Firefox und Grafiktreiber stürzen ab, Trojaner lassen sich nicht entfernen

Bohli74 · 09.05.2013, 16:39

Hallo

Ich habe das Problem, das seit einiger Zeit der Firefox abstürzt und sich dann auch nicht mehr starten lässt. Löschung und Neuinstallation brachten das gleiche Ergebnis.
Zeitgleich stürzt auch mein NVidia Grafikkartentreiber regelmäßig ab, mit der Meldung das:
"der Nvidia-Windows-Kernel-Mode-Driver nicht mehr funktioniere".
Ich habe dann meinen Virenscanner (AVG Internet Security 2012) scannen lassen und der hat auch einige Trojaner entdeckt.
Diese haben die Bezeichnung:

- PSW.Generic10.YEE
- PSW.Generic10.YEE.dropper
- Generic30.CHNT
- Dropper.Generic7.AJBH

Insgesamt wurden 19 dieser Trojaner entdeckt, es konnten aber nur 2 entfernt werden.
Ich weiss nicht ob es damit zusammenhängt, aber mein Revhner fährt auch nur langsam hoch
obwohl es mal schneller ging.

die logfiles der durchgeführten scans hänge ich an

cosinus · 09.05.2013, 23:06

Schön und wo sind die Logs dazu? Mit solchen unkonkreten Angaben kann dir niemand helfen!

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Bohli74 · 09.05.2013, 23:18

Hallo Cosinus

Erstmal danke für die Antwort!
Die logfiles waren wirklich zu groß, sonst hätte ich sie gepostet!
Hier nun das Ergebnis des Virenscanners, jedoch hat sich die Anzahl schon reduziert.
Die Probleme beim Firefox und beim Grafiktreiber bestehen jedoch immer noch.

"Scan ""Gesamten Computer scannen"" wurde beendet."
"Infektionen";"5";"2";"3"
"Informationen";"1"
"Ausgewählte Ordner:";"Gesamten Computer scannen"
"Start des Scans:";"Donnerstag, 9. Mai 2013, 17:52:33"
"Ende des Scans:";"Donnerstag, 9. Mai 2013, 17:55:57 (3 Minute(n) 23 Sekunde(n))"
"Gescannter Objekte:";"1591610"
"Benutzer:";"xxxxx"

"Infektionen"
"";"Datei";"Infektion";"Ergebnis"
"";"C:\WINDOWS\SysWOW64\svchost.exe (8680)";"Trojaner: PSW.Generic10.YEE";"Gelöscht"
"";"C:\Program Files (x86)\Mozilla Firefox\firefox.exe (8672)";"Trojaner: PSW.Generic10.YEE.dropper";"Gelöscht"
"";"C:\WINDOWS\SysWOW64\svchost.exe (8680):\memory_00400000";"Trojaner: PSW.Generic10.YEE";"Infiziert"
"";"C:\Program Files (x86)\Mozilla Firefox\firefox.exe (8672):\memory_00400000:\memory_00400000";"Trojaner: PSW.Generic10.YEE";"Infiziert"
"";"C:\Program Files (x86)\Mozilla Firefox\firefox.exe (8672):\memory_00400000";"Trojaner: PSW.Generic10.YEE.dropper";"Infiziert"

"Informationen"
"";"Datei";"Informationen";"Ergebnis"
"";"C:\$RECYCLE.BIN\S-1-5-21-3978098729-3601256905-1607446451-1002\$RNBWSVZ\DAEMONToolsPro4410315-0262-cra2.exe";"Die Datei wurde von einer beschädigten digitalen Signatur signiert, die von DT Soft Ltd ausgestellt wurde.";""

cosinus · 09.05.2013, 23:23

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Bohli74 · 09.05.2013, 23:39

Muss für Combofix die Internetverbindung bestehen, oder deaktiviert werden?

cosinus · 09.05.2013, 23:53

Lass die Internetverbindung bei jedem Tool bitte stehen

Bohli74 · 10.05.2013, 00:46

Kann die Ergebnisse von Combofix nicht finden!
Hab den Scan mehrmals ausgeführt, aber eine Datei mit dem Ergebnissen lässt sich nicht finden!

cosinus · 10.05.2013, 01:01

Steht doch in der Anleitung => Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Bohli74 · 10.05.2013, 15:54

Hier nun die Logfile von Combofix:

Code:

ATTFilter

Combofix Logfile:

	Code: 

 ATTFilter

  
	ComboFix 13-05-09.01 - xxxxx 10.05.2013   1:23.3.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4010.2306 [GMT 2:00]
ausgeführt von:: c:\users\xxxxx\Downloads\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-09 bis 2013-05-09  ))))))))))))))))))))))))))))))
.
.
2013-05-09 23:29 . 2013-05-09 23:29	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-09 10:27 . 2013-05-09 10:27	65736	----a-w-	c:\windows\system32\drivers\pxrts.sys
2013-05-09 10:26 . 2013-05-09 10:27	--------	d-----w-	c:\programdata\PrevxCSI
2013-05-09 07:24 . 2013-05-09 07:24	--------	d-----w-	c:\users\xxxxx\AppData\Local\Mozilla
2013-05-09 07:23 . 2013-05-09 07:23	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2013-05-04 21:52 . 2013-05-04 21:52	--------	d-----w-	c:\program files (x86)\af0.net
2013-05-04 13:43 . 2013-05-04 13:43	--------	d-----w-	c:\users\UpdatusUser
2013-05-04 08:59 . 2013-05-04 09:00	--------	d-----w-	c:\programdata\AVG
2013-05-04 08:59 . 2013-05-04 10:15	--------	d-sh--w-	c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-05-04 08:51 . 2013-05-04 08:51	--------	d-----w-	c:\users\xxxxx\AppData\Roaming\TuneUp Software
2013-05-04 08:06 . 2013-05-09 23:19	--------	d-----w-	c:\programdata\NVIDIA
2013-05-04 08:06 . 2013-05-04 17:48	--------	d-----w-	c:\windows\SysWow64\NV
2013-05-04 08:06 . 2013-05-04 17:47	--------	d-----w-	c:\windows\system32\NV
2013-05-04 08:03 . 2013-03-15 04:16	3477280	----a-w-	c:\windows\system32\nvsvc64.dll
2013-05-04 08:03 . 2013-03-15 04:16	6398240	----a-w-	c:\windows\system32\nvcpl.dll
2013-05-04 08:03 . 2013-03-15 04:16	877856	----a-w-	c:\windows\system32\nvvsvc.exe
2013-05-04 08:03 . 2013-03-15 04:16	76064	----a-w-	c:\windows\system32\nv3dappshextr.dll
2013-05-04 08:03 . 2013-03-15 04:16	63776	----a-w-	c:\windows\system32\nvshext.dll
2013-05-04 08:03 . 2013-03-15 04:16	2555680	----a-w-	c:\windows\system32\nvsvcr.dll
2013-05-04 08:03 . 2013-03-15 04:16	237856	----a-w-	c:\windows\system32\nvmctray.dll
2013-05-04 08:03 . 2013-03-15 04:16	1016096	----a-w-	c:\windows\system32\nv3dappshext.dll
2013-05-04 08:03 . 2013-03-13 16:24	3065455	----a-w-	c:\windows\system32\nvcoproc.bin
2013-05-04 08:03 . 2013-05-04 08:03	--------	d-----w-	c:\programdata\NVIDIA Corporation
2013-05-03 20:59 . 2013-05-03 20:59	--------	d-----w-	c:\windows\SysWow64\Extensions
2013-05-03 20:59 . 2013-05-03 20:59	--------	d-----w-	c:\windows\SysWow64\searchplugins
2013-05-03 20:00 . 2013-05-09 22:54	--------	d-----w-	c:\users\xxxxx\AppData\Roaming\Kygad
2013-05-03 20:00 . 2013-05-09 22:43	--------	d-----w-	c:\users\xxxxx\AppData\Roaming\Maruw
2013-05-03 20:00 . 2013-05-09 22:40	--------	d-----w-	c:\users\xxxxx\AppData\Roaming\tor
2013-04-30 21:01 . 2012-04-08 22:40	79360	----a-w-	c:\windows\SysWow64\ff_vfw.dll
2013-04-30 21:01 . 2013-04-30 21:01	--------	d-----w-	c:\program files (x86)\ffdshow
2013-04-30 21:01 . 2013-04-30 21:01	--------	d-----w-	c:\program files (x86)\Delta
2013-04-30 21:01 . 2013-04-30 21:01	--------	d-----w-	c:\users\xxxxx\AppData\Roaming\Delta
2013-04-30 21:00 . 2013-04-30 21:01	--------	d-----w-	c:\program files (x86)\hdvidcodec.com
2013-04-28 10:24 . 2013-04-28 10:24	--------	d-----w-	c:\users\xxxxx\AppData\Local\ratDVD
2013-04-25 17:48 . 2013-04-25 17:48	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2013-04-23 19:09 . 2013-04-12 14:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-11 01:18 . 2013-04-11 01:18	384800	----a-w-	c:\windows\system32\drivers\avgtdia.sys
2013-04-10 21:37 . 2013-02-19 11:42	2706432	----a-w-	c:\windows\system32\mshtml.tlb
2013-04-10 21:37 . 2013-02-21 10:30	217600	----a-w-	c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-04-10 21:37 . 2013-02-21 10:29	257536	----a-w-	c:\program files (x86)\Internet Explorer\ieproxy.dll
2013-04-10 21:37 . 2013-02-21 10:15	51712	----a-w-	c:\windows\system32\ie4uinit.exe
2013-04-10 21:37 . 2013-02-21 10:14	278528	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2013-04-10 21:37 . 2013-02-21 10:14	526336	----a-w-	c:\windows\system32\ieui.dll
2013-04-10 21:37 . 2013-02-21 10:14	356352	----a-w-	c:\program files\Internet Explorer\IEShims.dll
2013-04-10 21:37 . 2013-02-21 10:14	701952	----a-w-	c:\program files\Internet Explorer\ieproxy.dll
2013-04-10 21:37 . 2013-02-19 12:01	2706432	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-04-10 10:13 . 2013-02-15 06:06	3717632	----a-w-	c:\windows\system32\mstscax.dll
2013-04-10 10:13 . 2013-02-15 06:08	44032	----a-w-	c:\windows\system32\tsgqec.dll
2013-04-10 10:13 . 2013-02-15 06:02	158720	----a-w-	c:\windows\system32\aaclient.dll
2013-04-10 10:13 . 2013-02-15 04:37	3217408	----a-w-	c:\windows\SysWow64\mstscax.dll
2013-04-10 10:13 . 2013-02-15 04:34	131584	----a-w-	c:\windows\SysWow64\aaclient.dll
2013-04-10 10:13 . 2013-02-15 03:25	36864	----a-w-	c:\windows\SysWow64\tsgqec.dll
2013-04-10 10:13 . 2013-03-01 03:36	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-04-10 10:12 . 2013-01-24 06:01	223752	----a-w-	c:\windows\system32\drivers\fvevol.sys
2013-04-10 10:12 . 2013-03-19 06:04	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-04-10 10:12 . 2013-03-19 05:04	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 10:12 . 2013-03-19 05:46	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-04-10 10:12 . 2013-03-19 05:04	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 10:12 . 2013-03-19 04:47	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-04-10 10:12 . 2013-03-19 03:06	112640	----a-w-	c:\windows\system32\smss.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-29 18:31 . 2011-07-08 13:35	353576	----a-w-	c:\windows\SysWow64\msvcr71.dll
2013-04-29 18:31 . 2011-07-08 13:35	29480	----a-w-	c:\windows\SysWow64\msxml3a.dll
2013-04-29 18:31 . 2011-07-08 13:35	505128	----a-w-	c:\windows\SysWow64\msvcp71.dll
2013-04-22 15:29 . 2012-04-01 18:03	691592	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-22 15:29 . 2012-03-25 11:30	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-10 21:37 . 2012-03-26 09:17	72702784	----a-w-	c:\windows\system32\MRT.exe
2013-03-29 02:02 . 2013-03-29 02:02	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-29 02:02 . 2013-03-29 02:02	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-03-29 02:02 . 2013-03-29 02:02	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-03-29 02:02 . 2013-03-29 02:02	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-03-29 02:02 . 2013-03-29 02:02	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-03-29 02:02 . 2013-03-29 02:02	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-03-29 02:02 . 2013-03-29 02:02	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-03-29 02:02 . 2013-03-29 02:02	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-03-29 02:02 . 2013-03-29 02:02	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-03-29 02:02 . 2013-03-29 02:02	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-03-29 02:02 . 2013-03-29 02:02	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-03-29 02:02 . 2013-03-29 02:02	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-03-29 02:02 . 2013-03-29 02:02	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-29 02:02 . 2013-03-29 02:02	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-03-29 02:02 . 2013-03-29 02:02	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-03-29 02:02 . 2013-03-29 02:02	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-03-29 02:02 . 2013-03-29 02:02	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-03-29 02:02 . 2013-03-29 02:02	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-03-29 02:02 . 2013-03-29 02:02	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-03-29 02:02 . 2013-03-29 02:02	81408	----a-w-	c:\windows\system32\icardie.dll
2013-03-29 02:02 . 2013-03-29 02:02	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-03-29 02:02 . 2013-03-29 02:02	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-03-29 02:02 . 2013-03-29 02:02	441856	----a-w-	c:\windows\system32\html.iec
2013-03-29 02:02 . 2013-03-29 02:02	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-03-29 02:02 . 2013-03-29 02:02	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-03-29 02:02 . 2013-03-29 02:02	235008	----a-w-	c:\windows\system32\url.dll
2013-03-29 02:02 . 2013-03-29 02:02	216064	----a-w-	c:\windows\system32\msls31.dll
2013-03-29 02:02 . 2013-03-29 02:02	197120	----a-w-	c:\windows\system32\msrating.dll
2013-03-29 02:02 . 2013-03-29 02:02	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-03-29 02:02 . 2013-03-29 02:02	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-03-29 02:02 . 2013-03-29 02:02	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-03-29 02:02 . 2013-03-29 02:02	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-03-29 02:02 . 2013-03-29 02:02	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-03-29 02:02 . 2013-03-29 02:02	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-03-29 02:02 . 2013-03-29 02:02	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-03-29 02:02 . 2013-03-29 02:02	144896	----a-w-	c:\windows\system32\wextract.exe
2013-03-29 02:02 . 2013-03-29 02:02	102912	----a-w-	c:\windows\system32\inseng.dll
2013-03-29 02:02 . 2013-03-29 02:02	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-03-29 02:02 . 2013-03-29 02:02	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-03-29 02:02 . 2013-03-29 02:02	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-03-29 02:02 . 2013-03-29 02:02	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-03-29 02:02 . 2013-03-29 02:02	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-03-29 02:02 . 2013-03-29 02:02	149504	----a-w-	c:\windows\system32\occache.dll
2013-03-29 02:02 . 2013-03-29 02:02	13824	----a-w-	c:\windows\system32\mshta.exe
2013-03-29 02:02 . 2013-03-29 02:02	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-03-29 02:02 . 2013-03-29 02:02	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-03-29 02:02 . 2013-03-29 02:02	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-03-29 02:02 . 2013-03-29 02:02	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-03-29 02:02 . 2013-03-29 02:02	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-03-27 12:09 . 2013-03-27 12:09	526392	----a-w-	c:\windows\system32\drivers\sptd.sys
2013-03-15 05:53 . 2012-09-29 15:25	968408	----a-w-	c:\windows\SysWow64\nvumdshim.dll
2013-03-15 05:53 . 2012-09-29 15:25	2864144	----a-w-	c:\windows\system32\nvapi64.dll
2013-03-15 05:53 . 2012-09-29 15:25	250504	----a-w-	c:\windows\system32\nvinitx.dll
2013-03-15 05:53 . 2012-09-29 15:25	205184	----a-w-	c:\windows\SysWow64\nvinit.dll
2013-03-15 05:53 . 2012-09-29 15:25	15042928	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2013-03-15 05:53 . 2012-09-29 15:25	1118776	----a-w-	c:\windows\system32\nvumdshimx.dll
2013-03-14 20:07 . 2013-03-14 20:07	559904	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2013-03-13 07:29 . 2012-12-12 18:29	16486616	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-02-22 20:04 . 2013-02-22 20:04	419840	----a-w-	c:\windows\system32\wrap_oal.dll
2013-02-22 20:04 . 2013-02-22 20:04	413696	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2013-02-22 20:04 . 2013-02-22 20:04	133632	----a-w-	c:\windows\system32\OpenAL32.dll
2013-02-22 20:04 . 2013-02-22 20:04	110592	----a-w-	c:\windows\SysWow64\OpenAL32.dll
2013-02-12 05:45 . 2013-03-13 19:51	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 19:51	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 19:51	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 19:51	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 19:51	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 19:51	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-25 23:25	19968	----a-w-	c:\windows\system32\drivers\usb8023.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
c:\program files (x86)\IMinent Toolbar\tbcore3.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
2013-03-13 11:00	251288	----a-w-	c:\program files (x86)\Delta\delta\1.8.16.16\bh\delta.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{82E1477C-B154-48D3-9891-33D83C26BCD3}"= "c:\program files (x86)\Delta\delta\1.8.16.16\deltaTlbr.dll" [2013-03-13 325016]
"{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"= "c:\program files (x86)\IMinent Toolbar\tbcore3.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd]
.
[HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	130736	----a-w-	c:\users\xxxxx\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	130736	----a-w-	c:\users\xxxxx\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	130736	----a-w-	c:\users\xxxxx\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	130736	----a-w-	c:\users\xxxxx\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\xxxxx\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"SearchProtect"="c:\users\xxxxx\AppData\Roaming\SearchProtect\bin\cltmng.exe" [2013-04-11 2730784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2013-01-02 181360]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"dellsupportcenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"Iminent"="c:\program files (x86)\Iminent\Iminent.exe" [2013-04-25 1074736]
"IminentMessenger"="c:\program files (x86)\Iminent\Iminent.Messengers.exe" [2013-04-25 884784]
.
c:\users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\xxxxx\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-4-5 25863280]
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux8"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"IR_SERVER"=c:\progra~2\Realtek\REALTE~1\IR_SERVER.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2013/04/29 20:35;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2013-01-02 247328]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-11-11 172632]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [2011-01-31 121960]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [2009-10-05 44320]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2010-10-12 232680]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [2010-10-12 39528]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-18 1255736]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2013-03-15 30496]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2011-05-22 48992]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-11-08 307040]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2013-04-11 384800]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2013-03-15 284448]
S1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2013-05-09 65736]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-12-05 2321560]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-11-02 5174392]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 SProtection;SProtection;c:\program files (x86)\Common Files\Umbrella\umbrella.exe [2013-04-24 2795048]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-03-14 383264]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-12-10 127328]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-16 317440]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-13 29288]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - CLKMDRV10_9EC60124
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 15:29]
.
2013-05-09 c:\windows\Tasks\AmiUpdXp.job
- c:\users\Andree Bohlmann\AppData\Local\SwvUpdater\Updater.exe [2013-05-05 05:21]
.
2013-05-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]
.
2013-05-09 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	164016	----a-w-	c:\users\xxxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	164016	----a-w-	c:\users\xxxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	164016	----a-w-	c:\users\xxxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	164016	----a-w-	c:\users\xxxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-12 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-12 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-12 418840]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.iminent.com/?appId=DA0E3890-15E7-4586-ADD1-6616C27355A5
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
Trusted Zone: dell.com
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.0.1
DPF: {3A5EF8E2-34B2-4B01-962B-FF430245CCA4} - hxxp://192.168.0.102/IPCamPluginDM.cab
FF - ProfilePath - c:\users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\qbbxfhhi.default\
FF - ExtSQL: 2013-04-17 09:51; {1E73965B-8B48-48be-9C8D-68B920ABC1C4}; c:\program files (x86)\AVG\AVG2012\Firefox4
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
------- Dateityp-Verknüpfung -------
.
JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3978098729-3601256905-1607446451-1002\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:ba,c8,c9,6a,92,22,fa,b9,67,dc,0d,c1,31,5e,8f,a3,97,06,54,5f,ec,
   8b,79,25,4e,b9,0e,40,a8,de,c3,a3,6f,dc,dd,ff,8b,9e,d4,24,24,cc,5a,e4,8b,b8,\
"rkeysecu"=hex:a1,ed,50,7c,6d,ed,5f,67,a8,88,ed,e0,11,0c,60,c6
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-10  01:31:57
ComboFix-quarantined-files.txt  2013-05-09 23:31
ComboFix2.txt  2013-05-09 23:03
.
Vor Suchlauf: 20 Verzeichnis(se), 230.326.501.376 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 230.250.065.920 Bytes frei
.
- - End Of File - - CB670669E34BF30B425FF1FA8CBF8FF7
         
