23:36.409    The log file has been saved successfully to "C:\Users\Martin\Desktop\aswMBR.txt"
         

TDSSKiller:
Code:
ATTFilter
11:32:07.0823 2916  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:32:08.0135 2916  ============================================================
11:32:08.0135 2916  Current date / time: 2013/04/07 11:32:08.0135
11:32:08.0135 2916  SystemInfo:
11:32:08.0135 2916  
11:32:08.0135 2916  OS Version: 6.1.7601 ServicePack: 1.0
11:32:08.0135 2916  Product type: Workstation
11:32:08.0135 2916  ComputerName: MARTIN-PC
11:32:08.0135 2916  UserName: Martin
11:32:08.0135 2916  Windows directory: C:\Windows
11:32:08.0135 2916  System windows directory: C:\Windows
11:32:08.0135 2916  Running under WOW64
11:32:08.0135 2916  Processor architecture: Intel x64
11:32:08.0135 2916  Number of processors: 4
11:32:08.0135 2916  Page size: 0x1000
11:32:08.0135 2916  Boot type: Normal boot
11:32:08.0135 2916  ============================================================
11:32:08.0759 2916  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:32:08.0759 2916  ============================================================
11:32:08.0759 2916  \Device\Harddisk0\DR0:
11:32:08.0759 2916  MBR partitions:
11:32:08.0759 2916  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
11:32:08.0759 2916  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x34921000
11:32:08.0759 2916  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x34985800, BlocksNum 0x32F0000
11:32:08.0759 2916  ============================================================
11:32:08.0774 2916  C: <-> \Device\Harddisk0\DR0\Partition2
11:32:08.0821 2916  D: <-> \Device\Harddisk0\DR0\Partition3
11:32:08.0821 2916  ============================================================
11:32:08.0821 2916  Initialize success
11:32:08.0821 2916  ============================================================
11:32:18.0368 3776  ============================================================
11:32:18.0368 3776  Scan started
11:32:18.0368 3776  Mode: Manual; SigCheck; TDLFS; 
11:32:18.0368 3776  ============================================================
11:32:18.0868 3776  ================ Scan system memory ========================
11:32:18.0868 3776  System memory - ok
11:32:18.0868 3776  ================ Scan services =============================
11:32:19.0024 3776  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
11:32:19.0117 3776  1394ohci - ok
11:32:19.0164 3776  [ A3769020F7E8A70FD3E824C050F33306 ] acedrv11        C:\Windows\system32\drivers\acedrv11.sys
11:32:19.0211 3776  acedrv11 - ok
11:32:19.0242 3776  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
11:32:19.0258 3776  ACPI - ok
11:32:19.0273 3776  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
11:32:19.0304 3776  AcpiPmi - ok
11:32:19.0336 3776  [ 5E813B11629007309E4FC0F0FD2B7C30 ] ACPIVPC         C:\Windows\system32\DRIVERS\AcpiVpc.sys
11:32:19.0336 3776  ACPIVPC - ok
11:32:19.0492 3776  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:32:19.0507 3776  AdobeARMservice - ok
11:32:19.0616 3776  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:32:19.0648 3776  AdobeFlashPlayerUpdateSvc - ok
11:32:19.0710 3776  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
11:32:19.0741 3776  adp94xx - ok
11:32:19.0757 3776  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
11:32:19.0772 3776  adpahci - ok
11:32:19.0772 3776  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
11:32:19.0788 3776  adpu320 - ok
11:32:19.0804 3776  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
11:32:19.0944 3776  AeLookupSvc - ok
11:32:19.0991 3776  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
11:32:20.0053 3776  AFD - ok
11:32:20.0069 3776  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
11:32:20.0084 3776  agp440 - ok
11:32:20.0116 3776  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
11:32:20.0147 3776  ALG - ok
11:32:20.0162 3776  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
11:32:20.0178 3776  aliide - ok
11:32:20.0209 3776  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
11:32:20.0225 3776  amdide - ok
11:32:20.0256 3776  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
11:32:20.0287 3776  AmdK8 - ok
11:32:20.0303 3776  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
11:32:20.0334 3776  AmdPPM - ok
11:32:20.0350 3776  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
11:32:20.0350 3776  amdsata - ok
11:32:20.0365 3776  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
11:32:20.0381 3776  amdsbs - ok
11:32:20.0396 3776  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
11:32:20.0412 3776  amdxata - ok
11:32:20.0443 3776  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
11:32:20.0459 3776  AppID - ok
11:32:20.0474 3776  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
11:32:20.0506 3776  AppIDSvc - ok
11:32:20.0521 3776  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
11:32:20.0552 3776  Appinfo - ok
11:32:20.0630 3776  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:32:20.0646 3776  Apple Mobile Device - ok
11:32:20.0662 3776  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
11:32:20.0677 3776  arc - ok
11:32:20.0708 3776  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
11:32:20.0724 3776  arcsas - ok
11:32:20.0740 3776  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
11:32:20.0786 3776  AsyncMac - ok
11:32:20.0818 3776  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
11:32:20.0818 3776  atapi - ok
11:32:20.0849 3776  [ 78B183A794A08978EA0A8D017054352B ] AthBTPort       C:\Windows\system32\DRIVERS\btath_flt.sys
11:32:20.0849 3776  AthBTPort - ok
11:32:20.0880 3776  [ 42EF52D591A53CBE43D82C6C96F50A59 ] AtherosSvc      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
11:32:20.0896 3776  AtherosSvc - ok
11:32:20.0974 3776  [ 6C496450404ABDC887E56DF462B34255 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
11:32:21.0020 3776  athr - ok
11:32:21.0083 3776  [ B4BDE3F758A34658A37DFED3D9783CD8 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
11:32:21.0098 3776  atksgt - ok
11:32:21.0130 3776  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:32:21.0176 3776  AudioEndpointBuilder - ok
11:32:21.0208 3776  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
11:32:21.0223 3776  AudioSrv - ok
11:32:21.0254 3776  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
11:32:21.0348 3776  AxInstSV - ok
11:32:21.0410 3776  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
11:32:21.0442 3776  b06bdrv - ok
11:32:21.0488 3776  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
11:32:21.0535 3776  b57nd60a - ok
11:32:21.0566 3776  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
11:32:21.0598 3776  BDESVC - ok
11:32:21.0629 3776  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
11:32:21.0691 3776  Beep - ok
11:32:21.0754 3776  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
11:32:21.0800 3776  BFE - ok
11:32:22.0190 3776  [ E92A3DA47BED7CC65D264235617ED46E ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130322.001\BHDrvx64.sys
11:32:22.0253 3776  BHDrvx64 - ok
11:32:22.0284 3776  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
11:32:22.0346 3776  BITS - ok
11:32:22.0362 3776  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
11:32:22.0393 3776  blbdrive - ok
11:32:22.0487 3776  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:32:22.0502 3776  Bonjour Service - ok
11:32:22.0518 3776  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
11:32:22.0549 3776  bowser - ok
11:32:22.0674 3776  [ AAA4F992F879977A000FE8B8C730CD2C ] BPntDrv         C:\Windows\system32\drivers\BPntDrv.sys
11:32:22.0690 3776  BPntDrv - ok
11:32:22.0721 3776  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
11:32:22.0768 3776  BrFiltLo - ok
11:32:22.0768 3776  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
11:32:22.0799 3776  BrFiltUp - ok
11:32:22.0830 3776  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
11:32:22.0846 3776  Browser - ok
11:32:22.0861 3776  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
11:32:22.0877 3776  Brserid - ok
11:32:22.0892 3776  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
11:32:22.0908 3776  BrSerWdm - ok
11:32:22.0924 3776  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
11:32:22.0955 3776  BrUsbMdm - ok
11:32:23.0189 3776  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
11:32:23.0251 3776  BrUsbSer - ok
11:32:23.0298 3776  [ EDEBD26DF631A78483707C3F7429027F ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
11:32:23.0298 3776  BTATH_A2DP - ok
11:32:23.0314 3776  [ 2F22177BFEA75326DC0C535D71985A4E ] btath_avdt      C:\Windows\system32\drivers\btath_avdt.sys
11:32:23.0329 3776  btath_avdt - ok
11:32:23.0360 3776  [ D438A33D568C76C24E8D7394981F42DC ] BTATH_BUS       C:\Windows\system32\DRIVERS\btath_bus.sys
11:32:23.0376 3776  BTATH_BUS - ok
11:32:23.0376 3776  [ 6EFA8C93009E0BE0886C2422C7D20BC5 ] BTATH_HCRP      C:\Windows\system32\DRIVERS\btath_hcrp.sys
11:32:23.0392 3776  BTATH_HCRP - ok
11:32:23.0407 3776  [ 168506D0F0C8DF588F8A7E25C58A2DE6 ] BTATH_LWFLT     C:\Windows\system32\DRIVERS\btath_lwflt.sys
11:32:23.0407 3776  BTATH_LWFLT - ok
11:32:23.0423 3776  [ 7C8FB1D73BD279DD914CCA6ED0F4F62B ] BTATH_RCP       C:\Windows\system32\DRIVERS\btath_rcp.sys
11:32:23.0423 3776  BTATH_RCP - ok
11:32:23.0470 3776  [ 58D67C18894F96E89C076150BB76AD40 ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
11:32:23.0470 3776  BtFilter - ok
11:32:23.0516 3776  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
11:32:23.0532 3776  BthEnum - ok
11:32:23.0548 3776  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
11:32:23.0579 3776  BTHMODEM - ok
11:32:23.0688 3776  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
11:32:23.0719 3776  BthPan - ok
11:32:23.0735 3776  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
11:32:23.0750 3776  BTHPORT - ok
11:32:23.0797 3776  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
11:32:23.0844 3776  bthserv - ok
11:32:23.0875 3776  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
11:32:23.0906 3776  BTHUSB - ok
11:32:23.0984 3776  [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_NIS       C:\Windows\system32\drivers\NISx64\1403000.024\ccSetx64.sys
11:32:24.0000 3776  ccSet_NIS - ok
11:32:24.0000 3776  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
11:32:24.0062 3776  cdfs - ok
11:32:24.0109 3776  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
11:32:24.0140 3776  cdrom - ok
11:32:24.0172 3776  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
11:32:24.0234 3776  CertPropSvc - ok
11:32:24.0250 3776  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
11:32:24.0281 3776  circlass - ok
11:32:24.0296 3776  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
11:32:24.0312 3776  CLFS - ok
11:32:24.0374 3776  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:32:24.0390 3776  clr_optimization_v2.0.50727_32 - ok
11:32:24.0452 3776  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:32:24.0484 3776  clr_optimization_v2.0.50727_64 - ok
