Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Sparkassen-Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 15.05.2013, 11:57   #1
flyingnoodls
 
Sparkassen-Trojaner - Standard

Sparkassen-Trojaner



Hallo,

ich habe mir auch den Sparkassen-Trojaner eingefangen, wie er zB http://www.trojaner-board.de/134710-...sparkasse.html hier beschrieben wird. Die Meldung mit der Sicherheitsüberprüfung kommt auch. Der IE hängt sich daran auf, Firefox geht nach ein paar Sekunden zum "normalen" Online-Banking-Startbildschirm über. Die Sparkasse hat den Zugang jetzt gesperrt. Die Aufforderung zur Testüberweisung kam allerdings nicht. MSE hat zwar Malware beseitigt (habe bei MSE leider keinen Log gefunden!), das Problem besteht aber weiterhin.

Die Diagnose-Programme aus eurer echt guten Hilfe habe ich problemlos laufen lassen, siehe logs. Auch den Adwcleaner habe ich schonmal laufen lassen.

Vielen Dank für eure Hilfe. Sehr gute Seite!

Code:
ATTFilter
OTL logfile created on: 15.05.2013 12:05:17 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Joe\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 61,31% Memory free
7,81 Gb Paging File | 6,34 Gb Available in Paging File | 81,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 71,69 Gb Free Space | 60,12% Space Free | Partition Type: NTFS
Drive D: | 153,85 Gb Total Space | 24,48 Gb Free Space | 15,91% Space Free | Partition Type: NTFS
Drive E: | 465,88 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ASUS | User Name: Joe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.15 11:57:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe
PRC - [2013.03.25 21:45:52 | 000,694,584 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2013.03.25 21:45:52 | 000,121,144 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2013.02.02 11:57:02 | 000,238,592 | ---- | M] () -- C:\Users\Joe\AppData\Roaming\Elaw\cyim.exe
PRC - [2012.12.18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.06.09 15:36:58 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2012.02.21 23:49:04 | 000,102,568 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2012.02.21 23:49:00 | 000,162,456 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe
PRC - [2012.02.17 03:04:20 | 000,289,408 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
PRC - [2012.02.17 03:04:18 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
PRC - [2012.02.17 01:01:36 | 000,473,728 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
PRC - [2011.12.24 01:39:38 | 000,174,720 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2011.12.23 04:58:42 | 000,318,080 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2011.11.21 23:22:08 | 000,080,512 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2011.11.21 23:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2011.10.25 02:20:38 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2011.10.19 03:38:26 | 002,319,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.09.02 16:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2011.02.25 20:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010.12.21 03:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.21 03:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.08.20 18:57:06 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2010.07.10 07:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
PRC - [2009.06.19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009.06.19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2008.12.23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008.08.14 06:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.13 04:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2013.02.02 11:57:02 | 000,238,592 | ---- | M] () -- C:\Users\Joe\AppData\Roaming\Elaw\cyim.exe
MOD - [2012.02.21 23:49:00 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
MOD - [2010.08.20 18:57:06 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2010.08.20 18:57:00 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2007.07.12 20:11:54 | 001,163,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011.03.04 01:57:58 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009.09.14 07:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04)
SRV:64bit: - [2009.09.14 07:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013.05.12 00:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.20 09:50:21 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.25 21:45:52 | 000,121,144 | ---- | M] (Motorola Mobility LLC) [Auto | Running] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012.12.18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.17 03:04:18 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011.11.21 23:22:08 | 000,080,512 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2011.11.21 23:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.09.02 16:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2011.03.02 07:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 20:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.12.21 03:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.12.21 03:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.03.18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.06.11 10:56:34 | 000,022,016 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2012.06.08 15:09:12 | 000,027,136 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2012.06.08 15:08:54 | 000,008,832 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV:64bit: - [2012.06.08 15:08:28 | 000,031,232 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2012.04.09 16:27:34 | 000,352,144 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cbfs3.sys -- (cbfs3)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.24 02:56:32 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.02.24 02:56:32 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.02.04 06:57:58 | 001,838,656 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012.01.25 13:57:46 | 000,009,728 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2011.11.23 00:21:46 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.11.23 00:21:46 | 000,130,024 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.11.08 12:59:12 | 000,011,776 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2011.11.03 12:09:48 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011.11.03 12:09:22 | 012,310,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.05.05 14:32:56 | 001,439,792 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.04.26 05:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.03.18 07:36:18 | 000,074,840 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2010.11.20 15:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.08.24 11:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.07.20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.01.29 17:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2008.05.24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011.09.07 18:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.03 02:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {53C6CB24-A906-4DF8-8C26-8AA9DA0B50F7}
IE - HKCU\..\SearchScopes\{53C6CB24-A906-4DF8-8C26-8AA9DA0B50F7}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=
IE - HKCU\..\SearchScopes\{EB1CE354-81C0-4B82-9B58-BFC7713C6DB0}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=3292EDCB-DCBE-4D4C-BA31-0D37A60D3FF9&apn_sauid=FDC114D2-A382-441A-A994-3C2405EB89F2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;192.168.*.*
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.02.16 22:25:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.14 21:28:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.23 12:10:49 | 000,000,000 | ---D | M]
 
[2012.11.12 11:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joe\AppData\Roaming\mozilla\Extensions
[2013.05.14 21:29:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.14 21:29:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS)
O4 - HKCU..\Run: [EPSON SX218 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGDE.EXE /FU "C:\Windows\TEMP\E_SED2.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [EPSON SX218 Series (Kopie 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGDE.EXE /FU "C:\Windows\TEMP\E_S8D02.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Ybkeavh] C:\Users\Joe\AppData\Roaming\Elaw\cyim.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C0EF544-3440-4CD5-BDF2-17A3DBEABB62}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CC4673B-E3E1-4F3E-8F44-C1E26AF1DCB5}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.15 11:57:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe
[2013.05.15 00:08:24 | 000,000,000 | ---D | C] -- C:\Users\Joe\Desktop\Alte Firefox-Daten
[2013.05.14 21:30:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.05.14 21:11:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.05.08 13:35:50 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Upgoic
[2013.05.08 13:35:50 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Pyumq
[2013.05.08 13:35:50 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Elaw
[2013.04.22 12:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013.04.20 09:50:34 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2013.04.20 09:50:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.15 12:00:44 | 001,614,036 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.15 12:00:44 | 000,697,322 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.15 12:00:44 | 000,652,600 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.15 12:00:44 | 000,148,328 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.15 12:00:44 | 000,121,274 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.15 12:00:36 | 000,377,856 | ---- | M] () -- C:\Users\Joe\Desktop\gmer_2.1.19163.exe
[2013.05.15 11:58:56 | 000,718,787 | ---- | M] () -- C:\Users\Joe\Desktop\69886-alle-hilfesuchenden-eroeffnu.pdf
[2013.05.15 11:57:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe
[2013.05.15 11:57:15 | 000,000,000 | ---- | M] () -- C:\Users\Joe\defogger_reenable
[2013.05.15 11:56:37 | 000,050,477 | ---- | M] () -- C:\Users\Joe\Desktop\Defogger.exe
[2013.05.15 11:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.15 11:34:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.15 09:54:19 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.15 09:54:19 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.15 09:47:13 | 000,000,387 | ---- | M] () -- C:\Users\Joe\AppData\Roaming\sp_data.sys
[2013.05.15 09:46:54 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.15 09:46:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.15 09:46:39 | 3145,826,304 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.15 00:18:09 | 000,039,929 | ---- | M] () -- C:\Users\Joe\Desktop\malware.jpg
[2013.05.14 23:56:08 | 000,628,743 | ---- | M] () -- C:\Users\Joe\Desktop\adwcleaner.exe
[2013.05.14 21:30:06 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.05.08 22:28:35 | 000,002,182 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2013.05.06 13:35:42 | 000,216,584 | ---- | M] () -- C:\Users\Joe\Desktop\32_externe_neue_aeappo_bewerbung_Aug13_VARIANTE2_1_Kopie_VER.pdf
[2013.04.22 12:47:53 | 000,002,048 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.04.22 12:47:53 | 000,002,048 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013.04.21 12:18:42 | 000,001,621 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
 
========== Files Created - No Company Name ==========
 
[2013.05.15 12:00:36 | 000,377,856 | ---- | C] () -- C:\Users\Joe\Desktop\gmer_2.1.19163.exe
[2013.05.15 11:59:04 | 000,718,787 | ---- | C] () -- C:\Users\Joe\Desktop\69886-alle-hilfesuchenden-eroeffnu.pdf
[2013.05.15 11:57:15 | 000,000,000 | ---- | C] () -- C:\Users\Joe\defogger_reenable
[2013.05.15 11:56:32 | 000,050,477 | ---- | C] () -- C:\Users\Joe\Desktop\Defogger.exe
[2013.05.15 00:18:09 | 000,039,929 | ---- | C] () -- C:\Users\Joe\Desktop\malware.jpg
[2013.05.14 23:56:08 | 000,628,743 | ---- | C] () -- C:\Users\Joe\Desktop\adwcleaner.exe
[2013.05.14 21:30:06 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.05.14 21:30:06 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.05.06 13:35:42 | 000,216,584 | ---- | C] () -- C:\Users\Joe\Desktop\32_externe_neue_aeappo_bewerbung_Aug13_VARIANTE2_1_Kopie_VER.pdf
[2013.04.22 12:47:53 | 000,002,048 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.04.22 12:47:50 | 000,002,048 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.07.29 14:18:19 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012.07.28 14:04:14 | 000,000,387 | ---- | C] () -- C:\Users\Joe\AppData\Roaming\sp_data.sys
[2012.06.09 15:35:49 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012.03.05 03:24:03 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2012.03.05 03:23:54 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.03.05 03:23:53 | 000,217,536 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.03.05 03:23:53 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.03.05 03:23:52 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012.03.05 03:23:52 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.02.24 04:42:37 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2012.02.24 04:28:11 | 001,591,930 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.12.03 21:13:17 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Amazon
[2012.07.28 14:10:47 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\ASUS WebStorage
[2013.01.15 16:18:31 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Cyob
[2013.05.08 13:35:50 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Elaw
[2013.01.14 12:49:26 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Enyga
[2013.01.07 17:08:27 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\EPSON
[2013.05.15 12:05:00 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\ICQ
[2013.02.18 22:27:40 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\LibreOffice
[2012.11.06 12:43:23 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Motorola
[2012.11.06 12:45:38 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Motorola Mobility
[2013.01.15 10:24:35 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Myox
[2013.05.13 21:41:06 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Pyumq
[2012.07.31 20:41:08 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\SoftGrid Client
[2012.07.29 12:56:15 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\TP
[2013.05.08 13:35:50 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Upgoic
[2012.10.18 13:33:39 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Wuala
 
========== Purity Check ==========
 
 

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 15.05.2013 12:05:17 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Joe\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 61,31% Memory free
7,81 Gb Paging File | 6,34 Gb Available in Paging File | 81,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 71,69 Gb Free Space | 60,12% Space Free | Partition Type: NTFS
Drive D: | 153,85 Gb Total Space | 24,48 Gb Free Space | 15,91% Space Free | Partition Type: NTFS
Drive E: | 465,88 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ASUS | User Name: Joe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B5C0026-3D1F-41FE-BE44-8F3CC58D6C9C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1C622B62-9812-473A-9694-43BE9880C938}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2E8BC44F-71ED-4DD5-953F-9EC3B66368BD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{52026CE6-7339-4932-AC84-0A5D6A8E9FCE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5361333C-1BB8-4453-9B46-67332BCC102E}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{6B172638-80F6-4F70-9DA1-256890CA8A6B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6E160FBE-34C2-4E27-8B20-024917ECEFCD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7200A232-CB9A-4548-89E0-CF072E6C2E3E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{79EFC616-4D96-4ADF-9BFF-EEDDC798A18D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9C1A304E-E904-4163-8685-B057898DAB62}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9D320615-9EFE-49C3-B424-2CA1174EF7FB}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{A11B5B9D-D30E-4E6D-B613-FBF1612FE835}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A3E42950-C2EF-4603-9EDD-B59C1F1E1EB1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A56F99CF-933B-4F79-9B77-D54139039647}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{A608DB4C-DF2F-441A-BD39-7C13F34F5787}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A7302ADA-0DA6-4AA9-81FF-858F4C6B3848}" = lport=139 | protocol=6 | dir=in | app=system | 
"{ABBED92B-30DF-4AAF-A9B4-EE77382EDDAB}" = rport=445 | protocol=6 | dir=out | app=system | 
"{AFCAF206-534A-41FF-914A-5233CED97C01}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B8019F4B-F6D1-4BD9-AA4A-8D773E2E3C15}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BB84E384-0AC6-45E6-A3D7-457188CD9EFF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D43A4F56-2E2D-4B37-8F1A-E49D6FB921AC}" = lport=445 | protocol=6 | dir=in | app=system | 
"{DBAD66F7-9B9D-4550-8E0B-8334C9253738}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E44DF357-C07A-4237-A73F-8DA86DC3FA96}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F77FB93A-F906-42E4-808B-4093E80C690A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FE323625-4A37-4AF5-85F7-1220DB7E4512}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{085D8B8A-01C8-474C-9850-26BAF824941B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{111359A1-32CF-4845-8BF6-649A7497F908}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{13A83034-8528-4A7A-8A67-C59CF4E31E09}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{19E284DE-FE65-45E9-8827-69D5454439A1}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{1B00A9A6-75DD-45C4-BE89-AB1B5A648222}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{21D81408-E5AE-494A-9F19-0985B781280D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2E6C793B-42D4-4EA7-99BC-9044656C7502}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{37CFE252-1D5D-411D-85A5-FB83D97C65DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{40970073-D479-476A-A69A-0CEFB6FABBE7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{56048913-2EE4-4FB6-9B10-B11FD9535645}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{571576D3-FB44-4106-895E-49C2B0766AD3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{59946201-37DF-458C-9238-2E37B660B48D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{657A2AC7-2FEF-4EA7-AD91-846D51CB621A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6B453DB7-F2FA-4AF8-8796-0A73B34D19A6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7C361E44-B538-4418-9BAA-799169D45374}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8241FB29-D9F2-4CDB-8829-62152A40AC80}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9A27F507-C651-4851-8B34-05489C22346C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{9A6B5B6E-9701-4D3E-A857-BDEFFAAC6CC7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9F88D56F-9FE0-4A0E-911E-B80F155C8F1A}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{AD46D245-DF6B-4D41-AF5A-EAF74E9967C9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B47194E0-0074-4543-B500-C795480F44A4}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{B895C586-3D59-4702-9349-FBB0630F617B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{BA2CEAF1-C66A-4C11-A788-DBD7D26C3DC8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C1A280E9-7438-4759-84CE-63669528EEA8}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{CE15CB09-D002-4115-92F7-2D1504B41AC3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{DB37BB20-8703-4A10-85B0-1B585BB88CAB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{EDA33C67-02FC-4CBB-B8DE-B369AC2BA16B}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{F11EFF30-F169-45A5-8DB7-BBFDAA041230}" = protocol=6 | dir=out | app=system | 
"{F5826050-CE87-4DB0-BE47-5BE553A29588}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FF140651-CB2F-4364-8561-C0011F4439D8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"TCP Query User{4E2CBE00-D67A-42DB-963A-4BCCF5D04CE6}C:\program files (x86)\icq7m\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"TCP Query User{8C47AFEE-0DAF-48F7-BC95-10152D925307}C:\users\joe\appdata\roaming\wuala\wuala.exe" = protocol=6 | dir=in | app=c:\users\joe\appdata\roaming\wuala\wuala.exe | 
"TCP Query User{9E19B1C1-6941-4367-88FB-D635E971FC93}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{B6FB69C4-6222-4E85-A125-C71B6848127E}C:\users\joe\appdata\roaming\cyob\memi.exe" = protocol=6 | dir=in | app=c:\users\joe\appdata\roaming\cyob\memi.exe | 
"TCP Query User{E42833B9-C528-4181-9735-61257B60E965}C:\users\joe\appdata\roaming\cyob\memi.exe" = protocol=6 | dir=in | app=c:\users\joe\appdata\roaming\cyob\memi.exe | 
"UDP Query User{04804AE3-06AA-4D1C-8F7C-974C0E3E023F}C:\users\joe\appdata\roaming\cyob\memi.exe" = protocol=17 | dir=in | app=c:\users\joe\appdata\roaming\cyob\memi.exe | 
"UDP Query User{169E7D01-583D-45F8-BE69-F36F3C5D7C03}C:\users\joe\appdata\roaming\wuala\wuala.exe" = protocol=17 | dir=in | app=c:\users\joe\appdata\roaming\wuala\wuala.exe | 
"UDP Query User{6F1E306C-E3B7-4EA7-8805-0E4AB3A21AED}C:\program files (x86)\icq7m\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"UDP Query User{A52467EF-DEFF-4F0F-8DA4-AB091AD0BEBB}C:\users\joe\appdata\roaming\cyob\memi.exe" = protocol=17 | dir=in | app=c:\users\joe\appdata\roaming\cyob\memi.exe | 
"UDP Query User{B72745A7-F7D8-4240-887D-8EF8441C9513}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{C5A22A98-AC82-4404-BFB0-1E9F654EB176}" = Motorola Mobile Drivers Installation 6.0.0
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CutePDF Writer Installation" = CutePDF Writer 2.8
"EPSON SX218 Series" = EPSON SX218 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1231D46E-3174-4F1F-859E-41DCB0D070D2}" = mediscript Hammerexamen
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19EA33FB-B34E-40EA-8B8A-61743AEB795A}" = Wireless Console 3
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3FA377B8-23F4-470B-A567-5EED6B90C70E}" = cdrLabel 7.1
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{4555BB9E-E715-4260-A178-E8EFD2B653E3}" = Alcor Micro USB Card Reader
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS FaceLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn for NB
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111249233}" = Dream Vacation Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115065740}" = Bubbletown
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115290153}" = Go Go Gourmet Chef of the Year
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115320460}" = Turbo Fiesta
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116672750}" = World of Goo
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117080787}" = Plants vs Zombies
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117948443}" = Mahjong Memoirs
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118716773}" = Deadtime Stories
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119205603}" = Farm Frenzy 3 - Madagascar
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EA569F1-97AF-4C3E-A0CB-4846C2D35A81}" = LibreOffice 4.0.0.3
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.6) MUI
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}" = ASUS FancyStart
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DEAD13D3-BC70-4AAE-AEF9-BE6297E106D1}" = Motorola Device Software Update
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"AmUStor" = Alcor Micro USB Card Reader
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"ASUS_Screensaver" = ASUS_Screensaver
"DivX Setup" = DivX-Setup
"EPSON Scanner" = EPSON Scan
"EPSON SX218 Series Manual" = EPSON SX218 Series Handbuch
"Game Park Console" = Game Park Console
"Google Chrome" = Google Chrome
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"ST6UNST #1" = FMS32-PRO Version 3.1.5
"VLC media player" = VLC media player 2.0.3
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"Wuala CBFS" = Wuala CBFS
"Wuala OverlayIcons" = Wuala OverlayIcons
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
"Wuala" = Wuala
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.04.2013 14:26:45 | Computer Name = asus | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 21.04.2013 15:08:24 | Computer Name = asus | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 21.04.2013 19:08:03 | Computer Name = asus | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16476 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1658    Startzeit: 01ce3e7a7c81f604    Endzeit: 87    Anwendungspfad:
 C:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 22.04.2013 09:27:09 | Computer Name = asus | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 22.04.2013 10:13:11 | Computer Name = asus | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 23.04.2013 08:56:53 | Computer Name = asus | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 24.04.2013 07:33:35 | Computer Name = asus | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 24.04.2013 18:13:04 | Computer Name = asus | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 25.04.2013 13:18:11 | Computer Name = asus | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 25.04.2013 14:53:26 | Computer Name = asus | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
[ System Events ]
Error - 17.11.2012 08:14:56 | Computer Name = asus | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.139.2153.0     Aktualisierungsquelle: 
%%859     Aktualisierungsphase: %%853     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: 
%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8904.0     Fehlercode: 0x80240016     Fehlerbeschreibung: Unerwartetes
 Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
 oder zur Problembehandlung finden Sie unter "Hilfe und Support". 
 
Error - 18.11.2012 08:47:53 | Computer Name = asus | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.139.2168.0     Aktualisierungsquelle: 
%%859     Aktualisierungsphase: %%854     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: 
%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8904.0     Fehlercode: 0x80070643     Fehlerbeschreibung: Schwerwiegender
 Fehler bei der Installation. 
 
Error - 18.11.2012 08:48:07 | Computer Name = asus | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Definitionsupdate für Microsoft Security Essentials
 – KB2310138 (Definition 1.139.2333.0)
 
Error - 23.11.2012 05:22:06 | Computer Name = asus | Source = DCOM | ID = 10010
Description = 
 
Error - 06.12.2012 07:57:25 | Computer Name = asus | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PST Service" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 05.01.2013 14:05:46 | Computer Name = asus | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{9B1148F8-306D-454C-89FC-67A459AC14CE} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 06.01.2013 17:55:14 | Computer Name = asus | Source = DCOM | ID = 10016
Description = 
 
Error - 10.01.2013 08:12:57 | Computer Name = asus | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.141.3393.0     Aktualisierungsquelle: 
%%859     Aktualisierungsphase: %%854     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: 
%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.9002.0     Fehlercode: 0x80240016     Fehlerbeschreibung: Unerwartetes
 Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
 oder zur Problembehandlung finden Sie unter "Hilfe und Support". 
 
Error - 10.01.2013 08:12:57 | Computer Name = asus | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.141.3393.0     Aktualisierungsquelle: 
%%859     Aktualisierungsphase: %%854     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: 
%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.9002.0     Fehlercode: 0x80240016     Fehlerbeschreibung: Unerwartetes
 Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
 oder zur Problembehandlung finden Sie unter "Hilfe und Support". 
 
Error - 10.01.2013 08:12:57 | Computer Name = asus | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.141.3393.0     Aktualisierungsquelle: 
%%859     Aktualisierungsphase: %%853     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: 
%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.9002.0     Fehlercode: 0x80240016     Fehlerbeschreibung: Unerwartetes
 Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
 oder zur Problembehandlung finden Sie unter "Hilfe und Support". 
 
 
< End of report >
         
Code:
ATTFilter
# AdwCleaner v2.300 - Datei am 14/05/2013 um 23:56:56 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Joe - ASUS
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Joe\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Program Files (x86)\Ask.com
Ordner Gefunden : C:\ProgramData\Ask
Ordner Gefunden : C:\Users\Joe\AppData\Local\APN
Ordner Gefunden : C:\Users\Joe\AppData\Local\Temp\AskSearch
Ordner Gefunden : C:\Users\Joe\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\Joe\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\te0730jl.default-1368559837620\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [4237 octets] - [14/05/2013 23:56:56]

########## EOF - C:\AdwCleaner[R1].txt - [4297 octets] ##########
         
Code:
ATTFilter
# AdwCleaner v2.300 - Datei am 14/05/2013 um 23:57:48 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Joe - ASUS
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Joe\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\Users\Joe\AppData\Local\APN
Ordner Gelöscht : C:\Users\Joe\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\Joe\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Joe\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\te0730jl.default-1368559837620\prefs.js

C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\te0730jl.default-1368559837620\user.js ... Gelöscht !