 --- --- ---


Moin

Ich hatte ganz übersehen, das ich noch den ADWCleaner vorgestern hatte 
laufen lassen. Hier die Logfiles
AdwCleaner Logfile:
 Code: 

 ATTFilter
 
 # AdwCleaner v2.114 - Datei am 08/03/2013 um 22:26:53 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : xxxxx - MYLAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\xxxxx\Downloads\AdwCleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gefunden : C:\user.js
Datei Gefunden : C:\Users\xxxxx\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gefunden : C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\detws85v.default\bprotector_extensions.sqlite
Datei Gefunden : C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\detws85v.default\bprotector_prefs.js
Datei Gefunden : C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\detws85v.default\searchplugins\MyStart Search.xml
Datei Gefunden : C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\detws85v.default\searchplugins\SweetIm.xml
Datei Gefunden : C:\Users\Public\Desktop\eBay.lnk
Ordner Gefunden : C:\Program Files (x86)\TornTV.com
Ordner Gefunden : C:\Program Files (x86)\Yontoo
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\BrowserProtect
Ordner Gefunden : C:\ProgramData\IBUpdaterService
Ordner Gefunden : C:\ProgramData\Tarma Installer
Ordner Gefunden : C:\Users\xxxxx\AppData\Local\Ilivid Player
Ordner Gefunden : C:\Users\xxxxx\AppData\LocalLow\BabylonToolbar
Ordner Gefunden : C:\Users\xxxxx\AppData\LocalLow\incredibar.com
Ordner Gefunden : C:\Users\xxxxx\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\xxxxx\AppData\Roaming\eType
Ordner Gefunden : C:\Users\xxxxx\AppData\Roaming\Media Finder
Ordner Gefunden : C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Ordner Gefunden : C:\Users\xxxxx\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Ordner Gefunden : C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\detws85v.default\jetpack
Ordner Gefunden : C:\Users\xxxxx\AppData\Local\Temp\AskSearch
Ordner Gefunden : C:\Users\xxxxx\AppData\Local\Temp\BabylonToolbar
Ordner Gefunden : C:\Users\xxxxx\AppData\Local\Temp\OCS

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\1ClickDownload
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Cr_Installer
Schlüssel Gefunden : HKCU\Software\delta LTD
Schlüssel Gefunden : HKCU\Software\IM
Schlüssel Gefunden : HKCU\Software\ImInstaller
Schlüssel Gefunden : HKCU\Software\MediaFinder
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\a53dcd8b335b842
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gefunden : HKLM\Software\AVG Secure Search
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\Software\BabylonToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\IB Updater
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\a53dcd8b335b842
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Schlüssel Gefunden : HKLM\SOFTWARE\Tarma Installer
Schlüssel Gefunden : HKU\S-1-5-21-3978098729-3601256905-1607446451-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKU\S-1-5-21-3978098729-3601256905-1607446451-1002\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb128?a=6OySNXAGth&i=26
[HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=ae2179d30000000000008ca982b3ea11

-\\ Mozilla Firefox v19.0.2 (de)

Datei : C:\Users\Andree Bohlmann\AppData\Roaming\Mozilla\Firefox\Profiles\detws85v.default\prefs.js

Gefunden : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Gefunden : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gefunden : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111015");
Gefunden : user_pref("extensions.BabylonToolbar_i.hardId", "ae2179d30000000000008ca982b3ea11");
Gefunden : user_pref("extensions.BabylonToolbar_i.id", "ae2179d30000000000008ca982b3ea11");
Gefunden : user_pref("extensions.BabylonToolbar_i.instlDay", "15431");
Gefunden : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Gefunden : user_pref("extensions.BabylonToolbar_i.newTab", false);
Gefunden : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119776&babsrc[...]
Gefunden : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Gefunden : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Gefunden : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gefunden : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gefunden : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Gefunden : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Gefunden : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1718:35:15");
Gefunden : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Gefunden : user_pref("extensions.incredibar_i.aflt", "orgnl");
Gefunden : user_pref("extensions.incredibar_i.dfltLng", "");
Gefunden : user_pref("extensions.incredibar_i.did", "10674");
Gefunden : user_pref("extensions.incredibar_i.excTlbr", false);
Gefunden : user_pref("extensions.incredibar_i.id", "ae2179d30000000000008ca982b3ea11");
Gefunden : user_pref("extensions.incredibar_i.installerproductid", "26");
Gefunden : user_pref("extensions.incredibar_i.instlDay", "15644");
Gefunden : user_pref("extensions.incredibar_i.instlRef", "");
Gefunden : user_pref("extensions.incredibar_i.ms_url_id", "");
Gefunden : user_pref("extensions.incredibar_i.newTab", false);
Gefunden : user_pref("extensions.incredibar_i.ppd", "");
Gefunden : user_pref("extensions.incredibar_i.prdct", "incredibar");
Gefunden : user_pref("extensions.incredibar_i.productid", "26");
Gefunden : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Gefunden : user_pref("extensions.incredibar_i.smplGrp", "none");
Gefunden : user_pref("extensions.incredibar_i.tlbrId", "base");
Gefunden : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OySNXAGth&loc=IB[...]
Gefunden : user_pref("extensions.incredibar_i.upn2", "6OySNXAGth");
Gefunden : user_pref("extensions.incredibar_i.upn2n", "92262372437214383");
Gefunden : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Gefunden : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1420:30:20");
Gefunden : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Gefunden : user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers");
Gefunden : user_pref("extentions.y2layers.installId", "108ab0df-66df-4a8a-8d0a-a97e99fd59b5");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\xxxxx\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [15147 octets] - [08/03/2013 22:26:53]

########## EOF - C:\AdwCleaner[R1].txt - [15208 octets] ##########
         
 --- --- ---


AdwCleaner Logfile:
 Code: 

 ATTFilter
 
 # AdwCleaner v2.114 - Datei am 08/03/2013 um 22:27:52 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : xxxxx - MYLAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\xxxxx\Downloads\AdwCleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\xxxxx\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gelöscht : C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\detws85v.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\detws85v.default\bprotector_prefs.js
Datei Gelöscht : C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\detws85v.default\searchplugins\MyStart Search.xml
Datei Gelöscht : C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\detws85v.default\searchplugins\SweetIm.xml
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Ordner Gelöscht : C:\Program Files (x86)\TornTV.com
Ordner Gelöscht : C:\Program Files (x86)\Yontoo
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\ProgramData\IBUpdaterService
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\xxxxx\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\xxxxx\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\xxxxx\AppData\LocalLow\incredibar.com
Ordner Gelöscht : C:\Users\xxxxx\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\xxxxx\AppData\Roaming\eType
Ordner Gelöscht : C:\Users\xxxxx\AppData\Roaming\Media Finder
Ordner Gelöscht : C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Ordner Gelöscht : C:\Users\xxxxx\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Ordner Gelöscht : C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\detws85v.default\jetpack
Ordner Gelöscht : C:\Users\xxxxx\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\xxxxx\AppData\Local\Temp\BabylonToolbar
Ordner Gelöscht : C:\Users\xxxxx\AppData\Local\Temp\OCS

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Cr_Installer
Schlüssel Gelöscht : HKCU\Software\delta LTD
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\MediaFinder
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\a53dcd8b335b842
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\IB Updater
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\a53dcd8b335b842
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb128?a=6OySNXAGth&i=26 --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0.2 (de)

Datei : C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\detws85v.default\prefs.js

C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\detws85v.default\user.js ... Gelöscht !