11:32:24.0546 3776  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:32:24.0562 3776  clr_optimization_v4.0.30319_32 - ok
11:32:24.0593 3776  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:32:24.0608 3776  clr_optimization_v4.0.30319_64 - ok
11:32:24.0640 3776  [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd           C:\Windows\system32\DRIVERS\clwvd.sys
11:32:24.0655 3776  clwvd - ok
11:32:24.0671 3776  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
11:32:24.0702 3776  CmBatt - ok
11:32:24.0718 3776  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
11:32:24.0718 3776  cmdide - ok
11:32:24.0764 3776  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
11:32:24.0780 3776  CNG - ok
11:32:24.0842 3776  [ 9F6DE1995A188615CEEE908E750A34ED ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
11:32:24.0889 3776  CnxtHdAudService - ok
11:32:24.0905 3776  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
11:32:24.0920 3776  Compbatt - ok
11:32:24.0936 3776  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
11:32:24.0967 3776  CompositeBus - ok
11:32:24.0983 3776  COMSysApp - ok
11:32:25.0123 3776  [ 78AF1C499BF02F9814DF959A04A4F9C9 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
11:32:25.0154 3776  cphs - ok
11:32:25.0186 3776  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
11:32:25.0186 3776  crcdisk - ok
11:32:25.0248 3776  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
11:32:25.0295 3776  CryptSvc - ok
11:32:25.0357 3776  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
11:32:25.0388 3776  cvhsvc - ok
11:32:25.0466 3776  [ F160B26B26BA4AFE8CECC12ED5AC231E ] CxAudMsg        C:\Windows\system32\CxAudMsg64.exe
11:32:25.0482 3776  CxAudMsg - ok
11:32:25.0529 3776  [ 56F4750B7F0CE969E43DE2A76DDA5A5F ] DamageGuard     C:\Windows\system32\DRIVERS\DamageGuardX64.sys
11:32:25.0544 3776  DamageGuard - ok
11:32:25.0622 3776  [ 75974DA59BA3D2E3DCE9386493A31F54 ] DamageGuardSvc  C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe
11:32:25.0654 3776  DamageGuardSvc - ok
11:32:25.0700 3776  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
11:32:25.0747 3776  DcomLaunch - ok
11:32:25.0778 3776  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
11:32:25.0810 3776  defragsvc - ok
11:32:25.0841 3776  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
11:32:25.0872 3776  DfsC - ok
11:32:25.0888 3776  [ 5014042B07FE6CBE0E6C737AA3F1EBFC ] dgFltr          C:\Windows\system32\drivers\dgFltrX64.sys
11:32:25.0888 3776  dgFltr - ok
11:32:25.0934 3776  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
11:32:25.0966 3776  Dhcp - ok
11:32:25.0997 3776  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
11:32:26.0028 3776  discache - ok
11:32:26.0059 3776  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
11:32:26.0075 3776  Disk - ok
11:32:26.0122 3776  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
11:32:26.0153 3776  Dnscache - ok
11:32:26.0168 3776  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
11:32:26.0231 3776  dot3svc - ok
11:32:26.0278 3776  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
11:32:26.0340 3776  DPS - ok
11:32:26.0371 3776  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
11:32:26.0387 3776  drmkaud - ok
11:32:26.0418 3776  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
11:32:26.0449 3776  DXGKrnl - ok
11:32:26.0465 3776  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
11:32:26.0496 3776  EapHost - ok
11:32:26.0574 3776  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
11:32:26.0636 3776  ebdrv - ok
11:32:26.0714 3776  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
11:32:26.0730 3776  eeCtrl - ok
11:32:26.0761 3776  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
11:32:26.0777 3776  EFS - ok
11:32:26.0855 3776  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
11:32:26.0917 3776  ehRecvr - ok
11:32:26.0933 3776  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
11:32:26.0948 3776  ehSched - ok
11:32:27.0011 3776  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
11:32:27.0026 3776  elxstor - ok
11:32:27.0073 3776  [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:32:27.0073 3776  EraserUtilRebootDrv - ok
11:32:27.0089 3776  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
11:32:27.0104 3776  ErrDev - ok
11:32:27.0167 3776  [ 4B18C33EEDD15BD2AAF99807D36555B3 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
11:32:27.0182 3776  ETD - ok
11:32:27.0214 3776  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
11:32:27.0245 3776  EventSystem - ok
11:32:27.0276 3776  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
11:32:27.0307 3776  exfat - ok
11:32:27.0323 3776  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
11:32:27.0370 3776  fastfat - ok
11:32:27.0479 3776  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
11:32:27.0526 3776  Fax - ok
11:32:27.0557 3776  [ 0BDD7984DB7AAFF6DFEFD11D82D473DB ] fbfmon          C:\Windows\system32\drivers\fbfmon.sys
11:32:27.0572 3776  fbfmon - ok
11:32:27.0588 3776  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
11:32:27.0619 3776  fdc - ok
11:32:27.0666 3776  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
11:32:27.0697 3776  fdPHost - ok
11:32:27.0713 3776  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
11:32:27.0744 3776  FDResPub - ok
11:32:27.0760 3776  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
11:32:27.0775 3776  FileInfo - ok
11:32:27.0791 3776  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
11:32:27.0822 3776  Filetrace - ok
11:32:27.0838 3776  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
11:32:27.0853 3776  flpydisk - ok
11:32:27.0884 3776  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
11:32:27.0884 3776  FltMgr - ok
11:32:27.0947 3776  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
11:32:28.0009 3776  FontCache - ok
11:32:28.0056 3776  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:32:28.0072 3776  FontCache3.0.0.0 - ok
11:32:28.0087 3776  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
11:32:28.0103 3776  FsDepends - ok
11:32:28.0134 3776  [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
11:32:28.0150 3776  fssfltr - ok
11:32:28.0212 3776  [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
11:32:28.0290 3776  fsssvc - ok
11:32:28.0337 3776  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
11:32:28.0337 3776  Fs_Rec - ok
11:32:28.0384 3776  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
11:32:28.0399 3776  fvevol - ok
11:32:28.0415 3776  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
11:32:28.0430 3776  gagp30kx - ok
11:32:28.0477 3776  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:32:28.0493 3776  GEARAspiWDM - ok
11:32:28.0540 3776  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
11:32:28.0618 3776  gpsvc - ok
11:32:28.0664 3776  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:32:28.0664 3776  gupdate - ok
11:32:28.0680 3776  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:32:28.0696 3776  gupdatem - ok
11:32:28.0711 3776  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:32:28.0727 3776  gusvc - ok
11:32:28.0742 3776  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
11:32:28.0758 3776  hcw85cir - ok
11:32:28.0789 3776  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:32:28.0836 3776  HdAudAddService - ok
11:32:28.0883 3776  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
11:32:28.0914 3776  HDAudBus - ok
11:32:28.0945 3776  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
11:32:28.0961 3776  HidBatt - ok
11:32:28.0992 3776  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
11:32:29.0023 3776  HidBth - ok
11:32:29.0070 3776  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
11:32:29.0086 3776  HidIr - ok
11:32:29.0101 3776  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
11:32:29.0148 3776  hidserv - ok
11:32:29.0164 3776  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
11:32:29.0179 3776  HidUsb - ok
11:32:29.0210 3776  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
11:32:29.0273 3776  hkmsvc - ok
11:32:29.0320 3776  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:32:29.0351 3776  HomeGroupListener - ok
11:32:29.0366 3776  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:32:29.0398 3776  HomeGroupProvider - ok
11:32:29.0429 3776  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
11:32:29.0444 3776  HpSAMD - ok
11:32:29.0476 3776  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
11:32:29.0554 3776  HTTP - ok
11:32:29.0569 3776  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
11:32:29.0569 3776  hwpolicy - ok
11:32:29.0616 3776  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
11:32:29.0632 3776  i8042prt - ok
11:32:29.0663 3776  [ C224331A54571C8C9162F7714400BBBD ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
11:32:29.0678 3776  iaStor - ok
11:32:29.0741 3776  [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
11:32:29.0756 3776  IAStorDataMgrSvc - ok
11:32:29.0788 3776  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
11:32:29.0803 3776  iaStorV - ok
11:32:29.0897 3776  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:32:29.0944 3776  idsvc - ok
11:32:30.0146 3776  [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130405.001\IDSvia64.sys
11:32:30.0162 3776  IDSVia64 - ok
11:32:30.0318 3776  [ A1CF07D24EDCDC6870535471654D957C ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
11:32:30.0412 3776  igfx - ok
11:32:30.0443 3776  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
11:32:30.0458 3776  iirsp - ok
11:32:30.0490 3776  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
11:32:30.0521 3776  IKEEXT - ok
11:32:30.0568 3776  [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
11:32:30.0630 3776  IntcDAud - ok
11:32:30.0692 3776  [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
11:32:30.0739 3776  Intel(R) Capability Licensing Service Interface - ok
11:32:30.0739 3776  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
11:32:30.0755 3776  intelide - ok
11:32:30.0770 3776  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
11:32:30.0817 3776  intelppm - ok
11:32:30.0848 3776  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
11:32:30.0895 3776  IPBusEnum - ok
11:32:30.0926 3776  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:32:30.0989 3776  IpFilterDriver - ok
11:32:31.0036 3776  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
11:32:31.0067 3776  iphlpsvc - ok
11:32:31.0098 3776  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
11:32:31.0114 3776  IPMIDRV - ok
11:32:31.0129 3776  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
11:32:31.0160 3776  IPNAT - ok
11:32:31.0238 3776  [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
11:32:31.0285 3776  iPod Service - ok
11:32:31.0332 3776  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
11:32:31.0379 3776  IRENUM - ok
11:32:31.0379 3776  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
11:32:31.0394 3776  isapnp - ok
11:32:31.0410 3776  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
11:32:31.0426 3776  iScsiPrt - ok