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [4358 octets] - [14/05/2013 23:56:56]
AdwCleaner[S1].txt - [4410 octets] - [14/05/2013 23:57:48]

########## EOF - C:\AdwCleaner[S1].txt - [4470 octets] ##########
         

Geändert von flyingnoodls (15.05.2013 um 12:08 Uhr)

Alt 15.05.2013, 12:05   #2
flyingnoodls
 
Sparkassen-Trojaner - Standard

Sparkassen-Trojaner



Gmer log Teil 1

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-15 12:41:48
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.AX00 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Joe\AppData\Local\Temp\fxldrpoc.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                                     fffff800037fc000 65 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 626                                                                                     fffff800037fc042 4 bytes [00, 00, 00, 00]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000752e1465 2 bytes [2E, 75]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000752e14bb 2 bytes [2E, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess           00000000778208fc 6 bytes [68, A0, CF, 99, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W          00000000778325fd 6 bytes [68, BD, 57, 9A, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                    000000007783c45a 6 bytes [68, CB, D0, 99, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A          0000000077842a63 6 bytes [68, 03, 58, 9A, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W          0000000077864128 6 bytes [68, 49, 58, 9A, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A          000000007786e659 6 bytes [68, 8F, 58, 9A, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW       000000007605455c 6 bytes [68, 34, D3, 99, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\kernel32.dll!ExitProcess                00000000760579f8 6 bytes [68, F3, D2, 99, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\WS2_32.dll!closesocket                  0000000075d23918 6 bytes [68, 27, E3, 99, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\WS2_32.dll!getaddrinfo                  0000000075d24296 6 bytes [68, 38, DF, 99, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\WS2_32.dll!WSASend                      0000000075d24406 6 bytes [68, 80, E3, 99, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\WS2_32.dll!send                         0000000075d26f01 6 bytes [68, 5F, E3, 99, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\WS2_32.dll!gethostbyname                0000000075d37673 6 bytes [68, C8, DE, 99, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\WININET.dll!InternetCloseHandle         0000000075b1c664 6 bytes [68, DC, 08, 9A, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA              0000000075b1e13a 6 bytes [68, 7C, 0A, 9A, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\WININET.dll!InternetReadFile            0000000075b1f8d8 6 bytes [68, 49, 09, 9A, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable  0000000075b23184 6 bytes [68, 50, 0A, 9A, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA            0000000075b45761 6 bytes [68, 1E, 06, 9A, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW            0000000075b45fef 6 bytes [68, DA, 05, 9A, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\WININET.dll!HttpSendRequestW            0000000075b4632d 6 bytes [68, 62, 06, 9A, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\WININET.dll!InternetReadFileExA         0000000075b4fa49 6 bytes [68, 77, 09, 9A, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW          0000000075b5f564 6 bytes [68, 0C, 07, 9A, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\WININET.dll!HttpEndRequestA             0000000075b5f639 6 bytes [68, 46, 08, 9A, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer      0000000075b74f2f 6 bytes [68, F6, 09, 9A, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\WININET.dll!HttpSendRequestA            0000000075b7525a 6 bytes [68, B7, 06, 9A, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA          0000000075bbece5 6 bytes [68, A9, 07, 9A, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\WININET.dll!HttpEndRequestW             0000000075bbedb7 6 bytes [68, 91, 08, 9A, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!GetDC                        00000000751f72c4 6 bytes [68, 92, 18, 99, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!ReleaseDC                    00000000751f7446 6 bytes [68, 10, 19, 99, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!TranslateMessage             00000000751f7809 6 bytes [68, A5, 5D, 9A, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!GetMessageW                  00000000751f78e2 6 bytes [68, 22, DE, 99, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!GetMessageA                  00000000751f7bd3 6 bytes [68, 4A, DE, 99, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!GetWindowDC                  00000000751f8048 6 bytes [68, D1, 18, 99, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!RegisterClassW               00000000751f8a65 6 bytes [68, C1, 5A, 9A, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!RegisterClassExW             00000000751fb17d 6 bytes [68, 5B, 5B, 9A, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!RegisterClassExA             00000000751fdb98 6 bytes [68, AD, 5B, 9A, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!PeekMessageW                 00000000752005ba 6 bytes [68, 72, DE, 99, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!CallWindowProcW              0000000075200d32 6 bytes [68, F3, 59, 9A, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!GetCursorPos                 0000000075201218 6 bytes [68, 55, DC, 99, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!EndPaint                     0000000075201341 6 bytes [68, F7, 17, 99, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!BeginPaint                   0000000075201361 6 bytes [68, 87, 17, 99, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!GetMessagePos                0000000075202a8d 6 bytes [68, 23, DC, 99, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!GetCapture                   0000000075202aac 6 bytes [68, 83, DD, 99, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!GetDCEx                      0000000075203391 6 bytes [68, 37, 18, 99, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!RegisterClassA               000000007520434b 6 bytes [68, 0E, 5B, 9A, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!PeekMessageA                 0000000075205f74 6 bytes [68, 9D, DE, 99, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!GetUpdateRgn                 0000000075206222 6 bytes [68, E3, 19, 99, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!CallWindowProcA              000000007520792f 6 bytes [68, 3C, 5A, 9A, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!DefFrameProcA                0000000075207fbb 6 bytes [68, 1E, 59, 9A, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA             000000007520810c 6 bytes [68, AD, 59, 9A, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!DefFrameProcW                00000000752085c1 6 bytes [68, D5, 58, 9A, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW             00000000752086b4 6 bytes [68, 67, 59, 9A, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!GetUpdateRect                000000007521d41f 6 bytes [68, 50, 19, 99, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!ReleaseCapture               000000007521ed49 6 bytes [68, 33, DD, 99, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!SetCapture                   000000007521ed56 6 bytes [68, D9, DC, 99, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!SwitchDesktop                0000000075239854 6 bytes [68, 9F, 57, 9A, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!SetCursorPos                 0000000075239cfd 6 bytes [68, 9C, DC, 99, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!GetClipboardData             0000000075239f1d 6 bytes [68, 54, 5F, 9A, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!OpenInputDesktop             00000000752587cb 6 bytes [68, 4F, 57, 9A, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW       000000007570c592 6 bytes [68, B1, D3, 99, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA       0000000075742538 6 bytes [68, 9A, D3, 99, 02, C3]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69     00000000752e1465 2 bytes [2E, 75]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155    00000000752e14bb 2 bytes [2E, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore          0000000075841224 6 bytes [68, 89, 7E, 99, 02, C3]
.text     C:\Users\Joe\AppData\Roaming\Elaw\cyim.exe[2988] C:\Windows\syswow64\WS2_32.dll!getaddrinfo                                                            0000000075d24296 6 bytes [68, 38, DF, 41, 00, C3]
.text     C:\Users\Joe\AppData\Roaming\Elaw\cyim.exe[2988] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                                          0000000075d37673 6 bytes [68, C8, DE, 41, 00, C3]
.text     C:\Users\Joe\AppData\Roaming\Elaw\cyim.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                               00000000752e1465 2 bytes [2E, 75]
.text     C:\Users\Joe\AppData\Roaming\Elaw\cyim.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                              00000000752e14bb 2 bytes [2E, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess                                     00000000778208fc 6 bytes [68, A0, CF, 06, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W                                    00000000778325fd 6 bytes [68, BD, 57, 07, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                              000000007783c45a 6 bytes [68, CB, D0, 06, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A                                    0000000077842a63 6 bytes [68, 03, 58, 07, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W                                    0000000077864128 6 bytes [68, 49, 58, 07, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A                                    000000007786e659 6 bytes [68, 8F, 58, 07, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW                                 000000007605455c 6 bytes [68, 34, D3, 06, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\kernel32.dll!ExitProcess                                          00000000760579f8 6 bytes [68, F3, D2, 06, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!GetDC                                                  00000000751f72c4 6 bytes [68, 92, 18, 06, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!ReleaseDC                                              00000000751f7446 6 bytes [68, 10, 19, 06, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!TranslateMessage                                       00000000751f7809 6 bytes [68, A5, 5D, 07, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!GetMessageW                                            00000000751f78e2 6 bytes [68, 22, DE, 06, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!GetMessageA                                            00000000751f7bd3 6 bytes [68, 4A, DE, 06, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!GetWindowDC                                            00000000751f8048 6 bytes [68, D1, 18, 06, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!RegisterClassW                                         00000000751f8a65 6 bytes [68, C1, 5A, 07, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!RegisterClassExW                                       00000000751fb17d 6 bytes [68, 5B, 5B, 07, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!RegisterClassExA                                       00000000751fdb98 6 bytes [68, AD, 5B, 07, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!PeekMessageW                                           00000000752005ba 6 bytes [68, 72, DE, 06, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!CallWindowProcW                                        0000000075200d32 6 bytes [68, F3, 59, 07, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!GetCursorPos                                           0000000075201218 6 bytes [68, 55, DC, 06, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!EndPaint                                               0000000075201341 6 bytes [68, F7, 17, 06, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!BeginPaint                                             0000000075201361 6 bytes [68, 87, 17, 06, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!GetMessagePos                                          0000000075202a8d 6 bytes [68, 23, DC, 06, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!GetCapture                                             0000000075202aac 6 bytes [68, 83, DD, 06, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!GetDCEx                                                0000000075203391 6 bytes [68, 37, 18, 06, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!RegisterClassA                                         000000007520434b 6 bytes [68, 0E, 5B, 07, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!PeekMessageA                                           0000000075205f74 6 bytes [68, 9D, DE, 06, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!GetUpdateRgn                                           0000000075206222 6 bytes [68, E3, 19, 06, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!CallWindowProcA                                        000000007520792f 6 bytes [68, 3C, 5A, 07, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!DefFrameProcA                                          0000000075207fbb 6 bytes [68, 1E, 59, 07, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA                                       000000007520810c 6 bytes [68, AD, 59, 07, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!DefFrameProcW                                          00000000752085c1 6 bytes [68, D5, 58, 07, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW                                       00000000752086b4 6 bytes [68, 67, 59, 07, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!GetUpdateRect                                          000000007521d41f 6 bytes [68, 50, 19, 06, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!ReleaseCapture                                         000000007521ed49 6 bytes [68, 33, DD, 06, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!SetCapture                                             000000007521ed56 6 bytes [68, D9, DC, 06, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!SwitchDesktop                                          0000000075239854 6 bytes [68, 9F, 57, 07, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!SetCursorPos                                           0000000075239cfd 6 bytes [68, 9C, DC, 06, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!GetClipboardData                                       0000000075239f1d 6 bytes [68, 54, 5F, 07, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!OpenInputDesktop                                       00000000752587cb 6 bytes [68, 4F, 57, 07, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW                                 000000007570c592 6 bytes [68, B1, D3, 06, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                 0000000075742538 6 bytes [68, 9A, D3, 06, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\WS2_32.dll!closesocket                                            0000000075d23918 6 bytes [68, 27, E3, 06, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\WS2_32.dll!getaddrinfo                                            0000000075d24296 6 bytes [68, 38, DF, 06, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\WS2_32.dll!WSASend                                                0000000075d24406 6 bytes [68, 80, E3, 06, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\WS2_32.dll!send                                                   0000000075d26f01 6 bytes [68, 5F, E3, 06, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                          0000000075d37673 6 bytes [68, C8, DE, 06, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore                                    0000000075841224 6 bytes [68, 89, 7E, 06, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\WININET.dll!InternetCloseHandle                                   0000000075b1c664 6 bytes [68, DC, 08, 07, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA                                        0000000075b1e13a 6 bytes [68, 7C, 0A, 07, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\WININET.dll!InternetReadFile                                      0000000075b1f8d8 6 bytes [68, 49, 09, 07, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable                            0000000075b23184 6 bytes [68, 50, 0A, 07, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA                                      0000000075b45761 6 bytes [68, 1E, 06, 07, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW                                      0000000075b45fef 6 bytes [68, DA, 05, 07, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\WININET.dll!HttpSendRequestW                                      0000000075b4632d 6 bytes [68, 62, 06, 07, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\WININET.dll!InternetReadFileExA                                   0000000075b4fa49 6 bytes [68, 77, 09, 07, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW                                    0000000075b5f564 6 bytes [68, 0C, 07, 07, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\WININET.dll!HttpEndRequestA                                       0000000075b5f639 6 bytes [68, 46, 08, 07, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer                                0000000075b74f2f 6 bytes [68, F6, 09, 07, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\WININET.dll!HttpSendRequestA                                      0000000075b7525a 6 bytes [68, B7, 06, 07, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA                                    0000000075bbece5 6 bytes [68, A9, 07, 07, 02, C3]
.text     C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\WININET.dll!HttpEndRequestW                                       0000000075bbedb7 6 bytes [68, 91, 08, 07, 02, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess                                   00000000778208fc 4 bytes [68, A0, CF, 26]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5                               0000000077820901 1 byte [C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W                                  00000000778325fd 6 bytes [68, BD, 57, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                            000000007783c45a 6 bytes [68, CB, D0, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A                                  0000000077842a63 6 bytes [68, 03, 58, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W                                  0000000077864128 6 bytes [68, 49, 58, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A                                  000000007786e659 6 bytes [68, 8F, 58, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW                               000000007605455c 6 bytes [68, 34, D3, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\kernel32.dll!ExitProcess                                        00000000760579f8 6 bytes [68, F3, D2, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!GetDC                                                00000000751f72c4 4 bytes [68, 92, 18, 26]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!GetDC + 5                                            00000000751f72c9 1 byte [C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!ReleaseDC                                            00000000751f7446 6 bytes [68, 10, 19, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!TranslateMessage                                     00000000751f7809 6 bytes [68, A5, 5D, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!GetMessageW                                          00000000751f78e2 6 bytes [68, 22, DE, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!GetMessageA                                          00000000751f7bd3 6 bytes [68, 4A, DE, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!GetWindowDC                                          00000000751f8048 4 bytes [68, D1, 18, 26]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5                                      00000000751f804d 1 byte [C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!RegisterClassW                                       00000000751f8a65 6 bytes [68, C1, 5A, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!RegisterClassExW                                     00000000751fb17d 6 bytes [68, 5B, 5B, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!RegisterClassExA                                     00000000751fdb98 6 bytes [68, AD, 5B, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!PeekMessageW                                         00000000752005ba 6 bytes [68, 72, DE, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!CallWindowProcW                                      0000000075200d32 6 bytes [68, F3, 59, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!GetCursorPos                                         0000000075201218 6 bytes [68, 55, DC, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!EndPaint                                             0000000075201341 4 bytes [68, F7, 17, 26]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!EndPaint + 5                                         0000000075201346 1 byte [C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!BeginPaint                                           0000000075201361 4 bytes [68, 87, 17, 26]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!BeginPaint + 5                                       0000000075201366 1 byte [C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!GetMessagePos                                        0000000075202a8d 6 bytes [68, 23, DC, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!GetCapture                                           0000000075202aac 3 bytes [68, 83, DD]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!GetCapture + 4                                       0000000075202ab0 2 bytes [00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!GetDCEx                                              0000000075203391 4 bytes [68, 37, 18, 26]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!GetDCEx + 5                                          0000000075203396 1 byte [C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!RegisterClassA                                       000000007520434b 6 bytes [68, 0E, 5B, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!PeekMessageA                                         0000000075205f74 6 bytes [68, 9D, DE, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!GetUpdateRgn                                         0000000075206222 6 bytes [68, E3, 19, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!CallWindowProcA                                      000000007520792f 6 bytes [68, 3C, 5A, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!DefFrameProcA                                        0000000075207fbb 6 bytes [68, 1E, 59, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA                                     000000007520810c 6 bytes [68, AD, 59, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!DefFrameProcW                                        00000000752085c1 6 bytes [68, D5, 58, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW                                     00000000752086b4 6 bytes [68, 67, 59, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!GetUpdateRect                                        000000007521d41f 6 bytes [68, 50, 19, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!ReleaseCapture                                       000000007521ed49 6 bytes [68, 33, DD, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!SetCapture                                           000000007521ed56 4 bytes [68, D9, DC, 26]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!SetCapture + 5                                       000000007521ed5b 1 byte [C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!SwitchDesktop                                        0000000075239854 6 bytes [68, 9F, 57, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!SetCursorPos                                         0000000075239cfd 6 bytes [68, 9C, DC, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!GetClipboardData                                     0000000075239f1d 6 bytes [68, 54, 5F, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!OpenInputDesktop                                     00000000752587cb 4 bytes [68, 4F, 57, 27]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5                                 00000000752587d0 1 byte [C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW                               000000007570c592 6 bytes [68, B1, D3, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                               0000000075742538 6 bytes [68, 9A, D3, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore                                  0000000075841224 6 bytes [68, 89, 7E, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\WS2_32.dll!closesocket                                          0000000075d23918 6 bytes [68, 27, E3, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\WS2_32.dll!getaddrinfo                                          0000000075d24296 6 bytes [68, 38, DF, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\WS2_32.dll!WSASend                                              0000000075d24406 6 bytes [68, 80, E3, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\WS2_32.dll!send                                                 0000000075d26f01 6 bytes [68, 5F, E3, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                        0000000075d37673 6 bytes [68, C8, DE, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\WININET.dll!InternetCloseHandle                                 0000000075b1c664 6 bytes [68, DC, 08, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA                                      0000000075b1e13a 6 bytes [68, 7C, 0A, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\WININET.dll!InternetReadFile                                    0000000075b1f8d8 6 bytes [68, 49, 09, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable                          0000000075b23184 6 bytes [68, 50, 0A, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA                                    0000000075b45761 6 bytes [68, 1E, 06, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW                                    0000000075b45fef 6 bytes [68, DA, 05, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\WININET.dll!HttpSendRequestW                                    0000000075b4632d 6 bytes [68, 62, 06, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\WININET.dll!InternetReadFileExA                                 0000000075b4fa49 6 bytes [68, 77, 09, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW                                  0000000075b5f564 6 bytes [68, 0C, 07, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\WININET.dll!HttpEndRequestA                                     0000000075b5f639 6 bytes [68, 46, 08, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer                              0000000075b74f2f 6 bytes [68, F6, 09, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\WININET.dll!HttpSendRequestA                                    0000000075b7525a 6 bytes [68, B7, 06, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA                                  0000000075bbece5 6 bytes [68, A9, 07, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\WININET.dll!HttpEndRequestW                                     0000000075bbedb7 6 bytes [68, 91, 08, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess                            00000000778208fc 4 bytes [68, A0, CF, 24]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5                        0000000077820901 1 byte [C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W                           00000000778325fd 6 bytes [68, BD, 57, 25, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                     000000007783c45a 6 bytes [68, CB, D0, 24, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A                           0000000077842a63 6 bytes [68, 03, 58, 25, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W                           0000000077864128 6 bytes [68, 49, 58, 25, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A                           000000007786e659 6 bytes [68, 8F, 58, 25, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW                        000000007605455c 6 bytes [68, 34, D3, 24, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\kernel32.dll!ExitProcess                                 00000000760579f8 6 bytes [68, F3, D2, 24, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!GetDC                                         00000000751f72c4 4 bytes [68, 92, 18, 24]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!GetDC + 5                                     00000000751f72c9 1 byte [C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!ReleaseDC                                     00000000751f7446 6 bytes [68, 10, 19, 24, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!TranslateMessage                              00000000751f7809 6 bytes [68, A5, 5D, 25, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!GetMessageW                                   00000000751f78e2 6 bytes [68, 22, DE, 24, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!GetMessageA                                   00000000751f7bd3 6 bytes [68, 4A, DE, 24, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!GetWindowDC                                   00000000751f8048 4 bytes [68, D1, 18, 24]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5                               00000000751f804d 1 byte [C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!RegisterClassW                                00000000751f8a65 6 bytes [68, C1, 5A, 25, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!RegisterClassExW                              00000000751fb17d 6 bytes [68, 5B, 5B, 25, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!RegisterClassExA                              00000000751fdb98 6 bytes [68, AD, 5B, 25, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!PeekMessageW                                  00000000752005ba 6 bytes [68, 72, DE, 24, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!CallWindowProcW                               0000000075200d32 6 bytes [68, F3, 59, 25, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!GetCursorPos                                  0000000075201218 6 bytes [68, 55, DC, 24, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!EndPaint                                      0000000075201341 4 bytes [68, F7, 17, 24]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!EndPaint + 5                                  0000000075201346 1 byte [C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!BeginPaint                                    0000000075201361 4 bytes [68, 87, 17, 24]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!BeginPaint + 5                                0000000075201366 1 byte [C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!GetMessagePos                                 0000000075202a8d 6 bytes [68, 23, DC, 24, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!GetCapture                                    0000000075202aac 6 bytes [68, 83, DD, 24, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!GetDCEx                                       0000000075203391 4 bytes [68, 37, 18, 24]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!GetDCEx + 5                                   0000000075203396 1 byte [C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!RegisterClassA                                000000007520434b 6 bytes [68, 0E, 5B, 25, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!PeekMessageA                                  0000000075205f74 6 bytes [68, 9D, DE, 24, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!GetUpdateRgn                                  0000000075206222 6 bytes [68, E3, 19, 24, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!CallWindowProcA                               000000007520792f 6 bytes [68, 3C, 5A, 25, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!DefFrameProcA                                 0000000075207fbb 6 bytes [68, 1E, 59, 25, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA                              000000007520810c 6 bytes [68, AD, 59, 25, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!DefFrameProcW                                 00000000752085c1 6 bytes [68, D5, 58, 25, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW                              00000000752086b4 6 bytes [68, 67, 59, 25, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!GetUpdateRect                                 000000007521d41f 6 bytes [68, 50, 19, 24, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!ReleaseCapture                                000000007521ed49 6 bytes [68, 33, DD, 24, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!SetCapture                                    000000007521ed56 4 bytes [68, D9, DC, 24]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!SetCapture + 5                                000000007521ed5b 1 byte [C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!SwitchDesktop                                 0000000075239854 6 bytes [68, 9F, 57, 25, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!SetCursorPos                                  0000000075239cfd 6 bytes [68, 9C, DC, 24, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!GetClipboardData                              0000000075239f1d 6 bytes [68, 54, 5F, 25, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!OpenInputDesktop                              00000000752587cb 4 bytes [68, 4F, 57, 25]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5                          00000000752587d0 1 byte [C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW                        000000007570c592 6 bytes [68, B1, D3, 24, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                        0000000075742538 6 bytes [68, 9A, D3, 24, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\WS2_32.dll!closesocket                                   0000000075d23918 6 bytes [68, 27, E3, 24, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\WS2_32.dll!getaddrinfo                                   0000000075d24296 6 bytes [68, 38, DF, 24, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\WS2_32.dll!WSASend                                       0000000075d24406 6 bytes [68, 80, E3, 24, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\WS2_32.dll!send                                          0000000075d26f01 6 bytes [68, 5F, E3, 24, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                 0000000075d37673 6 bytes [68, C8, DE, 24, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore                           0000000075841224 6 bytes [68, 89, 7E, 24, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\WININET.dll!InternetCloseHandle                          0000000075b1c664 6 bytes [68, DC, 08, 25, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA                               0000000075b1e13a 6 bytes [68, 7C, 0A, 25, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\WININET.dll!InternetReadFile                             0000000075b1f8d8 6 bytes [68, 49, 09, 25, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable                   0000000075b23184 6 bytes [68, 50, 0A, 25, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA                             0000000075b45761 6 bytes [68, 1E, 06, 25, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW                             0000000075b45fef 6 bytes [68, DA, 05, 25, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\WININET.dll!HttpSendRequestW                             0000000075b4632d 6 bytes [68, 62, 06, 25, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\WININET.dll!InternetReadFileExA                          0000000075b4fa49 6 bytes [68, 77, 09, 25, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW                           0000000075b5f564 6 bytes [68, 0C, 07, 25, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\WININET.dll!HttpEndRequestA                              0000000075b5f639 6 bytes [68, 46, 08, 25, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer                       0000000075b74f2f 6 bytes [68, F6, 09, 25, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\WININET.dll!HttpSendRequestA                             0000000075b7525a 6 bytes [68, B7, 06, 25, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA                           0000000075bbece5 6 bytes [68, A9, 07, 25, 00, C3]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\WININET.dll!HttpEndRequestW                              0000000075bbedb7 6 bytes [68, 91, 08, 25, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess                                    00000000778208fc 4 bytes [68, A0, CF, 6C]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5                                0000000077820901 1 byte [C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W                                   00000000778325fd 6 bytes [68, BD, 57, 6D, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                             000000007783c45a 6 bytes [68, CB, D0, 6C, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A                                   0000000077842a63 6 bytes [68, 03, 58, 6D, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W                                   0000000077864128 6 bytes [68, 49, 58, 6D, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A                                   000000007786e659 6 bytes [68, 8F, 58, 6D, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW                                000000007605455c 6 bytes [68, 34, D3, 6C, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\kernel32.dll!ExitProcess                                         00000000760579f8 6 bytes [68, F3, D2, 6C, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\WS2_32.dll!closesocket                                           0000000075d23918 6 bytes [68, 27, E3, 6C, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\WS2_32.dll!getaddrinfo                                           0000000075d24296 6 bytes [68, 38, DF, 6C, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\WS2_32.dll!WSASend                                               0000000075d24406 6 bytes [68, 80, E3, 6C, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\WS2_32.dll!send                                                  0000000075d26f01 6 bytes [68, 5F, E3, 6C, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                         0000000075d37673 6 bytes [68, C8, DE, 6C, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!GetDC                                                 00000000751f72c4 4 bytes [68, 92, 18, 6C]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!GetDC + 5                                             00000000751f72c9 1 byte [C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!ReleaseDC                                             00000000751f7446 6 bytes [68, 10, 19, 6C, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!TranslateMessage                                      00000000751f7809 6 bytes [68, A5, 5D, 6D, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!GetMessageW                                           00000000751f78e2 6 bytes [68, 22, DE, 6C, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!GetMessageA                                           00000000751f7bd3 6 bytes [68, 4A, DE, 6C, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!GetWindowDC                                           00000000751f8048 4 bytes [68, D1, 18, 6C]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5                                       00000000751f804d 1 byte [C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!RegisterClassW                                        00000000751f8a65 6 bytes [68, C1, 5A, 6D, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!RegisterClassExW                                      00000000751fb17d 6 bytes [68, 5B, 5B, 6D, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!RegisterClassExA                                      00000000751fdb98 6 bytes [68, AD, 5B, 6D, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!PeekMessageW                                          00000000752005ba 6 bytes [68, 72, DE, 6C, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!CallWindowProcW                                       0000000075200d32 6 bytes [68, F3, 59, 6D, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!GetCursorPos                                          0000000075201218 6 bytes [68, 55, DC, 6C, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!EndPaint                                              0000000075201341 4 bytes [68, F7, 17, 6C]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!EndPaint + 5                                          0000000075201346 1 byte [C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!BeginPaint                                            0000000075201361 4 bytes [68, 87, 17, 6C]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!BeginPaint + 5                                        0000000075201366 1 byte [C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!GetMessagePos                                         0000000075202a8d 6 bytes [68, 23, DC, 6C, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!GetCapture                                            0000000075202aac 6 bytes [68, 83, DD, 6C, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!GetDCEx                                               0000000075203391 4 bytes [68, 37, 18, 6C]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!GetDCEx + 5                                           0000000075203396 1 byte [C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!RegisterClassA                                        000000007520434b 6 bytes [68, 0E, 5B, 6D, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!PeekMessageA                                          0000000075205f74 6 bytes [68, 9D, DE, 6C, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!GetUpdateRgn                                          0000000075206222 6 bytes [68, E3, 19, 6C, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!CallWindowProcA                                       000000007520792f 6 bytes [68, 3C, 5A, 6D, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!DefFrameProcA                                         0000000075207fbb 6 bytes [68, 1E, 59, 6D, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA                                      000000007520810c 6 bytes [68, AD, 59, 6D, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!DefFrameProcW                                         00000000752085c1 6 bytes [68, D5, 58, 6D, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW                                      00000000752086b4 6 bytes [68, 67, 59, 6D, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!GetUpdateRect                                         000000007521d41f 6 bytes [68, 50, 19, 6C, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!ReleaseCapture                                        000000007521ed49 6 bytes [68, 33, DD, 6C, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!SetCapture                                            000000007521ed56 4 bytes [68, D9, DC, 6C]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!SetCapture + 5                                        000000007521ed5b 1 byte [C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!SwitchDesktop                                         0000000075239854 6 bytes [68, 9F, 57, 6D, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!SetCursorPos                                          0000000075239cfd 6 bytes [68, 9C, DC, 6C, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!GetClipboardData                                      0000000075239f1d 6 bytes [68, 54, 5F, 6D, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!OpenInputDesktop                                      00000000752587cb 4 bytes [68, 4F, 57, 6D]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5                                  00000000752587d0 1 byte [C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW                                000000007570c592 6 bytes [68, B1, D3, 6C, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                0000000075742538 6 bytes [68, 9A, D3, 6C, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore                                   0000000075841224 6 bytes [68, 89, 7E, 6C, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\WININET.dll!InternetCloseHandle                                  0000000075b1c664 6 bytes [68, DC, 08, 6D, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA                                       0000000075b1e13a 6 bytes [68, 7C, 0A, 6D, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\WININET.dll!InternetReadFile                                     0000000075b1f8d8 6 bytes [68, 49, 09, 6D, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable                           0000000075b23184 6 bytes [68, 50, 0A, 6D, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA                                     0000000075b45761 6 bytes [68, 1E, 06, 6D, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW                                     0000000075b45fef 6 bytes [68, DA, 05, 6D, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\WININET.dll!HttpSendRequestW                                     0000000075b4632d 6 bytes [68, 62, 06, 6D, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\WININET.dll!InternetReadFileExA                                  0000000075b4fa49 6 bytes [68, 77, 09, 6D, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW                                   0000000075b5f564 6 bytes [68, 0C, 07, 6D, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\WININET.dll!HttpEndRequestA                                      0000000075b5f639 6 bytes [68, 46, 08, 6D, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer                               0000000075b74f2f 6 bytes [68, F6, 09, 6D, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\WININET.dll!HttpSendRequestA                                     0000000075b7525a 6 bytes [68, B7, 06, 6D, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA                                   0000000075bbece5 6 bytes [68, A9, 07, 6D, 00, C3]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\WININET.dll!HttpEndRequestW                                      0000000075bbedb7 6 bytes [68, 91, 08, 6D, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess                                         00000000778208fc 4 bytes [68, A0, CF, 1A]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5                                     0000000077820901 1 byte [C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W                                        00000000778325fd 6 bytes [68, BD, 57, 1B, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                  000000007783c45a 6 bytes [68, CB, D0, 1A, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A                                        0000000077842a63 6 bytes [68, 03, 58, 1B, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W                                        0000000077864128 6 bytes [68, 49, 58, 1B, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A                                        000000007786e659 6 bytes [68, 8F, 58, 1B, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW                                     000000007605455c 6 bytes [68, 34, D3, 1A, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\kernel32.dll!ExitProcess                                              00000000760579f8 6 bytes [68, F3, D2, 1A, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!GetDC                                                      00000000751f72c4 4 bytes [68, 92, 18, 1A]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!GetDC + 5                                                  00000000751f72c9 1 byte [C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!ReleaseDC                                                  00000000751f7446 6 bytes [68, 10, 19, 1A, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!TranslateMessage                                           00000000751f7809 6 bytes [68, A5, 5D, 1B, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!GetMessageW                                                00000000751f78e2 6 bytes [68, 22, DE, 1A, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!GetMessageA                                                00000000751f7bd3 6 bytes [68, 4A, DE, 1A, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!GetWindowDC                                                00000000751f8048 4 bytes [68, D1, 18, 1A]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5                                            00000000751f804d 1 byte [C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!RegisterClassW                                             00000000751f8a65 6 bytes [68, C1, 5A, 1B, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!RegisterClassExW                                           00000000751fb17d 6 bytes [68, 5B, 5B, 1B, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!RegisterClassExA                                           00000000751fdb98 6 bytes [68, AD, 5B, 1B, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!PeekMessageW                                               00000000752005ba 6 bytes [68, 72, DE, 1A, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!CallWindowProcW                                            0000000075200d32 6 bytes [68, F3, 59, 1B, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!GetCursorPos                                               0000000075201218 6 bytes [68, 55, DC, 1A, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!EndPaint                                                   0000000075201341 4 bytes [68, F7, 17, 1A]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!EndPaint + 5                                               0000000075201346 1 byte [C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!BeginPaint                                                 0000000075201361 4 bytes [68, 87, 17, 1A]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!BeginPaint + 5                                             0000000075201366 1 byte [C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!GetMessagePos                                              0000000075202a8d 6 bytes [68, 23, DC, 1A, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!GetCapture                                                 0000000075202aac 6 bytes [68, 83, DD, 1A, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!GetDCEx                                                    0000000075203391 4 bytes [68, 37, 18, 1A]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!GetDCEx + 5                                                0000000075203396 1 byte [C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!RegisterClassA                                             000000007520434b 6 bytes [68, 0E, 5B, 1B, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!PeekMessageA                                               0000000075205f74 6 bytes [68, 9D, DE, 1A, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!GetUpdateRgn                                               0000000075206222 6 bytes [68, E3, 19, 1A, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!CallWindowProcA                                            000000007520792f 6 bytes [68, 3C, 5A, 1B, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!DefFrameProcA                                              0000000075207fbb 6 bytes [68, 1E, 59, 1B, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA                                           000000007520810c 6 bytes [68, AD, 59, 1B, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!DefFrameProcW                                              00000000752085c1 6 bytes [68, D5, 58, 1B, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW                                           00000000752086b4 6 bytes [68, 67, 59, 1B, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!GetUpdateRect                                              000000007521d41f 6 bytes [68, 50, 19, 1A, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!ReleaseCapture                                             000000007521ed49 6 bytes [68, 33, DD, 1A, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!SetCapture                                                 000000007521ed56 4 bytes [68, D9, DC, 1A]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!SetCapture + 5                                             000000007521ed5b 1 byte [C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!SwitchDesktop                                              0000000075239854 6 bytes [68, 9F, 57, 1B, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!SetCursorPos                                               0000000075239cfd 6 bytes [68, 9C, DC, 1A, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!GetClipboardData                                           0000000075239f1d 6 bytes [68, 54, 5F, 1B, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!OpenInputDesktop                                           00000000752587cb 4 bytes [68, 4F, 57, 1B]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5                                       00000000752587d0 1 byte [C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW                                     000000007570c592 6 bytes [68, B1, D3, 1A, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                     0000000075742538 6 bytes [68, 9A, D3, 1A, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\WININET.dll!InternetCloseHandle                                       0000000075b1c664 6 bytes [68, DC, 08, 1B, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA                                            0000000075b1e13a 6 bytes [68, 7C, 0A, 1B, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\WININET.dll!InternetReadFile                                          0000000075b1f8d8 6 bytes [68, 49, 09, 1B, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable                                0000000075b23184 6 bytes [68, 50, 0A, 1B, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA                                          0000000075b45761 6 bytes [68, 1E, 06, 1B, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW                                          0000000075b45fef 6 bytes [68, DA, 05, 1B, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\WININET.dll!HttpSendRequestW                                          0000000075b4632d 6 bytes [68, 62, 06, 1B, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\WININET.dll!InternetReadFileExA                                       0000000075b4fa49 6 bytes [68, 77, 09, 1B, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW                                        0000000075b5f564 6 bytes [68, 0C, 07, 1B, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\WININET.dll!HttpEndRequestA                                           0000000075b5f639 6 bytes [68, 46, 08, 1B, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer                                    0000000075b74f2f 6 bytes [68, F6, 09, 1B, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\WININET.dll!HttpSendRequestA                                          0000000075b7525a 6 bytes [68, B7, 06, 1B, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA                                        0000000075bbece5 6 bytes [68, A9, 07, 1B, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\WININET.dll!HttpEndRequestW                                           0000000075bbedb7 6 bytes [68, 91, 08, 1B, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore                                        0000000075841224 6 bytes [68, 89, 7E, 1A, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\WS2_32.dll!closesocket                                                0000000075d23918 6 bytes [68, 27, E3, 1A, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\WS2_32.dll!getaddrinfo                                                0000000075d24296 6 bytes [68, 38, DF, 1A, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\WS2_32.dll!WSASend                                                    0000000075d24406 6 bytes [68, 80, E3, 1A, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\WS2_32.dll!send                                                       0000000075d26f01 6 bytes [68, 5F, E3, 1A, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                              0000000075d37673 6 bytes [68, C8, DE, 1A, 00, C3]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                   00000000752e1465 2 bytes [2E, 75]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  00000000752e14bb 2 bytes [2E, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess                               00000000778208fc 4 bytes [68, A0, CF, 1A]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5                           0000000077820901 1 byte [C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W                              00000000778325fd 6 bytes [68, BD, 57, 1B, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                        000000007783c45a 6 bytes [68, CB, D0, 1A, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A                              0000000077842a63 6 bytes [68, 03, 58, 1B, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W                              0000000077864128 6 bytes [68, 49, 58, 1B, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A                              000000007786e659 6 bytes [68, 8F, 58, 1B, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW                           000000007605455c 6 bytes [68, 34, D3, 1A, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\kernel32.dll!ExitProcess                                    00000000760579f8 6 bytes [68, F3, D2, 1A, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW                           000000007570c592 6 bytes [68, B1, D3, 1A, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                           0000000075742538 6 bytes [68, 9A, D3, 1A, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!GetDC                                            00000000751f72c4 4 bytes [68, 92, 18, 1A]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!GetDC + 5                                        00000000751f72c9 1 byte [C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!ReleaseDC                                        00000000751f7446 6 bytes [68, 10, 19, 1A, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!TranslateMessage                                 00000000751f7809 6 bytes [68, A5, 5D, 1B, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!GetMessageW                                      00000000751f78e2 6 bytes [68, 22, DE, 1A, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!GetMessageA                                      00000000751f7bd3 6 bytes [68, 4A, DE, 1A, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!GetWindowDC                                      00000000751f8048 4 bytes [68, D1, 18, 1A]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5                                  00000000751f804d 1 byte [C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!RegisterClassW                                   00000000751f8a65 6 bytes [68, C1, 5A, 1B, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!RegisterClassExW                                 00000000751fb17d 6 bytes [68, 5B, 5B, 1B, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!RegisterClassExA                                 00000000751fdb98 6 bytes [68, AD, 5B, 1B, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!PeekMessageW                                     00000000752005ba 6 bytes [68, 72, DE, 1A, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!CallWindowProcW                                  0000000075200d32 6 bytes [68, F3, 59, 1B, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!GetCursorPos                                     0000000075201218 6 bytes [68, 55, DC, 1A, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!EndPaint                                         0000000075201341 4 bytes [68, F7, 17, 1A]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!EndPaint + 5                                     0000000075201346 1 byte [C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!BeginPaint                                       0000000075201361 4 bytes [68, 87, 17, 1A]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!BeginPaint + 5                                   0000000075201366 1 byte [C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!GetMessagePos                                    0000000075202a8d 6 bytes [68, 23, DC, 1A, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!GetCapture                                       0000000075202aac 6 bytes [68, 83, DD, 1A, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!GetDCEx                                          0000000075203391 4 bytes [68, 37, 18, 1A]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!GetDCEx + 5                                      0000000075203396 1 byte [C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!RegisterClassA                                   000000007520434b 6 bytes [68, 0E, 5B, 1B, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!PeekMessageA                                     0000000075205f74 6 bytes [68, 9D, DE, 1A, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!GetUpdateRgn                                     0000000075206222 6 bytes [68, E3, 19, 1A, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!CallWindowProcA                                  000000007520792f 6 bytes [68, 3C, 5A, 1B, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!DefFrameProcA                                    0000000075207fbb 6 bytes [68, 1E, 59, 1B, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA                                 000000007520810c 6 bytes [68, AD, 59, 1B, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!DefFrameProcW                                    00000000752085c1 6 bytes [68, D5, 58, 1B, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW                                 00000000752086b4 6 bytes [68, 67, 59, 1B, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!GetUpdateRect                                    000000007521d41f 6 bytes [68, 50, 19, 1A, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!ReleaseCapture                                   000000007521ed49 6 bytes [68, 33, DD, 1A, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!SetCapture                                       000000007521ed56 4 bytes [68, D9, DC, 1A]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!SetCapture + 5                                   000000007521ed5b 1 byte [C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!SwitchDesktop                                    0000000075239854 6 bytes [68, 9F, 57, 1B, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!SetCursorPos                                     0000000075239cfd 6 bytes [68, 9C, DC, 1A, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!GetClipboardData                                 0000000075239f1d 6 bytes [68, 54, 5F, 1B, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!OpenInputDesktop                                 00000000752587cb 4 bytes [68, 4F, 57, 1B]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5                             00000000752587d0 1 byte [C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\WININET.dll!InternetCloseHandle                             0000000075b1c664 6 bytes [68, DC, 08, 1B, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA                                  0000000075b1e13a 6 bytes [68, 7C, 0A, 1B, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\WININET.dll!InternetReadFile                                0000000075b1f8d8 6 bytes [68, 49, 09, 1B, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable                      0000000075b23184 6 bytes [68, 50, 0A, 1B, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA                                0000000075b45761 6 bytes [68, 1E, 06, 1B, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW                                0000000075b45fef 6 bytes [68, DA, 05, 1B, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\WININET.dll!HttpSendRequestW                                0000000075b4632d 6 bytes [68, 62, 06, 1B, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\WININET.dll!InternetReadFileExA                             0000000075b4fa49 6 bytes [68, 77, 09, 1B, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW                              0000000075b5f564 6 bytes [68, 0C, 07, 1B, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\WININET.dll!HttpEndRequestA                                 0000000075b5f639 6 bytes [68, 46, 08, 1B, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer                          0000000075b74f2f 6 bytes [68, F6, 09, 1B, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\WININET.dll!HttpSendRequestA                                0000000075b7525a 6 bytes [68, B7, 06, 1B, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA                              0000000075bbece5 6 bytes [68, A9, 07, 1B, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\WININET.dll!HttpEndRequestW                                 0000000075bbedb7 6 bytes [68, 91, 08, 1B, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\WS2_32.dll!closesocket                                      0000000075d23918 6 bytes [68, 27, E3, 1A, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\WS2_32.dll!getaddrinfo                                      0000000075d24296 6 bytes [68, 38, DF, 1A, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\WS2_32.dll!WSASend                                          0000000075d24406 6 bytes [68, 80, E3, 1A, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\WS2_32.dll!send                                             0000000075d26f01 6 bytes [68, 5F, E3, 1A, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                    0000000075d37673 6 bytes [68, C8, DE, 1A, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore                              0000000075841224 6 bytes [68, 89, 7E, 1A, 00, C3]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                         00000000752e1465 2 bytes [2E, 75]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        00000000752e14bb 2 bytes [2E, 75]
.text     ...
         