Gelöscht : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111015");
Gelöscht : user_pref("extensions.BabylonToolbar_i.hardId", "ae2179d30000000000008ca982b3ea11");
Gelöscht : user_pref("extensions.BabylonToolbar_i.id", "ae2179d30000000000008ca982b3ea11");
Gelöscht : user_pref("extensions.BabylonToolbar_i.instlDay", "15431");
Gelöscht : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", false);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119776&babsrc[...]
Gelöscht : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1718:35:15");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Gelöscht : user_pref("extensions.incredibar_i.aflt", "orgnl");
Gelöscht : user_pref("extensions.incredibar_i.dfltLng", "");
Gelöscht : user_pref("extensions.incredibar_i.did", "10674");
Gelöscht : user_pref("extensions.incredibar_i.excTlbr", false);
Gelöscht : user_pref("extensions.incredibar_i.id", "ae2179d30000000000008ca982b3ea11");
Gelöscht : user_pref("extensions.incredibar_i.installerproductid", "26");
Gelöscht : user_pref("extensions.incredibar_i.instlDay", "15644");
Gelöscht : user_pref("extensions.incredibar_i.instlRef", "");
Gelöscht : user_pref("extensions.incredibar_i.ms_url_id", "");
Gelöscht : user_pref("extensions.incredibar_i.newTab", false);
Gelöscht : user_pref("extensions.incredibar_i.ppd", "");
Gelöscht : user_pref("extensions.incredibar_i.prdct", "incredibar");
Gelöscht : user_pref("extensions.incredibar_i.productid", "26");
Gelöscht : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Gelöscht : user_pref("extensions.incredibar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.incredibar_i.tlbrId", "base");
Gelöscht : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OySNXAGth&loc=IB[...]
Gelöscht : user_pref("extensions.incredibar_i.upn2", "6OySNXAGth");
Gelöscht : user_pref("extensions.incredibar_i.upn2n", "92262372437214383");
Gelöscht : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Gelöscht : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1420:30:20");
Gelöscht : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Gelöscht : user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers");
Gelöscht : user_pref("extentions.y2layers.installId", "108ab0df-66df-4a8a-8d0a-a97e99fd59b5");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\xxxxx\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [15230 octets] - [08/03/2013 22:26:53]
AdwCleaner[S1].txt - [14764 octets] - [08/03/2013 22:27:52]

########## EOF - C:\AdwCleaner[S1].txt - [14825 octets] ##########
         
 --- --- ---

cosinus · 10.05.2013, 19:32

Rootkitscan mit GMER

Bitte lade dir

GMER herunter: (Dateiname zufällig)

Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?

Unbedingt auf "No" klicken.
Entferne rechts den Haken bei: IAT/EAT und Show All
Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
Starte den Scan mit "Scan".
Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Tauchen Probleme auf?

Probiere alternativ den abgesicherten Modus.
Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.

Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Bohli74 · 10.05.2013, 21:08

Mbar erfolgreich durchgeführt.
Beim ersten Durchlauf 12 Schädlinge entdeckt und beseitigt.
Beim zweiten keine mehr entdeckt!

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.10.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
xxxxx :: MYLAPTOP [administrator]

10.05.2013 21:39:30
mbar-log-2013-05-10 (21-39-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29304
Time elapsed: 15 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 10
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\Updater.AmiUpd.1 (PUP.Software.Updater) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\Updater.AmiUpd (PUP.Software.Updater) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd (PUP.Software.Updater) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd.1 (PUP.Software.Updater) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
c:\Users\xxxxx\AppData\Local\SwvUpdater\Updater.exe (PUP.Software.Updater) -> Delete on reboot.
c:\WINDOWS\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Delete on reboot.

(end)

cosinus · 10.05.2013, 21:57

Was ist mit GMER?

Bohli74 · 11.05.2013, 00:17

Sorry, hier ist es:

GMER Logfile:

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-10 21:21:20
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.0001 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\xxxxx\AppData\Local\Temp\pgtiypow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                                   fffff800033aa000 63 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 624                                                                                   fffff800033aa040 1 byte [01]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\AVG\AVG2012\avgfws.exe[2352] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                          0000000076ef1465 2 bytes [EF, 76]
.text     C:\Program Files (x86)\AVG\AVG2012\avgfws.exe[2352] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                         0000000076ef14bb 2 bytes [EF, 76]
.text     ...                                                                                                                                                  * 2
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                       0000000076ef1465 2 bytes [EF, 76]
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                      0000000076ef14bb 2 bytes [EF, 76]
.text     ...                                                                                                                                                  * 2
.text     C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe[2864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                              0000000076ef1465 2 bytes [EF, 76]
.text     C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe[2864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                             0000000076ef14bb 2 bytes [EF, 76]
.text     ...                                                                                                                                                  * 2
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[4380] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA                                  0000000077021429 7 bytes JMP 00000001714412ad
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[4380] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW                         000000007703b223 5 bytes JMP 00000001714415be
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[4380] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx                         00000000770b88f4 7 bytes JMP 0000000171441357
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[4380] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation                         00000000770b8979 5 bytes JMP 00000001714416e0
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[4380] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW                           00000000770b8ccf 5 bytes JMP 0000000171441028
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[4380] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                              0000000076cb1d1b 5 bytes JMP 00000001714411ef
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[4380] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                            0000000076cb1dc9 5 bytes JMP 0000000171441023
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[4380] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                0000000076cb2aa4 5 bytes JMP 000000017144156e
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[4380] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                   0000000076cb2d0a 5 bytes JMP 0000000171441294
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[4380] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                           000000007723e9a2 5 bytes JMP 00000001714415d7
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[4380] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                             000000007723ebdc 5 bytes JMP 00000001714411b8
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[4380] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                   0000000076e08a29 5 bytes JMP 0000000171441050
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[4380] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                               0000000076e14572 5 bytes JMP 00000001714410d2
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[4380] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                  0000000076575ea5 5 bytes JMP 0000000171441609
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[4380] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                   00000000765a9d0b 5 bytes JMP 0000000171441249
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[4380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                          0000000076ef1465 2 bytes [EF, 76]
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[4380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                         0000000076ef14bb 2 bytes [EF, 76]
.text     ...                                                                                                                                                  * 2
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4712] C:\Windows\syswow64\kernel32.dll!RegSetValueExA           0000000077021429 7 bytes JMP 00000001714412ad
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4712] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW  000000007703b223 5 bytes JMP 00000001714415be
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4712] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx  00000000770b88f4 7 bytes JMP 0000000171441357
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4712] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation  00000000770b8979 5 bytes JMP 00000001714416e0
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4712] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW    00000000770b8ccf 5 bytes JMP 0000000171441028
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4712] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW       0000000076cb1d1b 5 bytes JMP 00000001714411ef
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4712] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW     0000000076cb1dc9 5 bytes JMP 0000000171441023
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4712] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW         0000000076cb2aa4 5 bytes JMP 000000017144156e
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4712] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary            0000000076cb2d0a 5 bytes JMP 0000000171441294
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4712] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList    000000007723e9a2 5 bytes JMP 00000001714415d7
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4712] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo      000000007723ebdc 5 bytes JMP 00000001714411b8
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4712] C:\Windows\syswow64\USER32.dll!CreateWindowExW            0000000076e08a29 5 bytes JMP 0000000171441050
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4712] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA        0000000076e14572 5 bytes JMP 00000001714410d2
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4712] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket           0000000076575ea5 5 bytes JMP 0000000171441609
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4712] C:\Windows\syswow64\ole32.dll!CoCreateInstance            00000000765a9d0b 5 bytes JMP 0000000171441249
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4800] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA                0000000077021429 7 bytes JMP 00000001714412ad
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4800] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW       000000007703b223 5 bytes JMP 00000001714415be
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4800] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx       00000000770b88f4 7 bytes JMP 0000000171441357
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4800] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation       00000000770b8979 5 bytes JMP 00000001714416e0
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4800] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW         00000000770b8ccf 5 bytes JMP 0000000171441028
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4800] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW            0000000076cb1d1b 5 bytes JMP 00000001714411ef
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4800] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW          0000000076cb1dc9 5 bytes JMP 0000000171441023
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4800] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW              0000000076cb2aa4 5 bytes JMP 000000017144156e
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4800] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                 0000000076cb2d0a 5 bytes JMP 0000000171441294
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4800] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList         000000007723e9a2 5 bytes JMP 00000001714415d7
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4800] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo           000000007723ebdc 5 bytes JMP 00000001714411b8
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4800] C:\Windows\syswow64\USER32.dll!CreateWindowExW                 0000000076e08a29 5 bytes JMP 0000000171441050
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4800] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA             0000000076e14572 5 bytes JMP 00000001714410d2
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4800] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                0000000076575ea5 5 bytes JMP 0000000171441609
.text     C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4800] C:\Windows\syswow64\ole32.dll!CoCreateInstance                 00000000765a9d0b 5 bytes JMP 0000000171441249
.text     C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4604] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                   0000000077021429 7 bytes JMP 00000001714412ad
.text     C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4604] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW          000000007703b223 5 bytes JMP 00000001714415be
.text     C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4604] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx          00000000770b88f4 7 bytes JMP 0000000171441357
.text     C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4604] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation          00000000770b8979 5 bytes JMP 00000001714416e0
.text     C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4604] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW            00000000770b8ccf 5 bytes JMP 0000000171441028
.text     C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4604] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW               0000000076cb1d1b 5 bytes JMP 00000001714411ef
.text     C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4604] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW             0000000076cb1dc9 5 bytes JMP 0000000171441023
.text     C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4604] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                 0000000076cb2aa4 5 bytes JMP 000000017144156e
.text     C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4604] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                    0000000076cb2d0a 5 bytes JMP 0000000171441294
.text     C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4604] C:\Windows\syswow64\USER32.dll!CreateWindowExW                    0000000076e08a29 5 bytes JMP 0000000171441050
.text     C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4604] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                0000000076e14572 5 bytes JMP 00000001714410d2
.text     C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4604] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList            000000007723e9a2 5 bytes JMP 00000001714415d7
.text     C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4604] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo              000000007723ebdc 5 bytes JMP 00000001714411b8
.text     C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4604] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                   0000000076575ea5 5 bytes JMP 0000000171441609
.text     C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4604] C:\Windows\syswow64\ole32.dll!CoCreateInstance                    00000000765a9d0b 5 bytes JMP 0000000171441249
.text     C:\Users\xxxxx\AppData\Local\Akamai\netsession_win.exe[5276] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                               0000000077021429 7 bytes JMP 00000001714412ad
.text     C:\Users\xxxxx\AppData\Local\Akamai\netsession_win.exe[5276] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                      000000007703b223 5 bytes JMP 00000001714415be
.text     C:\Users\xxxxx\AppData\Local\Akamai\netsession_win.exe[5276] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                      00000000770b88f4 7 bytes JMP 0000000171441357
.text     C:\Users\xxxxx\AppData\Local\Akamai\netsession_win.exe[5276] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                      00000000770b8979 5 bytes JMP 00000001714416e0
.text     C:\Users\xxxxx\AppData\Local\Akamai\netsession_win.exe[5276] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                        00000000770b8ccf 5 bytes JMP 0000000171441028
.text     C:\Users\xxxxx\AppData\Local\Akamai\netsession_win.exe[5276] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                           0000000076cb1d1b 5 bytes JMP 00000001714411ef
.text     C:\Users\xxxxx\AppData\Local\Akamai\netsession_win.exe[5276] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                         0000000076cb1dc9 5 bytes JMP 0000000171441023
.text     C:\Users\xxxxx\AppData\Local\Akamai\netsession_win.exe[5276] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                             0000000076cb2aa4 5 bytes JMP 000000017144156e
.text     C:\Users\xxxxx\AppData\Local\Akamai\netsession_win.exe[5276] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                0000000076cb2d0a 5 bytes JMP 0000000171441294
.text     C:\Users\xxxxx\AppData\Local\Akamai\netsession_win.exe[5276] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                0000000076e08a29 5 bytes JMP 0000000171441050
.text     C:\Users\xxxxx\AppData\Local\Akamai\netsession_win.exe[5276] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                            0000000076e14572 5 bytes JMP 00000001714410d2
.text     C:\Users\xxxxx\AppData\Local\Akamai\netsession_win.exe[5276] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                        000000007723e9a2 5 bytes JMP 00000001714415d7
.text     C:\Users\xxxxx\AppData\Local\Akamai\netsession_win.exe[5276] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                          000000007723ebdc 5 bytes JMP 00000001714411b8
.text     C:\Users\xxxxx\AppData\Local\Akamai\netsession_win.exe[5276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                       0000000076ef1465 2 bytes [EF, 76]
.text     C:\Users\xxxxx\AppData\Local\Akamai\netsession_win.exe[5276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                      0000000076ef14bb 2 bytes [EF, 76]
.text     ...                                                                                                                                                  * 2
.text     C:\Users\xxxxx\AppData\Local\Akamai\netsession_win.exe[5276] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                               0000000076575ea5 5 bytes JMP 0000000171441609
.text     C:\Users\xxxxx\AppData\Local\Akamai\netsession_win.exe[5276] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                00000000765a9d0b 5 bytes JMP 0000000171441249
.text     C:\Users\xxxxx\AppData\Roaming\SearchProtect\bin\cltmng.exe[5284] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                          0000000077021429 7 bytes JMP 00000001714412ad
.text     C:\Users\xxxxx\AppData\Roaming\SearchProtect\bin\cltmng.exe[5284] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                 000000007703b223 5 bytes JMP 00000001714415be
.text     C:\Users\xxxxx\AppData\Roaming\SearchProtect\bin\cltmng.exe[5284] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                 00000000770b88f4 7 bytes JMP 0000000171441357
.text     C:\Users\xxxxx\AppData\Roaming\SearchProtect\bin\cltmng.exe[5284] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                 00000000770b8979 5 bytes JMP 00000001714416e0
.text     C:\Users\xxxxx\AppData\Roaming\SearchProtect\bin\cltmng.exe[5284] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                   00000000770b8ccf 5 bytes JMP 0000000171441028
.text     C:\Users\xxxxx\AppData\Roaming\SearchProtect\bin\cltmng.exe[5284] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                      0000000076cb1d1b 5 bytes JMP 00000001714411ef
.text     C:\Users\xxxxx\AppData\Roaming\SearchProtect\bin\cltmng.exe[5284] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                    0000000076cb1dc9 5 bytes JMP 0000000171441023
.text     C:\Users\xxxxx\AppData\Roaming\SearchProtect\bin\cltmng.exe[5284] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                        0000000076cb2aa4 5 bytes JMP 000000017144156e
.text     C:\Users\xxxxx\AppData\Roaming\SearchProtect\bin\cltmng.exe[5284] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                           0000000076cb2d0a 5 bytes JMP 0000000171441294
.text     C:\Users\xxxxx\AppData\Roaming\SearchProtect\bin\cltmng.exe[5284] C:\Windows\syswow64\USER32.dll!CreateWindowExW                           0000000076e08a29 5 bytes JMP 0000000171441050
.text     C:\Users\xxxxx\AppData\Roaming\SearchProtect\bin\cltmng.exe[5284] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                       0000000076e14572 5 bytes JMP 00000001714410d2
.text     C:\Users\xxxxx\AppData\Roaming\SearchProtect\bin\cltmng.exe[5284] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                   000000007723e9a2 5 bytes JMP 00000001714415d7
.text     C:\Users\xxxxx\AppData\Roaming\SearchProtect\bin\cltmng.exe[5284] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                     000000007723ebdc 5 bytes JMP 00000001714411b8
.text     C:\Users\xxxxx\AppData\Roaming\SearchProtect\bin\cltmng.exe[5284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  0000000076ef1465 2 bytes [EF, 76]
.text     C:\Users\xxxxx\AppData\Roaming\SearchProtect\bin\cltmng.exe[5284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                 0000000076ef14bb 2 bytes [EF, 76]
.text     ...                                                                                                                                                  * 2
.text     C:\Users\xxxxx\AppData\Roaming\Dropbox\bin\Dropbox.exe[5304] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                               0000000077021429 7 bytes JMP 00000001714412ad
.text     C:\Users\xxxxx\AppData\Roaming\Dropbox\bin\Dropbox.exe[5304] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                      000000007703b223 5 bytes JMP 00000001714415be
.text     C:\Users\xxxxx\AppData\Roaming\Dropbox\bin\Dropbox.exe[5304] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                      00000000770b88f4 7 bytes JMP 0000000171441357
.text     C:\Users\xxxxx\AppData\Roaming\Dropbox\bin\Dropbox.exe[5304] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                      00000000770b8979 5 bytes JMP 00000001714416e0
.text     C:\Users\xxxxx\AppData\Roaming\Dropbox\bin\Dropbox.exe[5304] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                        00000000770b8ccf 5 bytes JMP 0000000171441028
.text     C:\Users\xxxxx\AppData\Roaming\Dropbox\bin\Dropbox.exe[5304] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                           0000000076cb1d1b 5 bytes JMP 00000001714411ef
.text     C:\Users\xxxxx\AppData\Roaming\Dropbox\bin\Dropbox.exe[5304] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                         0000000076cb1dc9 5 bytes JMP 0000000171441023
.text     C:\Users\xxxxx\AppData\Roaming\Dropbox\bin\Dropbox.exe[5304] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                             0000000076cb2aa4 5 bytes JMP 000000017144156e
.text     C:\Users\xxxxx\AppData\Roaming\Dropbox\bin\Dropbox.exe[5304] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                0000000076cb2d0a 5 bytes JMP 0000000171441294
.text     C:\Users\xxxxx\AppData\Roaming\Dropbox\bin\Dropbox.exe[5304] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                0000000076e08a29 5 bytes JMP 0000000171441050
.text     C:\Users\xxxxx\AppData\Roaming\Dropbox\bin\Dropbox.exe[5304] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                            0000000076e14572 5 bytes JMP 00000001714410d2
.text     C:\Users\xxxxx\AppData\Roaming\Dropbox\bin\Dropbox.exe[5304] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                        000000007723e9a2 5 bytes JMP 00000001714415d7
.text     C:\Users\xxxxx\AppData\Roaming\Dropbox\bin\Dropbox.exe[5304] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                          000000007723ebdc 5 bytes JMP 00000001714411b8
.text     C:\Users\xxxxx\AppData\Roaming\Dropbox\bin\Dropbox.exe[5304] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                               0000000076575ea5 5 bytes JMP 0000000171441609
.text     C:\Users\xxxxx\AppData\Roaming\Dropbox\bin\Dropbox.exe[5304] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                00000000765a9d0b 5 bytes JMP 0000000171441249
.text     C:\Users\xxxxx\AppData\Roaming\Dropbox\bin\Dropbox.exe[5304] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69                       0000000076ef1465 2 bytes [EF, 76]
.text     C:\Users\xxxxx\AppData\Roaming\Dropbox\bin\Dropbox.exe[5304] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155                      0000000076ef14bb 2 bytes [EF, 76]
.text     ...                                                                                                                                                  * 2
.text     C:\Users\xxxxx\AppData\Local\Akamai\netsession_win.exe[5316] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                               0000000077021429 7 bytes JMP 00000001714412ad
.text     C:\Users\xxxxx\AppData\Local\Akamai\netsession_win.exe[5316] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                      000000007703b223 5 bytes JMP 00000001714415be
.text     C:\Users\xxxxx\AppData\Local\Akamai\netsession_win.exe[5316] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                      00000000770b88f4 7 bytes JMP 0000000171441357
.text     C:\Users\xxxxx\AppData\Local\Akamai\netsession_win.exe[5316] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                      00000000770b8979 5 bytes JMP 00000001714416e0
.text     C:\Users\xxxxx\AppData\Local\Akamai\netsession_win.exe[5316] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                        00000000770b8ccf 5 bytes JMP 0000000171441028
.text     C:\Users\xxxxx\AppData\Local\Akamai\netsession_win.exe[5316] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                           0000000076cb1d1b 5 bytes JMP 00000001714411ef
.text     C:\Users\xxxxx\AppData\Local\Akamai\netsession_win.exe[5316] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                         0000000076cb1dc9 5 bytes JMP 0000000171441023
.text     C:\Users\xxxxx\AppData\Local\Akamai\netsession_win.exe[5316] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                             0000000076cb2aa4 5 bytes JMP 000000017144156e
.text     C:\Users\xxxxx\AppData\Local\Akamai\netsession_win.exe[5316] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                0000000076cb2d0a 5 bytes JMP 0000000171441294
.text     C:\Users\xxxxx\AppData\Local\Akamai\netsession_win.exe[5316] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                0000000076e08a29 5 bytes JMP 0000000171441050
.text     C:\Users\xxxxx\AppData\Local\Akamai\netsession_win.exe[5316] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                            0000000076e14572 5 bytes JMP 00000001714410d2
.text     C:\Users\xxxxx\AppData\Local\Akamai\netsession_win.exe[5316] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                        000000007723e9a2 5 bytes JMP 00000001714415d7
.text     C:\Users\xxxxx\AppData\Local\Akamai\netsession_win.exe[5316] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                          000000007723ebdc 5 bytes JMP 00000001714411b8
.text     C:\Users\xxxxx\AppData\Local\Akamai\netsession_win.exe[5316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                       0000000076ef1465 2 bytes [EF, 76]
.text     C:\Users\xxxxx\AppData\Local\Akamai\netsession_win.exe[5316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                      0000000076ef14bb 2 bytes [EF, 76]
.text     ...                                                                                                                                                  * 2
.text     C:\Users\xxxxx\AppData\Local\Akamai\netsession_win.exe[5316] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                               0000000076575ea5 5 bytes JMP 0000000171441609
.text     C:\Users\xxxxx\AppData\Local\Akamai\netsession_win.exe[5316] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                00000000765a9d0b 5 bytes JMP 0000000171441249
.text     C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5392] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                          0000000077021429 7 bytes JMP 00000001714412ad
.text     C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5392] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                 000000007703b223 5 bytes JMP 00000001714415be
.text     C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5392] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                 00000000770b88f4 7 bytes JMP 0000000171441357
.text     C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5392] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                 00000000770b8979 5 bytes JMP 00000001714416e0
.text     C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5392] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                   00000000770b8ccf 5 bytes JMP 0000000171441028
.text     C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5392] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                      0000000076cb1d1b 5 bytes JMP 00000001714411ef
.text     C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5392] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                    0000000076cb1dc9 5 bytes JMP 0000000171441023
.text     C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5392] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                        0000000076cb2aa4 5 bytes JMP 000000017144156e
.text     C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5392] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                           0000000076cb2d0a 5 bytes JMP 0000000171441294
.text     C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5392] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                           0000000076e08a29 5 bytes JMP 0000000171441050
.text     C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5392] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                       0000000076e14572 5 bytes JMP 00000001714410d2
.text     C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5392] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                   000000007723e9a2 5 bytes JMP 00000001714415d7
.text     C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5392] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                     000000007723ebdc 5 bytes JMP 00000001714411b8
.text     C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5392] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                          0000000076575ea5 5 bytes JMP 0000000171441609
.text     C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[5392] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                           00000000765a9d0b 5 bytes JMP 0000000171441249
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5460] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                              0000000077021429 7 bytes JMP 00000001714412ad
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5460] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                     000000007703b223 5 bytes JMP 00000001714415be
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5460] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                     00000000770b88f4 7 bytes JMP 0000000171441357
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5460] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                     00000000770b8979 5 bytes JMP 00000001714416e0
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5460] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                       00000000770b8ccf 5 bytes JMP 0000000171441028
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5460] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                          0000000076cb1d1b 5 bytes JMP 00000001714411ef
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5460] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                        0000000076cb1dc9 5 bytes JMP 0000000171441023
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5460] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                            0000000076cb2aa4 5 bytes JMP 000000017144156e
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5460] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                               0000000076cb2d0a 5 bytes JMP 0000000171441294
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5460] C:\Windows\syswow64\USER32.dll!CreateWindowExW                               0000000076e08a29 5 bytes JMP 0000000171441050
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5460] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                           0000000076e14572 5 bytes JMP 00000001714410d2
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5460] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                       000000007723e9a2 5 bytes JMP 00000001714415d7
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5460] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                         000000007723ebdc 5 bytes JMP 00000001714411b8
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5460] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                              0000000076575ea5 5 bytes JMP 0000000171441609
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5460] C:\Windows\syswow64\ole32.dll!CoCreateInstance                               00000000765a9d0b 5 bytes JMP 0000000171441249
.text     C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5484] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                         0000000077021429 7 bytes JMP 00000001714412ad
.text     C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5484] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                000000007703b223 5 bytes JMP 00000001714415be
.text     C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5484] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                00000000770b88f4 7 bytes JMP 0000000171441357
.text     C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5484] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                00000000770b8979 5 bytes JMP 00000001714416e0
.text     C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5484] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                  00000000770b8ccf 5 bytes JMP 0000000171441028
.text     C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5484] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                     0000000076cb1d1b 5 bytes JMP 00000001714411ef
.text     C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5484] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                   0000000076cb1dc9 5 bytes JMP 0000000171441023
.text     C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5484] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                       0000000076cb2aa4 5 bytes JMP 000000017144156e
.text     C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5484] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                          0000000076cb2d0a 5 bytes JMP 0000000171441294
.text     C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5484] C:\Windows\syswow64\USER32.dll!CreateWindowExW                          0000000076e08a29 5 bytes JMP 0000000171441050
.text     C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5484] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                      0000000076e14572 5 bytes JMP 00000001714410d2
.text     C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5484] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                  000000007723e9a2 5 bytes JMP 00000001714415d7
.text     C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5484] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                    000000007723ebdc 5 bytes JMP 00000001714411b8
.text     C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5484] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                         0000000076575ea5 5 bytes JMP 0000000171441609
.text     C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5484] C:\Windows\syswow64\ole32.dll!CoCreateInstance                          00000000765a9d0b 5 bytes JMP 0000000171441249
.text     C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe[5520] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                     0000000077021429 7 bytes JMP 00000001714412ad
.text     C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe[5520] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                            000000007703b223 5 bytes JMP 00000001714415be
.text     C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe[5520] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                            00000000770b88f4 7 bytes JMP 0000000171441357
.text     C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe[5520] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                            00000000770b8979 5 bytes JMP 00000001714416e0
.text     C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe[5520] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                              00000000770b8ccf 5 bytes JMP 0000000171441028
.text     C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5620] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                          0000000077021429 7 bytes JMP 00000001714412ad
.text     C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5620] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                 000000007703b223 5 bytes JMP 00000001714415be
.text     C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5620] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                 00000000770b88f4 7 bytes JMP 0000000171441357
.text     C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5620] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                 00000000770b8979 5 bytes JMP 00000001714416e0
.text     C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5620] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                   00000000770b8ccf 5 bytes JMP 0000000171441028
.text     C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5620] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                      0000000076cb1d1b 5 bytes JMP 00000001714411ef
.text     C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5620] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                    0000000076cb1dc9 5 bytes JMP 0000000171441023
.text     C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5620] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                        0000000076cb2aa4 5 bytes JMP 000000017144156e
.text     C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5620] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                           0000000076cb2d0a 5 bytes JMP 0000000171441294
.text     C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5620] C:\Windows\syswow64\USER32.dll!CreateWindowExW                           0000000076e08a29 5 bytes JMP 0000000171441050
.text     C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5620] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                       0000000076e14572 5 bytes JMP 00000001714410d2
.text     C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5620] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                   000000007723e9a2 5 bytes JMP 00000001714415d7
.text     C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5620] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                     000000007723ebdc 5 bytes JMP 00000001714411b8
.text     C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5620] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                          0000000076575ea5 5 bytes JMP 0000000171441609
.text     C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5620] C:\Windows\syswow64\ole32.dll!CoCreateInstance                           00000000765a9d0b 5 bytes JMP 0000000171441249
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe[5528] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                     0000000077021429 7 bytes JMP 00000001714412ad
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe[5528] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                            000000007703b223 5 bytes JMP 00000001714415be
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe[5528] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                            00000000770b88f4 7 bytes JMP 0000000171441357
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe[5528] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                            00000000770b8979 5 bytes JMP 00000001714416e0
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe[5528] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                              00000000770b8ccf 5 bytes JMP 0000000171441028
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe[5528] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                 0000000076cb1d1b 5 bytes JMP 00000001714411ef
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe[5528] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                               0000000076cb1dc9 5 bytes JMP 0000000171441023
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe[5528] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                   0000000076cb2aa4 5 bytes JMP 000000017144156e
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe[5528] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                      0000000076cb2d0a 5 bytes JMP 0000000171441294
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe[5528] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                      0000000076e08a29 5 bytes JMP 0000000171441050
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe[5528] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                  0000000076e14572 5 bytes JMP 00000001714410d2
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe[5528] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                              000000007723e9a2 5 bytes JMP 00000001714415d7
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe[5528] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                000000007723ebdc 5 bytes JMP 00000001714411b8
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe[5528] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                     0000000076575ea5 5 bytes JMP 0000000171441609
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe[5528] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                      00000000765a9d0b 5 bytes JMP 0000000171441249
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe[5528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                             0000000076ef1465 2 bytes [EF, 76]
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe[5528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                            0000000076ef14bb 2 bytes [EF, 76]
.text     ...                                                                                                                                                  * 2
?         C:\Windows\system32\mssprxy.dll [5528] entry point in ".rdata" section                                                                               000000006c3e71e6
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[5892] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                    0000000077021429 7 bytes JMP 00000001714412ad
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[5892] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                           000000007703b223 5 bytes JMP 00000001714415be
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[5892] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                           00000000770b88f4 7 bytes JMP 0000000171441357
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[5892] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                           00000000770b8979 5 bytes JMP 00000001714416e0
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[5892] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                             00000000770b8ccf 5 bytes JMP 0000000171441028
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[5892] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                0000000076cb1d1b 5 bytes JMP 00000001714411ef
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[5892] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                              0000000076cb1dc9 5 bytes JMP 0000000171441023
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[5892] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                  0000000076cb2aa4 5 bytes JMP 000000017144156e
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[5892] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                     0000000076cb2d0a 5 bytes JMP 0000000171441294
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[5892] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                     0000000076e08a29 5 bytes JMP 0000000171441050
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[5892] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                 0000000076e14572 5 bytes JMP 00000001714410d2
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[5892] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                             000000007723e9a2 5 bytes JMP 00000001714415d7
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[5892] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                               000000007723ebdc 5 bytes JMP 00000001714411b8
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[5892] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                    0000000076575ea5 5 bytes JMP 0000000171441609
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[5892] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                     00000000765a9d0b 5 bytes JMP 0000000171441249
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[6688] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                    0000000077021429 7 bytes JMP 00000001714412ad
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[6688] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                           000000007703b223 5 bytes JMP 00000001714415be
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[6688] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                           00000000770b88f4 7 bytes JMP 0000000171441357
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[6688] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                           00000000770b8979 5 bytes JMP 00000001714416e0
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[6688] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                             00000000770b8ccf 5 bytes JMP 0000000171441028
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[6688] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                0000000076cb1d1b 5 bytes JMP 00000001714411ef
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[6688] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                              0000000076cb1dc9 5 bytes JMP 0000000171441023
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[6688] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                  0000000076cb2aa4 5 bytes JMP 000000017144156e
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[6688] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                     0000000076cb2d0a 5 bytes JMP 0000000171441294
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[6688] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                     0000000076e08a29 5 bytes JMP 0000000171441050
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[6688] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                 0000000076e14572 5 bytes JMP 00000001714410d2
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[6688] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                             000000007723e9a2 5 bytes JMP 00000001714415d7
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[6688] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                               000000007723ebdc 5 bytes JMP 00000001714411b8
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[6688] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                    0000000076575ea5 5 bytes JMP 0000000171441609
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[6688] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                     00000000765a9d0b 5 bytes JMP 0000000171441249
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[6688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                            0000000076ef1465 2 bytes [EF, 76]
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[6688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                           0000000076ef14bb 2 bytes [EF, 76]
.text     ...                                                                                                                                                  * 2
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69               0000000076ef1465 2 bytes [EF, 76]
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155              0000000076ef14bb 2 bytes [EF, 76]
.text     ...                                                                                                                                                  * 2
.text     C:\Users\xxxxx\Downloads\gmer_2.1.19163.exe[9100] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                          0000000077021429 7 bytes JMP 00000001714412ad
.text     C:\Users\xxxxx\Downloads\gmer_2.1.19163.exe[9100] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                 000000007703b223 5 bytes JMP 00000001714415be
.text     C:\Users\xxxxx\Downloads\gmer_2.1.19163.exe[9100] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                 00000000770b88f4 7 bytes JMP 0000000171441357
.text     C:\Users\xxxxx\Downloads\gmer_2.1.19163.exe[9100] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                 00000000770b8979 5 bytes JMP 00000001714416e0
.text     C:\Users\xxxxx\Downloads\gmer_2.1.19163.exe[9100] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                   00000000770b8ccf 5 bytes JMP 0000000171441028
.text     C:\Users\xxxxx\Downloads\gmer_2.1.19163.exe[9100] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                      0000000076cb1d1b 5 bytes JMP 00000001714411ef
.text     C:\Users\xxxxx\Downloads\gmer_2.1.19163.exe[9100] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                    0000000076cb1dc9 5 bytes JMP 0000000171441023
.text     C:\Users\xxxxx\Downloads\gmer_2.1.19163.exe[9100] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                        0000000076cb2aa4 5 bytes JMP 000000017144156e
.text     C:\Users\xxxxx\Downloads\gmer_2.1.19163.exe[9100] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                           0000000076cb2d0a 5 bytes JMP 0000000171441294
.text     C:\Users\xxxxx\Downloads\gmer_2.1.19163.exe[9100] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                   000000007723e9a2 5 bytes JMP 00000001714415d7
.text     C:\Users\xxxxx\Downloads\gmer_2.1.19163.exe[9100] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                     000000007723ebdc 5 bytes JMP 00000001714411b8
.text     C:\Users\xxxxx\Downloads\gmer_2.1.19163.exe[9100] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                           0000000076e08a29 5 bytes JMP 0000000171441050
.text     C:\Users\xxxxx\Downloads\gmer_2.1.19163.exe[9100] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                       0000000076e14572 5 bytes JMP 00000001714410d2
.text     C:\Users\xxxxx\Downloads\gmer_2.1.19163.exe[9100] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                          0000000076575ea5 5 bytes JMP 0000000171441609
.text     C:\Users\xxxxx\Downloads\gmer_2.1.19163.exe[9100] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                           00000000765a9d0b 5 bytes JMP 0000000171441249