11:32:31.0472 3776  [ 846354992EBB373F452EB9182D501B08 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
11:32:31.0488 3776  iusb3hcs - ok
11:32:31.0535 3776  [ 1D88A23853387D34D52CC8F9DDBFC56C ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
11:32:31.0550 3776  iusb3hub - ok
11:32:31.0582 3776  [ FC5EFD7C797DF19DFB999F0605A7924E ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
11:32:31.0597 3776  iusb3xhc - ok
11:32:31.0644 3776  [ 09CA717536671E0896E07D239EE6740F ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
11:32:31.0675 3776  jhi_service - ok
11:32:31.0706 3776  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
11:32:31.0722 3776  kbdclass - ok
11:32:31.0753 3776  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
11:32:31.0784 3776  kbdhid - ok
11:32:31.0800 3776  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
11:32:31.0816 3776  KeyIso - ok
11:32:31.0878 3776  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
11:32:31.0894 3776  KSecDD - ok
11:32:31.0909 3776  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
11:32:31.0909 3776  KSecPkg - ok
11:32:31.0956 3776  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
11:32:31.0987 3776  ksthunk - ok
11:32:32.0018 3776  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
11:32:32.0050 3776  KtmRm - ok
11:32:32.0081 3776  [ FC741259B7C22379EE83257D7CF91151 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
11:32:32.0096 3776  L1C - ok
11:32:32.0128 3776  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
11:32:32.0174 3776  LanmanServer - ok
11:32:32.0174 3776  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:32:32.0221 3776  LanmanWorkstation - ok
11:32:32.0237 3776  [ BE166935083F9C38EDFDC21B9A7A679B ] LHDmgr          C:\Windows\system32\DRIVERS\LhdX64.sys
11:32:32.0252 3776  LHDmgr - ok
11:32:32.0315 3776  [ 955982BF4421B77722196552B62E8DC2 ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
11:32:32.0330 3776  lirsgt - ok
11:32:32.0362 3776  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
11:32:32.0393 3776  lltdio - ok
11:32:32.0424 3776  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
11:32:32.0455 3776  lltdsvc - ok
11:32:32.0486 3776  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
11:32:32.0518 3776  lmhosts - ok
11:32:32.0549 3776  [ A60D56228FF3EE7EC1A56A908924680E ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
11:32:32.0564 3776  LMS - ok
11:32:32.0611 3776  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
11:32:32.0611 3776  LSI_FC - ok
11:32:32.0642 3776  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
11:32:32.0642 3776  LSI_SAS - ok
11:32:32.0658 3776  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
11:32:32.0674 3776  LSI_SAS2 - ok
11:32:32.0689 3776  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
11:32:32.0705 3776  LSI_SCSI - ok
11:32:32.0939 3776  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
11:32:32.0970 3776  luafv - ok
11:32:32.0986 3776  lxcz_device - ok
11:32:33.0064 3776  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
11:32:33.0079 3776  Mcx2Svc - ok
11:32:33.0110 3776  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
11:32:33.0126 3776  megasas - ok
11:32:33.0173 3776  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
11:32:33.0188 3776  MegaSR - ok
11:32:33.0251 3776  [ 6B01B7414A105B9E51652089A03027CF ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
11:32:33.0251 3776  MEIx64 - ok
11:32:33.0282 3776  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
11:32:33.0313 3776  MMCSS - ok
11:32:33.0329 3776  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
11:32:33.0376 3776  Modem - ok
11:32:33.0422 3776  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
11:32:33.0438 3776  monitor - ok
11:32:33.0454 3776  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
11:32:33.0469 3776  mouclass - ok
11:32:33.0516 3776  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
11:32:33.0532 3776  mouhid - ok
11:32:33.0547 3776  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
11:32:33.0563 3776  mountmgr - ok
11:32:33.0610 3776  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:32:33.0641 3776  MozillaMaintenance - ok
11:32:33.0688 3776  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
11:32:33.0688 3776  mpio - ok
11:32:33.0719 3776  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
11:32:33.0750 3776  mpsdrv - ok
11:32:33.0781 3776  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
11:32:33.0812 3776  MpsSvc - ok
11:32:33.0828 3776  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
11:32:33.0844 3776  MRxDAV - ok
11:32:33.0844 3776  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
11:32:33.0875 3776  mrxsmb - ok
11:32:33.0890 3776  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:32:33.0906 3776  mrxsmb10 - ok
11:32:33.0922 3776  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:32:33.0937 3776  mrxsmb20 - ok
11:32:33.0953 3776  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
11:32:33.0968 3776  msahci - ok
11:32:33.0984 3776  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
11:32:33.0984 3776  msdsm - ok
11:32:34.0000 3776  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
11:32:34.0031 3776  MSDTC - ok
11:32:34.0062 3776  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
11:32:34.0093 3776  Msfs - ok
11:32:34.0124 3776  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
11:32:34.0171 3776  mshidkmdf - ok
11:32:34.0202 3776  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
11:32:34.0218 3776  msisadrv - ok
11:32:34.0234 3776  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
11:32:34.0280 3776  MSiSCSI - ok
11:32:34.0280 3776  msiserver - ok
11:32:34.0312 3776  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
11:32:34.0343 3776  MSKSSRV - ok
11:32:34.0374 3776  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
11:32:34.0405 3776  MSPCLOCK - ok
11:32:34.0421 3776  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
11:32:34.0452 3776  MSPQM - ok
11:32:34.0483 3776  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
11:32:34.0483 3776  MsRPC - ok
11:32:34.0499 3776  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
11:32:34.0514 3776  mssmbios - ok
11:32:34.0530 3776  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
11:32:34.0561 3776  MSTEE - ok
11:32:34.0577 3776  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
11:32:34.0592 3776  MTConfig - ok
11:32:34.0608 3776  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
11:32:34.0624 3776  Mup - ok
11:32:34.0655 3776  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
11:32:34.0686 3776  napagent - ok
11:32:34.0733 3776  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
11:32:34.0764 3776  NativeWifiP - ok
11:32:34.0842 3776  [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130406.008\ENG64.SYS
11:32:34.0858 3776  NAVENG - ok
11:32:34.0936 3776  [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130406.008\EX64.SYS
11:32:35.0045 3776  NAVEX15 - ok
11:32:35.0076 3776  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
11:32:35.0107 3776  NDIS - ok
11:32:35.0138 3776  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
11:32:35.0201 3776  NdisCap - ok
11:32:35.0232 3776  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
11:32:35.0248 3776  NdisTapi - ok
11:32:35.0263 3776  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
11:32:35.0279 3776  Ndisuio - ok
11:32:35.0294 3776  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
11:32:35.0341 3776  NdisWan - ok
11:32:35.0357 3776  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
11:32:35.0388 3776  NDProxy - ok
11:32:35.0419 3776  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
11:32:35.0466 3776  NetBIOS - ok
11:32:35.0482 3776  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
11:32:35.0497 3776  NetBT - ok
11:32:35.0513 3776  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
11:32:35.0513 3776  Netlogon - ok
11:32:35.0544 3776  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
11:32:35.0575 3776  Netman - ok
11:32:35.0591 3776  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
11:32:35.0638 3776  netprofm - ok
11:32:35.0669 3776  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:32:35.0669 3776  NetTcpPortSharing - ok
11:32:35.0700 3776  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
11:32:35.0716 3776  nfrd960 - ok
11:32:35.0762 3776  [ 241BD3019FB31E812A51B31B06906335 ] NIS             C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe
11:32:35.0794 3776  NIS - ok
11:32:35.0825 3776  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
11:32:35.0872 3776  NlaSvc - ok
11:32:35.0918 3776  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
11:32:35.0950 3776  Npfs - ok
11:32:35.0965 3776  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
11:32:35.0996 3776  nsi - ok
11:32:36.0012 3776  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
11:32:36.0028 3776  nsiproxy - ok
11:32:36.0074 3776  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
11:32:36.0106 3776  Ntfs - ok
11:32:36.0121 3776  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
11:32:36.0152 3776  Null - ok
11:32:36.0402 3776  [ FE2909F7DFB12B9A20AD207FE23B7E96 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:32:36.0527 3776  nvlddmkm - ok
11:32:36.0558 3776  [ 54C7D4E3A31888FA4BE822F506FE905B ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
11:32:36.0558 3776  nvpciflt - ok
11:32:36.0589 3776  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
11:32:36.0605 3776  nvraid - ok
11:32:36.0636 3776  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
11:32:36.0636 3776  nvstor - ok
11:32:36.0683 3776  [ 3341D2C91989BC87C3C0BAA97C27253B ] nvsvc           C:\Windows\system32\nvvsvc.exe
11:32:36.0714 3776  nvsvc - ok
11:32:36.0761 3776  [ 551CE34DAD2DFF0A480781E68B286E4D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
11:32:36.0839 3776  nvUpdatusService - ok
11:32:36.0886 3776  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
11:32:36.0901 3776  nv_agp - ok
11:32:36.0932 3776  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
11:32:36.0964 3776  ohci1394 - ok
11:32:36.0979 3776  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:32:36.0995 3776  ose - ok
11:32:37.0135 3776  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:32:37.0276 3776  osppsvc - ok
11:32:37.0307 3776  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
11:32:37.0322 3776  p2pimsvc - ok
11:32:37.0338 3776  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
11:32:37.0354 3776  p2psvc - ok
11:32:37.0385 3776  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
11:32:37.0385 3776  Parport - ok
11:32:37.0400 3776  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
11:32:37.0416 3776  partmgr - ok
11:32:37.0432 3776  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
11:32:37.0447 3776  PcaSvc - ok
11:32:37.0478 3776  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
11:32:37.0478 3776  pci - ok
11:32:37.0494 3776  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