__________________


Alt 15.05.2013, 12:06   #3
flyingnoodls
 
Sparkassen-Trojaner - Standard

Sparkassen-Trojaner



Gmer log Teil 2:

Code:
ATTFilter
                                      * 2
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess                                                 00000000778208fc 4 bytes [68, A0, CF, 26]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5                                             0000000077820901 1 byte [C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W                                                00000000778325fd 6 bytes [68, BD, 57, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                          000000007783c45a 6 bytes [68, CB, D0, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A                                                0000000077842a63 6 bytes [68, 03, 58, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W                                                0000000077864128 6 bytes [68, 49, 58, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A                                                000000007786e659 6 bytes [68, 8F, 58, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW                                             000000007605455c 6 bytes [68, 34, D3, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\kernel32.dll!ExitProcess                                                      00000000760579f8 6 bytes [68, F3, D2, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!GetDC                                                              00000000751f72c4 4 bytes [68, 92, 18, 26]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!GetDC + 5                                                          00000000751f72c9 1 byte [C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!ReleaseDC                                                          00000000751f7446 6 bytes [68, 10, 19, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!TranslateMessage                                                   00000000751f7809 6 bytes [68, A5, 5D, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!GetMessageW                                                        00000000751f78e2 6 bytes [68, 22, DE, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!GetMessageA                                                        00000000751f7bd3 6 bytes [68, 4A, DE, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!GetWindowDC                                                        00000000751f8048 4 bytes [68, D1, 18, 26]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5                                                    00000000751f804d 1 byte [C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!RegisterClassW                                                     00000000751f8a65 6 bytes [68, C1, 5A, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!RegisterClassExW                                                   00000000751fb17d 6 bytes [68, 5B, 5B, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!RegisterClassExA                                                   00000000751fdb98 6 bytes [68, AD, 5B, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!PeekMessageW                                                       00000000752005ba 6 bytes [68, 72, DE, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!CallWindowProcW                                                    0000000075200d32 6 bytes [68, F3, 59, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!GetCursorPos                                                       0000000075201218 6 bytes [68, 55, DC, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!EndPaint                                                           0000000075201341 4 bytes [68, F7, 17, 26]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!EndPaint + 5                                                       0000000075201346 1 byte [C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!BeginPaint                                                         0000000075201361 4 bytes [68, 87, 17, 26]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!BeginPaint + 5                                                     0000000075201366 1 byte [C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!GetMessagePos                                                      0000000075202a8d 6 bytes [68, 23, DC, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!GetCapture                                                         0000000075202aac 3 bytes [68, 83, DD]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!GetCapture + 4                                                     0000000075202ab0 2 bytes [00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!GetDCEx                                                            0000000075203391 4 bytes [68, 37, 18, 26]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!GetDCEx + 5                                                        0000000075203396 1 byte [C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!RegisterClassA                                                     000000007520434b 6 bytes [68, 0E, 5B, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!PeekMessageA                                                       0000000075205f74 6 bytes [68, 9D, DE, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!GetUpdateRgn                                                       0000000075206222 6 bytes [68, E3, 19, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!CallWindowProcA                                                    000000007520792f 6 bytes [68, 3C, 5A, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!DefFrameProcA                                                      0000000075207fbb 6 bytes [68, 1E, 59, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA                                                   000000007520810c 6 bytes [68, AD, 59, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!DefFrameProcW                                                      00000000752085c1 6 bytes [68, D5, 58, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW                                                   00000000752086b4 6 bytes [68, 67, 59, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!GetUpdateRect                                                      000000007521d41f 6 bytes [68, 50, 19, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!ReleaseCapture                                                     000000007521ed49 6 bytes [68, 33, DD, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!SetCapture                                                         000000007521ed56 4 bytes [68, D9, DC, 26]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!SetCapture + 5                                                     000000007521ed5b 1 byte [C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!SwitchDesktop                                                      0000000075239854 6 bytes [68, 9F, 57, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!SetCursorPos                                                       0000000075239cfd 6 bytes [68, 9C, DC, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                   0000000075239f1d 6 bytes [68, 54, 5F, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!OpenInputDesktop                                                   00000000752587cb 4 bytes [68, 4F, 57, 27]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5                                               00000000752587d0 1 byte [C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW                                             000000007570c592 6 bytes [68, B1, D3, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                             0000000075742538 6 bytes [68, 9A, D3, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\WS2_32.dll!closesocket                                                        0000000075d23918 6 bytes [68, 27, E3, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\WS2_32.dll!getaddrinfo                                                        0000000075d24296 6 bytes [68, 38, DF, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\WS2_32.dll!WSASend                                                            0000000075d24406 6 bytes [68, 80, E3, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\WS2_32.dll!send                                                               0000000075d26f01 6 bytes [68, 5F, E3, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                                      0000000075d37673 6 bytes [68, C8, DE, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore                                                0000000075841224 6 bytes [68, 89, 7E, 26, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\WININET.dll!InternetCloseHandle                                               0000000075b1c664 6 bytes [68, DC, 08, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA                                                    0000000075b1e13a 6 bytes [68, 7C, 0A, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\WININET.dll!InternetReadFile                                                  0000000075b1f8d8 6 bytes [68, 49, 09, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable                                        0000000075b23184 6 bytes [68, 50, 0A, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA                                                  0000000075b45761 6 bytes [68, 1E, 06, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW                                                  0000000075b45fef 6 bytes [68, DA, 05, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\WININET.dll!HttpSendRequestW                                                  0000000075b4632d 6 bytes [68, 62, 06, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\WININET.dll!InternetReadFileExA                                               0000000075b4fa49 6 bytes [68, 77, 09, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW                                                0000000075b5f564 6 bytes [68, 0C, 07, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\WININET.dll!HttpEndRequestA                                                   0000000075b5f639 6 bytes [68, 46, 08, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer                                            0000000075b74f2f 6 bytes [68, F6, 09, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\WININET.dll!HttpSendRequestA                                                  0000000075b7525a 6 bytes [68, B7, 06, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA                                                0000000075bbece5 6 bytes [68, A9, 07, 27, 00, C3]
.text     C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\WININET.dll!HttpEndRequestW                                                   0000000075bbedb7 6 bytes [68, 91, 08, 27, 00, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess                                                               00000000778208fc 6 bytes [68, A0, CF, 99, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W                                                              00000000778325fd 6 bytes [68, BD, 57, 9A, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                        000000007783c45a 6 bytes [68, CB, D0, 99, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A                                                              0000000077842a63 6 bytes [68, 03, 58, 9A, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W                                                              0000000077864128 6 bytes [68, 49, 58, 9A, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A                                                              000000007786e659 6 bytes [68, 8F, 58, 9A, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW                                                           000000007605455c 6 bytes [68, 34, D3, 99, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\kernel32.dll!ExitProcess                                                                    00000000760579f8 6 bytes [68, F3, D2, 99, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!GetDC                                                                            00000000751f72c4 6 bytes [68, 92, 18, 99, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!ReleaseDC                                                                        00000000751f7446 6 bytes [68, 10, 19, 99, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!TranslateMessage                                                                 00000000751f7809 6 bytes [68, A5, 5D, 9A, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!GetMessageW                                                                      00000000751f78e2 6 bytes [68, 22, DE, 99, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!GetMessageA                                                                      00000000751f7bd3 6 bytes [68, 4A, DE, 99, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!GetWindowDC                                                                      00000000751f8048 6 bytes [68, D1, 18, 99, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!RegisterClassW                                                                   00000000751f8a65 6 bytes [68, C1, 5A, 9A, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!RegisterClassExW                                                                 00000000751fb17d 6 bytes [68, 5B, 5B, 9A, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!RegisterClassExA                                                                 00000000751fdb98 6 bytes [68, AD, 5B, 9A, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!PeekMessageW                                                                     00000000752005ba 6 bytes [68, 72, DE, 99, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!CallWindowProcW                                                                  0000000075200d32 6 bytes [68, F3, 59, 9A, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!GetCursorPos                                                                     0000000075201218 6 bytes [68, 55, DC, 99, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!EndPaint                                                                         0000000075201341 6 bytes [68, F7, 17, 99, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!BeginPaint                                                                       0000000075201361 6 bytes [68, 87, 17, 99, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!GetMessagePos                                                                    0000000075202a8d 6 bytes [68, 23, DC, 99, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!GetCapture                                                                       0000000075202aac 6 bytes [68, 83, DD, 99, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!GetDCEx                                                                          0000000075203391 6 bytes [68, 37, 18, 99, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!RegisterClassA                                                                   000000007520434b 6 bytes [68, 0E, 5B, 9A, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!PeekMessageA                                                                     0000000075205f74 6 bytes [68, 9D, DE, 99, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!GetUpdateRgn                                                                     0000000075206222 6 bytes [68, E3, 19, 99, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!CallWindowProcA                                                                  000000007520792f 6 bytes [68, 3C, 5A, 9A, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!DefFrameProcA                                                                    0000000075207fbb 6 bytes [68, 1E, 59, 9A, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA                                                                 000000007520810c 6 bytes [68, AD, 59, 9A, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!DefFrameProcW                                                                    00000000752085c1 6 bytes [68, D5, 58, 9A, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW                                                                 00000000752086b4 6 bytes [68, 67, 59, 9A, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!GetUpdateRect                                                                    000000007521d41f 6 bytes [68, 50, 19, 99, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!ReleaseCapture                                                                   000000007521ed49 6 bytes [68, 33, DD, 99, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!SetCapture                                                                       000000007521ed56 6 bytes [68, D9, DC, 99, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!SwitchDesktop                                                                    0000000075239854 6 bytes [68, 9F, 57, 9A, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!SetCursorPos                                                                     0000000075239cfd 6 bytes [68, 9C, DC, 99, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                                 0000000075239f1d 6 bytes [68, 54, 5F, 9A, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!OpenInputDesktop                                                                 00000000752587cb 6 bytes [68, 4F, 57, 9A, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW                                                           000000007570c592 6 bytes [68, B1, D3, 99, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                                           0000000075742538 6 bytes [68, 9A, D3, 99, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\WS2_32.dll!closesocket                                                                      0000000075d23918 6 bytes [68, 27, E3, 99, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\WS2_32.dll!getaddrinfo                                                                      0000000075d24296 6 bytes [68, 38, DF, 99, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\WS2_32.dll!WSASend                                                                          0000000075d24406 6 bytes [68, 80, E3, 99, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\WS2_32.dll!send                                                                             0000000075d26f01 6 bytes [68, 5F, E3, 99, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                                                    0000000075d37673 6 bytes [68, C8, DE, 99, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore                                                              0000000075841224 6 bytes [68, 89, 7E, 99, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\WININET.dll!InternetCloseHandle                                                             0000000075b1c664 6 bytes [68, DC, 08, 9A, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA                                                                  0000000075b1e13a 6 bytes [68, 7C, 0A, 9A, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\WININET.dll!InternetReadFile                                                                0000000075b1f8d8 6 bytes [68, 49, 09, 9A, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable                                                      0000000075b23184 6 bytes [68, 50, 0A, 9A, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA                                                                0000000075b45761 6 bytes [68, 1E, 06, 9A, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW                                                                0000000075b45fef 6 bytes [68, DA, 05, 9A, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\WININET.dll!HttpSendRequestW                                                                0000000075b4632d 6 bytes [68, 62, 06, 9A, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\WININET.dll!InternetReadFileExA                                                             0000000075b4fa49 6 bytes [68, 77, 09, 9A, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW                                                              0000000075b5f564 6 bytes [68, 0C, 07, 9A, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\WININET.dll!HttpEndRequestA                                                                 0000000075b5f639 6 bytes [68, 46, 08, 9A, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer                                                          0000000075b74f2f 6 bytes [68, F6, 09, 9A, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\WININET.dll!HttpSendRequestA                                                                0000000075b7525a 6 bytes [68, B7, 06, 9A, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA                                                              0000000075bbece5 6 bytes [68, A9, 07, 9A, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\WININET.dll!HttpEndRequestW                                                                 0000000075bbedb7 6 bytes [68, 91, 08, 9A, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\SysWOW64\WINMM.dll!PlaySoundW                                                                        0000000073832ef2 6 bytes [68, EF, D3, 99, 02, C3]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\SysWOW64\WINMM.dll!PlaySound                                                                         000000007385441d 6 bytes [68, C8, D3, 99, 02, C3]
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000752e1465 2 bytes [2E, 75]
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000752e14bb 2 bytes [2E, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess                                                                        00000000778208fc 4 bytes [68, A0, CF, 29]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5                                                                    0000000077820901 1 byte [C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W                                                                       00000000778325fd 6 bytes [68, BD, 57, 2A, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                                 000000007783c45a 6 bytes [68, CB, D0, 29, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A                                                                       0000000077842a63 6 bytes [68, 03, 58, 2A, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W                                                                       0000000077864128 6 bytes [68, 49, 58, 2A, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A                                                                       000000007786e659 6 bytes [68, 8F, 58, 2A, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW                                                                    000000007605455c 6 bytes [68, 34, D3, 29, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\kernel32.dll!ExitProcess                                                                             00000000760579f8 6 bytes [68, F3, D2, 29, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW                                                                    000000007570c592 6 bytes [68, B1, D3, 29, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                                                    0000000075742538 6 bytes [68, 9A, D3, 29, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!GetDC                                                                                     00000000751f72c4 4 bytes [68, 92, 18, 29]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!GetDC + 5                                                                                 00000000751f72c9 1 byte [C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!ReleaseDC                                                                                 00000000751f7446 6 bytes [68, 10, 19, 29, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!TranslateMessage                                                                          00000000751f7809 6 bytes [68, A5, 5D, 2A, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!GetMessageW                                                                               00000000751f78e2 6 bytes [68, 22, DE, 29, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!GetMessageA                                                                               00000000751f7bd3 6 bytes [68, 4A, DE, 29, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!GetWindowDC                                                                               00000000751f8048 4 bytes [68, D1, 18, 29]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5                                                                           00000000751f804d 1 byte [C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!RegisterClassW                                                                            00000000751f8a65 6 bytes [68, C1, 5A, 2A, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!RegisterClassExW                                                                          00000000751fb17d 6 bytes [68, 5B, 5B, 2A, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!RegisterClassExA                                                                          00000000751fdb98 6 bytes [68, AD, 5B, 2A, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!PeekMessageW                                                                              00000000752005ba 6 bytes [68, 72, DE, 29, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!CallWindowProcW                                                                           0000000075200d32 6 bytes [68, F3, 59, 2A, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!GetCursorPos                                                                              0000000075201218 6 bytes [68, 55, DC, 29, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!EndPaint                                                                                  0000000075201341 4 bytes [68, F7, 17, 29]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!EndPaint + 5                                                                              0000000075201346 1 byte [C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!BeginPaint                                                                                0000000075201361 4 bytes [68, 87, 17, 29]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!BeginPaint + 5                                                                            0000000075201366 1 byte [C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!GetMessagePos                                                                             0000000075202a8d 6 bytes [68, 23, DC, 29, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!GetCapture                                                                                0000000075202aac 6 bytes [68, 83, DD, 29, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!GetDCEx                                                                                   0000000075203391 4 bytes [68, 37, 18, 29]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!GetDCEx + 5                                                                               0000000075203396 1 byte [C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!RegisterClassA                                                                            000000007520434b 6 bytes [68, 0E, 5B, 2A, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!PeekMessageA                                                                              0000000075205f74 6 bytes [68, 9D, DE, 29, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!GetUpdateRgn                                                                              0000000075206222 6 bytes [68, E3, 19, 29, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!CallWindowProcA                                                                           000000007520792f 6 bytes [68, 3C, 5A, 2A, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!DefFrameProcA                                                                             0000000075207fbb 6 bytes [68, 1E, 59, 2A, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA                                                                          000000007520810c 6 bytes [68, AD, 59, 2A, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!DefFrameProcW                                                                             00000000752085c1 6 bytes [68, D5, 58, 2A, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW                                                                          00000000752086b4 6 bytes [68, 67, 59, 2A, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!GetUpdateRect                                                                             000000007521d41f 6 bytes [68, 50, 19, 29, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!ReleaseCapture                                                                            000000007521ed49 6 bytes [68, 33, DD, 29, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!SetCapture                                                                                000000007521ed56 4 bytes [68, D9, DC, 29]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!SetCapture + 5                                                                            000000007521ed5b 1 byte [C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!SwitchDesktop                                                                             0000000075239854 6 bytes [68, 9F, 57, 2A, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!SetCursorPos                                                                              0000000075239cfd 6 bytes [68, 9C, DC, 29, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                                          0000000075239f1d 6 bytes [68, 54, 5F, 2A, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!OpenInputDesktop                                                                          00000000752587cb 4 bytes [68, 4F, 57, 2A]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5                                                                      00000000752587d0 1 byte [C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                  00000000752e1465 2 bytes [2E, 75]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                 00000000752e14bb 2 bytes [2E, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\WS2_32.dll!closesocket                                                                               0000000075d23918 6 bytes [68, 27, E3, 29, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\WS2_32.dll!getaddrinfo                                                                               0000000075d24296 6 bytes [68, 38, DF, 29, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\WS2_32.dll!WSASend                                                                                   0000000075d24406 6 bytes [68, 80, E3, 29, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\WS2_32.dll!send                                                                                      0000000075d26f01 6 bytes [68, 5F, E3, 29, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                                                             0000000075d37673 6 bytes [68, C8, DE, 29, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore                                                                       0000000075841224 6 bytes [68, 89, 7E, 29, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\WININET.dll!InternetCloseHandle                                                                      0000000075b1c664 6 bytes [68, DC, 08, 2A, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA                                                                           0000000075b1e13a 6 bytes [68, 7C, 0A, 2A, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\WININET.dll!InternetReadFile                                                                         0000000075b1f8d8 6 bytes [68, 49, 09, 2A, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable                                                               0000000075b23184 6 bytes [68, 50, 0A, 2A, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA                                                                         0000000075b45761 6 bytes [68, 1E, 06, 2A, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW                                                                         0000000075b45fef 6 bytes [68, DA, 05, 2A, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\WININET.dll!HttpSendRequestW                                                                         0000000075b4632d 6 bytes [68, 62, 06, 2A, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\WININET.dll!InternetReadFileExA                                                                      0000000075b4fa49 6 bytes [68, 77, 09, 2A, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW                                                                       0000000075b5f564 6 bytes [68, 0C, 07, 2A, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\WININET.dll!HttpEndRequestA                                                                          0000000075b5f639 6 bytes [68, 46, 08, 2A, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer                                                                   0000000075b74f2f 6 bytes [68, F6, 09, 2A, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\WININET.dll!HttpSendRequestA                                                                         0000000075b7525a 6 bytes [68, B7, 06, 2A, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA                                                                       0000000075bbece5 6 bytes [68, A9, 07, 2A, 00, C3]
.text     C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\WININET.dll!HttpEndRequestW                                                                          0000000075bbedb7 6 bytes [68, 91, 08, 2A, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess                                          00000000778208fc 4 bytes [68, A0, CF, 2C]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5                                      0000000077820901 1 byte [C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W                                         00000000778325fd 6 bytes [68, BD, 57, 2D, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                   000000007783c45a 6 bytes [68, CB, D0, 2C, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A                                         0000000077842a63 6 bytes [68, 03, 58, 2D, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W                                         0000000077864128 6 bytes [68, 49, 58, 2D, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A                                         000000007786e659 6 bytes [68, 8F, 58, 2D, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW                                      000000007605455c 6 bytes [68, 34, D3, 2C, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\kernel32.dll!ExitProcess                                               00000000760579f8 6 bytes [68, F3, D2, 2C, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!GetDC                                                       00000000751f72c4 4 bytes [68, 92, 18, 2C]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!GetDC + 5                                                   00000000751f72c9 1 byte [C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!ReleaseDC                                                   00000000751f7446 6 bytes [68, 10, 19, 2C, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!TranslateMessage                                            00000000751f7809 6 bytes [68, A5, 5D, 2D, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!GetMessageW                                                 00000000751f78e2 6 bytes [68, 22, DE, 2C, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!GetMessageA                                                 00000000751f7bd3 6 bytes [68, 4A, DE, 2C, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!GetWindowDC                                                 00000000751f8048 4 bytes [68, D1, 18, 2C]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5                                             00000000751f804d 1 byte [C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!RegisterClassW                                              00000000751f8a65 6 bytes [68, C1, 5A, 2D, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!RegisterClassExW                                            00000000751fb17d 6 bytes [68, 5B, 5B, 2D, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!RegisterClassExA                                            00000000751fdb98 6 bytes [68, AD, 5B, 2D, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!PeekMessageW                                                00000000752005ba 6 bytes [68, 72, DE, 2C, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!CallWindowProcW                                             0000000075200d32 6 bytes [68, F3, 59, 2D, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!GetCursorPos                                                0000000075201218 6 bytes [68, 55, DC, 2C, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!EndPaint                                                    0000000075201341 4 bytes [68, F7, 17, 2C]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!EndPaint + 5                                                0000000075201346 1 byte [C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!BeginPaint                                                  0000000075201361 4 bytes [68, 87, 17, 2C]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!BeginPaint + 5                                              0000000075201366 1 byte [C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!GetMessagePos                                               0000000075202a8d 6 bytes [68, 23, DC, 2C, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!GetCapture                                                  0000000075202aac 6 bytes [68, 83, DD, 2C, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!GetDCEx                                                     0000000075203391 4 bytes [68, 37, 18, 2C]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!GetDCEx + 5                                                 0000000075203396 1 byte [C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!RegisterClassA                                              000000007520434b 6 bytes [68, 0E, 5B, 2D, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!PeekMessageA                                                0000000075205f74 6 bytes [68, 9D, DE, 2C, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!GetUpdateRgn                                                0000000075206222 6 bytes [68, E3, 19, 2C, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!CallWindowProcA                                             000000007520792f 6 bytes [68, 3C, 5A, 2D, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!DefFrameProcA                                               0000000075207fbb 6 bytes [68, 1E, 59, 2D, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA                                            000000007520810c 6 bytes [68, AD, 59, 2D, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!DefFrameProcW                                               00000000752085c1 6 bytes [68, D5, 58, 2D, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW                                            00000000752086b4 6 bytes [68, 67, 59, 2D, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!GetUpdateRect                                               000000007521d41f 6 bytes [68, 50, 19, 2C, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!ReleaseCapture                                              000000007521ed49 6 bytes [68, 33, DD, 2C, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!SetCapture                                                  000000007521ed56 4 bytes [68, D9, DC, 2C]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!SetCapture + 5                                              000000007521ed5b 1 byte [C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!SwitchDesktop                                               0000000075239854 6 bytes [68, 9F, 57, 2D, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!SetCursorPos                                                0000000075239cfd 6 bytes [68, 9C, DC, 2C, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!GetClipboardData                                            0000000075239f1d 6 bytes [68, 54, 5F, 2D, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!OpenInputDesktop                                            00000000752587cb 4 bytes [68, 4F, 57, 2D]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5                                        00000000752587d0 1 byte [C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW                                      000000007570c592 6 bytes [68, B1, D3, 2C, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                      0000000075742538 6 bytes [68, 9A, D3, 2C, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\WS2_32.dll!closesocket                                                 0000000075d23918 6 bytes [68, 27, E3, 2C, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\WS2_32.dll!getaddrinfo                                                 0000000075d24296 6 bytes [68, 38, DF, 2C, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\WS2_32.dll!WSASend                                                     0000000075d24406 6 bytes [68, 80, E3, 2C, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\WS2_32.dll!send                                                        0000000075d26f01 6 bytes [68, 5F, E3, 2C, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                               0000000075d37673 6 bytes [68, C8, DE, 2C, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore                                         0000000075841224 6 bytes [68, 89, 7E, 2C, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\WININET.dll!InternetCloseHandle                                        0000000075b1c664 6 bytes [68, DC, 08, 2D, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA                                             0000000075b1e13a 6 bytes [68, 7C, 0A, 2D, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\WININET.dll!InternetReadFile                                           0000000075b1f8d8 6 bytes [68, 49, 09, 2D, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable                                 0000000075b23184 6 bytes [68, 50, 0A, 2D, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA                                           0000000075b45761 6 bytes [68, 1E, 06, 2D, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW                                           0000000075b45fef 6 bytes [68, DA, 05, 2D, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\WININET.dll!HttpSendRequestW                                           0000000075b4632d 6 bytes [68, 62, 06, 2D, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\WININET.dll!InternetReadFileExA                                        0000000075b4fa49 6 bytes [68, 77, 09, 2D, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW                                         0000000075b5f564 6 bytes [68, 0C, 07, 2D, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\WININET.dll!HttpEndRequestA                                            0000000075b5f639 6 bytes [68, 46, 08, 2D, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer                                     0000000075b74f2f 6 bytes [68, F6, 09, 2D, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\WININET.dll!HttpSendRequestA                                           0000000075b7525a 6 bytes [68, B7, 06, 2D, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA                                         0000000075bbece5 6 bytes [68, A9, 07, 2D, 00, C3]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\WININET.dll!HttpEndRequestW                                            0000000075bbedb7 6 bytes [68, 91, 08, 2D, 00, C3]

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e                                                                            
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)                                                        

---- EOF - GMER 2.1 ----
         
__________________

Alt 17.05.2013, 23:32   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Sparkassen-Trojaner - Standard

Sparkassen-Trojaner



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!


Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 17.05.2013, 23:49   #5
flyingnoodls
 
Sparkassen-Trojaner - Standard

Sparkassen-Trojaner



Ich habe einen Scan mit Microsoft Security Essentials gemacht, der hatte auch was gefunden und angeblich beseitigt. Ich dachte, MSE erstellt einen Log am Ende, deswegen habe ich mir den Namen nicht gemerkt. Habe aber keinen Log gefunden :-/ Sonst habe ich den Defogger laufen lassen und was in den Logs steht, sonst nix.


Alt 18.05.2013, 00:26   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Sparkassen-Trojaner - Standard

Sparkassen-Trojaner



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Sparkassen-Trojaner

Alt 18.05.2013, 11:14   #7
flyingnoodls
 
Sparkassen-Trojaner - Standard

Sparkassen-Trojaner



Hi,

danke, dass du dir Zeit nimmst. Hier der Log von Combofix, ging problemlos:

Code:
ATTFilter
ComboFix 13-05-16.02 - Joe 18.05.2013  12:01:49.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4000.2513 [GMT 2:00]
ausgeführt von:: c:\users\Joe\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Asus
c:\programdata\Asus\Game Park Console\config.xml
c:\programdata\Asus\Game Park Console\Core.bin
c:\programdata\Asus\Game Park Console\Data\Categories\11\40C6DB12-FF02-4DDA-A39F-D8EAF9811CB5.png
c:\programdata\Asus\Game Park Console\Data\Categories\4\4C38F26B-3F51-4D75-B7DF-D77877757242.png
c:\programdata\Asus\Game Park Console\Data\Categories\47\CD1C975D-9EF3-457D-A522-B312BA06458F.png
c:\programdata\Asus\Game Park Console\Data\Categories\48\A2FA725C-F129-41D9-83B5-AF3510F08B05.png
c:\programdata\Asus\Game Park Console\Data\Categories\49\E3C9638A-4EAD-483F-AA04-52F5BC0DCA7D.png
c:\programdata\Asus\Game Park Console\Data\Categories\55\minigames_logo.jpg
c:\programdata\Asus\Game Park Console\Data\Categories\58\5DDEA329-960A-41B9-8487-EE218584F502.png
c:\programdata\Asus\Game Park Console\Data\Categories\70\C4F5A270-2C7B-4B72-B742-422B713DD374.png
c:\programdata\Asus\Game Park Console\Data\Categories\9\1D9A8FDF-1AE7-4ED3-A5AF-B1549955D7B9.png
c:\programdata\Asus\Game Park Console\Data\Channels\11\D5B461EE-2A06-4788-BFB8-DE6C8ED55E9B.png
c:\programdata\Asus\Game Park Console\Data\Channels\12\ACD687F4-8B2B-417A-BCB1-D7747D28492F.png
c:\programdata\Asus\Game Park Console\Data\Channels\14\90118D72-6236-4F36-B524-2FB0C2489642.jpg
c:\programdata\Asus\Game Park Console\Data\Channels\17\134EC2BA-A88E-4C4D-A9B6-41A5166A8233.png
c:\programdata\Asus\Game Park Console\Data\Channels\29\F108EB5C-51D4-4B5B-A219-BE1103BAE319.png
c:\programdata\Asus\Game Park Console\Data\DA\data.xml
c:\programdata\Asus\Game Park Console\Data\DE\data.xml
c:\programdata\Asus\Game Park Console\Data\EN\data.xml
c:\programdata\Asus\Game Park Console\Data\ES\data.xml
c:\programdata\Asus\Game Park Console\Data\FR\data.xml
c:\programdata\Asus\Game Park Console\Data\IT\data.xml
c:\programdata\Asus\Game Park Console\Data\JA\data.xml
c:\programdata\Asus\Game Park Console\Data\KO\data.xml
c:\programdata\Asus\Game Park Console\Data\NL\data.xml
c:\programdata\Asus\Game Park Console\Data\Promotions\10\5074D418-DB4B-4CDC-A5EF-233049E91471.PNG
c:\programdata\Asus\Game Park Console\Data\Promotions\10\9B8DF512-216E-4263-BFE8-99167701AEEE.swf
c:\programdata\Asus\Game Park Console\Data\Promotions\14\7585427C-365A-4C13-8DA6-2FFA3B6D7D70.PNG
c:\programdata\Asus\Game Park Console\Data\Promotions\14\7C9796CA-369F-4A1A-AF7B-9E7546D3D936.swf
c:\programdata\Asus\Game Park Console\Data\Promotions\14\PAcmanIcon.png
c:\programdata\Asus\Game Park Console\Data\Promotions\15\86850998-3979-440D-ADF9-E595F9EA9754.PNG
c:\programdata\Asus\Game Park Console\Data\Promotions\15\A2143889-2218-4928-898A-3B3FFC3C4673.swf
c:\programdata\Asus\Game Park Console\Data\Promotions\15\SharpenIcon.png
c:\programdata\Asus\Game Park Console\Data\Promotions\16\07908AE6-0057-425E-AC41-59B10AA1B955.swf
c:\programdata\Asus\Game Park Console\Data\Promotions\16\5E18B42E-7DF8-4C2F-8B90-493A4B78F57F.PNG
c:\programdata\Asus\Game Park Console\Data\Promotions\16\TritrisIcon.png
c:\programdata\Asus\Game Park Console\Data\Promotions\17\59A14F46-39F7-43AB-B41C-2AC985D94EB4.swf
c:\programdata\Asus\Game Park Console\Data\Promotions\17\CEFDDDD3-09DA-4463-B0D2-5A92F4CBE5FC.PNG
c:\programdata\Asus\Game Park Console\Data\Promotions\345\0AEEF17C-C22D-4DC1-BF5C-29F4A5259E5D.PNG
c:\programdata\Asus\Game Park Console\Data\Promotions\345\65378131-5BDF-4A16-A52B-04B3DCCFAE25.swf
c:\programdata\Asus\Game Park Console\Data\Promotions\346\058A0EF5-5538-4182-AE82-B1972C8D1D50.PNG
c:\programdata\Asus\Game Park Console\Data\Promotions\346\ED14766D-B61F-4738-8845-3A1C77DBF6FC.swf
c:\programdata\Asus\Game Park Console\Data\Promotions\347\93955C7A-BD7A-48DD-B8AF-0C37173BDF87.swf
c:\programdata\Asus\Game Park Console\Data\Promotions\347\B09D41C3-BC42-4088-AB9B-DA41AAE945FE.PNG
c:\programdata\Asus\Game Park Console\Data\Promotions\348\AD90F77B-65AD-48BA-B1C5-36B40631BBEA.swf
c:\programdata\Asus\Game Park Console\Data\Promotions\348\B662D279-54C8-456D-9A9F-3C455F16FA25.PNG
c:\programdata\Asus\Game Park Console\Data\Promotions\350\7C63E376-A4F0-4C21-B702-DF84710B85B8.swf
c:\programdata\Asus\Game Park Console\Data\Promotions\350\DBE2A3F9-392B-4A1E-A6C7-BC5B33DF7AEC.PNG
c:\programdata\Asus\Game Park Console\Data\Promotions\351\9E653D19-862C-41D7-9099-169E23D95CAA.PNG
c:\programdata\Asus\Game Park Console\Data\Promotions\351\A31570D0-0447-41CB-880E-D2B344172D23.swf
c:\programdata\Asus\Game Park Console\Data\Promotions\352\D87B8813-8616-454F-94D5-E436B18DC1BB.swf
c:\programdata\Asus\Game Park Console\Data\Promotions\352\FD0047D9-1740-403D-8FFC-FD608119312F.PNG
c:\programdata\Asus\Game Park Console\Data\Promotions\353\0476741B-F173-4BD8-A9F1-DAD219A92D4A.swf
c:\programdata\Asus\Game Park Console\Data\Promotions\353\6C1E0D3D-332E-4F0B-BF7D-FB814A56956B.PNG
c:\programdata\Asus\Game Park Console\Data\Promotions\354\E842BCD4-892E-4D0F-8882-274E1F667119.swf
c:\programdata\Asus\Game Park Console\Data\Promotions\354\F250DB76-9A11-436E-8A26-7B86676DD2B5.PNG
c:\programdata\Asus\Game Park Console\Data\Promotions\355\0A255F5C-562F-4883-8C03-F002E4B29B1E.swf
c:\programdata\Asus\Game Park Console\Data\Promotions\355\613F6BAA-78CF-404A-8C85-5BB779EDF51C.PNG
c:\programdata\Asus\Game Park Console\Data\Promotions\7\089CF4CD-70E8-47D1-BC80-2AC0C7FBB01A.PNG
c:\programdata\Asus\Game Park Console\Data\Promotions\7\A6E453FE-8260-4118-83D6-DB8C11F49543.swf
c:\programdata\Asus\Game Park Console\Data\Promotions\8\394d3f44d1ad.png
c:\programdata\Asus\Game Park Console\Data\Promotions\8\8327803A-AA99-4CC5-A425-CA494F10A622.PNG
c:\programdata\Asus\Game Park Console\Data\Promotions\8\BBBDDA17-6705-4D75-AF93-C75007DFE003.swf
c:\programdata\Asus\Game Park Console\Data\Promotions\9\51442BBC-1A3A-4528-A602-AA88A5760983.swf
c:\programdata\Asus\Game Park Console\Data\Promotions\9\bouncIcon.png
c:\programdata\Asus\Game Park Console\Data\Promotions\9\E2807567-CC71-409C-83FB-6C71CED51F7B.PNG
c:\programdata\Asus\Game Park Console\Data\Resources\04410fd6-b848-43e3-9381-d29f354d05c5.swf
c:\programdata\Asus\Game Park Console\Data\Resources\26073da2-1b2d-4bc2-bed9-fe526a9a0ade.swf
c:\programdata\Asus\Game Park Console\Data\Resources\8bdcd497-61fd-41bf-9b50-6f46505cd017.swf
c:\programdata\Asus\Game Park Console\Data\Resources\cjkfont.bin
c:\programdata\Asus\Game Park Console\Data\Resources\GameConsole.ico
c:\programdata\Asus\Game Park Console\Data\Resources\lfont.bin
c:\programdata\Asus\Game Park Console\Data\Resources\verdana.swf
c:\programdata\Asus\Game Park Console\Data\SV\data.xml
c:\programdata\Asus\Game Park Console\Data\Themes\2\B31C0F06-3956-49C7-B87B-3CC100FD72FA.png
c:\programdata\Asus\Game Park Console\Data\Themes\4\98EA54D9-29B3-463A-9100-CE33F448E08E.png
c:\programdata\Asus\Game Park Console\Data\Themes\5\198CC833-1C10-46C5-A4BE-1998A25A57F0.png
c:\programdata\Asus\Game Park Console\Data\Themes\7\B665DA77-6221-4945-A2B9-7CA13B25FC09.png
c:\programdata\Asus\Game Park Console\Data\Themes\8\969CA433-7F9E-4DD2-843F-B49973B8F1F1.png
c:\programdata\Asus\Game Park Console\Data\Themes\9\CD29DF6A-F9DF-48F0-8208-FF98B59B7EF0.png
c:\programdata\Asus\Game Park Console\Data\ZH\data.xml
c:\programdata\Asus\Game Park Console\Data\ZZ\data.xml
c:\programdata\Asus\Game Park Console\GameConsole.exe
c:\programdata\Asus\Game Park Console\GDFShell.dll
c:\programdata\Asus\LifeFrame\config0.cfg
c:\programdata\Asus\LifeFrame\config1.cfg
c:\programdata\Asus\LifeFrame\config2.cfg
c:\programdata\Asus\LifeFrame\config3.cfg
c:\programdata\Asus\LifeFrame\config4.cfg
c:\programdata\Asus\LifeFrame\config5.cfg
c:\programdata\Asus\LifeFrame\tmp0.img
c:\programdata\Asus\LifeFrame\tmp1.img
c:\programdata\Asus\LifeFrame\tmp2.img
c:\programdata\Asus\LifeFrame\tmp3.img
c:\programdata\Asus\LifeFrame\tmp4.img
c:\programdata\Asus\LifeFrame\tmp5.img
c:\programdata\FullRemove.exe
c:\users\Joe\AppData\Roaming\Elaw
c:\users\Joe\AppData\Roaming\Elaw\cyim.exe
c:\users\Joe\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\Joe\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\windows\msvcr71.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-18 bis 2013-05-18  ))))))))))))))))))))))))))))))
.
.
2013-05-18 10:06 . 2013-05-18 10:06	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-18 09:55 . 2013-05-13 06:37	9460464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{50E80CE1-C6AF-453C-85BC-A4C6C02772B4}\mpengine.dll
2013-05-16 13:17 . 2013-05-13 06:37	9460464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-16 08:55 . 2013-05-05 21:36	17818624	----a-w-	c:\windows\system32\mshtml.dll
2013-05-16 08:55 . 2013-05-05 21:16	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-05-16 08:55 . 2013-05-05 19:12	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-05-16 08:53 . 2013-04-05 00:55	816640	----a-w-	c:\windows\system32\jscript.dll
2013-05-16 08:53 . 2013-04-05 00:55	599040	----a-w-	c:\windows\system32\vbscript.dll
2013-05-16 08:53 . 2013-04-04 22:11	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2013-05-16 08:53 . 2013-04-05 01:02	499200	----a-w-	c:\program files\Internet Explorer\jsdbgui.dll
2013-05-16 08:53 . 2013-04-04 22:04	387584	----a-w-	c:\program files (x86)\Internet Explorer\jsdbgui.dll
2013-05-16 08:53 . 2013-04-04 22:05	678912	----a-w-	c:\program files (x86)\Internet Explorer\iedvtool.dll
2013-05-16 08:53 . 2013-04-05 01:03	887808	----a-w-	c:\program files\Internet Explorer\iedvtool.dll
2013-05-16 08:53 . 2013-04-05 01:19	10926080	----a-w-	c:\windows\system32\ieframe.dll
2013-05-15 08:51 . 2013-04-10 06:01	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 08:51 . 2013-04-10 06:01	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 08:51 . 2011-02-03 11:25	144384	----a-w-	c:\windows\system32\cdd.dll
2013-05-15 08:50 . 2013-02-27 05:52	14172672	----a-w-	c:\windows\system32\shell32.dll
2013-05-15 08:50 . 2013-02-27 06:02	111448	----a-w-	c:\windows\system32\consent.exe
2013-05-15 08:50 . 2013-02-27 05:52	197120	----a-w-	c:\windows\system32\shdocvw.dll
2013-05-15 08:50 . 2013-02-27 05:48	1930752	----a-w-	c:\windows\system32\authui.dll
2013-05-15 08:50 . 2013-02-27 04:49	1796096	----a-w-	c:\windows\SysWow64\authui.dll
2013-05-15 08:50 . 2013-02-27 05:47	70144	----a-w-	c:\windows\system32\appinfo.dll
2013-05-15 08:50 . 2013-04-10 03:30	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-05-15 08:50 . 2013-03-19 05:53	48640	----a-w-	c:\windows\system32\wwanprotdim.dll
2013-05-15 08:50 . 2013-03-19 05:53	230400	----a-w-	c:\windows\system32\wwansvc.dll
2013-05-14 19:30 . 2013-05-14 19:30	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2013-05-14 19:11 . 2013-05-14 19:11	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-05-14 19:11 . 2013-04-04 03:35	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-10 07:57 . 2013-05-10 07:57	187456	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-05-10 07:57 . 2013-05-10 07:57	187456	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-05-08 11:35 . 2013-05-16 13:07	--------	d-----w-	c:\users\Joe\AppData\Roaming\Pyumq
2013-05-08 11:35 . 2013-05-08 11:35	--------	d-----w-	c:\users\Joe\AppData\Roaming\Upgoic
2013-05-03 14:25 . 2013-05-03 14:25	163504	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-04-25 11:15 . 2013-04-25 11:14	905296	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{62821906-D77F-4ABF-856E-E8D58DF61186}\gapaengine.dll
2013-04-24 11:01 . 2013-04-12 14:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-20 07:50 . 2013-04-20 07:50	--------	d-----w-	c:\programdata\McAfee Security Scan
2013-04-20 07:50 . 2013-04-22 10:47	--------	d-----w-	c:\program files (x86)\McAfee Security Scan
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-18 09:44 . 2012-07-28 12:04	387	----a-w-	c:\users\Joe\AppData\Roaming\sp_data.sys
2013-05-15 17:51 . 2012-08-01 14:36	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 17:51 . 2012-08-01 14:36	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-14 11:00 . 2011-03-29 02:36	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 15:29 . 2012-07-28 13:21	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-15 08:51	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 08:51	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 08:51	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 08:51	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 08:51	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 08:51	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-03-22 18:37 . 2012-09-28 17:23	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-03-22 18:37 . 2012-09-28 17:23	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-03-19 06:04 . 2013-04-10 13:26	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 13:26	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 13:26	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 13:26	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 13:26	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 13:26	112640	----a-w-	c:\windows\system32\smss.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{49B8C132-9076-4A1D-8CEA-E477E7BFB71B}"
[HKEY_CLASSES_ROOT\CLSID\{49B8C132-9076-4A1D-8CEA-E477E7BFB71B}]
2012-04-09 14:27	158224	----a-w-	c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 14:27	158224	----a-w-	c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files (x86)\ICQ7M\ICQ.exe" [2012-07-28 127040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-02-24 3331312]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-23 318080]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-25 174720]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-10-19 2319536]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe [2012-6-9 12862]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 ljnscwbf;ljnscwbf;c:\windows\system32\drivers\ljnscwbf.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2011-03-18 74840]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2012-06-11 22016]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2012-01-25 9728]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2012-06-08 27136]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-11-08 11776]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2012-04-09 352144]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-02-17 277120]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-03-25 121144]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-02 65657]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-22 130024]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-22 395752]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-11-03 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2012-02-04 1838656]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-01 17:51]
.
2013-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 02:28]
.
2013-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 02:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon1]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-05-02 12:10	1721856	----a-w-	c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon2]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-05-02 12:10	1721856	----a-w-	c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon3]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-05-02 12:10	1721856	----a-w-	c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon4]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2012-05-02 12:10	1721856	----a-w-	c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{49B8C132-9076-4A1D-8CEA-E477E7BFB71B}"
[HKEY_CLASSES_ROOT\CLSID\{49B8C132-9076-4A1D-8CEA-E477E7BFB71B}]
2012-04-09 14:27	190480	----a-w-	c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09	227840	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09	227840	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 14:27	190480	----a-w-	c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-11-03 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-11-03 392472]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = ;192.168.*.*
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\trjxqo70.default-1368569298600\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Ybkeavh - c:\users\Joe\AppData\Roaming\Elaw\cyim.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-18  12:09:31
ComboFix-quarantined-files.txt  2013-05-18 10:09
.
Vor Suchlauf: 10 Verzeichnis(se), 76.691.832.832 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 78.171.762.688 Bytes frei
.
- - End Of File - - 8342FEFE7F5BD897F9340F744FF880A5
         