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                     
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                  0x00 0x00 0x00 0x00 ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                  0
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                               0x2F 0xB1 0xC8 0x0F ...
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                 
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                      0x00 0x00 0x00 0x00 ...
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                      0
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                   0x2F 0xB1 0xC8 0x0F ...

---- EOF - GMER 2.1 ----

--- --- ---

[/CODE]

Ich möchte mich ja nicht zu früh freuen, aber Firefox läuft wieder stabil und der Grafiktreiber ist auch nicht wieder abgestürzt.
Mein Virenscanner findet auch nichts mehr.
Hoffentlich hat sich nicht irgendwo noch was versteckt!?

cosinus · 12.05.2013, 19:54

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Bohli74 · 12.05.2013, 21:07

Hier die erste:

Code:

ATTFilter

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-12 21:35:22
-----------------------------
21:35:22.175    OS Version: Windows x64 6.1.7601 Service Pack 1
21:35:22.175    Number of processors: 8 586 0x2A07
21:35:22.176    ComputerName: MYLAPTOP  UserName: 
21:35:23.673    Initialize success
21:38:50.837    AVAST engine defs: 13051200
21:39:33.777    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:39:33.787    Disk 0 Vendor: ST950042 0001 Size: 476940MB BusType: 3
21:39:33.907    Disk 0 MBR read successfully
21:39:33.917    Disk 0 MBR scan
21:39:33.927    Disk 0 Windows 7 default MBR code
21:39:33.927    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0      101 MB offset 63
21:39:33.947    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        20000 MB offset 212992
21:39:33.977    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       456835 MB offset 41172992
21:39:34.007    Disk 0 scanning C:\Windows\system32\drivers
21:39:45.527    Service scanning
21:40:09.137    Modules scanning
21:40:09.147    Disk 0 trace - called modules:
21:40:09.167    ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll 
21:40:09.187    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800496a790]
21:40:09.197    3 CLASSPNP.SYS[fffff8800104d43f] -> nt!IofCallDriver -> [0xfffffa8004871cb0]
21:40:09.207    5 stdcfltn.sys[fffff880017efc52] -> nt!IofCallDriver -> [0xfffffa800472f550]
21:40:09.217    7 ACPI.sys[fffff88000f2f7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004733050]
21:40:26.157    AVAST engine scan C:\Windows
21:40:29.467    AVAST engine scan C:\Windows\system32
21:43:21.058    AVAST engine scan C:\Windows\system32\drivers
21:43:34.688    AVAST engine scan C:\Users\xxxxx
21:55:51.430    AVAST engine scan C:\ProgramData
22:00:57.021    Scan finished successfully
22:01:43.161    Disk 0 MBR has been saved successfully to "C:\Users\xxxxx\Downloads\MBR.dat"
22:01:43.171    The log file has been saved successfully to "C:\Users\xxxxx\Downloads\aswMBR.txt"

Und die zweite:

Code:

ATTFilter

22:08:11.0209 11152  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:08:12.0863 11152  ============================================================
22:08:12.0863 11152  Current date / time: 2013/05/12 22:08:12.0863
22:08:12.0863 11152  SystemInfo:
22:08:12.0863 11152  
22:08:12.0863 11152  OS Version: 6.1.7601 ServicePack: 1.0
22:08:12.0863 11152  Product type: Workstation
22:08:12.0863 11152  ComputerName: MYLAPTOP
22:08:12.0863 11152  UserName: xxxxx
22:08:12.0863 11152  Windows directory: C:\Windows
22:08:12.0863 11152  System windows directory: C:\Windows
22:08:12.0863 11152  Running under WOW64
22:08:12.0863 11152  Processor architecture: Intel x64
22:08:12.0863 11152  Number of processors: 8
22:08:12.0863 11152  Page size: 0x1000
22:08:12.0863 11152  Boot type: Normal boot
22:08:12.0863 11152  ============================================================
22:08:13.0471 11152  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:08:13.0487 11152  ============================================================
22:08:13.0487 11152  \Device\Harddisk0\DR0:
22:08:13.0487 11152  MBR partitions:
22:08:13.0487 11152  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x34000, BlocksNum 0x2710000
22:08:13.0487 11152  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2744000, BlocksNum 0x37C41830
22:08:13.0487 11152  ============================================================
22:08:13.0518 11152  C: <-> \Device\Harddisk0\DR0\Partition2
22:08:13.0518 11152  ============================================================
22:08:13.0518 11152  Initialize success
22:08:13.0518 11152  ============================================================
22:09:23.0922 9420  ============================================================
22:09:23.0922 9420  Scan started
22:09:23.0922 9420  Mode: Manual; SigCheck; TDLFS; 
22:09:23.0922 9420  ============================================================
22:09:24.0219 9420  ================ Scan system memory ========================
22:09:24.0219 9420  System memory - ok
22:09:24.0219 9420  ================ Scan services =============================
22:09:24.0375 9420  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
22:09:24.0499 9420  1394ohci - ok
22:09:24.0515 9420  [ E0065CBF1A25C015C218457D2CD522B9 ] Acceler         C:\Windows\system32\DRIVERS\Accelern.sys
22:09:24.0531 9420  Acceler - ok
22:09:24.0609 9420  ACDaemon - ok
22:09:24.0640 9420  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:09:24.0655 9420  ACPI - ok
22:09:24.0671 9420  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:09:24.0749 9420  AcpiPmi - ok
22:09:24.0811 9420  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:09:24.0843 9420  AdobeARMservice - ok
22:09:24.0952 9420  [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:09:24.0999 9420  AdobeFlashPlayerUpdateSvc - ok
22:09:25.0014 9420  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
22:09:25.0061 9420  adp94xx - ok
22:09:25.0092 9420  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
22:09:25.0123 9420  adpahci - ok
22:09:25.0139 9420  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
22:09:25.0139 9420  adpu320 - ok
22:09:25.0170 9420  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:09:25.0295 9420  AeLookupSvc - ok
22:09:25.0373 9420  [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
22:09:25.0389 9420  AERTFilters - ok
22:09:25.0420 9420  [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc             C:\Windows\syswow64\drivers\Afc.sys
22:09:25.0435 9420  Afc - ok
22:09:25.0467 9420  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
22:09:25.0529 9420  AFD - ok
22:09:25.0545 9420  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
22:09:25.0576 9420  agp440 - ok
22:09:25.0591 9420  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
22:09:25.0654 9420  ALG - ok
22:09:25.0669 9420  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:09:25.0669 9420  aliide - ok
22:09:25.0685 9420  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
22:09:25.0701 9420  amdide - ok
22:09:25.0716 9420  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
22:09:25.0732 9420  AmdK8 - ok
22:09:25.0747 9420  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
22:09:25.0747 9420  AmdPPM - ok
22:09:25.0779 9420  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:09:25.0794 9420  amdsata - ok
22:09:25.0810 9420  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
22:09:25.0825 9420  amdsbs - ok
22:09:25.0841 9420  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:09:25.0857 9420  amdxata - ok
22:09:25.0857 9420  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
22:09:26.0028 9420  AppID - ok
22:09:26.0044 9420  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:09:26.0122 9420  AppIDSvc - ok
22:09:26.0137 9420  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
22:09:26.0184 9420  Appinfo - ok
22:09:26.0231 9420  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
22:09:26.0262 9420  arc - ok
22:09:26.0262 9420  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
22:09:26.0278 9420  arcsas - ok
22:09:26.0434 9420  aspnet_state - ok
22:09:26.0449 9420  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:09:26.0481 9420  AsyncMac - ok
22:09:26.0496 9420  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
22:09:26.0512 9420  atapi - ok
22:09:26.0543 9420  [ FC0E8778C000291CAF60EB88C011E931 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
22:09:26.0590 9420  atksgt - ok
22:09:26.0621 9420  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:09:26.0699 9420  AudioEndpointBuilder - ok
22:09:26.0699 9420  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
22:09:26.0746 9420  AudioSrv - ok
22:09:26.0793 9420  [ 96B4456F1DCA4EDA506ED31C7D2D6B05 ] Avgfwfd         C:\Windows\system32\DRIVERS\avgfwd6a.sys
22:09:26.0824 9420  Avgfwfd - ok
22:09:26.0949 9420  [ 6C469E3CB15CF33AD3E757096E6C7026 ] avgfws          C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
22:09:27.0089 9420  avgfws - ok
22:09:27.0245 9420  [ 231B6AD3DB2866BC3FDB9979E6B2B61E ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
22:09:27.0354 9420  AVGIDSAgent - ok
22:09:27.0370 9420  [ 633360E94804E7BAFE642017817C9413 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
22:09:27.0385 9420  AVGIDSDriver - ok
22:09:27.0401 9420  [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter    C:\Windows\system32\DRIVERS\avgidsfiltera.sys
22:09:27.0417 9420  AVGIDSFilter - ok
22:09:27.0448 9420  [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
22:09:27.0479 9420  AVGIDSHA - ok
22:09:27.0526 9420  [ BE8BC5D10ABA05D7F6E79D8296906C86 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
22:09:27.0541 9420  Avgldx64 - ok
22:09:27.0557 9420  [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
22:09:27.0557 9420  Avgmfx64 - ok
22:09:27.0573 9420  [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
22:09:27.0573 9420  Avgrkx64 - ok
22:09:27.0604 9420  [ A441A655D6D9DDDDBA11994530F84981 ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
22:09:27.0619 9420  Avgtdia - ok
22:09:27.0666 9420  [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd           C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
22:09:27.0697 9420  avgwd - ok
22:09:27.0713 9420  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:09:27.0807 9420  AxInstSV - ok
22:09:27.0838 9420  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
22:09:27.0900 9420  b06bdrv - ok
22:09:27.0931 9420  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
22:09:27.0978 9420  b57nd60a - ok
22:09:27.0994 9420  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:09:28.0041 9420  BDESVC - ok
22:09:28.0056 9420  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:09:28.0087 9420  Beep - ok
22:09:28.0103 9420  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
22:09:28.0150 9420  BFE - ok
22:09:28.0181 9420  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
22:09:28.0243 9420  BITS - ok
22:09:28.0259 9420  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:09:28.0275 9420  blbdrive - ok
22:09:28.0306 9420  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:09:28.0353 9420  bowser - ok
22:09:28.0368 9420  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
22:09:28.0415 9420  BrFiltLo - ok
22:09:28.0415 9420  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
22:09:28.0431 9420  BrFiltUp - ok
22:09:28.0462 9420  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
22:09:28.0524 9420  BridgeMP - ok
22:09:28.0555 9420  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
22:09:28.0602 9420  Browser - ok
22:09:28.0618 9420  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:09:28.0665 9420  Brserid - ok
22:09:28.0665 9420  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:09:28.0696 9420  BrSerWdm - ok
22:09:28.0696 9420  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:09:28.0727 9420  BrUsbMdm - ok
22:09:28.0743 9420  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:09:28.0774 9420  BrUsbSer - ok
22:09:28.0774 9420  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
22:09:28.0805 9420  BTHMODEM - ok
22:09:28.0821 9420  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
22:09:28.0852 9420  bthserv - ok
22:09:28.0883 9420  catchme - ok
22:09:28.0899 9420  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:09:28.0977 9420  cdfs - ok
22:09:29.0008 9420  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:09:29.0039 9420  cdrom - ok
22:09:29.0055 9420  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
22:09:29.0117 9420  CertPropSvc - ok
22:09:29.0148 9420  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
22:09:29.0179 9420  circlass - ok
22:09:29.0211 9420  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
22:09:29.0226 9420  CLFS - ok
22:09:29.0304 9420  [ 8F2FB981CB24D02816983B5A0B44F3A8 ] CLKMSVC10_9EC60124 c:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe
22:09:29.0351 9420  CLKMSVC10_9EC60124 - ok
22:09:29.0382 9420  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:09:29.0382 9420  clr_optimization_v2.0.50727_32 - ok
22:09:29.0445 9420  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:09:29.0476 9420  clr_optimization_v2.0.50727_64 - ok
22:09:29.0507 9420  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:09:29.0538 9420  clr_optimization_v4.0.30319_32 - ok
22:09:29.0554 9420  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:09:29.0632 9420  clr_optimization_v4.0.30319_64 - ok
22:09:29.0647 9420  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:09:29.0679 9420  CmBatt - ok
22:09:29.0710 9420  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:09:29.0710 9420  cmdide - ok
22:09:29.0757 9420  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
22:09:29.0803 9420  CNG - ok
22:09:29.0819 9420  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
22:09:29.0819 9420  Compbatt - ok
22:09:29.0835 9420  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
22:09:29.0850 9420  CompositeBus - ok
22:09:29.0866 9420  COMSysApp - ok
22:09:29.0866 9420  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
22:09:29.0881 9420  crcdisk - ok
22:09:29.0913 9420  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:09:29.0975 9420  CryptSvc - ok
22:09:29.0975 9420  CtClsFlt - ok
22:09:30.0022 9420  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:09:30.0069 9420  DcomLaunch - ok
22:09:30.0100 9420  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
22:09:30.0147 9420  defragsvc - ok
22:09:30.0162 9420  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:09:30.0209 9420  DfsC - ok
22:09:30.0225 9420  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:09:30.0271 9420  Dhcp - ok
22:09:30.0287 9420  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
22:09:30.0349 9420  discache - ok
22:09:30.0349 9420  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
22:09:30.0365 9420  Disk - ok
22:09:30.0381 9420  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:09:30.0412 9420  Dnscache - ok
22:09:30.0427 9420  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:09:30.0490 9420  dot3svc - ok
22:09:30.0505 9420  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
22:09:30.0537 9420  DPS - ok
22:09:30.0552 9420  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:09:30.0568 9420  drmkaud - ok
22:09:30.0599 9420  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:09:30.0630 9420  DXGKrnl - ok
22:09:30.0646 9420  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
22:09:30.0693 9420  EapHost - ok
22:09:30.0786 9420  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
22:09:30.0911 9420  ebdrv - ok
22:09:30.0942 9420  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
22:09:31.0005 9420  EFS - ok
22:09:31.0036 9420  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:09:31.0083 9420  ehRecvr - ok
22:09:31.0098 9420  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
22:09:31.0129 9420  ehSched - ok
22:09:31.0161 9420  [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
22:09:31.0192 9420  ElbyCDIO - ok
22:09:31.0223 9420  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
22:09:31.0239 9420  elxstor - ok
22:09:31.0332 9420  [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
22:09:31.0348 9420  EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
22:09:31.0348 9420  EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
22:09:31.0363 9420  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:09:31.0410 9420  ErrDev - ok
22:09:31.0441 9420  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
22:09:31.0504 9420  EventSystem - ok
22:09:31.0582 9420  [ 8B6C9924B0D333DBF76086B8258A0891 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
22:09:31.0644 9420  EvtEng - ok
22:09:31.0660 9420  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
22:09:31.0691 9420  exfat - ok
22:09:31.0707 9420  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:09:31.0753 9420  fastfat - ok
22:09:31.0769 9420  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
22:09:31.0800 9420  Fax - ok
22:09:31.0831 9420  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
22:09:31.0863 9420  fdc - ok
22:09:31.0878 9420  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
22:09:31.0941 9420  fdPHost - ok
22:09:31.0956 9420  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:09:32.0003 9420  FDResPub - ok
22:09:32.0019 9420  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:09:32.0034 9420  FileInfo - ok
22:09:32.0050 9420  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:09:32.0097 9420  Filetrace - ok
22:09:32.0097 9420  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
22:09:32.0097 9420  flpydisk - ok
22:09:32.0112 9420  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:09:32.0128 9420  FltMgr - ok
22:09:32.0206 9420  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
22:09:32.0299 9420  FontCache - ok
22:09:32.0346 9420  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:09:32.0377 9420  FontCache3.0.0.0 - ok
22:09:32.0377 9420  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:09:32.0393 9420  FsDepends - ok
22:09:32.0409 9420  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:09:32.0409 9420  Fs_Rec - ok
22:09:32.0455 9420  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:09:32.0471 9420  fvevol - ok
22:09:32.0487 9420  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
22:09:32.0487 9420  gagp30kx - ok
22:09:32.0533 9420  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
22:09:32.0565 9420  gpsvc - ok
22:09:32.0596 9420  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:09:32.0643 9420  hcw85cir - ok
22:09:32.0658 9420  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
22:09:32.0705 9420  HDAudBus - ok
22:09:32.0721 9420  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
22:09:32.0736 9420  HidBatt - ok
22:09:32.0752 9420  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
22:09:32.0767 9420  HidBth - ok
22:09:32.0783 9420  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
22:09:32.0799 9420  HidIr - ok
22:09:32.0830 9420  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
22:09:32.0877 9420  hidserv - ok
22:09:32.0908 9420  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:09:32.0939 9420  HidUsb - ok
22:09:32.0955 9420  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:09:33.0017 9420  hkmsvc - ok
22:09:33.0048 9420  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:09:33.0064 9420  HomeGroupListener - ok
22:09:33.0095 9420  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:09:33.0111 9420  HomeGroupProvider - ok
22:09:33.0126 9420  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:09:33.0142 9420  HpSAMD - ok
22:09:33.0157 9420  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:09:33.0220 9420  HTTP - ok
22:09:33.0235 9420  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:09:33.0235 9420  hwpolicy - ok
22:09:33.0251 9420  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
22:09:33.0267 9420  i8042prt - ok
22:09:33.0298 9420  [ D469B77687E12FE43E344806740B624D ] iaStor          C:\Windows\system32\drivers\iaStor.sys
22:09:33.0313 9420  iaStor - ok
22:09:33.0329 9420  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:09:33.0345 9420  iaStorV - ok
22:09:33.0391 9420  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:09:33.0423 9420  idsvc - ok
22:09:33.0719 9420  [ 66DC0CE2D1867B8178EAA0E11930DBD7 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
22:09:34.0125 9420  igfx - ok
22:09:34.0140 9420  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
22:09:34.0156 9420  iirsp - ok
22:09:34.0187 9420  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
22:09:34.0234 9420  IKEEXT - ok
22:09:34.0249 9420  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd           C:\Windows\system32\drivers\Impcd.sys
22:09:34.0281 9420  Impcd - ok
22:09:34.0359 9420  [ 8FED6428FDE53D7F4C105095F22524BE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:09:34.0452 9420  IntcAzAudAddService - ok
22:09:34.0468 9420  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
22:09:34.0483 9420  IntcDAud - ok