11:32:37.0510 3776  pciide - ok
11:32:37.0525 3776  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
11:32:37.0541 3776  pcmcia - ok
11:32:37.0556 3776  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
11:32:37.0556 3776  pcw - ok
11:32:37.0572 3776  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
11:32:37.0603 3776  PEAUTH - ok
11:32:37.0681 3776  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
11:32:37.0697 3776  PerfHost - ok
11:32:37.0759 3776  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
11:32:37.0837 3776  pla - ok
11:32:37.0884 3776  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
11:32:37.0915 3776  PlugPlay - ok
11:32:37.0915 3776  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
11:32:37.0946 3776  PNRPAutoReg - ok
11:32:37.0962 3776  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
11:32:37.0962 3776  PNRPsvc - ok
11:32:37.0993 3776  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
11:32:38.0056 3776  PolicyAgent - ok
11:32:38.0087 3776  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
11:32:38.0102 3776  Power - ok
11:32:38.0149 3776  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
11:32:38.0212 3776  PptpMiniport - ok
11:32:38.0227 3776  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
11:32:38.0227 3776  Processor - ok
11:32:38.0274 3776  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
11:32:38.0305 3776  ProfSvc - ok
11:32:38.0321 3776  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:32:38.0321 3776  ProtectedStorage - ok
11:32:38.0336 3776  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
11:32:38.0383 3776  Psched - ok
11:32:38.0430 3776  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
11:32:38.0492 3776  ql2300 - ok
11:32:38.0508 3776  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
11:32:38.0524 3776  ql40xx - ok
11:32:38.0539 3776  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
11:32:38.0555 3776  QWAVE - ok
11:32:38.0570 3776  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
11:32:38.0586 3776  QWAVEdrv - ok
11:32:38.0602 3776  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
11:32:38.0633 3776  RasAcd - ok
11:32:38.0664 3776  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
11:32:38.0726 3776  RasAgileVpn - ok
11:32:38.0773 3776  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
11:32:38.0836 3776  RasAuto - ok
11:32:38.0898 3776  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
11:32:38.0960 3776  Rasl2tp - ok
11:32:39.0007 3776  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
11:32:39.0038 3776  RasMan - ok
11:32:39.0054 3776  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
11:32:39.0085 3776  RasPppoe - ok
11:32:39.0101 3776  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
11:32:39.0148 3776  RasSstp - ok
11:32:39.0179 3776  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
11:32:39.0210 3776  rdbss - ok
11:32:39.0210 3776  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
11:32:39.0226 3776  rdpbus - ok
11:32:39.0257 3776  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
11:32:39.0319 3776  RDPCDD - ok
11:32:39.0335 3776  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
11:32:39.0366 3776  RDPENCDD - ok
11:32:39.0382 3776  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
11:32:39.0413 3776  RDPREFMP - ok
11:32:39.0428 3776  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
11:32:39.0460 3776  RDPWD - ok
11:32:39.0491 3776  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
11:32:39.0491 3776  rdyboost - ok
11:32:39.0522 3776  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
11:32:39.0553 3776  RemoteAccess - ok
11:32:39.0569 3776  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
11:32:39.0600 3776  RemoteRegistry - ok
11:32:39.0631 3776  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
11:32:39.0662 3776  RFCOMM - ok
11:32:39.0694 3776  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
11:32:39.0725 3776  RpcEptMapper - ok
11:32:39.0740 3776  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
11:32:39.0787 3776  RpcLocator - ok
11:32:39.0803 3776  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
11:32:39.0834 3776  RpcSs - ok
11:32:39.0881 3776  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
11:32:39.0912 3776  rspndr - ok
11:32:39.0974 3776  [ 88AB579F407A3D02918B8DCC4E6E34B3 ] RSUSBVSTOR      C:\Windows\system32\Drivers\RtsUVStor.sys
11:32:39.0990 3776  RSUSBVSTOR - ok
11:32:40.0006 3776  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
11:32:40.0021 3776  SamSs - ok
11:32:40.0037 3776  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
11:32:40.0052 3776  sbp2port - ok
11:32:40.0084 3776  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
11:32:40.0146 3776  SCardSvr - ok
11:32:40.0162 3776  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
11:32:40.0193 3776  scfilter - ok
11:32:40.0224 3776  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
11:32:40.0271 3776  Schedule - ok
11:32:40.0286 3776  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
11:32:40.0318 3776  SCPolicySvc - ok
11:32:40.0333 3776  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
11:32:40.0349 3776  SDRSVC - ok
11:32:40.0380 3776  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
11:32:40.0411 3776  secdrv - ok
11:32:40.0411 3776  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
11:32:40.0442 3776  seclogon - ok
11:32:40.0458 3776  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
11:32:40.0489 3776  SENS - ok
11:32:40.0505 3776  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
11:32:40.0536 3776  SensrSvc - ok
11:32:40.0536 3776  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
11:32:40.0567 3776  Serenum - ok
11:32:40.0598 3776  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
11:32:40.0630 3776  Serial - ok
11:32:40.0661 3776  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
11:32:40.0692 3776  sermouse - ok
11:32:40.0723 3776  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
11:32:40.0770 3776  SessionEnv - ok
11:32:40.0786 3776  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
11:32:40.0801 3776  sffdisk - ok
11:32:40.0817 3776  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
11:32:40.0848 3776  sffp_mmc - ok
11:32:40.0864 3776  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
11:32:40.0879 3776  sffp_sd - ok
11:32:40.0879 3776  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
11:32:40.0895 3776  sfloppy - ok
11:32:40.0942 3776  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
11:32:40.0973 3776  Sftfs - ok
11:32:41.0035 3776  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
11:32:41.0066 3776  sftlist - ok
11:32:41.0098 3776  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
11:32:41.0129 3776  Sftplay - ok
11:32:41.0129 3776  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
11:32:41.0144 3776  Sftredir - ok
11:32:41.0144 3776  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
11:32:41.0160 3776  Sftvol - ok
11:32:41.0176 3776  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
11:32:41.0191 3776  sftvsa - ok
11:32:41.0222 3776  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
11:32:41.0269 3776  SharedAccess - ok
11:32:41.0285 3776  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:32:41.0332 3776  ShellHWDetection - ok
11:32:41.0363 3776  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
11:32:41.0363 3776  SiSRaid2 - ok
11:32:41.0394 3776  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
11:32:41.0394 3776  SiSRaid4 - ok
11:32:41.0425 3776  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
11:32:41.0441 3776  Smb - ok
11:32:41.0456 3776  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
11:32:41.0472 3776  SNMPTRAP - ok
11:32:41.0488 3776  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
11:32:41.0488 3776  spldr - ok
11:32:41.0534 3776  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
11:32:41.0550 3776  Spooler - ok
11:32:41.0628 3776  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
11:32:41.0753 3776  sppsvc - ok
11:32:41.0768 3776  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
11:32:41.0800 3776  sppuinotify - ok
11:32:41.0878 3776  [ 378A0748DE5ADF90BF9DB897DA8564E6 ] SRTSP           C:\Windows\System32\Drivers\NISx64\1403000.024\SRTSP64.SYS
11:32:41.0909 3776  SRTSP - ok
11:32:41.0956 3776  [ 0E76CEF892C45734F7AED09FDDF35D4D ] SRTSPX          C:\Windows\system32\drivers\NISx64\1403000.024\SRTSPX64.SYS
11:32:41.0956 3776  SRTSPX - ok
11:32:41.0971 3776  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
11:32:42.0002 3776  srv - ok
11:32:42.0080 3776  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
11:32:42.0112 3776  srv2 - ok
11:32:42.0143 3776  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
11:32:42.0158 3776  srvnet - ok
11:32:42.0190 3776  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
11:32:42.0221 3776  SSDPSRV - ok
11:32:42.0252 3776  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
11:32:42.0268 3776  SstpSvc - ok
11:32:42.0283 3776  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
11:32:42.0299 3776  stexstor - ok
11:32:42.0314 3776  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
11:32:42.0346 3776  stisvc - ok
11:32:42.0361 3776  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
11:32:42.0377 3776  swenum - ok
11:32:42.0392 3776  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
11:32:42.0439 3776  swprv - ok
11:32:42.0486 3776  [ E174C8BC572E93AEEE1036DEDAC5F225 ] SymDS           C:\Windows\system32\drivers\NISx64\1403000.024\SYMDS64.SYS
11:32:42.0502 3776  SymDS - ok
11:32:42.0548 3776  [ 599872BAD7CFB45C7CE47CDED4B726D8 ] SymEFA          C:\Windows\system32\drivers\NISx64\1403000.024\SYMEFA64.SYS
11:32:42.0580 3776  SymEFA - ok
11:32:42.0626 3776  [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
11:32:42.0626 3776  SymEvent - ok
11:32:42.0907 3776  [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON         C:\Windows\system32\drivers\NISx64\1403000.024\Ironx64.SYS
11:32:42.0907 3776  SymIRON - ok
11:32:42.0954 3776  [ 1605EBD8CB86AFC4430116065995279A ] SymNetS         C:\Windows\System32\Drivers\NISx64\1403000.024\SYMNETS.SYS
11:32:42.0970 3776  SymNetS - ok
11:32:43.0016 3776  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
11:32:43.0094 3776  SysMain - ok
11:32:43.0094 3776  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:32:43.0126 3776  TabletInputService - ok
11:32:43.0141 3776  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
11:32:43.0172 3776  TapiSrv - ok
11:32:43.0266 3776  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
11:32:43.0406 3776  TBS - ok
11:32:43.0484 3776  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
11:32:43.0516 3776  Tcpip - ok
11:32:43.0547 3776  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
11:32:43.0578 3776  TCPIP6 - ok
11:32:43.0594 3776  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
11:32:43.0625 3776  tcpipreg - ok
11:32:43.0656 3776  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
11:32:43.0687 3776  TDPIPE - ok