Alt 19.05.2013, 02:23   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Sparkassen-Trojaner - Standard

Sparkassen-Trojaner



Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
    Code:
    ATTFilter
    File::
    c:\windows\system32\drivers\ljnscwbf.sys
    
    Filelook::
    c:\windows\system32\drivers\cbfs3.sys
    
    Driver::
    ljnscwbf
             
    Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.05.2013, 11:56   #9
flyingnoodls
 
Sparkassen-Trojaner - Standard

Sparkassen-Trojaner



Code:
ATTFilter
ComboFix 13-05-18.03 - Joe 19.05.2013  12:40:05.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4000.2572 [GMT 2:00]
ausgeführt von:: c:\users\Joe\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Joe\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\ljnscwbf.sys"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ljnscwbf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-19 bis 2013-05-19  ))))))))))))))))))))))))))))))
.
.
2013-05-19 10:45 . 2013-05-19 10:45	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-19 10:22 . 2013-05-13 06:37	9460464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F583A89A-3520-4867-8329-1CCF475BFC22}\mpengine.dll
2013-05-18 10:37 . 2013-05-13 06:37	9460464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-16 08:55 . 2013-05-05 21:36	17818624	----a-w-	c:\windows\system32\mshtml.dll
2013-05-16 08:55 . 2013-05-05 21:16	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-05-16 08:55 . 2013-05-05 19:12	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-05-16 08:53 . 2013-04-05 00:55	816640	----a-w-	c:\windows\system32\jscript.dll
2013-05-16 08:53 . 2013-04-05 00:55	599040	----a-w-	c:\windows\system32\vbscript.dll
2013-05-16 08:53 . 2013-04-04 22:11	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2013-05-16 08:53 . 2013-04-05 01:02	499200	----a-w-	c:\program files\Internet Explorer\jsdbgui.dll
2013-05-16 08:53 . 2013-04-04 22:04	387584	----a-w-	c:\program files (x86)\Internet Explorer\jsdbgui.dll
2013-05-16 08:53 . 2013-04-04 22:05	678912	----a-w-	c:\program files (x86)\Internet Explorer\iedvtool.dll
2013-05-16 08:53 . 2013-04-05 01:03	887808	----a-w-	c:\program files\Internet Explorer\iedvtool.dll
2013-05-16 08:53 . 2013-04-05 01:19	10926080	----a-w-	c:\windows\system32\ieframe.dll
2013-05-15 08:51 . 2013-04-10 06:01	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 08:51 . 2013-04-10 06:01	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 08:51 . 2011-02-03 11:25	144384	----a-w-	c:\windows\system32\cdd.dll
2013-05-15 08:50 . 2013-02-27 05:52	14172672	----a-w-	c:\windows\system32\shell32.dll
2013-05-15 08:50 . 2013-02-27 06:02	111448	----a-w-	c:\windows\system32\consent.exe
2013-05-15 08:50 . 2013-02-27 05:52	197120	----a-w-	c:\windows\system32\shdocvw.dll
2013-05-15 08:50 . 2013-02-27 05:48	1930752	----a-w-	c:\windows\system32\authui.dll
2013-05-15 08:50 . 2013-02-27 04:49	1796096	----a-w-	c:\windows\SysWow64\authui.dll
2013-05-15 08:50 . 2013-02-27 05:47	70144	----a-w-	c:\windows\system32\appinfo.dll
2013-05-15 08:50 . 2013-04-10 03:30	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-05-15 08:50 . 2013-03-19 05:53	48640	----a-w-	c:\windows\system32\wwanprotdim.dll
2013-05-15 08:50 . 2013-03-19 05:53	230400	----a-w-	c:\windows\system32\wwansvc.dll
2013-05-14 19:30 . 2013-05-14 19:30	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2013-05-14 19:11 . 2013-05-14 19:11	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-05-14 19:11 . 2013-04-04 03:35	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-10 07:57 . 2013-05-10 07:57	187456	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-05-10 07:57 . 2013-05-10 07:57	187456	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-05-08 11:35 . 2013-05-16 13:07	--------	d-----w-	c:\users\Joe\AppData\Roaming\Pyumq
2013-05-08 11:35 . 2013-05-08 11:35	--------	d-----w-	c:\users\Joe\AppData\Roaming\Upgoic
2013-05-03 14:25 . 2013-05-03 14:25	163504	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-04-25 11:15 . 2013-04-25 11:14	905296	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{62821906-D77F-4ABF-856E-E8D58DF61186}\gapaengine.dll
2013-04-24 11:01 . 2013-04-12 14:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-20 07:50 . 2013-04-20 07:50	--------	d-----w-	c:\programdata\McAfee Security Scan
2013-04-20 07:50 . 2013-04-22 10:47	--------	d-----w-	c:\program files (x86)\McAfee Security Scan
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-19 10:46 . 2012-07-28 12:04	387	----a-w-	c:\users\Joe\AppData\Roaming\sp_data.sys
2013-05-15 17:51 . 2012-08-01 14:36	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 17:51 . 2012-08-01 14:36	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-14 11:00 . 2011-03-29 02:36	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 15:29 . 2012-07-28 13:21	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-15 08:51	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 08:51	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 08:51	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 08:51	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 08:51	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 08:51	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-03-22 18:37 . 2012-09-28 17:23	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-03-22 18:37 . 2012-09-28 17:23	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-03-19 06:04 . 2013-04-10 13:26	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 13:26	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 13:26	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 13:26	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 13:26	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 13:26	112640	----a-w-	c:\windows\system32\smss.exe
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\drivers\cbfs3.sys ---
Company: EldoS Corporation
File Description: Callback File System Driver
File Version: 3, 2, 107, 271
Product Name: Callback File System (TM)
Copyright: Copyright (C) EldoS Corp. 2006-2012
Original Filename: cbfs3.sys
File size: 352144
Created time: 2012-10-14 13:09
Modified time: 2012-04-09 14:27
MD5: 555FA105C22B1616094EDAD1CBFB0551
SHA1: A9806B9EBE5F25A9D1600F9CA7EDFAB5A720B3AC
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{49B8C132-9076-4A1D-8CEA-E477E7BFB71B}"
[HKEY_CLASSES_ROOT\CLSID\{49B8C132-9076-4A1D-8CEA-E477E7BFB71B}]
2012-04-09 14:27	158224	----a-w-	c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 14:27	158224	----a-w-	c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files (x86)\ICQ7M\ICQ.exe" [2012-07-28 127040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-02-24 3331312]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-23 318080]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-25 174720]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-10-19 2319536]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe [2012-6-9 12862]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2011-03-18 74840]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2012-06-11 22016]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2012-01-25 9728]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2012-06-08 27136]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-11-08 11776]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2012-04-09 352144]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-02-17 277120]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-03-25 121144]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-02 65657]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-22 130024]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-22 395752]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-11-03 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2012-02-04 1838656]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-01 17:51]
.
2013-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 02:28]
.
2013-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 02:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon1]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-05-02 12:10	1721856	----a-w-	c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon2]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-05-02 12:10	1721856	----a-w-	c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon3]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-05-02 12:10	1721856	----a-w-	c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon4]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2012-05-02 12:10	1721856	----a-w-	c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{49B8C132-9076-4A1D-8CEA-E477E7BFB71B}"
[HKEY_CLASSES_ROOT\CLSID\{49B8C132-9076-4A1D-8CEA-E477E7BFB71B}]
2012-04-09 14:27	190480	----a-w-	c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09	227840	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09	227840	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 14:27	190480	----a-w-	c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-11-03 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-11-03 392472]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
"SynAsusAcpi"="c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe" [BU]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = ;192.168.*.*
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\trjxqo70.default-1368569298600\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
c:\program files (x86)\ASUS\FaceLogon\sensorsrv.exe
c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\Splendid\ACMON.exe
c:\windows\SysWOW64\ACEngSvr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-05-19  12:51:02 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-05-19 10:51
ComboFix2.txt  2013-05-18 10:09
.
Vor Suchlauf: 15 Verzeichnis(se), 78.314.065.920 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 78.821.994.496 Bytes frei
.
- - End Of File - - 4C9A4CB32214129C95A95D83A8899A55
         
eine Aufforderung zum hochladen kam nicht.

Alt 19.05.2013, 20:29   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Sparkassen-Trojaner - Standard

Sparkassen-Trojaner



Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.05.2013, 00:40   #11
flyingnoodls
 
Sparkassen-Trojaner - Standard

Sparkassen-Trojaner



Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.19.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Joe :: ASUS [administrator]

20.05.2013 01:18:55
mbar-log-2013-05-20 (01-18-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29785
Time elapsed: 7 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
aswMBR hängt sich auf und stürzt ab, mit der Option AV scan : (none) dieses Ergebnis:
Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-20 01:28:49
-----------------------------
01:28:49.981    OS Version: Windows x64 6.1.7601 Service Pack 1
01:28:49.981    Number of processors: 2 586 0x2A07
01:28:49.981    ComputerName: ASUS  UserName: Joe
01:28:50.714    Initialize success
01:29:02.399    AVAST engine defs: 13051901
01:29:13.865    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
01:29:13.865    Disk 0 Vendor: TOSHIBA_ AX00 Size: 305245MB BusType: 3
01:29:14.021    Disk 0 MBR read successfully
01:29:14.021    Disk 0 MBR scan
01:29:14.021    Disk 0 Windows 7 default MBR code
01:29:14.036    Disk 0 Partition 1 00     1C Hidd FAT32 LBA MSDOS5.0    25600 MB offset 2048
01:29:14.052    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       122098 MB offset 52430848
01:29:14.099    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       157545 MB offset 302487552
01:29:14.239    Disk 0 scanning C:\Windows\system32\drivers
01:29:27.733    Service scanning
01:30:14.798    Modules scanning
01:30:14.798    Disk 0 trace - called modules:
01:30:14.798    
01:30:15.313    Scan finished successfully
01:30:28.620    Disk 0 MBR has been saved successfully to "C:\Users\Joe\Desktop\MBR.dat"
01:30:28.620    The log file has been saved successfully to "C:\Users\Joe\Desktop\aswMBR.txt"
         