22:09:34.0499 9420  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
22:09:34.0515 9420  intelide - ok
22:09:34.0515 9420  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:09:34.0546 9420  intelppm - ok
22:09:34.0561 9420  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:09:34.0608 9420  IPBusEnum - ok
22:09:34.0624 9420  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:09:34.0655 9420  IpFilterDriver - ok
22:09:34.0702 9420  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:09:34.0795 9420  iphlpsvc - ok
22:09:34.0811 9420  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:09:34.0827 9420  IPMIDRV - ok
22:09:34.0827 9420  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:09:34.0889 9420  IPNAT - ok
22:09:34.0905 9420  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:09:34.0920 9420  IRENUM - ok
22:09:34.0936 9420  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:09:34.0951 9420  isapnp - ok
22:09:34.0967 9420  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:09:34.0983 9420  iScsiPrt - ok
22:09:35.0014 9420  [ 43F319DE026E04B9CF9219A14BF24FE8 ] JMCR            C:\Windows\system32\DRIVERS\jmcr.sys
22:09:35.0045 9420  JMCR - ok
22:09:35.0076 9420  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:09:35.0092 9420  kbdclass - ok
22:09:35.0107 9420  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
22:09:35.0123 9420  kbdhid - ok
22:09:35.0139 9420  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
22:09:35.0154 9420  KeyIso - ok
22:09:35.0185 9420  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:09:35.0201 9420  KSecDD - ok
22:09:35.0232 9420  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:09:35.0232 9420  KSecPkg - ok
22:09:35.0248 9420  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
22:09:35.0279 9420  ksthunk - ok
22:09:35.0310 9420  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:09:35.0357 9420  KtmRm - ok
22:09:35.0373 9420  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
22:09:35.0435 9420  LanmanServer - ok
22:09:35.0435 9420  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:09:35.0482 9420  LanmanWorkstation - ok
22:09:35.0482 9420  [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
22:09:35.0497 9420  lirsgt - ok
22:09:35.0529 9420  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:09:35.0560 9420  lltdio - ok
22:09:35.0575 9420  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:09:35.0622 9420  lltdsvc - ok
22:09:35.0638 9420  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:09:35.0685 9420  lmhosts - ok
22:09:35.0731 9420  [ 7F32D4C47A50E7223491E8FB9359907D ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:09:35.0763 9420  LMS - ok
22:09:35.0778 9420  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
22:09:35.0794 9420  LSI_FC - ok
22:09:35.0809 9420  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
22:09:35.0825 9420  LSI_SAS - ok
22:09:35.0841 9420  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
22:09:35.0841 9420  LSI_SAS2 - ok
22:09:35.0856 9420  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
22:09:35.0872 9420  LSI_SCSI - ok
22:09:35.0872 9420  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
22:09:35.0919 9420  luafv - ok
22:09:35.0919 9420  massfilter - ok
22:09:35.0934 9420  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:09:35.0965 9420  Mcx2Svc - ok
22:09:35.0981 9420  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
22:09:35.0981 9420  megasas - ok
22:09:36.0012 9420  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
22:09:36.0028 9420  MegaSR - ok
22:09:36.0043 9420  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
22:09:36.0043 9420  MEIx64 - ok
22:09:36.0059 9420  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
22:09:36.0090 9420  MMCSS - ok
22:09:36.0090 9420  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
22:09:36.0121 9420  Modem - ok
22:09:36.0137 9420  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:09:36.0153 9420  monitor - ok
22:09:36.0184 9420  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:09:36.0215 9420  mouclass - ok
22:09:36.0231 9420  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:09:36.0246 9420  mouhid - ok
22:09:36.0262 9420  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:09:36.0277 9420  mountmgr - ok
22:09:36.0371 9420  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:09:36.0387 9420  MozillaMaintenance - ok
22:09:36.0402 9420  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:09:36.0418 9420  mpio - ok
22:09:36.0418 9420  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:09:36.0449 9420  mpsdrv - ok
22:09:36.0480 9420  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:09:36.0543 9420  MpsSvc - ok
22:09:36.0574 9420  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:09:36.0636 9420  MRxDAV - ok
22:09:36.0652 9420  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:09:36.0714 9420  mrxsmb - ok
22:09:36.0745 9420  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:09:36.0777 9420  mrxsmb10 - ok
22:09:36.0792 9420  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:09:36.0808 9420  mrxsmb20 - ok
22:09:36.0823 9420  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:09:36.0839 9420  msahci - ok
22:09:36.0855 9420  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:09:36.0870 9420  msdsm - ok
22:09:36.0886 9420  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
22:09:36.0933 9420  MSDTC - ok
22:09:36.0948 9420  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:09:37.0026 9420  Msfs - ok
22:09:37.0042 9420  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:09:37.0073 9420  mshidkmdf - ok
22:09:37.0089 9420  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:09:37.0104 9420  msisadrv - ok
22:09:37.0120 9420  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:09:37.0182 9420  MSiSCSI - ok
22:09:37.0198 9420  msiserver - ok
22:09:37.0213 9420  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:09:37.0276 9420  MSKSSRV - ok
22:09:37.0307 9420  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:09:37.0354 9420  MSPCLOCK - ok
22:09:37.0369 9420  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:09:37.0416 9420  MSPQM - ok
22:09:37.0432 9420  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:09:37.0447 9420  MsRPC - ok
22:09:37.0463 9420  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
22:09:37.0479 9420  mssmbios - ok
22:09:37.0494 9420  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:09:37.0525 9420  MSTEE - ok
22:09:37.0541 9420  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
22:09:37.0557 9420  MTConfig - ok
22:09:37.0572 9420  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
22:09:37.0588 9420  Mup - ok
22:09:37.0619 9420  [ 6ED8935257672F4CD04A88A0F3DE093D ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
22:09:37.0666 9420  MyWiFiDHCPDNS - ok
22:09:37.0681 9420  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
22:09:37.0759 9420  napagent - ok
22:09:37.0775 9420  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:09:37.0791 9420  NativeWifiP - ok
22:09:37.0853 9420  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:09:37.0900 9420  NDIS - ok
22:09:37.0915 9420  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:09:37.0947 9420  NdisCap - ok
22:09:37.0947 9420  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:09:37.0978 9420  NdisTapi - ok
22:09:38.0009 9420  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:09:38.0040 9420  Ndisuio - ok
22:09:38.0040 9420  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:09:38.0087 9420  NdisWan - ok
22:09:38.0103 9420  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:09:38.0134 9420  NDProxy - ok
22:09:38.0149 9420  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:09:38.0181 9420  NetBIOS - ok
22:09:38.0196 9420  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:09:38.0227 9420  NetBT - ok
22:09:38.0243 9420  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
22:09:38.0259 9420  Netlogon - ok
22:09:38.0274 9420  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
22:09:38.0321 9420  Netman - ok
22:09:38.0352 9420  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:09:38.0415 9420  NetMsmqActivator - ok
22:09:38.0415 9420  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:09:38.0415 9420  NetPipeActivator - ok
22:09:38.0446 9420  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
22:09:38.0493 9420  netprofm - ok
22:09:38.0493 9420  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:09:38.0508 9420  NetTcpActivator - ok
22:09:38.0508 9420  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:09:38.0508 9420  NetTcpPortSharing - ok
22:09:38.0664 9420  [ 5D262402B0634C998F8CBCEAD7DD8676 ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
22:09:39.0007 9420  NETwNs64 - ok
22:09:39.0039 9420  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
22:09:39.0054 9420  nfrd960 - ok
22:09:39.0085 9420  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:09:39.0132 9420  NlaSvc - ok
22:09:39.0163 9420  [ 907B5E1E4A592E5EDC5E4CCBDE4863C2 ] nmwcd           C:\Windows\system32\drivers\ccdcmbx64.sys
22:09:39.0226 9420  nmwcd - ok
22:09:39.0241 9420  [ 41C1AC1F3613435EB32D67BCB80A5FA5 ] nmwcdc          C:\Windows\system32\drivers\ccdcmbox64.sys
22:09:39.0288 9420  nmwcdc - ok
22:09:39.0397 9420  [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU            C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
22:09:39.0491 9420  NOBU - ok
22:09:39.0507 9420  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:09:39.0538 9420  Npfs - ok
22:09:39.0553 9420  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
22:09:39.0616 9420  nsi - ok
22:09:39.0631 9420  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:09:39.0678 9420  nsiproxy - ok
22:09:39.0725 9420  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:09:39.0787 9420  Ntfs - ok
22:09:39.0803 9420  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
22:09:39.0834 9420  Null - ok
22:09:39.0850 9420  [ 0EBC9D13CD96C15B1B18D8678A609E4B ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
22:09:39.0865 9420  nusb3hub - ok
22:09:39.0881 9420  [ 7BDEC000D56D485021D9C1E63C2F81CA ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
22:09:39.0928 9420  nusb3xhc - ok
22:09:39.0943 9420  NVHDA - ok
22:09:39.0975 9420  [ 443D08DAA53E75A48E4834C3DAF30FCE ] nvkflt          C:\Windows\system32\DRIVERS\nvkflt.sys
22:09:40.0006 9420  nvkflt - ok
22:09:40.0224 9420  [ 4EE399576F76D38C04745DB739BBC8C7 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:09:40.0505 9420  nvlddmkm - ok
22:09:40.0521 9420  [ 7067753FA8B75A3BDBA5633B4D2A5D0A ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
22:09:40.0536 9420  nvpciflt - ok
22:09:40.0552 9420  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:09:40.0567 9420  nvraid - ok
22:09:40.0583 9420  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:09:40.0599 9420  nvstor - ok
22:09:40.0630 9420  [ 92D06926C5DA2A2E62E8FB5104F44D92 ] NvStUSB         C:\Windows\system32\drivers\nvstusb.sys
22:09:40.0630 9420  NvStUSB - ok
22:09:40.0708 9420  [ 7335C3D78A7746D76D37F6722CC4A466 ] nvsvc           C:\Windows\system32\nvvsvc.exe
22:09:40.0786 9420  nvsvc - ok
22:09:40.0864 9420  [ B7C53DA1C73FF39F4A6248643EFD979A ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:09:40.0895 9420  nvUpdatusService - ok
22:09:40.0926 9420  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:09:40.0957 9420  nv_agp - ok
22:09:40.0973 9420  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:09:41.0004 9420  ohci1394 - ok
22:09:41.0035 9420  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:09:41.0113 9420  p2pimsvc - ok
22:09:41.0145 9420  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:09:41.0176 9420  p2psvc - ok
22:09:41.0191 9420  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
22:09:41.0207 9420  Parport - ok
22:09:41.0254 9420  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:09:41.0285 9420  partmgr - ok
22:09:41.0301 9420  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:09:41.0316 9420  PcaSvc - ok
22:09:41.0332 9420  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
22:09:41.0347 9420  pci - ok
22:09:41.0347 9420  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
22:09:41.0363 9420  pciide - ok
22:09:41.0379 9420  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
22:09:41.0394 9420  pcmcia - ok
22:09:41.0394 9420  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:09:41.0410 9420  pcw - ok
22:09:41.0425 9420  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:09:41.0472 9420  PEAUTH - ok
22:09:41.0535 9420  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
22:09:41.0597 9420  PerfHost - ok
22:09:41.0644 9420  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
22:09:41.0722 9420  pla - ok
22:09:41.0784 9420  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:09:41.0847 9420  PlugPlay - ok
22:09:41.0862 9420  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:09:41.0893 9420  PNRPAutoReg - ok
22:09:41.0909 9420  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:09:41.0925 9420  PNRPsvc - ok
22:09:41.0956 9420  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:09:42.0003 9420  PolicyAgent - ok
22:09:42.0018 9420  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
22:09:42.0065 9420  Power - ok
22:09:42.0081 9420  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:09:42.0112 9420  PptpMiniport - ok
22:09:42.0143 9420  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
22:09:42.0143 9420  Processor - ok
22:09:42.0174 9420  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:09:42.0237 9420  ProfSvc - ok
22:09:42.0252 9420  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:09:42.0268 9420  ProtectedStorage - ok
22:09:42.0283 9420  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:09:42.0315 9420  Psched - ok
22:09:42.0315 9420  [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
22:09:42.0330 9420  PxHlpa64 - ok
22:09:42.0393 9420  [ 440AD843D315FC9C915A68857C453ABF ] pxrts           C:\Windows\system32\drivers\pxrts.sys
22:09:42.0424 9420  pxrts - ok
22:09:42.0424 9420  [ 0928BD20273625622722FE1DE5BBDE57 ] qicflt          C:\Windows\system32\DRIVERS\qicflt.sys
22:09:42.0439 9420  qicflt - ok
22:09:42.0471 9420  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
22:09:42.0533 9420  ql2300 - ok
22:09:42.0549 9420  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
22:09:42.0564 9420  ql40xx - ok
22:09:42.0595 9420  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
22:09:42.0642 9420  QWAVE - ok
22:09:42.0642 9420  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:09:42.0673 9420  QWAVEdrv - ok
22:09:42.0689 9420  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:09:42.0720 9420  RasAcd - ok
22:09:42.0736 9420  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:09:42.0767 9420  RasAgileVpn - ok
22:09:42.0767 9420  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
22:09:42.0814 9420  RasAuto - ok
22:09:42.0829 9420  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:09:42.0861 9420  Rasl2tp - ok
22:09:42.0876 9420  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
22:09:42.0907 9420  RasMan - ok
22:09:42.0923 9420  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:09:42.0954 9420  RasPppoe - ok
22:09:42.0970 9420  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:09:43.0017 9420  RasSstp - ok
22:09:43.0032 9420  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:09:43.0063 9420  rdbss - ok
22:09:43.0079 9420  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
22:09:43.0095 9420  rdpbus - ok
22:09:43.0095 9420  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:09:43.0126 9420  RDPCDD - ok
22:09:43.0141 9420  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:09:43.0173 9420  RDPENCDD - ok
22:09:43.0188 9420  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:09:43.0251 9420  RDPREFMP - ok
22:09:43.0297 9420  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:09:43.0344 9420  RDPWD - ok
22:09:43.0375 9420  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:09:43.0391 9420  rdyboost - ok
22:09:43.0453 9420  [ 189C5A8D2098E0AA14FD157A954B34FC ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
22:09:43.0516 9420  RegSrvc - ok
22:09:43.0531 9420  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:09:43.0563 9420  RemoteAccess - ok
22:09:43.0594 9420  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:09:43.0641 9420  RemoteRegistry - ok
22:09:43.0750 9420  [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
22:09:43.0812 9420  RoxMediaDB12OEM - ok
22:09:43.0828 9420  [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12      C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
22:09:43.0843 9420  RoxWatch12 - ok
22:09:43.0859 9420  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:09:43.0890 9420  RpcEptMapper - ok
22:09:43.0921 9420  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
22:09:43.0937 9420  RpcLocator - ok
22:09:43.0953 9420  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
22:09:43.0984 9420  RpcSs - ok
22:09:43.0999 9420  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:09:44.0046 9420  rspndr - ok
22:09:44.0062 9420  [ 646B22BADBD24C6D528AA6B8ABE0EC0E ] RTL2832UBDA     C:\Windows\system32\drivers\RTL2832UBDA.sys
22:09:44.0093 9420  RTL2832UBDA - ok
22:09:44.0124 9420  [ C4D4EF0FF8F43A4D5C4F5F05A7F13631 ] RTL2832UUSB     C:\Windows\system32\Drivers\RTL2832UUSB.sys
22:09:44.0124 9420  RTL2832UUSB - ok
22:09:44.0155 9420  [ 19FAA5E7CF3D5263F4E79450A03E50CA ] RTL2832U_IRHID  C:\Windows\system32\DRIVERS\RTL2832U_IRHID.sys
22:09:44.0171 9420  RTL2832U_IRHID - ok
22:09:44.0218 9420  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
22:09:44.0233 9420  RTL8167 - ok
22:09:44.0249 9420  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
22:09:44.0249 9420  SamSs - ok
22:09:44.0265 9420  SANDRA - ok
22:09:44.0280 9420  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:09:44.0296 9420  sbp2port - ok
22:09:44.0311 9420  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:09:44.0343 9420  SCardSvr - ok