11:32:43.0703 3776  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
11:32:43.0718 3776  TDTCP - ok
11:32:43.0750 3776  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
11:32:43.0781 3776  tdx - ok
11:32:43.0796 3776  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
11:32:43.0812 3776  TermDD - ok
11:32:43.0843 3776  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
11:32:43.0890 3776  TermService - ok
11:32:43.0906 3776  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
11:32:43.0906 3776  Themes - ok
11:32:43.0937 3776  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
11:32:43.0952 3776  THREADORDER - ok
11:32:43.0968 3776  [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM             C:\Windows\system32\drivers\tpm.sys
11:32:43.0999 3776  TPM - ok
11:32:44.0030 3776  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
11:32:44.0062 3776  TrkWks - ok
11:32:44.0108 3776  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:32:44.0124 3776  TrustedInstaller - ok
11:32:44.0140 3776  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
11:32:44.0171 3776  tssecsrv - ok
11:32:44.0218 3776  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
11:32:44.0233 3776  TsUsbFlt - ok
11:32:44.0249 3776  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
11:32:44.0249 3776  TsUsbGD - ok
11:32:44.0264 3776  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
11:32:44.0311 3776  tunnel - ok
11:32:44.0327 3776  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
11:32:44.0327 3776  uagp35 - ok
11:32:44.0358 3776  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
11:32:44.0389 3776  udfs - ok
11:32:44.0420 3776  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
11:32:44.0467 3776  UI0Detect - ok
11:32:44.0498 3776  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
11:32:44.0514 3776  uliagpkx - ok
11:32:44.0530 3776  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
11:32:44.0561 3776  umbus - ok
11:32:44.0576 3776  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
11:32:44.0608 3776  UmPass - ok
11:32:44.0686 3776  [ A0153CC9D28568A10BDAEE5EC612CFC8 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
11:32:44.0717 3776  UNS - ok
11:32:44.0748 3776  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
11:32:44.0795 3776  upnphost - ok
11:32:44.0842 3776  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
11:32:44.0842 3776  USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
11:32:44.0842 3776  USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
11:32:44.0873 3776  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
11:32:44.0904 3776  usbccgp - ok
11:32:44.0935 3776  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
11:32:44.0951 3776  usbcir - ok
11:32:44.0966 3776  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
11:32:44.0998 3776  usbehci - ok
11:32:45.0013 3776  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
11:32:45.0044 3776  usbhub - ok
11:32:45.0044 3776  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
11:32:45.0076 3776  usbohci - ok
11:32:45.0091 3776  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
11:32:45.0107 3776  usbprint - ok
11:32:45.0138 3776  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
11:32:45.0154 3776  usbscan - ok
11:32:45.0169 3776  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:32:45.0185 3776  USBSTOR - ok
11:32:45.0200 3776  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
11:32:45.0216 3776  usbuhci - ok
11:32:45.0232 3776  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
11:32:45.0247 3776  usbvideo - ok
11:32:45.0263 3776  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
11:32:45.0294 3776  UxSms - ok
11:32:45.0310 3776  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
11:32:45.0325 3776  VaultSvc - ok
11:32:45.0341 3776  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
11:32:45.0356 3776  vdrvroot - ok
11:32:45.0372 3776  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
11:32:45.0419 3776  vds - ok
11:32:45.0434 3776  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
11:32:45.0450 3776  vga - ok
11:32:45.0466 3776  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
11:32:45.0512 3776  VgaSave - ok
11:32:45.0528 3776  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
11:32:45.0544 3776  vhdmp - ok
11:32:45.0559 3776  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
11:32:45.0575 3776  viaide - ok
11:32:45.0606 3776  [ 8793B8146F58D54D07245CE5F722DA93 ] vm331avs        C:\Windows\system32\Drivers\vm331avs.sys
11:32:45.0637 3776  vm331avs - ok
11:32:45.0668 3776  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
11:32:45.0668 3776  volmgr - ok
11:32:45.0700 3776  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
11:32:45.0700 3776  volmgrx - ok
11:32:45.0731 3776  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
11:32:45.0731 3776  volsnap - ok
11:32:45.0762 3776  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
11:32:45.0762 3776  vsmraid - ok
11:32:45.0824 3776  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
11:32:45.0918 3776  VSS - ok
11:32:45.0965 3776  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
11:32:46.0027 3776  vwifibus - ok
11:32:46.0043 3776  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
11:32:46.0074 3776  vwififlt - ok
11:32:46.0105 3776  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
11:32:46.0136 3776  W32Time - ok
11:32:46.0168 3776  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
11:32:46.0183 3776  WacomPen - ok
11:32:46.0214 3776  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
11:32:46.0277 3776  WANARP - ok
11:32:46.0277 3776  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
11:32:46.0308 3776  Wanarpv6 - ok
11:32:46.0355 3776  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
11:32:46.0433 3776  wbengine - ok
11:32:46.0448 3776  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
11:32:46.0464 3776  WbioSrvc - ok
11:32:46.0480 3776  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
11:32:46.0511 3776  wcncsvc - ok
11:32:46.0526 3776  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:32:46.0542 3776  WcsPlugInService - ok
11:32:46.0573 3776  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
11:32:46.0589 3776  Wd - ok
11:32:46.0604 3776  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
11:32:46.0620 3776  Wdf01000 - ok
11:32:46.0636 3776  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
11:32:46.0651 3776  WdiServiceHost - ok
11:32:46.0667 3776  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
11:32:46.0667 3776  WdiSystemHost - ok
11:32:46.0698 3776  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
11:32:46.0745 3776  WebClient - ok
11:32:46.0760 3776  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
11:32:46.0792 3776  Wecsvc - ok
11:32:46.0807 3776  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
11:32:46.0838 3776  wercplsupport - ok
11:32:46.0870 3776  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
11:32:46.0901 3776  WerSvc - ok
11:32:46.0916 3776  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
11:32:46.0948 3776  WfpLwf - ok
11:32:46.0963 3776  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
11:32:46.0963 3776  WIMMount - ok
11:32:46.0994 3776  WinDefend - ok
11:32:46.0994 3776  WinHttpAutoProxySvc - ok
11:32:47.0057 3776  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
11:32:47.0104 3776  Winmgmt - ok
11:32:47.0166 3776  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
11:32:47.0260 3776  WinRM - ok
11:32:47.0306 3776  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
11:32:47.0353 3776  Wlansvc - ok
11:32:47.0416 3776  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:32:47.0431 3776  wlcrasvc - ok
11:32:47.0509 3776  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:32:47.0603 3776  wlidsvc - ok
11:32:47.0634 3776  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
11:32:47.0665 3776  WmiAcpi - ok
11:32:47.0696 3776  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
11:32:47.0712 3776  wmiApSrv - ok
11:32:47.0759 3776  WMPNetworkSvc - ok
11:32:47.0790 3776  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
11:32:47.0806 3776  WPCSvc - ok
11:32:47.0837 3776  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
11:32:47.0852 3776  WPDBusEnum - ok
11:32:47.0868 3776  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
11:32:47.0899 3776  ws2ifsl - ok
11:32:47.0946 3776  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
11:32:47.0993 3776  wscsvc - ok
11:32:47.0993 3776  WSearch - ok
11:32:48.0040 3776  [ 83575C43B2BFE9AB0661A7F957E843C0 ] wsvd            C:\Windows\system32\DRIVERS\wsvd.sys
11:32:48.0040 3776  wsvd - ok
11:32:48.0118 3776  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
11:32:48.0180 3776  wuauserv - ok
11:32:48.0211 3776  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
11:32:48.0242 3776  WudfPf - ok
11:32:48.0274 3776  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
11:32:48.0320 3776  WUDFRd - ok
11:32:48.0336 3776  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
11:32:48.0367 3776  wudfsvc - ok
11:32:48.0383 3776  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
11:32:48.0414 3776  WwanSvc - ok
11:32:48.0445 3776  [ D65B42FBF19C676AA01AE95EC62F7764 ] ZAtheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
11:32:48.0461 3776  ZAtheros Bt&Wlan Coex Agent - ok
11:32:48.0476 3776  ================ Scan global ===============================
11:32:48.0508 3776  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:32:48.0523 3776  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
11:32:48.0539 3776  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
11:32:48.0554 3776  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:32:48.0570 3776  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:32:48.0586 3776  [Global] - ok
11:32:48.0586 3776  ================ Scan MBR ==================================
11:32:48.0586 3776  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:32:48.0913 3776  \Device\Harddisk0\DR0 - ok
11:32:48.0913 3776  ================ Scan VBR ==================================
11:32:48.0913 3776  [ 5D83D5E8A2497396C626210A37F970B9 ] \Device\Harddisk0\DR0\Partition1
11:32:48.0913 3776  \Device\Harddisk0\DR0\Partition1 - ok
11:32:48.0944 3776  [ 565826CEC92806259E0857FB1D561894 ] \Device\Harddisk0\DR0\Partition2
11:32:48.0944 3776  \Device\Harddisk0\DR0\Partition2 - ok
11:32:48.0991 3776  [ 7CDD9F6BAC63C58B4537645D2CF589FC ] \Device\Harddisk0\DR0\Partition3
11:32:48.0991 3776  \Device\Harddisk0\DR0\Partition3 - ok
11:32:48.0991 3776  ============================================================
11:32:48.0991 3776  Scan finished
11:32:48.0991 3776  ============================================================
11:32:49.0007 2596  Detected object count: 1
11:32:49.0007 2596  Actual detected object count: 1
11:33:14.0825 2596  USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
11:33:14.0825 2596  USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:34:16.0461 1172  Deinitialize success
         