Code:
ATTFilter
01:32:42.0002 7632  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
01:32:42.0174 7632  ============================================================
01:32:42.0174 7632  Current date / time: 2013/05/20 01:32:42.0174
01:32:42.0174 7632  SystemInfo:
01:32:42.0174 7632  
01:32:42.0174 7632  OS Version: 6.1.7601 ServicePack: 1.0
01:32:42.0174 7632  Product type: Workstation
01:32:42.0174 7632  ComputerName: ASUS
01:32:42.0174 7632  UserName: Joe
01:32:42.0174 7632  Windows directory: C:\Windows
01:32:42.0174 7632  System windows directory: C:\Windows
01:32:42.0174 7632  Running under WOW64
01:32:42.0174 7632  Processor architecture: Intel x64
01:32:42.0174 7632  Number of processors: 2
01:32:42.0174 7632  Page size: 0x1000
01:32:42.0174 7632  Boot type: Normal boot
01:32:42.0174 7632  ============================================================
01:32:42.0876 7632  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:32:42.0876 7632  ============================================================
01:32:42.0876 7632  \Device\Harddisk0\DR0:
01:32:42.0876 7632  MBR partitions:
01:32:42.0876 7632  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0xEE79000
01:32:42.0876 7632  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12079800, BlocksNum 0x133B4800
01:32:42.0876 7632  ============================================================
01:32:42.0891 7632  C: <-> \Device\Harddisk0\DR0\Partition1
01:32:42.0923 7632  D: <-> \Device\Harddisk0\DR0\Partition2
01:32:42.0923 7632  ============================================================
01:32:42.0923 7632  Initialize success
01:32:42.0923 7632  ============================================================
01:32:49.0522 5992  ============================================================
01:32:49.0522 5992  Scan started
01:32:49.0522 5992  Mode: Manual; SigCheck; TDLFS; 
01:32:49.0522 5992  ============================================================
01:32:50.0239 5992  ================ Scan system memory ========================
01:32:50.0239 5992  System memory - ok
01:32:50.0239 5992  ================ Scan services =============================
01:32:50.0816 5992  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
01:32:50.0957 5992  1394ohci - ok
01:32:51.0019 5992  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
01:32:51.0050 5992  ACPI - ok
01:32:51.0097 5992  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
01:32:51.0440 5992  AcpiPmi - ok
01:32:51.0534 5992  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
01:32:51.0550 5992  AdobeARMservice - ok
01:32:51.0643 5992  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:32:51.0643 5992  AdobeFlashPlayerUpdateSvc - ok
01:32:51.0706 5992  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
01:32:51.0721 5992  adp94xx - ok
01:32:51.0768 5992  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
01:32:51.0784 5992  adpahci - ok
01:32:51.0799 5992  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
01:32:51.0815 5992  adpu320 - ok
01:32:51.0830 5992  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
01:32:51.0940 5992  AeLookupSvc - ok
01:32:52.0002 5992  [ 69FD46FAC0D9C4A8ECD522AC6A7481F5 ] AFBAgent        C:\Windows\system32\FBAgent.exe
01:32:52.0018 5992  AFBAgent - ok
01:32:52.0080 5992  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
01:32:52.0111 5992  AFD - ok
01:32:52.0205 5992  [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
01:32:52.0267 5992  AgereSoftModem - ok
01:32:52.0298 5992  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
01:32:52.0314 5992  agp440 - ok
01:32:52.0345 5992  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
01:32:52.0408 5992  ALG - ok
01:32:52.0439 5992  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
01:32:52.0439 5992  aliide - ok
01:32:52.0470 5992  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
01:32:52.0470 5992  amdide - ok
01:32:52.0517 5992  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
01:32:52.0564 5992  AmdK8 - ok
01:32:52.0595 5992  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
01:32:52.0626 5992  AmdPPM - ok
01:32:52.0657 5992  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
01:32:52.0657 5992  amdsata - ok
01:32:52.0688 5992  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
01:32:52.0704 5992  amdsbs - ok
01:32:52.0720 5992  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
01:32:52.0720 5992  amdxata - ok
01:32:52.0766 5992  [ 92A848F962DA91C631147D566414BB7E ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS
01:32:52.0782 5992  AmUStor - ok
01:32:52.0829 5992  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
01:32:52.0954 5992  AppID - ok
01:32:52.0985 5992  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
01:32:53.0047 5992  AppIDSvc - ok
01:32:53.0094 5992  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
01:32:53.0141 5992  Appinfo - ok
01:32:53.0203 5992  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
01:32:53.0219 5992  arc - ok
01:32:53.0234 5992  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
01:32:53.0250 5992  arcsas - ok
01:32:53.0359 5992  [ A3626C6D3F2DC95497F3F61842D7FD89 ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
01:32:53.0359 5992  ASLDRService - ok
01:32:53.0422 5992  [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
01:32:53.0484 5992  ASMMAP64 - ok
01:32:53.0515 5992  [ 8569AF4C73747671194EA9EBB2F2D6CF ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
01:32:53.0562 5992  asmthub3 - ok
01:32:53.0593 5992  [ 073716FBFFAC7057CD5FF00A1B558331 ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
01:32:53.0640 5992  asmtxhci - ok
01:32:53.0765 5992  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
01:32:53.0796 5992  aspnet_state - ok
01:32:53.0858 5992  [ 52436245AAEF3B65DF7859949AB6A14E ] ASUS InstantOn  C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
01:32:53.0874 5992  ASUS InstantOn - ok
01:32:53.0905 5992  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
01:32:53.0952 5992  AsyncMac - ok
01:32:53.0999 5992  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
01:32:53.0999 5992  atapi - ok
01:32:54.0046 5992  [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
01:32:54.0139 5992  athr - ok
01:32:54.0170 5992  [ DBC598E47E7A382E60E2A4745D41FEF9 ] ATKGFNEXSrv     C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
01:32:54.0170 5992  ATKGFNEXSrv - ok
01:32:54.0280 5992  [ 41CEAFFCF3550785E59E3EC9BEE8D97A ] ATKWMIACPIIO    C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
01:32:54.0280 5992  ATKWMIACPIIO - ok
01:32:54.0342 5992  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:32:54.0404 5992  AudioEndpointBuilder - ok
01:32:54.0420 5992  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
01:32:54.0451 5992  AudioSrv - ok
01:32:54.0498 5992  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
01:32:54.0560 5992  AxInstSV - ok
01:32:54.0623 5992  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
01:32:54.0670 5992  b06bdrv - ok
01:32:54.0701 5992  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
01:32:54.0732 5992  b57nd60a - ok
01:32:54.0810 5992  [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
01:32:54.0826 5992  BBSvc - ok
01:32:54.0857 5992  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
01:32:54.0888 5992  BDESVC - ok
01:32:54.0935 5992  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
01:32:54.0982 5992  Beep - ok
01:32:55.0044 5992  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
01:32:55.0122 5992  BFE - ok
01:32:55.0153 5992  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
01:32:55.0200 5992  BITS - ok
01:32:55.0231 5992  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
01:32:55.0247 5992  blbdrive - ok
01:32:55.0309 5992  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
01:32:55.0356 5992  bowser - ok
01:32:55.0403 5992  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
01:32:55.0434 5992  BrFiltLo - ok
01:32:55.0450 5992  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
01:32:55.0465 5992  BrFiltUp - ok
01:32:55.0528 5992  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
01:32:55.0559 5992  BridgeMP - ok
01:32:55.0590 5992  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
01:32:55.0621 5992  Browser - ok
01:32:55.0652 5992  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
01:32:55.0699 5992  Brserid - ok
01:32:55.0715 5992  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
01:32:55.0730 5992  BrSerWdm - ok
01:32:55.0762 5992  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
01:32:55.0793 5992  BrUsbMdm - ok
01:32:55.0808 5992  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
01:32:55.0824 5992  BrUsbSer - ok
01:32:55.0871 5992  [ FF7C57973EEAD140062238C5A0B7D455 ] BTCFilterService C:\Windows\system32\DRIVERS\motfilt.sys
01:32:55.0918 5992  BTCFilterService - ok
01:32:55.0964 5992  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
01:32:56.0042 5992  BthEnum - ok
01:32:56.0089 5992  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
01:32:56.0120 5992  BTHMODEM - ok
01:32:56.0152 5992  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
01:32:56.0183 5992  BthPan - ok
01:32:56.0214 5992  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
01:32:56.0261 5992  BTHPORT - ok
01:32:56.0308 5992  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
01:32:56.0370 5992  bthserv - ok
01:32:56.0386 5992  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
01:32:56.0417 5992  BTHUSB - ok
01:32:56.0448 5992  catchme - ok
01:32:56.0495 5992  [ 555FA105C22B1616094EDAD1CBFB0551 ] cbfs3           C:\Windows\system32\drivers\cbfs3.sys
01:32:56.0510 5992  cbfs3 - ok
01:32:56.0542 5992  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
01:32:56.0604 5992  cdfs - ok
01:32:56.0651 5992  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
01:32:56.0666 5992  cdrom - ok
01:32:56.0698 5992  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
01:32:56.0760 5992  CertPropSvc - ok
01:32:56.0791 5992  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
01:32:56.0822 5992  circlass - ok
01:32:56.0885 5992  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
01:32:56.0900 5992  CLFS - ok
01:32:56.0978 5992  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:32:56.0978 5992  clr_optimization_v2.0.50727_32 - ok
01:32:57.0025 5992  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:32:57.0025 5992  clr_optimization_v2.0.50727_64 - ok
01:32:57.0103 5992  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:32:57.0103 5992  clr_optimization_v4.0.30319_32 - ok
01:32:57.0134 5992  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:32:57.0150 5992  clr_optimization_v4.0.30319_64 - ok
01:32:57.0181 5992  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
01:32:57.0228 5992  CmBatt - ok
01:32:57.0259 5992  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
01:32:57.0259 5992  cmdide - ok
01:32:57.0306 5992  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
01:32:57.0337 5992  CNG - ok
01:32:57.0384 5992  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
01:32:57.0384 5992  Compbatt - ok
01:32:57.0431 5992  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
01:32:57.0462 5992  CompositeBus - ok
01:32:57.0478 5992  COMSysApp - ok
01:32:57.0509 5992  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
01:32:57.0509 5992  crcdisk - ok
01:32:57.0556 5992  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
01:32:57.0602 5992  CryptSvc - ok
01:32:57.0696 5992  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
01:32:57.0727 5992  cvhsvc - ok
01:32:57.0790 5992  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
01:32:57.0852 5992  DcomLaunch - ok
01:32:57.0914 5992  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
01:32:57.0961 5992  defragsvc - ok
01:32:58.0008 5992  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
01:32:58.0039 5992  DfsC - ok
01:32:58.0086 5992  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
01:32:58.0117 5992  Dhcp - ok
01:32:58.0133 5992  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
01:32:58.0164 5992  discache - ok
01:32:58.0226 5992  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
01:32:58.0226 5992  Disk - ok
01:32:58.0258 5992  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
01:32:58.0304 5992  Dnscache - ok
01:32:58.0320 5992  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
01:32:58.0382 5992  dot3svc - ok
01:32:58.0398 5992  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
01:32:58.0445 5992  DPS - ok
01:32:58.0492 5992  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
01:32:58.0523 5992  drmkaud - ok
01:32:58.0570 5992  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
01:32:58.0601 5992  DXGKrnl - ok
01:32:58.0632 5992  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
01:32:58.0679 5992  EapHost - ok
01:32:58.0757 5992  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
01:32:58.0850 5992  ebdrv - ok
01:32:58.0882 5992  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
01:32:58.0928 5992  EFS - ok
01:32:59.0006 5992  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
01:32:59.0069 5992  ehRecvr - ok
01:32:59.0084 5992  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
01:32:59.0131 5992  ehSched - ok
01:32:59.0194 5992  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
01:32:59.0225 5992  elxstor - ok
01:32:59.0318 5992  [ 7DB097F4F6786307168C0DDDEC43A565 ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
01:32:59.0350 5992  EPSON_EB_RPCV4_04 - ok
01:32:59.0365 5992  [ 258AA65A0862E19B7DE6981FDA3758AD ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
01:32:59.0381 5992  EPSON_PM_RPCV4_04 - ok
01:32:59.0412 5992  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
01:32:59.0428 5992  ErrDev - ok
01:32:59.0474 5992  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
01:32:59.0537 5992  EventSystem - ok
01:32:59.0568 5992  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
01:32:59.0599 5992  exfat - ok
01:32:59.0630 5992  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
01:32:59.0677 5992  fastfat - ok
01:32:59.0724 5992  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
01:32:59.0786 5992  Fax - ok
01:32:59.0818 5992  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
01:32:59.0849 5992  fdc - ok
01:32:59.0896 5992  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
01:32:59.0942 5992  fdPHost - ok
01:32:59.0942 5992  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
01:33:00.0005 5992  FDResPub - ok
01:33:00.0020 5992  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
01:33:00.0036 5992  FileInfo - ok
01:33:00.0052 5992  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
01:33:00.0098 5992  Filetrace - ok
01:33:00.0130 5992  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
01:33:00.0161 5992  flpydisk - ok
01:33:00.0192 5992  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
01:33:00.0208 5992  FltMgr - ok
01:33:00.0254 5992  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
01:33:00.0332 5992  FontCache - ok
01:33:00.0395 5992  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:33:00.0395 5992  FontCache3.0.0.0 - ok
01:33:00.0410 5992  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
01:33:00.0410 5992  FsDepends - ok
01:33:00.0426 5992  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
01:33:00.0442 5992  Fs_Rec - ok
01:33:00.0488 5992  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
01:33:00.0535 5992  fvevol - ok
01:33:00.0566 5992  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
01:33:00.0582 5992  gagp30kx - ok
01:33:00.0613 5992  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
01:33:00.0691 5992  gpsvc - ok
01:33:00.0738 5992  gupdate - ok
01:33:00.0754 5992  gupdatem - ok
01:33:00.0800 5992  [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
01:33:00.0816 5992  gusvc - ok
01:33:00.0847 5992  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
01:33:00.0878 5992  hcw85cir - ok
01:33:00.0925 5992  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
01:33:00.0956 5992  HdAudAddService - ok
01:33:01.0003 5992  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
01:33:01.0034 5992  HDAudBus - ok
01:33:01.0050 5992  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
01:33:01.0081 5992  HidBatt - ok
01:33:01.0097 5992  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
01:33:01.0128 5992  HidBth - ok
01:33:01.0159 5992  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
01:33:01.0175 5992  HidIr - ok
01:33:01.0190 5992  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
01:33:01.0237 5992  hidserv - ok
01:33:01.0300 5992  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
01:33:01.0315 5992  HidUsb - ok
01:33:01.0362 5992  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
01:33:01.0409 5992  hkmsvc - ok
01:33:01.0424 5992  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
01:33:01.0471 5992  HomeGroupListener - ok
01:33:01.0502 5992  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
01:33:01.0534 5992  HomeGroupProvider - ok
01:33:01.0565 5992  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
01:33:01.0580 5992  HpSAMD - ok
01:33:01.0627 5992  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
01:33:01.0705 5992  HTTP - ok
01:33:01.0721 5992  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
01:33:01.0736 5992  hwpolicy - ok
01:33:01.0768 5992  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
01:33:01.0783 5992  i8042prt - ok
01:33:01.0846 5992  [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
01:33:01.0861 5992  iaStor - ok
01:33:01.0908 5992  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
01:33:01.0924 5992  iaStorV - ok
01:33:01.0986 5992  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:33:02.0017 5992  idsvc - ok
01:33:02.0282 5992  [ 0089B53F1BEFD34B7D8CA4AB021335FA ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
01:33:02.0626 5992  igfx - ok
01:33:02.0672 5992  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
01:33:02.0672 5992  iirsp - ok
01:33:02.0719 5992  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
01:33:02.0782 5992  IKEEXT - ok
01:33:02.0875 5992  [ 651972B4061F940DC154C6F7B948B76A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
01:33:02.0969 5992  IntcAzAudAddService - ok
01:33:03.0031 5992  [ AE594CC17C33AC146739494615E14851 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
01:33:03.0062 5992  IntcDAud - ok
01:33:03.0109 5992  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
01:33:03.0109 5992  intelide - ok
01:33:03.0156 5992  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
01:33:03.0187 5992  intelppm - ok
01:33:03.0234 5992  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
01:33:03.0281 5992  IPBusEnum - ok
01:33:03.0312 5992  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:33:03.0359 5992  IpFilterDriver - ok
01:33:03.0406 5992  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
01:33:03.0437 5992  iphlpsvc - ok
01:33:03.0452 5992  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
01:33:03.0499 5992  IPMIDRV - ok
01:33:03.0515 5992  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
01:33:03.0546 5992  IPNAT - ok
01:33:03.0593 5992  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
01:33:03.0671 5992  IRENUM - ok
01:33:03.0702 5992  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
01:33:03.0718 5992  isapnp - ok
01:33:03.0749 5992  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
01:33:03.0764 5992  iScsiPrt - ok
01:33:03.0796 5992  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
01:33:03.0796 5992  kbdclass - ok
01:33:03.0827 5992  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
01:33:03.0858 5992  kbdhid - ok
01:33:03.0905 5992  [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr         C:\Windows\system32\DRIVERS\kbfiltr.sys
01:33:03.0920 5992  kbfiltr - ok
01:33:03.0920 5992  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
01:33:03.0936 5992  KeyIso - ok
01:33:03.0967 5992  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
01:33:03.0967 5992  KSecDD - ok
01:33:03.0983 5992  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
01:33:03.0998 5992  KSecPkg - ok
01:33:04.0045 5992  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
01:33:04.0076 5992  ksthunk - ok
01:33:04.0108 5992  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
01:33:04.0154 5992  KtmRm - ok
01:33:04.0217 5992  [ A4A9CA24E54E81C6C3E469EAEB4B3F42 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
01:33:04.0217 5992  L1C - ok
01:33:04.0264 5992  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
01:33:04.0310 5992  LanmanServer - ok
01:33:04.0342 5992  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:33:04.0388 5992  LanmanWorkstation - ok
01:33:04.0451 5992  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
01:33:04.0498 5992  lltdio - ok
01:33:04.0529 5992  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
01:33:04.0591 5992  lltdsvc - ok
01:33:04.0622 5992  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
01:33:04.0654 5992  lmhosts - ok
01:33:04.0732 5992  [ 7F32D4C47A50E7223491E8FB9359907D ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
01:33:04.0747 5992  LMS - ok
01:33:04.0794 5992  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
01:33:04.0810 5992  LSI_FC - ok
01:33:04.0825 5992  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
01:33:04.0841 5992  LSI_SAS - ok
01:33:04.0841 5992  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
01:33:04.0856 5992  LSI_SAS2 - ok
01:33:04.0872 5992  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
01:33:04.0888 5992  LSI_SCSI - ok
01:33:04.0934 5992  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
01:33:04.0981 5992  luafv - ok
01:33:05.0090 5992  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
01:33:05.0106 5992  McComponentHostService - ok
01:33:05.0122 5992  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
01:33:05.0153 5992  Mcx2Svc - ok
01:33:05.0153 5992  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
01:33:05.0168 5992  megasas - ok
01:33:05.0200 5992  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
01:33:05.0215 5992  MegaSR - ok
01:33:05.0246 5992  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
01:33:05.0262 5992  MEIx64 - ok
01:33:05.0293 5992  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
01:33:05.0340 5992  MMCSS - ok
01:33:05.0356 5992  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
01:33:05.0402 5992  Modem - ok
01:33:05.0434 5992  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
01:33:05.0465 5992  monitor - ok
01:33:05.0512 5992  [ 43E754047C6DEE50666554D3C66D6279 ] motccgp         C:\Windows\system32\DRIVERS\motccgp.sys
01:33:05.0543 5992  motccgp - ok
01:33:05.0558 5992  [ 577399C75CF85AC68E7830EB150F45EF ] motccgpfl       C:\Windows\system32\DRIVERS\motccgpfl.sys
01:33:05.0574 5992  motccgpfl - ok
01:33:05.0590 5992  [ 785B2CBA23D374649D98715C3EE17B2A ] motmodem        C:\Windows\system32\DRIVERS\motmodem.sys
01:33:05.0636 5992  motmodem - ok
01:33:05.0714 5992  [ FDF0D78147DA8B2A93FE42D9A14C1B0B ] Motorola Device Manager C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
01:33:05.0730 5992  Motorola Device Manager - ok
01:33:05.0761 5992  [ 19BC2161C3FCCED802F1BCD9B78C3466 ] MotoSwitchService C:\Windows\system32\DRIVERS\motswch.sys
01:33:05.0777 5992  MotoSwitchService - ok
01:33:05.0792 5992  [ C4F1495598C7E1FEF53BCFD84A5BD53E ] Motousbnet      C:\Windows\system32\DRIVERS\Motousbnet.sys
01:33:05.0808 5992  Motousbnet - ok
01:33:05.0839 5992  [ D075B1D964A314D240F5498773EE89DF ] motusbdevice    C:\Windows\system32\DRIVERS\motusbdevice.sys
01:33:05.0886 5992  motusbdevice - ok
01:33:05.0917 5992  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
01:33:05.0933 5992  mouclass - ok
01:33:05.0980 5992  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
01:33:06.0011 5992  mouhid - ok
01:33:06.0058 5992  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
01:33:06.0058 5992  mountmgr - ok
01:33:06.0136 5992  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
01:33:06.0151 5992  MozillaMaintenance - ok
01:33:06.0182 5992  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
01:33:06.0198 5992  MpFilter - ok
01:33:06.0229 5992  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
01:33:06.0245 5992  mpio - ok
01:33:06.0260 5992  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
01:33:06.0307 5992  mpsdrv - ok
01:33:06.0354 5992  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
01:33:06.0416 5992  MpsSvc - ok
01:33:06.0448 5992  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
01:33:06.0494 5992  MRxDAV - ok
01:33:06.0510 5992  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
01:33:06.0541 5992  mrxsmb - ok
01:33:06.0572 5992  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:33:06.0588 5992  mrxsmb10 - ok
01:33:06.0604 5992  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:33:06.0619 5992  mrxsmb20 - ok
01:33:06.0635 5992  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
01:33:06.0650 5992  msahci - ok
01:33:06.0666 5992  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
01:33:06.0682 5992  msdsm - ok
01:33:06.0713 5992  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
01:33:06.0728 5992  MSDTC - ok
01:33:06.0744 5992  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
01:33:06.0791 5992  Msfs - ok
01:33:06.0838 5992  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
01:33:06.0884 5992  mshidkmdf - ok
01:33:06.0900 5992  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
01:33:06.0916 5992  msisadrv - ok
01:33:06.0962 5992  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
01:33:06.0994 5992  MSiSCSI - ok
01:33:07.0009 5992  msiserver - ok
01:33:07.0056 5992  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
01:33:07.0087 5992  MSKSSRV - ok
01:33:07.0150 5992  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
01:33:07.0165 5992  MsMpSvc - ok
01:33:07.0181 5992  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