22:09:44.0358 9420  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:09:44.0436 9420  scfilter - ok
22:09:44.0467 9420  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
22:09:44.0514 9420  Schedule - ok
22:09:44.0530 9420  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:09:44.0561 9420  SCPolicySvc - ok
22:09:44.0577 9420  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:09:44.0592 9420  SDRSVC - ok
22:09:44.0623 9420  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:09:44.0670 9420  secdrv - ok
22:09:44.0686 9420  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
22:09:44.0717 9420  seclogon - ok
22:09:44.0717 9420  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
22:09:44.0764 9420  SENS - ok
22:09:44.0779 9420  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:09:44.0811 9420  SensrSvc - ok
22:09:44.0826 9420  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
22:09:44.0857 9420  Serenum - ok
22:09:44.0873 9420  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
22:09:44.0904 9420  Serial - ok
22:09:44.0920 9420  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
22:09:44.0951 9420  sermouse - ok
22:09:44.0982 9420  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:09:45.0029 9420  SessionEnv - ok
22:09:45.0045 9420  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:09:45.0045 9420  sffdisk - ok
22:09:45.0060 9420  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:09:45.0076 9420  sffp_mmc - ok
22:09:45.0091 9420  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:09:45.0107 9420  sffp_sd - ok
22:09:45.0123 9420  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
22:09:45.0138 9420  sfloppy - ok
22:09:45.0216 9420  [ 74EC60E20516AAA573BE74F31175270F ] SftService      C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
22:09:45.0263 9420  SftService - ok
22:09:45.0310 9420  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:09:45.0357 9420  SharedAccess - ok
22:09:45.0388 9420  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:09:45.0450 9420  ShellHWDetection - ok
22:09:45.0466 9420  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
22:09:45.0466 9420  SiSRaid2 - ok
22:09:45.0497 9420  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
22:09:45.0497 9420  SiSRaid4 - ok
22:09:45.0591 9420  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
22:09:45.0622 9420  SkypeUpdate - ok
22:09:45.0637 9420  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:09:45.0669 9420  Smb - ok
22:09:45.0684 9420  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:09:45.0700 9420  SNMPTRAP - ok
22:09:45.0715 9420  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:09:45.0715 9420  spldr - ok
22:09:45.0762 9420  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
22:09:45.0840 9420  Spooler - ok
22:09:45.0934 9420  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
22:09:46.0059 9420  sppsvc - ok
22:09:46.0074 9420  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:09:46.0105 9420  sppuinotify - ok
22:09:46.0215 9420  [ 1ED3834B42CD6ED09ACA29739EE55DC0 ] SProtection     C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe
22:09:46.0324 9420  SProtection - ok
22:09:46.0402 9420  [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
22:09:46.0417 9420  sprtsvc_DellSupportCenter - ok
22:09:46.0433 9420  sptd - ok
22:09:46.0480 9420  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:09:46.0527 9420  srv - ok
22:09:46.0542 9420  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:09:46.0589 9420  srv2 - ok
22:09:46.0605 9420  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:09:46.0620 9420  srvnet - ok
22:09:46.0651 9420  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:09:46.0683 9420  SSDPSRV - ok
22:09:46.0698 9420  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:09:46.0729 9420  SstpSvc - ok
22:09:46.0745 9420  [ 92E7F6666633D2DD91D527503DAA7BE0 ] stdcfltn        C:\Windows\system32\DRIVERS\stdcfltn.sys
22:09:46.0761 9420  stdcfltn - ok
22:09:46.0839 9420  [ 81F177C1954453AF407604160BD149CB ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:09:46.0885 9420  Stereo Service - ok
22:09:46.0917 9420  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
22:09:46.0932 9420  stexstor - ok
22:09:46.0995 9420  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
22:09:47.0041 9420  stisvc - ok
22:09:47.0088 9420  [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr        C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
22:09:47.0104 9420  stllssvr - ok
22:09:47.0119 9420  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
22:09:47.0119 9420  swenum - ok
22:09:47.0135 9420  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
22:09:47.0182 9420  swprv - ok
22:09:47.0229 9420  [ 5E3B232A614339399ACC71FA3AAAAA6B ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
22:09:47.0291 9420  SynTP - ok
22:09:47.0338 9420  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
22:09:47.0431 9420  SysMain - ok
22:09:47.0447 9420  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:09:47.0463 9420  TabletInputService - ok
22:09:47.0478 9420  [ F9BE29D5E097F03F81D3CD12B794CB66 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
22:09:47.0509 9420  tap0901 - ok
22:09:47.0525 9420  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:09:47.0572 9420  TapiSrv - ok
22:09:47.0572 9420  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
22:09:47.0603 9420  TBS - ok
22:09:47.0681 9420  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:09:47.0743 9420  Tcpip - ok
22:09:47.0821 9420  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:09:47.0853 9420  TCPIP6 - ok
22:09:47.0899 9420  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:09:47.0931 9420  tcpipreg - ok
22:09:47.0962 9420  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:09:48.0009 9420  TDPIPE - ok
22:09:48.0024 9420  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:09:48.0055 9420  TDTCP - ok
22:09:48.0087 9420  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:09:48.0118 9420  tdx - ok
22:09:48.0118 9420  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
22:09:48.0133 9420  TermDD - ok
22:09:48.0165 9420  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
22:09:48.0211 9420  TermService - ok
22:09:48.0227 9420  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
22:09:48.0243 9420  Themes - ok
22:09:48.0258 9420  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
22:09:48.0321 9420  THREADORDER - ok
22:09:48.0321 9420  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
22:09:48.0367 9420  TrkWks - ok
22:09:48.0414 9420  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:09:48.0477 9420  TrustedInstaller - ok
22:09:48.0492 9420  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:09:48.0523 9420  tssecsrv - ok
22:09:48.0539 9420  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:09:48.0555 9420  TsUsbFlt - ok
22:09:48.0586 9420  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
22:09:48.0586 9420  TsUsbGD - ok
22:09:48.0601 9420  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:09:48.0648 9420  tunnel - ok
22:09:48.0664 9420  [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
22:09:48.0664 9420  TurboB - ok
22:09:48.0695 9420  [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
22:09:48.0711 9420  TurboBoost - ok
22:09:48.0711 9420  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
22:09:48.0726 9420  uagp35 - ok
22:09:48.0742 9420  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:09:48.0789 9420  udfs - ok
22:09:48.0820 9420  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:09:48.0835 9420  UI0Detect - ok
22:09:48.0851 9420  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:09:48.0851 9420  uliagpkx - ok
22:09:48.0882 9420  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:09:48.0929 9420  umbus - ok
22:09:48.0945 9420  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
22:09:48.0976 9420  UmPass - ok
22:09:49.0085 9420  [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:09:49.0147 9420  UNS - ok
22:09:49.0179 9420  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
22:09:49.0225 9420  upnphost - ok
22:09:49.0257 9420  [ 4E93C8496359E97830C75AC36393654D ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
22:09:49.0272 9420  upperdev - ok
22:09:49.0303 9420  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
22:09:49.0335 9420  usbaudio - ok
22:09:49.0381 9420  [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:09:49.0413 9420  usbccgp - ok
22:09:49.0444 9420  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:09:49.0491 9420  usbcir - ok
22:09:49.0506 9420  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
22:09:49.0522 9420  usbehci - ok
22:09:49.0569 9420  [ 8B892002D7B79312821169A14317AB86 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:09:49.0600 9420  usbhub - ok
22:09:49.0615 9420  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
22:09:49.0647 9420  usbohci - ok
22:09:49.0662 9420  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
22:09:49.0678 9420  usbprint - ok
22:09:49.0709 9420  [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser          C:\Windows\system32\DRIVERS\usbser.sys
22:09:49.0725 9420  usbser - ok
22:09:49.0740 9420  [ 8844CB19A37B65E27049D4A7786726A9 ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
22:09:49.0756 9420  UsbserFilt - ok
22:09:49.0787 9420  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:09:49.0834 9420  USBSTOR - ok
22:09:49.0865 9420  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
22:09:49.0881 9420  usbuhci - ok
22:09:49.0896 9420  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
22:09:49.0912 9420  usbvideo - ok
22:09:49.0927 9420  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
22:09:49.0959 9420  UxSms - ok
22:09:49.0974 9420  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
22:09:49.0974 9420  VaultSvc - ok
22:09:50.0021 9420  [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone          C:\Windows\system32\DRIVERS\VClone.sys
22:09:50.0068 9420  VClone - ok
22:09:50.0099 9420  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:09:50.0099 9420  vdrvroot - ok
22:09:50.0130 9420  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
22:09:50.0161 9420  vds - ok
22:09:50.0177 9420  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:09:50.0193 9420  vga - ok
22:09:50.0208 9420  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:09:50.0239 9420  VgaSave - ok
22:09:50.0255 9420  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:09:50.0255 9420  vhdmp - ok
22:09:50.0271 9420  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
22:09:50.0286 9420  viaide - ok
22:09:50.0302 9420  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:09:50.0302 9420  volmgr - ok
22:09:50.0317 9420  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:09:50.0333 9420  volmgrx - ok
22:09:50.0349 9420  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:09:50.0364 9420  volsnap - ok
22:09:50.0380 9420  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
22:09:50.0395 9420  vsmraid - ok
22:09:50.0442 9420  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
22:09:50.0536 9420  VSS - ok
22:09:50.0551 9420  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
22:09:50.0567 9420  vwifibus - ok
22:09:50.0583 9420  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
22:09:50.0598 9420  vwififlt - ok
22:09:50.0614 9420  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
22:09:50.0645 9420  vwifimp - ok
22:09:50.0661 9420  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
22:09:50.0692 9420  W32Time - ok
22:09:50.0723 9420  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
22:09:50.0739 9420  WacomPen - ok
22:09:50.0754 9420  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:09:50.0785 9420  WANARP - ok
22:09:50.0801 9420  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:09:50.0832 9420  Wanarpv6 - ok
22:09:50.0879 9420  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
22:09:50.0926 9420  WatAdminSvc - ok
22:09:50.0957 9420  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
22:09:51.0035 9420  wbengine - ok
22:09:51.0051 9420  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:09:51.0066 9420  WbioSrvc - ok
22:09:51.0082 9420  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:09:51.0113 9420  wcncsvc - ok
22:09:51.0129 9420  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:09:51.0175 9420  WcsPlugInService - ok
22:09:51.0207 9420  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
22:09:51.0222 9420  Wd - ok
22:09:51.0269 9420  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:09:51.0316 9420  Wdf01000 - ok
22:09:51.0331 9420  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:09:51.0425 9420  WdiServiceHost - ok
22:09:51.0425 9420  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:09:51.0441 9420  WdiSystemHost - ok
22:09:51.0472 9420  [ 94DC2BF6CBAAA95E369C3756D3115A76 ] wdkmd           C:\Windows\system32\DRIVERS\WDKMD.sys
22:09:51.0472 9420  wdkmd - ok
22:09:51.0503 9420  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
22:09:51.0534 9420  WebClient - ok
22:09:51.0550 9420  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:09:51.0581 9420  Wecsvc - ok
22:09:51.0597 9420  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:09:51.0628 9420  wercplsupport - ok
22:09:51.0643 9420  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:09:51.0675 9420  WerSvc - ok
22:09:51.0690 9420  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:09:51.0721 9420  WfpLwf - ok
22:09:51.0737 9420  [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
22:09:51.0753 9420  WimFltr - ok
22:09:51.0768 9420  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:09:51.0768 9420  WIMMount - ok
22:09:51.0784 9420  WinDefend - ok
22:09:51.0815 9420  WinHttpAutoProxySvc - ok
22:09:51.0862 9420  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:09:51.0909 9420  Winmgmt - ok
22:09:51.0955 9420  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
22:09:52.0018 9420  WinRM - ok
22:09:52.0080 9420  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
22:09:52.0127 9420  WinUsb - ok
22:09:52.0174 9420  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:09:52.0221 9420  Wlansvc - ok
22:09:52.0236 9420  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
22:09:52.0252 9420  WmiAcpi - ok
22:09:52.0267 9420  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:09:52.0314 9420  wmiApSrv - ok
22:09:52.0330 9420  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:09:52.0361 9420  WPCSvc - ok
22:09:52.0377 9420  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:09:52.0408 9420  WPDBusEnum - ok
22:09:52.0439 9420  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:09:52.0486 9420  ws2ifsl - ok
22:09:52.0533 9420  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
22:09:52.0564 9420  wscsvc - ok
22:09:52.0564 9420  WSearch - ok
22:09:52.0657 9420  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
22:09:52.0735 9420  wuauserv - ok
22:09:52.0782 9420  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:09:52.0860 9420  WudfPf - ok
22:09:52.0876 9420  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:09:52.0907 9420  WUDFRd - ok
22:09:52.0938 9420  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:09:52.0969 9420  wudfsvc - ok
22:09:52.0985 9420  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:09:53.0001 9420  WwanSvc - ok
22:09:53.0016 9420  ZTEusbmdm6k - ok
22:09:53.0016 9420  ZTEusbnmea - ok
22:09:53.0032 9420  ZTEusbser6k - ok
22:09:53.0047 9420  ================ Scan global ===============================
22:09:53.0079 9420  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:09:53.0125 9420  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
22:09:53.0125 9420  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
22:09:53.0141 9420  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:09:53.0172 9420  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:09:53.0188 9420  [Global] - ok
22:09:53.0188 9420  ================ Scan MBR ==================================
22:09:53.0203 9420  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:09:53.0531 9420  \Device\Harddisk0\DR0 - ok
22:09:53.0531 9420  ================ Scan VBR ==================================
22:09:53.0562 9420  [ 1DB3C556C6450B10D880B23669ACC643 ] \Device\Harddisk0\DR0\Partition1
22:09:53.0578 9420  \Device\Harddisk0\DR0\Partition1 - ok
22:09:53.0593 9420  [ 15E6A65D7A44AD48E03C89E00C4C6802 ] \Device\Harddisk0\DR0\Partition2
22:09:53.0593 9420  \Device\Harddisk0\DR0\Partition2 - ok
22:09:53.0593 9420  ============================================================
22:09:53.0593 9420  Scan finished
22:09:53.0593 9420  ============================================================
22:09:53.0609 7452  Detected object count: 1
22:09:53.0609 7452  Actual detected object count: 1
22:10:12.0828 7452  EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
22:10:12.0828 7452  EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:10:30.0269 11148  Deinitialize success

09.05.2013, 23:53	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Firefox und Grafiktreiber stürzen ab, Trojaner lassen sich nicht entfernen Lass die Internetverbindung bei jedem Tool bitte stehen __________________ --> Firefox und Grafiktreiber stürzen ab, Trojaner lassen sich nicht entfernen

10.05.2013, 01:01	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Firefox und Grafiktreiber stürzen ab, Trojaner lassen sich nicht entfernen Steht doch in der Anleitung => Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags). __________________ Logfiles bitte immer in CODE-Tags posten

10.05.2013, 21:57	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Firefox und Grafiktreiber stürzen ab, Trojaner lassen sich nicht entfernen Was ist mit GMER? __________________ Logfiles bitte immer in CODE-Tags posten

Firefox und Grafiktreiber stürzen ab, Trojaner lassen sich nicht entfernen

Log-Analyse und Auswertung: Firefox und Grafiktreiber stürzen ab, Trojaner lassen sich nicht entfernen