Noch eine andere Frage: auf meinem Desktop liegt jetzt eine MBR.dat. Wurde die während einem der Scanvorgänge erstellt und wie soll ich mit der Datei umgehen?

Grüße, RayRay

Alt 07.04.2013, 22:14   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Maljava entfernen - Standard

Trojan.Maljava entfernen



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 08.04.2013, 09:05   #8
RayRay
 
Trojan.Maljava entfernen - Standard

Trojan.Maljava entfernen



Hallo cosinus,

hier das logfile von Combofix:
Code:
ATTFilter
ComboFix 13-04-08.01 - Martin 08.04.2013   9:38.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6046.4471 [GMT 2:00]
ausgeführt von:: c:\users\Martin\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Setup.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-03-08 bis 2013-04-08  ))))))))))))))))))))))))))))))
.
.
2013-04-08 07:43 . 2013-04-08 07:43	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-04-08 07:43 . 2013-04-08 07:43	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-04-04 15:31 . 2013-04-04 15:31	--------	d-----w-	c:\users\Martin\AppData\Roaming\Malwarebytes
2013-04-04 15:30 . 2013-04-04 15:30	--------	d-----w-	c:\programdata\Malwarebytes
2013-04-04 15:30 . 2013-04-04 15:30	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-04-04 15:30 . 2012-12-14 14:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-03-28 11:03 . 2013-03-28 11:03	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-03-28 11:03 . 2013-03-28 11:03	--------	d-----w-	c:\program files\iTunes
2013-03-28 11:03 . 2013-03-28 11:03	--------	d-----w-	c:\program files (x86)\iTunes
2013-03-28 11:03 . 2013-03-28 11:03	--------	d-----w-	c:\program files\iPod
2013-03-23 12:39 . 2013-03-23 12:39	--------	d-----w-	c:\users\Martin\AppData\Local\Downloaded Installations
2013-03-13 11:26 . 2013-03-13 11:26	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-13 11:26 . 2013-03-13 11:26	--------	d-----w-	c:\program files (x86)\Java
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 12:42 . 2012-09-05 18:31	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 12:42 . 2012-09-05 18:31	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 11:26 . 2012-09-13 09:01	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-03-13 11:26 . 2012-09-13 09:01	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-03-04 07:54 . 2013-03-01 20:33	88480	----a-w-	c:\windows\system32\drivers\atksgt.sys
2013-03-04 07:54 . 2013-03-01 20:33	46400	----a-w-	c:\windows\system32\drivers\lirsgt.sys
2013-01-31 03:18 . 2013-02-27 14:20	432800	----a-w-	c:\windows\system32\drivers\NISx64\1403000.024\symnets.sys
2013-01-31 03:18 . 2013-02-27 14:20	1139800	----a-w-	c:\windows\system32\drivers\NISx64\1403000.024\symefa64.sys
2013-01-29 01:45 . 2013-02-27 14:20	796248	----a-w-	c:\windows\system32\drivers\NISx64\1403000.024\srtsp64.sys
2013-01-29 01:45 . 2013-02-27 14:20	36952	----a-w-	c:\windows\system32\drivers\NISx64\1403000.024\srtspx64.sys
2013-01-22 02:15 . 2013-02-27 14:20	493656	----a-w-	c:\windows\system32\drivers\NISx64\1403000.024\symds64.sys
2012-08-13 09:09 . 2012-08-13 09:09	3166208	----a-w-	c:\program files (x86)\openofficeorg341.msi
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-07-17 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-12-12 163000]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2011-11-15 313960]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 DamageGuard;DamageGuard;c:\windows\system32\DRIVERS\DamageGuardX64.sys [2012-02-10 217392]
R4 DamageGuardSvc;Lenovo Instant Reset Service;c:\program files\Lenovo\Instant Reset\DamageGuardSvc.exe [2012-03-26 572976]
R4 dgFltr;dgFltr;c:\windows\system32\drivers\dgFltrX64.sys [2011-12-13 23648]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2012-07-17 57952]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-27 16152]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2012-07-17 39008]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-12-03 30056]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1403000.024\SYMDS64.SYS [2013-01-22 493656]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1403000.024\SYMEFA64.SYS [2013-01-31 1139800]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130322.001\BHDrvx64.sys [2013-03-22 1387608]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2012-07-17 13408]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1403000.024\ccSetx64.sys [2012-11-16 168096]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130405.001\IDSvia64.sys [2012-11-20 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1403000.024\Ironx64.SYS [2012-11-16 224416]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1403000.024\SYMNETS.SYS [2013-01-31 432800]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 191616]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2012-04-28 119424]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-17 198784]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-28 161560]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe [2012-12-24 144520]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-28 363800]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-04-28 163456]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2012-07-17 30816]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2012-04-28 36480]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2012-04-28 341120]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2012-04-28 111232]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2012-04-28 30848]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2012-04-28 168064]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2012-04-28 68736]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2012-04-28 281472]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2012-04-28 550528]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-01-28 31088]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-07 138912]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-01-15 208168]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-27 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-27 788760]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2012-03-02 104048]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys [2011-12-06 952832]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-05 12:42]
.
2013-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-17 10:51]
.
2013-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-17 10:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-07-17 10:51	1508192	----a-w-	c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxczbmgr.exe"="c:\program files (x86)\Lexmark 1200 Series\lxczbmgr.exe" [2007-04-19 74672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/webhp?sourceid=navclient&hl=de&ie=UTF-8
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\pyknee2k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} - c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
ShellIconOverlayIdentifiers-{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} - c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
ShellIconOverlayIdentifiers-{A759AFF6-5851-457D-A540-F4ECED148351} - c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
ShellIconOverlayIdentifiers-{1574C9EF-7D58-488F-B358-8B78C1538F51} - c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.3.0.36\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-08  09:44:51
ComboFix-quarantined-files.txt  2013-04-08 07:44
.
Vor Suchlauf: 18 Verzeichnis(se), 384.564.162.560 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 385.553.440.768 Bytes frei
.
- - End Of File - - 0A5D4063A89E10797A084CB83E0F3A79
         

Alt 08.04.2013, 11:20   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Maljava entfernen - Standard

Trojan.Maljava entfernen



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 08.04.2013, 12:07   #10
RayRay
 
Trojan.Maljava entfernen - Standard

Trojan.Maljava entfernen



Hallo cosinus,

bevor ich etwas falschmache, was meinst du mit Schutzsoftware beenden?
NIS deaktivieren?

Alt 08.04.2013, 13:01   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Maljava entfernen - Standard

Trojan.Maljava entfernen



Ja genau das
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 08.04.2013, 15:10   #12
RayRay
 
Trojan.Maljava entfernen - Standard

Trojan.Maljava entfernen



Hier die Logs.

JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Martin on 08.04.2013 at 14:59:53,65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip" 
Successfully deleted: [Registry Key] "hkey_current_user\software\pip" 
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip" 