01:33:07.0212 5992  MSPCLOCK - ok
01:33:07.0243 5992  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
01:33:07.0290 5992  MSPQM - ok
01:33:07.0306 5992  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
01:33:07.0321 5992  MsRPC - ok
01:33:07.0337 5992  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
01:33:07.0337 5992  mssmbios - ok
01:33:07.0368 5992  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
01:33:07.0415 5992  MSTEE - ok
01:33:07.0430 5992  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
01:33:07.0462 5992  MTConfig - ok
01:33:07.0462 5992  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
01:33:07.0477 5992  Mup - ok
01:33:07.0493 5992  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
01:33:07.0555 5992  napagent - ok
01:33:07.0618 5992  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
01:33:07.0649 5992  NativeWifiP - ok
01:33:07.0711 5992  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
01:33:07.0727 5992  NDIS - ok
01:33:07.0789 5992  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
01:33:07.0820 5992  NdisCap - ok
01:33:07.0836 5992  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
01:33:07.0898 5992  NdisTapi - ok
01:33:07.0914 5992  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
01:33:07.0945 5992  Ndisuio - ok
01:33:07.0976 5992  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
01:33:08.0023 5992  NdisWan - ok
01:33:08.0039 5992  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
01:33:08.0086 5992  NDProxy - ok
01:33:08.0117 5992  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
01:33:08.0179 5992  NetBIOS - ok
01:33:08.0195 5992  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
01:33:08.0242 5992  NetBT - ok
01:33:08.0273 5992  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
01:33:08.0273 5992  Netlogon - ok
01:33:08.0320 5992  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
01:33:08.0382 5992  Netman - ok
01:33:08.0429 5992  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:33:08.0444 5992  NetMsmqActivator - ok
01:33:08.0444 5992  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:33:08.0460 5992  NetPipeActivator - ok
01:33:08.0491 5992  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
01:33:08.0538 5992  netprofm - ok
01:33:08.0616 5992  [ FB21D47BA5606A4EDBBAC353D4BD06F0 ] netr28x         C:\Windows\system32\DRIVERS\netr28x.sys
01:33:08.0678 5992  netr28x - ok
01:33:08.0725 5992  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:33:08.0741 5992  NetTcpActivator - ok
01:33:08.0741 5992  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:33:08.0741 5992  NetTcpPortSharing - ok
01:33:08.0788 5992  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
01:33:08.0788 5992  nfrd960 - ok
01:33:08.0850 5992  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
01:33:08.0866 5992  NisDrv - ok
01:33:08.0928 5992  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
01:33:08.0944 5992  NisSrv - ok
01:33:09.0037 5992  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
01:33:09.0115 5992  NlaSvc - ok
01:33:09.0162 5992  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
01:33:09.0193 5992  Npfs - ok
01:33:09.0224 5992  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
01:33:09.0256 5992  nsi - ok
01:33:09.0271 5992  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
01:33:09.0318 5992  nsiproxy - ok
01:33:09.0365 5992  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
01:33:09.0396 5992  Ntfs - ok
01:33:09.0412 5992  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
01:33:09.0474 5992  Null - ok
01:33:09.0521 5992  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
01:33:09.0536 5992  nvraid - ok
01:33:09.0552 5992  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
01:33:09.0552 5992  nvstor - ok
01:33:09.0583 5992  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
01:33:09.0599 5992  nv_agp - ok
01:33:09.0614 5992  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
01:33:09.0646 5992  ohci1394 - ok
01:33:09.0708 5992  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:33:09.0724 5992  ose - ok
01:33:09.0848 5992  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:33:09.0989 5992  osppsvc - ok
01:33:10.0020 5992  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
01:33:10.0036 5992  p2pimsvc - ok
01:33:10.0067 5992  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
01:33:10.0082 5992  p2psvc - ok
01:33:10.0114 5992  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
01:33:10.0129 5992  Parport - ok
01:33:10.0145 5992  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
01:33:10.0160 5992  partmgr - ok
01:33:10.0176 5992  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
01:33:10.0207 5992  PcaSvc - ok
01:33:10.0223 5992  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
01:33:10.0238 5992  pci - ok
01:33:10.0285 5992  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
01:33:10.0285 5992  pciide - ok
01:33:10.0301 5992  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
01:33:10.0316 5992  pcmcia - ok
01:33:10.0332 5992  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
01:33:10.0332 5992  pcw - ok
01:33:10.0363 5992  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
01:33:10.0426 5992  PEAUTH - ok
01:33:10.0504 5992  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
01:33:10.0519 5992  PerfHost - ok
01:33:10.0566 5992  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
01:33:10.0628 5992  pla - ok
01:33:10.0660 5992  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
01:33:10.0706 5992  PlugPlay - ok
01:33:10.0738 5992  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
01:33:10.0753 5992  PNRPAutoReg - ok
01:33:10.0769 5992  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
01:33:10.0784 5992  PNRPsvc - ok
01:33:10.0816 5992  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
01:33:10.0862 5992  PolicyAgent - ok
01:33:10.0909 5992  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
01:33:10.0940 5992  Power - ok
01:33:10.0987 5992  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
01:33:11.0034 5992  PptpMiniport - ok
01:33:11.0050 5992  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
01:33:11.0081 5992  Processor - ok
01:33:11.0112 5992  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
01:33:11.0143 5992  ProfSvc - ok
01:33:11.0143 5992  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
01:33:11.0159 5992  ProtectedStorage - ok
01:33:11.0206 5992  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
01:33:11.0252 5992  Psched - ok
01:33:11.0330 5992  [ EA735BF6DF13A857A83C99BF27A422AD ] PST Service     C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
01:33:11.0346 5992  PST Service ( UnsignedFile.Multi.Generic ) - warning
01:33:11.0346 5992  PST Service - detected UnsignedFile.Multi.Generic (1)
01:33:11.0424 5992  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
01:33:11.0471 5992  ql2300 - ok
01:33:11.0486 5992  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
01:33:11.0502 5992  ql40xx - ok
01:33:11.0518 5992  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
01:33:11.0533 5992  QWAVE - ok
01:33:11.0549 5992  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
01:33:11.0580 5992  QWAVEdrv - ok
01:33:11.0580 5992  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
01:33:11.0627 5992  RasAcd - ok
01:33:11.0658 5992  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
01:33:11.0705 5992  RasAgileVpn - ok
01:33:11.0736 5992  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
01:33:11.0783 5992  RasAuto - ok
01:33:11.0798 5992  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
01:33:11.0845 5992  Rasl2tp - ok
01:33:11.0876 5992  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
01:33:11.0923 5992  RasMan - ok
01:33:11.0970 5992  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
01:33:12.0017 5992  RasPppoe - ok
01:33:12.0017 5992  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
01:33:12.0079 5992  RasSstp - ok
01:33:12.0126 5992  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
01:33:12.0157 5992  rdbss - ok
01:33:12.0173 5992  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
01:33:12.0188 5992  rdpbus - ok
01:33:12.0235 5992  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
01:33:12.0266 5992  RDPCDD - ok
01:33:12.0298 5992  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
01:33:12.0344 5992  RDPENCDD - ok
01:33:12.0360 5992  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
01:33:12.0407 5992  RDPREFMP - ok
01:33:12.0438 5992  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
01:33:12.0485 5992  RDPWD - ok
01:33:12.0516 5992  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
01:33:12.0532 5992  rdyboost - ok
01:33:12.0563 5992  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
01:33:12.0610 5992  RemoteAccess - ok
01:33:12.0641 5992  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
01:33:12.0688 5992  RemoteRegistry - ok
01:33:12.0719 5992  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
01:33:12.0750 5992  RFCOMM - ok
01:33:12.0766 5992  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
01:33:12.0812 5992  RpcEptMapper - ok
01:33:12.0828 5992  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
01:33:12.0859 5992  RpcLocator - ok
01:33:12.0875 5992  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
01:33:12.0922 5992  RpcSs - ok
01:33:12.0953 5992  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
01:33:12.0984 5992  rspndr - ok
01:33:13.0000 5992  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
01:33:13.0015 5992  SamSs - ok
01:33:13.0031 5992  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
01:33:13.0031 5992  sbp2port - ok
01:33:13.0078 5992  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
01:33:13.0109 5992  SCardSvr - ok
01:33:13.0124 5992  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
01:33:13.0156 5992  scfilter - ok
01:33:13.0187 5992  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
01:33:13.0249 5992  Schedule - ok
01:33:13.0265 5992  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
01:33:13.0296 5992  SCPolicySvc - ok
01:33:13.0327 5992  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
01:33:13.0358 5992  SDRSVC - ok
01:33:13.0421 5992  [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort         C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
01:33:13.0436 5992  SeaPort - ok
01:33:13.0468 5992  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
01:33:13.0514 5992  secdrv - ok
01:33:13.0546 5992  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
01:33:13.0577 5992  seclogon - ok
01:33:13.0624 5992  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
01:33:13.0670 5992  SENS - ok
01:33:13.0686 5992  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
01:33:13.0702 5992  SensrSvc - ok
01:33:13.0748 5992  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
01:33:13.0764 5992  Serenum - ok
01:33:13.0811 5992  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
01:33:13.0826 5992  Serial - ok
01:33:13.0842 5992  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
01:33:13.0858 5992  sermouse - ok
01:33:13.0904 5992  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
01:33:13.0951 5992  SessionEnv - ok
01:33:13.0967 5992  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
01:33:13.0982 5992  sffdisk - ok
01:33:13.0982 5992  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
01:33:14.0014 5992  sffp_mmc - ok
01:33:14.0029 5992  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
01:33:14.0060 5992  sffp_sd - ok
01:33:14.0092 5992  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
01:33:14.0107 5992  sfloppy - ok
01:33:14.0170 5992  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
01:33:14.0216 5992  Sftfs - ok
01:33:14.0263 5992  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
01:33:14.0279 5992  sftlist - ok
01:33:14.0294 5992  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
01:33:14.0310 5992  Sftplay - ok
01:33:14.0310 5992  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
01:33:14.0326 5992  Sftredir - ok
01:33:14.0326 5992  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
01:33:14.0341 5992  Sftvol - ok
01:33:14.0357 5992  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
01:33:14.0372 5992  sftvsa - ok
01:33:14.0419 5992  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
01:33:14.0482 5992  SharedAccess - ok
01:33:14.0513 5992  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:33:14.0544 5992  ShellHWDetection - ok
01:33:14.0591 5992  [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH        C:\Windows\system32\DRIVERS\SiSG664.sys
01:33:14.0606 5992  SiSGbeLH - ok
01:33:14.0638 5992  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
01:33:14.0638 5992  SiSRaid2 - ok
01:33:14.0653 5992  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
01:33:14.0669 5992  SiSRaid4 - ok
01:33:14.0731 5992  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
01:33:14.0731 5992  SkypeUpdate - ok
01:33:14.0778 5992  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
01:33:14.0825 5992  Smb - ok
01:33:14.0872 5992  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
01:33:14.0903 5992  SNMPTRAP - ok
01:33:14.0903 5992  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
01:33:14.0918 5992  spldr - ok
01:33:14.0950 5992  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
01:33:14.0981 5992  Spooler - ok
01:33:15.0059 5992  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
01:33:15.0199 5992  sppsvc - ok
01:33:15.0199 5992  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
01:33:15.0246 5992  sppuinotify - ok
01:33:15.0277 5992  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
01:33:15.0324 5992  srv - ok
01:33:15.0340 5992  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
01:33:15.0371 5992  srv2 - ok
01:33:15.0386 5992  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
01:33:15.0402 5992  srvnet - ok
01:33:15.0449 5992  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
01:33:15.0480 5992  SSDPSRV - ok
01:33:15.0496 5992  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
01:33:15.0527 5992  SstpSvc - ok
01:33:15.0558 5992  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
01:33:15.0558 5992  stexstor - ok
01:33:15.0605 5992  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
01:33:15.0652 5992  stisvc - ok
01:33:15.0667 5992  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
01:33:15.0683 5992  swenum - ok
01:33:15.0714 5992  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
01:33:15.0761 5992  swprv - ok
01:33:15.0839 5992  [ 7E8902F9929A5D9FFD0F545332CE0F10 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
01:33:15.0901 5992  SynTP - ok
01:33:15.0948 5992  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
01:33:16.0010 5992  SysMain - ok
01:33:16.0026 5992  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:33:16.0057 5992  TabletInputService - ok
01:33:16.0088 5992  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
01:33:16.0135 5992  TapiSrv - ok
01:33:16.0151 5992  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
01:33:16.0198 5992  TBS - ok
01:33:16.0276 5992  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
01:33:16.0322 5992  Tcpip - ok
01:33:16.0385 5992  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
01:33:16.0416 5992  TCPIP6 - ok
01:33:16.0447 5992  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
01:33:16.0463 5992  tcpipreg - ok
01:33:16.0510 5992  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
01:33:16.0541 5992  TDPIPE - ok
01:33:16.0572 5992  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
01:33:16.0588 5992  TDTCP - ok
01:33:16.0603 5992  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
01:33:16.0650 5992  tdx - ok
01:33:16.0650 5992  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
01:33:16.0666 5992  TermDD - ok
01:33:16.0697 5992  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
01:33:16.0744 5992  TermService - ok
01:33:16.0744 5992  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
01:33:16.0775 5992  Themes - ok
01:33:16.0806 5992  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
01:33:16.0837 5992  THREADORDER - ok
01:33:16.0868 5992  [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM             C:\Windows\system32\drivers\tpm.sys
01:33:16.0884 5992  TPM - ok
01:33:16.0915 5992  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
01:33:16.0962 5992  TrkWks - ok
01:33:17.0024 5992  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:33:17.0071 5992  TrustedInstaller - ok
01:33:17.0087 5992  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
01:33:17.0118 5992  tssecsrv - ok
01:33:17.0149 5992  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
01:33:17.0180 5992  TsUsbFlt - ok
01:33:17.0212 5992  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
01:33:17.0227 5992  TsUsbGD - ok
01:33:17.0258 5992  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
01:33:17.0305 5992  tunnel - ok
01:33:17.0321 5992  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
01:33:17.0321 5992  uagp35 - ok
01:33:17.0352 5992  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
01:33:17.0414 5992  udfs - ok
01:33:17.0430 5992  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
01:33:17.0461 5992  UI0Detect - ok
01:33:17.0492 5992  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
01:33:17.0508 5992  uliagpkx - ok
01:33:17.0555 5992  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
01:33:17.0570 5992  umbus - ok
01:33:17.0586 5992  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
01:33:17.0602 5992  UmPass - ok
01:33:17.0742 5992  [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
01:33:17.0789 5992  UNS - ok
01:33:17.0820 5992  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
01:33:17.0867 5992  upnphost - ok
01:33:17.0914 5992  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
01:33:17.0945 5992  usbccgp - ok
01:33:17.0976 5992  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
01:33:18.0007 5992  usbcir - ok
01:33:18.0038 5992  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
01:33:18.0054 5992  usbehci - ok
01:33:18.0101 5992  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
01:33:18.0132 5992  usbhub - ok
01:33:18.0148 5992  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
01:33:18.0148 5992  usbohci - ok
01:33:18.0179 5992  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
01:33:18.0194 5992  usbprint - ok
01:33:18.0226 5992  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
01:33:18.0257 5992  usbscan - ok
01:33:18.0272 5992  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:33:18.0319 5992  USBSTOR - ok
01:33:18.0350 5992  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
01:33:18.0366 5992  usbuhci - ok
01:33:18.0428 5992  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
01:33:18.0460 5992  usbvideo - ok
01:33:18.0475 5992  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
01:33:18.0506 5992  UxSms - ok
01:33:18.0522 5992  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
01:33:18.0538 5992  VaultSvc - ok
01:33:18.0569 5992  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
01:33:18.0584 5992  vdrvroot - ok
01:33:18.0600 5992  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
01:33:18.0662 5992  vds - ok
01:33:18.0709 5992  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
01:33:18.0725 5992  vga - ok
01:33:18.0740 5992  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
01:33:18.0772 5992  VgaSave - ok
01:33:18.0787 5992  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
01:33:18.0803 5992  vhdmp - ok
01:33:18.0850 5992  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
01:33:18.0850 5992  viaide - ok
01:33:18.0896 5992  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
01:33:18.0912 5992  volmgr - ok
01:33:18.0943 5992  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
01:33:18.0959 5992  volmgrx - ok
01:33:18.0974 5992  [ DF8126BD41180351A093A3AD2FC8903B ] volsnap         C:\Windows\system32\drivers\volsnap.sys
01:33:18.0990 5992  volsnap - ok
01:33:19.0037 5992  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
01:33:19.0052 5992  vsmraid - ok
01:33:19.0099 5992  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
01:33:19.0193 5992  VSS - ok
01:33:19.0208 5992  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
01:33:19.0240 5992  vwifibus - ok
01:33:19.0240 5992  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
01:33:19.0271 5992  vwififlt - ok
01:33:19.0302 5992  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
01:33:19.0364 5992  W32Time - ok
01:33:19.0380 5992  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
01:33:19.0411 5992  WacomPen - ok
01:33:19.0442 5992  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
01:33:19.0474 5992  WANARP - ok
01:33:19.0474 5992  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
01:33:19.0505 5992  Wanarpv6 - ok
01:33:19.0552 5992  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
01:33:19.0630 5992  wbengine - ok
01:33:19.0645 5992  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
01:33:19.0661 5992  WbioSrvc - ok
01:33:19.0692 5992  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
01:33:19.0723 5992  wcncsvc - ok
01:33:19.0739 5992  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:33:19.0754 5992  WcsPlugInService - ok
01:33:19.0786 5992  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
01:33:19.0786 5992  Wd - ok
01:33:19.0817 5992  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
01:33:19.0864 5992  Wdf01000 - ok
01:33:19.0879 5992  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
01:33:19.0973 5992  WdiServiceHost - ok
01:33:19.0973 5992  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
01:33:19.0988 5992  WdiSystemHost - ok
01:33:20.0020 5992  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
01:33:20.0051 5992  WebClient - ok
01:33:20.0066 5992  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
01:33:20.0113 5992  Wecsvc - ok
01:33:20.0129 5992  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
01:33:20.0176 5992  wercplsupport - ok
01:33:20.0207 5992  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
01:33:20.0254 5992  WerSvc - ok
01:33:20.0285 5992  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
01:33:20.0332 5992  WfpLwf - ok
01:33:20.0363 5992  [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
01:33:20.0378 5992  WimFltr - ok
01:33:20.0425 5992  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
01:33:20.0425 5992  WIMMount - ok
01:33:20.0456 5992  WinDefend - ok
01:33:20.0456 5992  WinHttpAutoProxySvc - ok
01:33:20.0519 5992  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
01:33:20.0566 5992  Winmgmt - ok
01:33:20.0628 5992  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
01:33:20.0722 5992  WinRM - ok
01:33:20.0784 5992  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.sys
01:33:20.0800 5992  WinUsb - ok
01:33:20.0831 5992  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
01:33:20.0878 5992  Wlansvc - ok
01:33:20.0971 5992  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:33:21.0049 5992  wlidsvc - ok
01:33:21.0080 5992  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
01:33:21.0096 5992  WmiAcpi - ok
01:33:21.0127 5992  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
01:33:21.0158 5992  wmiApSrv - ok
01:33:21.0190 5992  WMPNetworkSvc - ok
01:33:21.0236 5992  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
01:33:21.0252 5992  WPCSvc - ok
01:33:21.0268 5992  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
01:33:21.0299 5992  WPDBusEnum - ok
01:33:21.0330 5992  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
01:33:21.0377 5992  ws2ifsl - ok
01:33:21.0392 5992  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
01:33:21.0408 5992  wscsvc - ok
01:33:21.0424 5992  WSearch - ok
01:33:21.0502 5992  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
01:33:21.0580 5992  wuauserv - ok
01:33:21.0595 5992  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
01:33:21.0642 5992  WudfPf - ok
01:33:21.0673 5992  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
01:33:21.0689 5992  WUDFRd - ok
01:33:21.0720 5992  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
01:33:21.0736 5992  wudfsvc - ok
01:33:21.0767 5992  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
01:33:21.0798 5992  WwanSvc - ok
01:33:21.0814 5992  ================ Scan global ===============================
01:33:21.0845 5992  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
01:33:21.0876 5992  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
01:33:21.0876 5992  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
01:33:21.0892 5992  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
01:33:21.0923 5992  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
01:33:21.0923 5992  [Global] - ok
01:33:21.0923 5992  ================ Scan MBR ==================================
01:33:21.0938 5992  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
01:33:22.0422 5992  \Device\Harddisk0\DR0 - ok
01:33:22.0422 5992  ================ Scan VBR ==================================
01:33:22.0422 5992  [ E14A76216885B5F2297461FD64106EBF ] \Device\Harddisk0\DR0\Partition1
01:33:22.0422 5992  \Device\Harddisk0\DR0\Partition1 - ok
01:33:22.0438 5992  [ 20FA95381BEDE84505459E72CCE4A9E5 ] \Device\Harddisk0\DR0\Partition2
01:33:22.0453 5992  \Device\Harddisk0\DR0\Partition2 - ok
01:33:22.0453 5992  ============================================================
01:33:22.0453 5992  Scan finished
01:33:22.0453 5992  ============================================================
01:33:22.0453 6612  Detected object count: 1
01:33:22.0453 6612  Actual detected object count: 1
01:33:41.0267 6612  PST Service ( UnsignedFile.Multi.Generic ) - skipped by user
01:33:41.0267 6612  PST Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
01:34:32.0879 3836  Deinitialize success
         

Geändert von flyingnoodls (20.05.2013 um 00:47 Uhr)

Alt 20.05.2013, 21:58   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Sparkassen-Trojaner - Standard

Sparkassen-Trojaner



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.05.2013, 22:23   #13
flyingnoodls
 
Sparkassen-Trojaner - Standard

Sparkassen-Trojaner



Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Joe on 20.05.2013 at 23:03:06,70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EB1CE354-81C0-4B82-9B58-BFC7713C6DB0}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\Joe\AppData\Roaming\mozilla\firefox\profiles\trjxqo70.default-1368569298600\user.js
Emptied folder: C:\Users\Joe\AppData\Roaming\mozilla\firefox\profiles\trjxqo70.default-1368569298600\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.05.2013 at 23:06:39,27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
# AdwCleaner v2.301 - Datei am 20/05/2013 um 23:10:10 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Joe - ASUS
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Joe\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\trjxqo70.default-1368569298600\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [4358 octets] - [14/05/2013 23:56:56]
AdwCleaner[R2].txt - [972 octets] - [15/05/2013 00:19:56]
AdwCleaner[S1].txt - [4531 octets] - [14/05/2013 23:57:48]
AdwCleaner[S2].txt - [906 octets] - [20/05/2013 23:10:10]

########## EOF - C:\AdwCleaner[S2].txt - [965 octets] ##########
         
Code:
ATTFilter
OTL logfile created on: 20.05.2013 23:14:18 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Joe\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 65,22% Memory free
7,81 Gb Paging File | 6,34 Gb Available in Paging File | 81,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 71,87 Gb Free Space | 60,28% Space Free | Partition Type: NTFS
Drive D: | 153,85 Gb Total Space | 24,48 Gb Free Space | 15,91% Space Free | Partition Type: NTFS
Drive E: | 465,88 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ASUS | User Name: Joe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Users\Joe\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (Motorola Mobility LLC)
PRC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Motorola Mobility LLC)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
PRC - C:\Windows\SysWOW64\ACEngSvr.exe (ASUSTeK)
PRC - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (EPSON_EB_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION)
SRV:64bit: - (EPSON_PM_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Motorola Device Manager) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Motorola Mobility LLC)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (ASUS InstantOn) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe (ASUS)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (PST Service) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (motccgp) -- C:\Windows\SysNative\drivers\motccgp.sys (Motorola Mobility Inc)
DRV:64bit: - (Motousbnet) -- C:\Windows\SysNative\drivers\Motousbnet.sys (Motorola Mobility Inc)
DRV:64bit: - (MotoSwitchService) -- C:\Windows\SysNative\drivers\motswch.sys (Motorola)
DRV:64bit: - (motmodem) -- C:\Windows\SysNative\drivers\motmodem.sys (Motorola Mobility Inc)
DRV:64bit: - (cbfs3) -- C:\Windows\SysNative\drivers\cbfs3.sys (EldoS Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (motccgpfl) -- C:\Windows\SysNative\drivers\motccgpfl.sys (Motorola Mobility Inc)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (motusbdevice) -- C:\Windows\SysNative\drivers\motusbdevice.sys (Motorola Inc)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (BTCFilterService) -- C:\Windows\SysNative\drivers\motfilt.sys (Motorola Inc)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-236100789-3848551917-3574890089-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-236100789-3848551917-3574890089-1000\..\SearchScopes,DefaultScope = {53C6CB24-A906-4DF8-8C26-8AA9DA0B50F7}
IE - HKU\S-1-5-21-236100789-3848551917-3574890089-1000\..\SearchScopes\{53C6CB24-A906-4DF8-8C26-8AA9DA0B50F7}: "URL" = hxxp://www.google.com/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}&rlz=
IE - HKU\S-1-5-21-236100789-3848551917-3574890089-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-236100789-3848551917-3574890089-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;192.168.*.*
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.02.16 22:25:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.14 21:28:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.16 21:18:07 | 000,000,000 | ---D | M]
 
[2012.11.12 11:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joe\AppData\Roaming\mozilla\Extensions
[2013.05.14 21:29:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.14 21:29:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013.05.19 12:46:51 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS)
O4 - HKU\S-1-5-21-236100789-3848551917-3574890089-1000..\Run: [ICQ] C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-236100789-3848551917-3574890089-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-236100789-3848551917-3574890089-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C0EF544-3440-4CD5-BDF2-17A3DBEABB62}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CC4673B-E3E1-4F3E-8F44-C1E26AF1DCB5}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.20 23:03:04 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.20 23:03:01 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.20 23:00:34 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Joe\Desktop\JRT.exe
[2013.05.20 01:09:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.20 01:08:48 | 000,000,000 | ---D | C] -- C:\Users\Joe\Desktop\mbar-1.05.0.1001
[2013.05.20 01:08:01 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Joe\Desktop\tdsskiller.exe
[2013.05.20 01:07:03 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Joe\Desktop\aswMBR.exe
[2013.05.19 12:51:04 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.05.19 12:46:52 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.05.19 12:39:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.19 12:34:24 | 005,067,228 | R--- | C] (Swearware) -- C:\Users\Joe\Desktop\ComboFix.exe
[2013.05.18 11:59:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.18 11:59:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.18 11:59:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.18 11:59:32 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.16 21:17:35 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013.05.16 10:54:09 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.05.16 10:54:09 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.05.16 10:54:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.16 10:54:04 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.16 10:54:04 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.05.16 10:54:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.05.16 10:54:04 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.05.16 10:54:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.05.16 10:54:03 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.05.16 10:54:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.05.16 10:54:02 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.16 10:54:01 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.16 10:53:59 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.16 10:53:59 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.16 10:53:59 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.05.15 11:57:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe
[2013.05.15 10:51:09 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.15 10:51:09 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.15 10:50:58 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.15 10:50:58 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.15 10:50:58 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.15 10:50:58 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.15 10:50:50 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.05.15 00:08:24 | 000,000,000 | ---D | C] -- C:\Users\Joe\Desktop\Alte Firefox-Daten
[2013.05.14 21:30:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.05.14 21:11:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.05.14 21:11:27 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.05.14 21:11:27 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.05.14 21:11:27 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.05.08 13:35:50 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Upgoic
[2013.05.08 13:35:50 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Pyumq
[2013.04.22 12:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.20 23:11:36 | 000,000,387 | ---- | M] () -- C:\Users\Joe\AppData\Roaming\sp_data.sys
[2013.05.20 23:11:21 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.20 23:11:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.20 23:11:04 | 3145,826,304 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.20 23:10:39 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.20 23:10:39 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.20 23:01:15 | 000,632,031 | ---- | M] () -- C:\Users\Joe\Desktop\adwcleaner.exe
[2013.05.20 23:00:37 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Joe\Desktop\JRT.exe
[2013.05.20 22:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.20 22:34:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.20 01:30:28 | 000,000,512 | ---- | M] () -- C:\Users\Joe\Desktop\MBR.dat
[2013.05.20 01:08:29 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Joe\Desktop\aswMBR.exe
[2013.05.20 01:08:01 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Joe\Desktop\tdsskiller.exe
[2013.05.20 01:06:04 | 012,917,756 | ---- | M] () -- C:\Users\Joe\Desktop\mbar-1.05.0.1001.zip
[2013.05.19 12:46:51 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.05.19 12:34:44 | 005,067,228 | R--- | M] (Swearware) -- C:\Users\Joe\Desktop\ComboFix.exe
[2013.05.18 14:37:24 | 000,110,375 | ---- | M] () -- C:\Users\Joe\Desktop\946787_668778629815802_402435058_n.jpg
[2013.05.17 22:44:35 | 000,239,612 | ---- | M] () -- C:\Users\Joe\Desktop\maltis.jpg
[2013.05.16 21:18:08 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013.05.16 15:06:14 | 000,397,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.16 10:58:12 | 001,636,028 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.16 10:58:12 | 000,697,322 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.16 10:58:12 | 000,652,600 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.16 10:58:12 | 000,148,328 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.16 10:58:12 | 000,121,274 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.15 19:51:27 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.15 19:51:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.15 17:14:33 | 000,345,724 | ---- | M] () -- C:\Users\Joe\Desktop\Orthopaedie-Altklausur-2006WS-Gruppe_A.odt
[2013.05.15 12:00:36 | 000,377,856 | ---- | M] () -- C:\Users\Joe\Desktop\gmer_2.1.19163.exe
[2013.05.15 11:58:56 | 000,718,787 | ---- | M] () -- C:\Users\Joe\Desktop\69886-alle-hilfesuchenden-eroeffnu.pdf
[2013.05.15 11:57:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe
[2013.05.15 11:57:15 | 000,000,000 | ---- | M] () -- C:\Users\Joe\defogger_reenable
[2013.05.15 11:56:37 | 000,050,477 | ---- | M] () -- C:\Users\Joe\Desktop\Defogger.exe
[2013.05.15 00:18:09 | 000,039,929 | ---- | M] () -- C:\Users\Joe\Desktop\malware.jpg
[2013.05.14 21:30:06 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.05.08 22:28:35 | 000,002,182 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2013.05.06 13:35:42 | 000,216,584 | ---- | M] () -- C:\Users\Joe\Desktop\32_externe_neue_aeappo_bewerbung_Aug13_VARIANTE2_1_Kopie_VER.pdf
[2013.04.22 12:47:53 | 000,002,048 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.04.22 12:47:53 | 000,002,048 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013.04.21 12:18:42 | 000,001,621 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
 