~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\shoFE2C.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\Users\Martin\AppData\Roaming\pdfforge"
Successfully deleted: [Empty Folder] C:\Users\Martin\appdata\local\{0036C2C3-70AC-4ABB-BCB8-02B45CB0B425}
Successfully deleted: [Empty Folder] C:\Users\Martin\appdata\local\{6F2B2263-6DB0-495D-9DB2-DE1F4F6A39F4}
Successfully deleted: [Empty Folder] C:\Users\Martin\appdata\local\{86766BCB-2AE2-4DD6-A642-79B32537882B}
Successfully deleted: [Empty Folder] C:\Users\Martin\appdata\local\{8760C4DC-A3E7-4A04-8000-87EAFB406DCB}
Successfully deleted: [Empty Folder] C:\Users\Martin\appdata\local\{8A472A4F-B58D-488D-BA02-11053B7DA278}
Successfully deleted: [Empty Folder] C:\Users\Martin\appdata\local\{CDE3B735-CFED-4F64-856E-D805CBDEA173}
Successfully deleted: [Empty Folder] C:\Users\Martin\appdata\local\{F58D7247-6782-47ED-B4E2-50867ED7C493}



~~~ FireFox

Emptied folder: C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\pyknee2k.default\minidumps [769 files]
         
AdwCleaner:
Code:
ATTFilter
# AdwCleaner v2.200 - Datei am 08/04/2013 um 15:15:46 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Martin - MARTIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Martin\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0.2 (de)

Datei : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\pyknee2k.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [729 octets] - [08/04/2013 15:15:46]

########## EOF - C:\AdwCleaner[S1].txt - [788 octets] ##########
         
OTL:
Code:
ATTFilter
OTL logfile created on: 08.04.2013 15:50:36 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Martin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,90 Gb Total Physical Memory | 4,46 Gb Available Physical Memory | 75,59% Memory free
11,81 Gb Paging File | 10,34 Gb Available in Paging File | 87,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 420,56 Gb Total Space | 358,64 Gb Free Space | 85,28% Space Free | Partition Type: NTFS
Drive D: | 25,47 Gb Total Space | 22,23 Gb Free Space | 87,30% Space Free | Partition Type: NTFS
 
Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Martin\Desktop\OTL(1).exe (OldTimer Tools)
PRC - C:\Programme\Lenovo\Lenovo Solution Center\LSC.exe ()
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe (Lexmark International, Inc.)
PRC - C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe (Lexmark International, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Lenovo\Lenovo Solution Center\LSC.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.3.0.36\wincfi39.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (CxAudMsg) -- C:\Windows\SysNative\CxAudMsg64.exe (Conexant Systems Inc.)
SRV:64bit: - (lxcz_device) -- C:\Windows\SysNative\lxczcoms.exe ( )
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ZAtheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations)
SRV - (DamageGuardSvc) -- C:\Programme\Lenovo\Instant Reset\DamageGuardSvc.exe (Lenovo (Beijing) Limited)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (lxcz_device) -- C:\Windows\SysWOW64\lxczcoms.exe ( )
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symds64.sys (Symantec Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ironx64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (fbfmon) -- C:\Windows\SysNative\drivers\fbfmon.sys (Lenovo)
DRV:64bit: - (BPntDrv) -- C:\Windows\SysNative\drivers\BPntDrv.sys (Lenovo)
DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Qualcomm Atheros Co., Ltd.)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (DamageGuard) -- C:\Windows\SysNative\drivers\DamageGuardX64.sys (Lenovo)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (dgFltr) -- C:\Windows\SysNative\drivers\dgfltrX64.sys (Lenovo)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (vm331avs) -- C:\Windows\SysNative\drivers\vm331avs.sys (Vimicro Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130322.001\BHDrvx64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130407.007\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130407.007\eng64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130405.001\IDSviA64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\S-1-5-21-3635778213-168865323-624169720-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/webhp?sourceid=navclient&hl=de&ie=UTF-8
IE - HKU\S-1-5-21-3635778213-168865323-624169720-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3635778213-168865323-624169720-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_deDE500
IE - HKU\S-1-5-21-3635778213-168865323-624169720-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3635778213-168865323-624169720-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: toolbar%40gmx.net:2.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2013.04.08 15:19:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2012.11.21 17:37:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.11 20:22:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.11 20:22:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.09.07 10:36:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\Mozilla\Extensions
[2013.04.03 19:33:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\pyknee2k.default\extensions
[2013.04.03 19:33:57 | 000,492,403 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\pyknee2k.default\extensions\toolbar@gmx.net.xpi
[2013.03.11 20:22:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.11 20:22:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2013.03.11 20:22:45 | 000,000,000 | ---D | M] (GMX MailCheck) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net
[2013.03.11 20:22:48 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.25 00:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.25 00:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.25 00:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.25 00:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.25 00:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.25 00:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.04.08 09:43:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3635778213-168865323-624169720-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxczbmgr.exe] C:\Program Files (x86)\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-3635778213-168865323-624169720-1000..\Run: [Power2GoExpress] NA File not found
O4 - HKU\S-1-5-21-3635778213-168865323-624169720-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3635778213-168865323-624169720-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3635778213-168865323-624169720-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3635778213-168865323-624169720-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3635778213-168865323-624169720-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3635778213-168865323-624169720-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B87CAA2-CB41-4A54-8349-FA671B455907}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC8E8541-F012-4A4C-AB3E-F0818F7FFBDD}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.08 15:47:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL(1).exe
[2013.04.08 14:59:49 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.08 14:59:40 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.08 14:54:43 | 000,551,587 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Martin\Desktop\JRT.exe
[2013.04.08 09:49:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.04.08 09:44:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.04.08 09:36:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.08 09:36:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.08 09:36:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.08 09:29:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.08 09:28:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.08 09:23:17 | 005,048,507 | R--- | C] (Swearware) -- C:\Users\Martin\Desktop\ComboFix.exe
[2013.04.07 11:25:46 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Martin\Desktop\tdsskiller.exe
[2013.04.07 11:01:10 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Martin\Desktop\aswMBR.exe
[2013.04.07 10:41:49 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\mbar
[2013.04.05 17:44:51 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.04.04 17:31:03 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Malwarebytes
[2013.04.04 17:30:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.04 17:30:36 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.04 17:30:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.04.04 17:26:03 | 010,156,344 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Martin\Desktop\mbam-setup-1-70-0-1100.exe
[2013.03.28 13:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.03.28 13:03:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.03.28 13:03:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.03.28 13:03:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.03.28 13:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.03.23 14:39:43 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Downloaded Installations
[2013.03.13 13:26:40 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.13 13:26:13 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.13 13:26:13 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.03.13 13:26:13 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.13 13:26:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.03.11 20:22:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.08 15:47:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL(1).exe
[2013.04.08 15:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.08 15:26:10 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.08 15:25:10 | 000,031,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.08 15:25:10 | 000,031,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.08 15:23:55 | 000,170,028 | ---- | M] () -- C:\Windows\SysNative\fastboot.set
[2013.04.08 15:23:25 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.08 15:21:59 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.08 15:21:59 | 000,654,610 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.08 15:21:59 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.08 15:21:59 | 000,130,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.08 15:21:59 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.08 15:17:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.08 15:17:32 | 460,079,103 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.08 15:13:23 | 000,613,083 | ---- | M] () -- C:\Users\Martin\Desktop\adwcleaner.exe
[2013.04.08 14:54:43 | 000,551,587 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Martin\Desktop\JRT.exe
[2013.04.08 09:43:11 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.04.08 09:23:46 | 005,048,507 | R--- | M] (Swearware) -- C:\Users\Martin\Desktop\ComboFix.exe
[2013.04.07 11:25:50 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Martin\Desktop\tdsskiller.exe
[2013.04.07 11:23:36 | 000,000,512 | ---- | M] () -- C:\Users\Martin\Desktop\MBR.dat
[2013.04.07 11:02:34 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Martin\Desktop\aswMBR.exe
[2013.04.05 17:44:33 | 1126,695,803 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.04.05 17:15:44 | 000,377,856 | ---- | M] () -- C:\Users\Martin\Desktop\gmer_2.1.19163.exe
[2013.04.05 16:54:04 | 000,000,000 | ---- | M] () -- C:\Users\Martin\defogger_reenable
[2013.04.04 17:26:31 | 010,156,344 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Martin\Desktop\mbam-setup-1-70-0-1100.exe
[2013.03.30 14:08:22 | 000,002,726 | ---- | M] () -- C:\Users\Martin\AppData\Local\recently-used.xbel
[2013.03.28 13:03:50 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.03.19 11:45:40 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Lenovo Solution Center.lnk
[2013.03.13 14:42:07 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.13 14:42:07 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.13 13:26:07 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.13 13:26:06 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.03.13 13:26:06 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.03.13 13:26:06 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.13 13:26:06 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.13 13:26:06 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.08 15:13:18 | 000,613,083 | ---- | C] () -- C:\Users\Martin\Desktop\adwcleaner.exe
[2013.04.08 09:36:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.08 09:36:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.08 09:36:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.08 09:36:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.08 09:36:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.07 11:23:36 | 000,000,512 | ---- | C] () -- C:\Users\Martin\Desktop\MBR.dat
[2013.04.05 17:44:33 | 1126,695,803 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.04.05 17:15:43 | 000,377,856 | ---- | C] () -- C:\Users\Martin\Desktop\gmer_2.1.19163.exe
[2013.04.05 16:54:04 | 000,000,000 | ---- | C] () -- C:\Users\Martin\defogger_reenable
[2013.03.30 14:08:22 | 000,002,726 | ---- | C] () -- C:\Users\Martin\AppData\Local\recently-used.xbel
[2013.03.28 13:03:50 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.03.19 11:45:40 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\Lenovo Solution Center.lnk
[2012.10.10 03:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.10.10 03:22:32 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012.10.10 03:22:16 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012.09.18 15:01:10 | 000,000,100 | ---- | C] () -- C:\Windows\Lexstat.ini
[2012.09.18 15:00:27 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczserv.dll
[2012.09.18 15:00:27 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczusb1.dll
[2012.09.18 15:00:27 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpmui.dll
[2012.09.18 15:00:27 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxczutil.dll
[2012.09.18 15:00:27 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczinpa.dll
[2012.09.18 15:00:27 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcziesc.dll
[2012.09.18 15:00:27 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXCZinst.dll
[2012.09.18 15:00:27 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczppls.exe
[2012.09.18 15:00:27 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczprox.dll
[2012.09.18 15:00:26 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczhbn3.dll
[2012.09.18 15:00:26 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomc.dll
[2012.09.18 15:00:26 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczlmpm.dll
[2012.09.18 15:00:26 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcoms.exe
[2012.09.18 15:00:26 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomm.dll
[2012.09.18 15:00:26 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczih.exe
[2012.09.18 15:00:26 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcfg.exe
[2012.09.18 15:00:26 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpplc.dll
[2012.09.18 13:43:31 | 000,305,152 | ---- | C] ( ) -- C:\Windows\SysWow64\LXCZhcp.dll
[2012.09.18 12:53:00 | 000,014,355 | ---- | C] () -- C:\Users\Martin\Ihre+Retourenmarke.pdf
[2012.09.05 19:43:56 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.09.05 19:39:21 | 000,000,000 | ---- | C] () -- C:\Windows\firstboot.dat
[2012.08.13 11:11:02 | 141,421,187 | ---- | C] () -- C:\Program Files (x86)\openofficeorg1.cab
[2012.08.13 11:09:30 | 003,166,208 | ---- | C] () -- C:\Program Files (x86)\openofficeorg341.msi
[2012.08.13 11:09:30 | 000,000,294 | ---- | C] () -- C:\Program Files (x86)\setup.ini
[2012.07.17 12:51:27 | 002,086,240 | ---- | C] () -- C:\Windows\SysWow64\LenovoVeriface.Interface.dll
[2012.07.17 12:51:27 | 001,500,512 | ---- | C] () -- C:\Windows\SysWow64\Apblend.dll
[2012.07.17 12:51:27 | 001,171,456 | ---- | C] () -- C:\Windows\SysWow64\PicNotify.dll
[2012.07.17 12:51:27 | 000,472,416 | ---- | C] () -- C:\Windows\SysWow64\Lenovo.VerifaceStub.dll
[2012.07.17 12:51:13 | 001,044,480 | ---- | C] () -- C:\Windows\SysWow64\3DImageRenderer.dll
[2012.07.17 12:38:04 | 000,001,822 | ---- | C] () -- C:\Windows\vm331Rmv.ini
[2012.07.17 12:38:04 | 000,001,822 | ---- | C] () -- C:\Windows\SysWow64\vm331Rmv.ini
[2012.05.16 07:26:34 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012.05.16 07:26:21 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
Extras:
Code:
ATTFilter
OTL Extras logfile created on: 08.04.2013 15:50:36 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Martin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,90 Gb Total Physical Memory | 4,46 Gb Available Physical Memory | 75,59% Memory free
11,81 Gb Paging File | 10,34 Gb Available in Paging File | 87,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 420,56 Gb Total Space | 358,64 Gb Free Space | 85,28% Space Free | Partition Type: NTFS
Drive D: | 25,47 Gb Total Space | 22,23 Gb Free Space | 87,30% Space Free | Partition Type: NTFS
 
Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-3635778213-168865323-624169720-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10E951EE-1A4C-45A7-8E3B-BB575D0D5BC8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1D611797-E240-472F-A726-9B5946CA5AB4}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{203B2945-828F-43B7-AA70-85B401A2F877}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{28FA5232-67DC-4E21-BF71-11972EFD560E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{2C466446-62AD-4664-B045-AA06814C5033}" = lport=138 | protocol=17 | dir=in | app=system | 
"{334186AD-6648-4F0B-8F89-EB9132C0224D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{3A1AF9C7-0042-4B30-92EB-1AE214D26F5A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3F154DF7-8C0A-4B82-9109-426B3DF3C901}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4ACF28BC-79E3-4A05-8AC9-1D74E43DFA77}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4DD4B301-8B5C-4ADF-8C2E-A78678623F73}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4EA44185-E73F-4232-939D-C8793ADDB080}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5518F040-CD4A-4852-B766-B7FBB5014484}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6C1C5B9E-976D-44C1-9779-2CF462096F8A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6E5D6A6E-C027-4478-A73A-6CC1A501F0C6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{741621B8-1607-403A-942B-A8DED66E97EA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7B040E3F-586C-4272-9226-E9674A7FCB57}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8B5B31A1-B3DA-46B0-AF5F-618C1C031CA2}" = rport=445 | protocol=6 | dir=out | app=system | 
"{925E65CC-3B6E-4387-8B28-1F0A19E12C9D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9EFD0C8C-145F-448F-BBC4-2F7E66E6224E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A056F21F-AA69-4032-BABA-CC3C89D64D71}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A4BEF393-8290-474A-A484-D9AE19ADCC82}" = rport=138 | protocol=17 | dir=out | app=system | 
"{BE576647-1775-42D3-B1DF-19E4C9510882}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{ECFEA22A-065E-4B50-B509-6483148FC81B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{027C69BC-935C-4832-A0B1-40A4B7C4FDF5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{16837B5B-BEDE-434A-8355-215E3DFA08D6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2506B921-FB5F-4A6B-8742-EC65DD4EE4A6}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{2642E0A8-5575-41A5-86B9-91F2A2788A79}" = protocol=6 | dir=out | app=system | 
"{2C59C436-EB0D-4C11-B397-9F9B94F1F11C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2F6230D5-F6E1-4CD6-BE4F-C3C33F49F425}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{36E6A2EC-576F-47FA-AE68-103F14B2FFCB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{376EEE4A-8DE4-4790-B3C1-DA142159E957}" = protocol=6 | dir=in | app=c:\windows\system32\lxczcoms.exe | 
"{3C342F44-7151-4544-A185-8257AD0CA3E3}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{41BCE86A-5B6F-4C66-AA8F-843F1FDE72B2}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxczcoms.exe | 
"{4D46AB94-9CA4-4F4A-9E7D-D8394578668D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5000343C-4F9F-416D-B142-7185D4372E07}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5DB19B99-0CC9-431F-AEB1-1F416D7F661D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7933D7F9-1602-478C-A4CD-34C3410D0E8C}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxczpswx.exe | 
"{895F9FE4-0EF5-4EA2-81CB-79850C12F57A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{92F84294-87CD-47E1-83C9-92B1E189F8C1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9640BA75-9A3B-4256-97FE-AA4B81BFDFD3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{995E25AB-22B3-48DA-8703-8511BB4C97E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9F462710-9973-49CB-BC79-FB232D32E256}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A1103C22-7BCF-4C17-9231-85296DA26A0B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{AFCA3A04-FB81-4827-8F0F-C796CC1F1590}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B2BFE2FF-D43F-46B2-B241-EF724C732C54}" = protocol=17 | dir=in | app=c:\windows\system32\lxczcoms.exe | 
"{B78138EA-0700-487D-A0BA-A2EC451C687B}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxczcoms.exe | 
"{B9D2F344-FC79-4C82-AD58-4E9F4A5213EF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{C1FB643F-1798-489B-A99B-33F0AE480695}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CA303667-69DB-43FE-A8B6-2835852380F6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CF350A99-6F22-44F2-8B45-00FD23BC6192}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D648074F-1062-4EA7-A55A-DDD67510AA77}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D90F181B-0669-4E51-A4B1-A9CA0CA55CC0}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxczpswx.exe | 
"{E5C5B5D4-78D1-46A0-939D-0FF164AF3620}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{E92028CE-D54D-411C-81E1-94B496E21E90}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F08BD6FE-1D70-4980-8A78-71C19E152C4E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F73014D9-F302-48DF-BF18-7205AD200668}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FEADC0B0-5282-4683-AB46-0B6FF509C91F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Atheros Bluetooth Suite (64)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{5DEFFC02-063C-4781-A371-077729F869B4}" = Lenovo Solution Center
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"99841829BE839365AA67B2AD0E50D371F59F8A1E" = Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = Lenovo pointing device
"GIMP-2_is1" = GIMP 2.8.2
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Lexmark 1200 Series" = Lexmark 1200 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros WLAN Client Installation Program
"{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}" = Lenovo Welcome
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39C4C6DE-641B-483F-B875-2AEDF0FB85CA}_is1" = Rampant Logic Postscript Viewer 1.1
"{3B416FDA-CB3E-4514-9616-763E5B0D1140}" = Geheimakte Tunguska
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6707C034-ED6B-4B6A-B21F-969B3606FBDE}" = Lenovo Registration
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC2C1BDB-1E91-4F94-B99C-E716FE2E9C75}_is1" = MinGW-Get version 0.5-beta-20120426-1
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera
"{AF192694-4B15-4AC1-92F3-1B02E98C08BD}" = LockKey
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Benutzerhandbuch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Deponia" = Deponia
"FormatFactory" = FormatFactory 3.0.1
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{AF192694-4B15-4AC1-92F3-1B02E98C08BD}" = LockKey
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Qt Eclipse Integration 1.6.1 - C:_Users_Martin_Documents_eclipse-cpp-juno-SR1-win32" = Qt Eclipse Integration 1.6.1
"Qt OpenSource 4.8.3 - C:_Qt_4.8.3" = Qt OpenSource 4.8.3
"VeriFace" = VeriFace
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.04.2013 09:09:30 | Computer Name = Martin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.04.2013 09:19:22 | Computer Name = Martin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.04.2013 09:27:53 | Computer Name = Martin-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
[ System Events ]
Error - 08.04.2013 09:10:13 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 08.04.2013 09:10:13 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 08.04.2013 09:20:03 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 08.04.2013 09:20:03 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
 
< End of report >
         

Alt 08.04.2013, 15:50   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Maljava entfernen - Standard

Trojan.Maljava entfernen



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 08.04.2013, 18:30   #14
RayRay
 
Trojan.Maljava entfernen - Standard

Trojan.Maljava entfernen



Und hier die logs:

malwarebytes:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.04.08.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Martin :: MARTIN-PC [Administrator]

08.04.2013 17:17:00
mbam-log-2013-04-08 (17-17-00).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 235052
Laufzeit: 2 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
         
Eset:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5ea406b88a9feb4586758e9969a8a2af
# engine=13575
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-08 05:22:05
# local_time=2013-04-08 07:22:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 91 466533 128038310 0 0
# compatibility_mode=5893 16776574 100 94 18409099 117071575 0 0
# scanned=192888
# found=0
# cleaned=0
# scan_time=6801
         

Alt 08.04.2013, 21:22   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Maljava entfernen - Standard

Trojan.Maljava entfernen



Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Trojan.Maljava entfernen
compu, computer, entdeck, entdeckt, entferne, entfernen, entgültig, gültig, hänge, maljava, norton, schonmal, schädling, troja, trojan.maljava, trojaner, zu lang, zusammen




Ähnliche Themen: Trojan.Maljava entfernen


  1. Trojan.ADH.2 entfernen - wie?
    Plagegeister aller Art und deren Bekämpfung - 03.06.2014 (3)
  2. Trojaner.Maljava und andere Viren - wie krieg ich die weg?
    Plagegeister aller Art und deren Bekämpfung - 23.04.2014 (1)
  3. Norton zeigt Trojan.Maljava an !
    Plagegeister aller Art und deren Bekämpfung - 15.04.2014 (3)
  4. Windows Defender: Problem beim Entfernen von Trojan:Win32/Necurs.A und Trojan:WinNT/Necurs.A unter Windows 7
    Log-Analyse und Auswertung - 11.04.2014 (52)
  5. [Win XP] botnet: ntp-muliplier; desinfect: Trojan.Script.Iframer, Trojan.Heur.TP, Win.Trojan.Iniduoh, Win.Trojan.Ramnit
    Log-Analyse und Auswertung - 08.02.2014 (16)
  6. Trojan:Win32/Sirefef.AB und Trojan:Win64/Sirefef.P entfernen!
    Log-Analyse und Auswertung - 10.12.2013 (22)
  7. Trojan:Win32/Sirefef.AB und Trojan:Win64/Sirefef.P entfernen!
    Log-Analyse und Auswertung - 02.08.2013 (14)
  8. Trojan.Maljava durch Norton Antivirus entdeckt
    Log-Analyse und Auswertung - 04.04.2013 (9)
  9. Trojan.Sirefef.MC und Trojan.Generic.8253580 lassen sich nicht entfernen!
    Log-Analyse und Auswertung - 23.02.2013 (9)
  10. Win32/Kryptik.AOOB trojan / Win32/Ponmocup.AA trojan entfernen ?
    Plagegeister aller Art und deren Bekämpfung - 27.11.2012 (7)
  11. Trojan.Maljava - Infektion
    Log-Analyse und Auswertung - 19.11.2012 (16)
  12. Trojaner Maljava :-/
    Plagegeister aller Art und deren Bekämpfung - 15.10.2012 (3)
  13. Trojan.Small, Trojan.Sirefef, Rootkit.0Access in C:\Windows\installer - ist nicht zu entfernen
    Log-Analyse und Auswertung - 05.07.2012 (23)
  14. Avira hat TR/Maljava.A.43 und Exploits EXP/CVE-2011-3544.AZ gefunden - und nun?
    Plagegeister aller Art und deren Bekämpfung - 02.03.2012 (33)
  15. Trojan Horse und Trojan.Zlob entfernen
    Plagegeister aller Art und deren Bekämpfung - 16.06.2010 (5)
  16. iebho.dll (Trojan.FakeAlert, Trojan.BHO.H) lassen sich nicht entfernen
    Log-Analyse und Auswertung - 06.03.2010 (17)
  17. Trojan.Win32.Cosmu.jnu/Trojan/Win32.Cosmu.gen Befall !!! Kann ihn nicht entfernen !!!
    Log-Analyse und Auswertung - 01.02.2010 (49)

Zum Thema Trojan.Maljava entfernen - Hallihallo zusammen, wie die Überschrift schon sagt hat Norton den Schädling Trojan.Maljava entdeckt und isoliert. Bitte um Eure Hilfe, um das garstige Ding entgültig vom Computer zu verbannen. Da die - Trojan.Maljava entfernen...
Archiv
Du betrachtest: Trojan.Maljava entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.