========== Files Created - No Company Name ==========
 
[2013.05.20 23:01:15 | 000,632,031 | ---- | C] () -- C:\Users\Joe\Desktop\adwcleaner.exe
[2013.05.20 01:30:28 | 000,000,512 | ---- | C] () -- C:\Users\Joe\Desktop\MBR.dat
[2013.05.20 01:05:59 | 012,917,756 | ---- | C] () -- C:\Users\Joe\Desktop\mbar-1.05.0.1001.zip
[2013.05.18 14:46:38 | 000,110,375 | ---- | C] () -- C:\Users\Joe\Desktop\946787_668778629815802_402435058_n.jpg
[2013.05.18 11:59:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.18 11:59:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.18 11:59:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.18 11:59:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.18 11:59:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.17 22:44:35 | 000,239,612 | ---- | C] () -- C:\Users\Joe\Desktop\maltis.jpg
[2013.05.15 17:14:33 | 000,345,724 | ---- | C] () -- C:\Users\Joe\Desktop\Orthopaedie-Altklausur-2006WS-Gruppe_A.odt
[2013.05.15 12:00:36 | 000,377,856 | ---- | C] () -- C:\Users\Joe\Desktop\gmer_2.1.19163.exe
[2013.05.15 11:59:04 | 000,718,787 | ---- | C] () -- C:\Users\Joe\Desktop\69886-alle-hilfesuchenden-eroeffnu.pdf
[2013.05.15 11:57:15 | 000,000,000 | ---- | C] () -- C:\Users\Joe\defogger_reenable
[2013.05.15 11:56:32 | 000,050,477 | ---- | C] () -- C:\Users\Joe\Desktop\Defogger.exe
[2013.05.15 00:18:09 | 000,039,929 | ---- | C] () -- C:\Users\Joe\Desktop\malware.jpg
[2013.05.14 21:30:06 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.05.14 21:30:06 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.05.06 13:35:42 | 000,216,584 | ---- | C] () -- C:\Users\Joe\Desktop\32_externe_neue_aeappo_bewerbung_Aug13_VARIANTE2_1_Kopie_VER.pdf
[2013.04.22 12:47:53 | 000,002,048 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.04.22 12:47:50 | 000,002,048 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.07.29 14:18:19 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012.07.28 14:04:14 | 000,000,387 | ---- | C] () -- C:\Users\Joe\AppData\Roaming\sp_data.sys
[2012.06.09 15:35:49 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012.03.05 03:24:03 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2012.03.05 03:23:54 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.03.05 03:23:53 | 000,217,536 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.03.05 03:23:53 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.03.05 03:23:52 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012.03.05 03:23:52 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.02.24 04:28:11 | 001,591,930 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 20.05.2013 23:14:18 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Joe\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 65,22% Memory free
7,81 Gb Paging File | 6,34 Gb Available in Paging File | 81,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 71,87 Gb Free Space | 60,28% Space Free | Partition Type: NTFS
Drive D: | 153,85 Gb Total Space | 24,48 Gb Free Space | 15,91% Space Free | Partition Type: NTFS
Drive E: | 465,88 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ASUS | User Name: Joe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B5C0026-3D1F-41FE-BE44-8F3CC58D6C9C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1C622B62-9812-473A-9694-43BE9880C938}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2E8BC44F-71ED-4DD5-953F-9EC3B66368BD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{52026CE6-7339-4932-AC84-0A5D6A8E9FCE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5361333C-1BB8-4453-9B46-67332BCC102E}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{6B172638-80F6-4F70-9DA1-256890CA8A6B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6E160FBE-34C2-4E27-8B20-024917ECEFCD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7200A232-CB9A-4548-89E0-CF072E6C2E3E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{79EFC616-4D96-4ADF-9BFF-EEDDC798A18D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9C1A304E-E904-4163-8685-B057898DAB62}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9D320615-9EFE-49C3-B424-2CA1174EF7FB}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{A11B5B9D-D30E-4E6D-B613-FBF1612FE835}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A3E42950-C2EF-4603-9EDD-B59C1F1E1EB1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A56F99CF-933B-4F79-9B77-D54139039647}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{A608DB4C-DF2F-441A-BD39-7C13F34F5787}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A7302ADA-0DA6-4AA9-81FF-858F4C6B3848}" = lport=139 | protocol=6 | dir=in | app=system | 
"{ABBED92B-30DF-4AAF-A9B4-EE77382EDDAB}" = rport=445 | protocol=6 | dir=out | app=system | 
"{AFCAF206-534A-41FF-914A-5233CED97C01}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B8019F4B-F6D1-4BD9-AA4A-8D773E2E3C15}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BB84E384-0AC6-45E6-A3D7-457188CD9EFF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D43A4F56-2E2D-4B37-8F1A-E49D6FB921AC}" = lport=445 | protocol=6 | dir=in | app=system | 
"{DBAD66F7-9B9D-4550-8E0B-8334C9253738}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E44DF357-C07A-4237-A73F-8DA86DC3FA96}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F77FB93A-F906-42E4-808B-4093E80C690A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FE323625-4A37-4AF5-85F7-1220DB7E4512}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{085D8B8A-01C8-474C-9850-26BAF824941B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{111359A1-32CF-4845-8BF6-649A7497F908}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{13A83034-8528-4A7A-8A67-C59CF4E31E09}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{19E284DE-FE65-45E9-8827-69D5454439A1}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{1B00A9A6-75DD-45C4-BE89-AB1B5A648222}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{21D81408-E5AE-494A-9F19-0985B781280D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2E6C793B-42D4-4EA7-99BC-9044656C7502}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{37CFE252-1D5D-411D-85A5-FB83D97C65DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{40970073-D479-476A-A69A-0CEFB6FABBE7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{56048913-2EE4-4FB6-9B10-B11FD9535645}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{571576D3-FB44-4106-895E-49C2B0766AD3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{59946201-37DF-458C-9238-2E37B660B48D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{657A2AC7-2FEF-4EA7-AD91-846D51CB621A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6B453DB7-F2FA-4AF8-8796-0A73B34D19A6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7C361E44-B538-4418-9BAA-799169D45374}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8241FB29-D9F2-4CDB-8829-62152A40AC80}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9A27F507-C651-4851-8B34-05489C22346C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{9A6B5B6E-9701-4D3E-A857-BDEFFAAC6CC7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9F88D56F-9FE0-4A0E-911E-B80F155C8F1A}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{AD46D245-DF6B-4D41-AF5A-EAF74E9967C9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B47194E0-0074-4543-B500-C795480F44A4}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{B895C586-3D59-4702-9349-FBB0630F617B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{BA2CEAF1-C66A-4C11-A788-DBD7D26C3DC8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C1A280E9-7438-4759-84CE-63669528EEA8}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{CE15CB09-D002-4115-92F7-2D1504B41AC3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{DB37BB20-8703-4A10-85B0-1B585BB88CAB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{EDA33C67-02FC-4CBB-B8DE-B369AC2BA16B}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{F11EFF30-F169-45A5-8DB7-BBFDAA041230}" = protocol=6 | dir=out | app=system | 
"{F5826050-CE87-4DB0-BE47-5BE553A29588}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FF140651-CB2F-4364-8561-C0011F4439D8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"TCP Query User{4E2CBE00-D67A-42DB-963A-4BCCF5D04CE6}C:\program files (x86)\icq7m\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"TCP Query User{8C47AFEE-0DAF-48F7-BC95-10152D925307}C:\users\joe\appdata\roaming\wuala\wuala.exe" = protocol=6 | dir=in | app=c:\users\joe\appdata\roaming\wuala\wuala.exe | 
"TCP Query User{9E19B1C1-6941-4367-88FB-D635E971FC93}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{B6FB69C4-6222-4E85-A125-C71B6848127E}C:\users\joe\appdata\roaming\cyob\memi.exe" = protocol=6 | dir=in | app=c:\users\joe\appdata\roaming\cyob\memi.exe | 
"TCP Query User{E42833B9-C528-4181-9735-61257B60E965}C:\users\joe\appdata\roaming\cyob\memi.exe" = protocol=6 | dir=in | app=c:\users\joe\appdata\roaming\cyob\memi.exe | 
"UDP Query User{04804AE3-06AA-4D1C-8F7C-974C0E3E023F}C:\users\joe\appdata\roaming\cyob\memi.exe" = protocol=17 | dir=in | app=c:\users\joe\appdata\roaming\cyob\memi.exe | 
"UDP Query User{169E7D01-583D-45F8-BE69-F36F3C5D7C03}C:\users\joe\appdata\roaming\wuala\wuala.exe" = protocol=17 | dir=in | app=c:\users\joe\appdata\roaming\wuala\wuala.exe | 
"UDP Query User{6F1E306C-E3B7-4EA7-8805-0E4AB3A21AED}C:\program files (x86)\icq7m\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"UDP Query User{A52467EF-DEFF-4F0F-8DA4-AB091AD0BEBB}C:\users\joe\appdata\roaming\cyob\memi.exe" = protocol=17 | dir=in | app=c:\users\joe\appdata\roaming\cyob\memi.exe | 
"UDP Query User{B72745A7-F7D8-4240-887D-8EF8441C9513}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{C5A22A98-AC82-4404-BFB0-1E9F654EB176}" = Motorola Mobile Drivers Installation 6.0.0
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CutePDF Writer Installation" = CutePDF Writer 2.8
"EPSON SX218 Series" = EPSON SX218 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1231D46E-3174-4F1F-859E-41DCB0D070D2}" = mediscript Hammerexamen
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19EA33FB-B34E-40EA-8B8A-61743AEB795A}" = Wireless Console 3
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3FA377B8-23F4-470B-A567-5EED6B90C70E}" = cdrLabel 7.1
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{4555BB9E-E715-4260-A178-E8EFD2B653E3}" = Alcor Micro USB Card Reader
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS FaceLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn for NB
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111249233}" = Dream Vacation Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115065740}" = Bubbletown
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115290153}" = Go Go Gourmet Chef of the Year
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115320460}" = Turbo Fiesta
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116672750}" = World of Goo
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117080787}" = Plants vs Zombies
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117948443}" = Mahjong Memoirs
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118716773}" = Deadtime Stories
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119205603}" = Farm Frenzy 3 - Madagascar
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EA569F1-97AF-4C3E-A0CB-4846C2D35A81}" = LibreOffice 4.0.0.3
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}" = ASUS FancyStart
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DEAD13D3-BC70-4AAE-AEF9-BE6297E106D1}" = Motorola Device Software Update
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"AmUStor" = Alcor Micro USB Card Reader
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"ASUS_Screensaver" = ASUS_Screensaver
"DivX Setup" = DivX-Setup
"EPSON Scanner" = EPSON Scan
"EPSON SX218 Series Manual" = EPSON SX218 Series Handbuch
"Game Park Console" = Game Park Console
"Google Chrome" = Google Chrome
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"ST6UNST #1" = FMS32-PRO Version 3.1.5
"VLC media player" = VLC media player 2.0.3
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"Wuala CBFS" = Wuala CBFS
"Wuala OverlayIcons" = Wuala OverlayIcons
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-236100789-3848551917-3574890089-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
"Wuala" = Wuala
 
< End of report >
         

Alt 20.05.2013, 22:25   #14
flyingnoodls
 
Sparkassen-Trojaner - Standard

Sparkassen-Trojaner



Code:
ATTFilter
OTL logfile created on: 20.05.2013 23:14:18 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Joe\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 65,22% Memory free
7,81 Gb Paging File | 6,34 Gb Available in Paging File | 81,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 71,87 Gb Free Space | 60,28% Space Free | Partition Type: NTFS
Drive D: | 153,85 Gb Total Space | 24,48 Gb Free Space | 15,91% Space Free | Partition Type: NTFS
Drive E: | 465,88 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ASUS | User Name: Joe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Users\Joe\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (Motorola Mobility LLC)
PRC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Motorola Mobility LLC)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
PRC - C:\Windows\SysWOW64\ACEngSvr.exe (ASUSTeK)
PRC - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (EPSON_EB_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION)
SRV:64bit: - (EPSON_PM_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Motorola Device Manager) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Motorola Mobility LLC)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (ASUS InstantOn) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe (ASUS)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (PST Service) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (motccgp) -- C:\Windows\SysNative\drivers\motccgp.sys (Motorola Mobility Inc)
DRV:64bit: - (Motousbnet) -- C:\Windows\SysNative\drivers\Motousbnet.sys (Motorola Mobility Inc)
DRV:64bit: - (MotoSwitchService) -- C:\Windows\SysNative\drivers\motswch.sys (Motorola)
DRV:64bit: - (motmodem) -- C:\Windows\SysNative\drivers\motmodem.sys (Motorola Mobility Inc)
DRV:64bit: - (cbfs3) -- C:\Windows\SysNative\drivers\cbfs3.sys (EldoS Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (motccgpfl) -- C:\Windows\SysNative\drivers\motccgpfl.sys (Motorola Mobility Inc)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (motusbdevice) -- C:\Windows\SysNative\drivers\motusbdevice.sys (Motorola Inc)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (BTCFilterService) -- C:\Windows\SysNative\drivers\motfilt.sys (Motorola Inc)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-236100789-3848551917-3574890089-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-236100789-3848551917-3574890089-1000\..\SearchScopes,DefaultScope = {53C6CB24-A906-4DF8-8C26-8AA9DA0B50F7}
IE - HKU\S-1-5-21-236100789-3848551917-3574890089-1000\..\SearchScopes\{53C6CB24-A906-4DF8-8C26-8AA9DA0B50F7}: "URL" = hxxp://www.google.com/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}&rlz=
IE - HKU\S-1-5-21-236100789-3848551917-3574890089-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-236100789-3848551917-3574890089-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;192.168.*.*
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.02.16 22:25:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.14 21:28:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.16 21:18:07 | 000,000,000 | ---D | M]
 
[2012.11.12 11:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joe\AppData\Roaming\mozilla\Extensions
[2013.05.14 21:29:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.14 21:29:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013.05.19 12:46:51 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS)
O4 - HKU\S-1-5-21-236100789-3848551917-3574890089-1000..\Run: [ICQ] C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-236100789-3848551917-3574890089-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-236100789-3848551917-3574890089-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C0EF544-3440-4CD5-BDF2-17A3DBEABB62}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CC4673B-E3E1-4F3E-8F44-C1E26AF1DCB5}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.20 23:03:04 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.20 23:03:01 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.20 23:00:34 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Joe\Desktop\JRT.exe
[2013.05.20 01:09:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.20 01:08:48 | 000,000,000 | ---D | C] -- C:\Users\Joe\Desktop\mbar-1.05.0.1001
[2013.05.20 01:08:01 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Joe\Desktop\tdsskiller.exe
[2013.05.20 01:07:03 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Joe\Desktop\aswMBR.exe
[2013.05.19 12:51:04 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.05.19 12:46:52 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.05.19 12:39:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.19 12:34:24 | 005,067,228 | R--- | C] (Swearware) -- C:\Users\Joe\Desktop\ComboFix.exe
[2013.05.18 11:59:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.18 11:59:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.18 11:59:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.18 11:59:32 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.16 21:17:35 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013.05.16 10:54:09 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.05.16 10:54:09 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.05.16 10:54:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.16 10:54:04 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.16 10:54:04 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.05.16 10:54:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.05.16 10:54:04 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.05.16 10:54:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.05.16 10:54:03 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.05.16 10:54:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.05.16 10:54:02 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.16 10:54:01 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.16 10:53:59 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.16 10:53:59 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.16 10:53:59 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.05.15 11:57:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe
[2013.05.15 10:51:09 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.15 10:51:09 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.15 10:50:58 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.15 10:50:58 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.15 10:50:58 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.15 10:50:58 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.15 10:50:50 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.05.15 00:08:24 | 000,000,000 | ---D | C] -- C:\Users\Joe\Desktop\Alte Firefox-Daten
[2013.05.14 21:30:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.05.14 21:11:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.05.14 21:11:27 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.05.14 21:11:27 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.05.14 21:11:27 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.05.08 13:35:50 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Upgoic
[2013.05.08 13:35:50 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Pyumq
[2013.04.22 12:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.20 23:11:36 | 000,000,387 | ---- | M] () -- C:\Users\Joe\AppData\Roaming\sp_data.sys
[2013.05.20 23:11:21 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.20 23:11:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.20 23:11:04 | 3145,826,304 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.20 23:10:39 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.20 23:10:39 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.20 23:01:15 | 000,632,031 | ---- | M] () -- C:\Users\Joe\Desktop\adwcleaner.exe
[2013.05.20 23:00:37 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Joe\Desktop\JRT.exe
[2013.05.20 22:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.20 22:34:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.20 01:30:28 | 000,000,512 | ---- | M] () -- C:\Users\Joe\Desktop\MBR.dat
[2013.05.20 01:08:29 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Joe\Desktop\aswMBR.exe
[2013.05.20 01:08:01 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Joe\Desktop\tdsskiller.exe
[2013.05.20 01:06:04 | 012,917,756 | ---- | M] () -- C:\Users\Joe\Desktop\mbar-1.05.0.1001.zip
[2013.05.19 12:46:51 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.05.19 12:34:44 | 005,067,228 | R--- | M] (Swearware) -- C:\Users\Joe\Desktop\ComboFix.exe
[2013.05.18 14:37:24 | 000,110,375 | ---- | M] () -- C:\Users\Joe\Desktop\946787_668778629815802_402435058_n.jpg
[2013.05.17 22:44:35 | 000,239,612 | ---- | M] () -- C:\Users\Joe\Desktop\maltis.jpg
[2013.05.16 21:18:08 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013.05.16 15:06:14 | 000,397,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.16 10:58:12 | 001,636,028 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.16 10:58:12 | 000,697,322 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.16 10:58:12 | 000,652,600 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.16 10:58:12 | 000,148,328 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.16 10:58:12 | 000,121,274 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.15 19:51:27 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.15 19:51:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.15 17:14:33 | 000,345,724 | ---- | M] () -- C:\Users\Joe\Desktop\Orthopaedie-Altklausur-2006WS-Gruppe_A.odt
[2013.05.15 12:00:36 | 000,377,856 | ---- | M] () -- C:\Users\Joe\Desktop\gmer_2.1.19163.exe
[2013.05.15 11:58:56 | 000,718,787 | ---- | M] () -- C:\Users\Joe\Desktop\69886-alle-hilfesuchenden-eroeffnu.pdf
[2013.05.15 11:57:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe
[2013.05.15 11:57:15 | 000,000,000 | ---- | M] () -- C:\Users\Joe\defogger_reenable
[2013.05.15 11:56:37 | 000,050,477 | ---- | M] () -- C:\Users\Joe\Desktop\Defogger.exe
[2013.05.15 00:18:09 | 000,039,929 | ---- | M] () -- C:\Users\Joe\Desktop\malware.jpg
[2013.05.14 21:30:06 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.05.08 22:28:35 | 000,002,182 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2013.05.06 13:35:42 | 000,216,584 | ---- | M] () -- C:\Users\Joe\Desktop\32_externe_neue_aeappo_bewerbung_Aug13_VARIANTE2_1_Kopie_VER.pdf
[2013.04.22 12:47:53 | 000,002,048 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.04.22 12:47:53 | 000,002,048 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013.04.21 12:18:42 | 000,001,621 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
 
========== Files Created - No Company Name ==========
 
[2013.05.20 23:01:15 | 000,632,031 | ---- | C] () -- C:\Users\Joe\Desktop\adwcleaner.exe
[2013.05.20 01:30:28 | 000,000,512 | ---- | C] () -- C:\Users\Joe\Desktop\MBR.dat
[2013.05.20 01:05:59 | 012,917,756 | ---- | C] () -- C:\Users\Joe\Desktop\mbar-1.05.0.1001.zip
[2013.05.18 14:46:38 | 000,110,375 | ---- | C] () -- C:\Users\Joe\Desktop\946787_668778629815802_402435058_n.jpg
[2013.05.18 11:59:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.18 11:59:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.18 11:59:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.18 11:59:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.18 11:59:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.17 22:44:35 | 000,239,612 | ---- | C] () -- C:\Users\Joe\Desktop\maltis.jpg
[2013.05.15 17:14:33 | 000,345,724 | ---- | C] () -- C:\Users\Joe\Desktop\Orthopaedie-Altklausur-2006WS-Gruppe_A.odt
[2013.05.15 12:00:36 | 000,377,856 | ---- | C] () -- C:\Users\Joe\Desktop\gmer_2.1.19163.exe
[2013.05.15 11:59:04 | 000,718,787 | ---- | C] () -- C:\Users\Joe\Desktop\69886-alle-hilfesuchenden-eroeffnu.pdf
[2013.05.15 11:57:15 | 000,000,000 | ---- | C] () -- C:\Users\Joe\defogger_reenable
[2013.05.15 11:56:32 | 000,050,477 | ---- | C] () -- C:\Users\Joe\Desktop\Defogger.exe
[2013.05.15 00:18:09 | 000,039,929 | ---- | C] () -- C:\Users\Joe\Desktop\malware.jpg
[2013.05.14 21:30:06 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.05.14 21:30:06 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.05.06 13:35:42 | 000,216,584 | ---- | C] () -- C:\Users\Joe\Desktop\32_externe_neue_aeappo_bewerbung_Aug13_VARIANTE2_1_Kopie_VER.pdf
[2013.04.22 12:47:53 | 000,002,048 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.04.22 12:47:50 | 000,002,048 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.07.29 14:18:19 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012.07.28 14:04:14 | 000,000,387 | ---- | C] () -- C:\Users\Joe\AppData\Roaming\sp_data.sys
[2012.06.09 15:35:49 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012.03.05 03:24:03 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2012.03.05 03:23:54 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.03.05 03:23:53 | 000,217,536 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.03.05 03:23:53 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.03.05 03:23:52 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012.03.05 03:23:52 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.02.24 04:28:11 | 001,591,930 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 20.05.2013 23:14:18 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Joe\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 65,22% Memory free
7,81 Gb Paging File | 6,34 Gb Available in Paging File | 81,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 71,87 Gb Free Space | 60,28% Space Free | Partition Type: NTFS
Drive D: | 153,85 Gb Total Space | 24,48 Gb Free Space | 15,91% Space Free | Partition Type: NTFS
Drive E: | 465,88 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ASUS | User Name: Joe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B5C0026-3D1F-41FE-BE44-8F3CC58D6C9C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1C622B62-9812-473A-9694-43BE9880C938}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2E8BC44F-71ED-4DD5-953F-9EC3B66368BD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{52026CE6-7339-4932-AC84-0A5D6A8E9FCE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5361333C-1BB8-4453-9B46-67332BCC102E}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{6B172638-80F6-4F70-9DA1-256890CA8A6B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6E160FBE-34C2-4E27-8B20-024917ECEFCD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7200A232-CB9A-4548-89E0-CF072E6C2E3E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{79EFC616-4D96-4ADF-9BFF-EEDDC798A18D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9C1A304E-E904-4163-8685-B057898DAB62}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9D320615-9EFE-49C3-B424-2CA1174EF7FB}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{A11B5B9D-D30E-4E6D-B613-FBF1612FE835}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A3E42950-C2EF-4603-9EDD-B59C1F1E1EB1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A56F99CF-933B-4F79-9B77-D54139039647}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{A608DB4C-DF2F-441A-BD39-7C13F34F5787}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A7302ADA-0DA6-4AA9-81FF-858F4C6B3848}" = lport=139 | protocol=6 | dir=in | app=system | 
"{ABBED92B-30DF-4AAF-A9B4-EE77382EDDAB}" = rport=445 | protocol=6 | dir=out | app=system | 
"{AFCAF206-534A-41FF-914A-5233CED97C01}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B8019F4B-F6D1-4BD9-AA4A-8D773E2E3C15}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BB84E384-0AC6-45E6-A3D7-457188CD9EFF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D43A4F56-2E2D-4B37-8F1A-E49D6FB921AC}" = lport=445 | protocol=6 | dir=in | app=system | 
"{DBAD66F7-9B9D-4550-8E0B-8334C9253738}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E44DF357-C07A-4237-A73F-8DA86DC3FA96}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F77FB93A-F906-42E4-808B-4093E80C690A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FE323625-4A37-4AF5-85F7-1220DB7E4512}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{085D8B8A-01C8-474C-9850-26BAF824941B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{111359A1-32CF-4845-8BF6-649A7497F908}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{13A83034-8528-4A7A-8A67-C59CF4E31E09}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{19E284DE-FE65-45E9-8827-69D5454439A1}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{1B00A9A6-75DD-45C4-BE89-AB1B5A648222}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{21D81408-E5AE-494A-9F19-0985B781280D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2E6C793B-42D4-4EA7-99BC-9044656C7502}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{37CFE252-1D5D-411D-85A5-FB83D97C65DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{40970073-D479-476A-A69A-0CEFB6FABBE7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{56048913-2EE4-4FB6-9B10-B11FD9535645}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{571576D3-FB44-4106-895E-49C2B0766AD3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{59946201-37DF-458C-9238-2E37B660B48D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{657A2AC7-2FEF-4EA7-AD91-846D51CB621A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6B453DB7-F2FA-4AF8-8796-0A73B34D19A6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7C361E44-B538-4418-9BAA-799169D45374}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8241FB29-D9F2-4CDB-8829-62152A40AC80}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9A27F507-C651-4851-8B34-05489C22346C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{9A6B5B6E-9701-4D3E-A857-BDEFFAAC6CC7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9F88D56F-9FE0-4A0E-911E-B80F155C8F1A}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{AD46D245-DF6B-4D41-AF5A-EAF74E9967C9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B47194E0-0074-4543-B500-C795480F44A4}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{B895C586-3D59-4702-9349-FBB0630F617B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{BA2CEAF1-C66A-4C11-A788-DBD7D26C3DC8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C1A280E9-7438-4759-84CE-63669528EEA8}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{CE15CB09-D002-4115-92F7-2D1504B41AC3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{DB37BB20-8703-4A10-85B0-1B585BB88CAB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{EDA33C67-02FC-4CBB-B8DE-B369AC2BA16B}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{F11EFF30-F169-45A5-8DB7-BBFDAA041230}" = protocol=6 | dir=out | app=system | 
"{F5826050-CE87-4DB0-BE47-5BE553A29588}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FF140651-CB2F-4364-8561-C0011F4439D8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"TCP Query User{4E2CBE00-D67A-42DB-963A-4BCCF5D04CE6}C:\program files (x86)\icq7m\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"TCP Query User{8C47AFEE-0DAF-48F7-BC95-10152D925307}C:\users\joe\appdata\roaming\wuala\wuala.exe" = protocol=6 | dir=in | app=c:\users\joe\appdata\roaming\wuala\wuala.exe | 
"TCP Query User{9E19B1C1-6941-4367-88FB-D635E971FC93}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{B6FB69C4-6222-4E85-A125-C71B6848127E}C:\users\joe\appdata\roaming\cyob\memi.exe" = protocol=6 | dir=in | app=c:\users\joe\appdata\roaming\cyob\memi.exe | 
"TCP Query User{E42833B9-C528-4181-9735-61257B60E965}C:\users\joe\appdata\roaming\cyob\memi.exe" = protocol=6 | dir=in | app=c:\users\joe\appdata\roaming\cyob\memi.exe | 
"UDP Query User{04804AE3-06AA-4D1C-8F7C-974C0E3E023F}C:\users\joe\appdata\roaming\cyob\memi.exe" = protocol=17 | dir=in | app=c:\users\joe\appdata\roaming\cyob\memi.exe | 
"UDP Query User{169E7D01-583D-45F8-BE69-F36F3C5D7C03}C:\users\joe\appdata\roaming\wuala\wuala.exe" = protocol=17 | dir=in | app=c:\users\joe\appdata\roaming\wuala\wuala.exe | 
"UDP Query User{6F1E306C-E3B7-4EA7-8805-0E4AB3A21AED}C:\program files (x86)\icq7m\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"UDP Query User{A52467EF-DEFF-4F0F-8DA4-AB091AD0BEBB}C:\users\joe\appdata\roaming\cyob\memi.exe" = protocol=17 | dir=in | app=c:\users\joe\appdata\roaming\cyob\memi.exe | 
"UDP Query User{B72745A7-F7D8-4240-887D-8EF8441C9513}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{C5A22A98-AC82-4404-BFB0-1E9F654EB176}" = Motorola Mobile Drivers Installation 6.0.0
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CutePDF Writer Installation" = CutePDF Writer 2.8
"EPSON SX218 Series" = EPSON SX218 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1231D46E-3174-4F1F-859E-41DCB0D070D2}" = mediscript Hammerexamen
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19EA33FB-B34E-40EA-8B8A-61743AEB795A}" = Wireless Console 3
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3FA377B8-23F4-470B-A567-5EED6B90C70E}" = cdrLabel 7.1
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{4555BB9E-E715-4260-A178-E8EFD2B653E3}" = Alcor Micro USB Card Reader
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS FaceLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn for NB
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111249233}" = Dream Vacation Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115065740}" = Bubbletown
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115290153}" = Go Go Gourmet Chef of the Year
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115320460}" = Turbo Fiesta
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116672750}" = World of Goo
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117080787}" = Plants vs Zombies
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117948443}" = Mahjong Memoirs
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118716773}" = Deadtime Stories
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119205603}" = Farm Frenzy 3 - Madagascar
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EA569F1-97AF-4C3E-A0CB-4846C2D35A81}" = LibreOffice 4.0.0.3
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}" = ASUS FancyStart
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DEAD13D3-BC70-4AAE-AEF9-BE6297E106D1}" = Motorola Device Software Update
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"AmUStor" = Alcor Micro USB Card Reader
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"ASUS_Screensaver" = ASUS_Screensaver
"DivX Setup" = DivX-Setup
"EPSON Scanner" = EPSON Scan
"EPSON SX218 Series Manual" = EPSON SX218 Series Handbuch
"Game Park Console" = Game Park Console
"Google Chrome" = Google Chrome
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"ST6UNST #1" = FMS32-PRO Version 3.1.5
"VLC media player" = VLC media player 2.0.3
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"Wuala CBFS" = Wuala CBFS
"Wuala OverlayIcons" = Wuala OverlayIcons
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-236100789-3848551917-3574890089-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
"Wuala" = Wuala
 
< End of report >
         
oh, die otl-logs sind doppelt, da kam beim ersten Posten ne Fehlermeldung

Alt 20.05.2013, 22:35   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Sparkassen-Trojaner - Standard

Sparkassen-Trojaner



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
FF - user.js - File not found
[2013.05.08 13:35:50 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Upgoic
[2013.05.08 13:35:50 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Pyumq
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Sparkassen-Trojaner
appdatalow, bho, bildschirm, bingbar, browser, error, fehler, firefox, flash player, focus, home, hängt, iexplore.exe, install.exe, installation, internet browser, logfile, malware, mozilla, object, plug-in, problem, realtek, registrierungsdatenbank, registry, scan, security, sekunden, software, svchost.exe, windows




Ähnliche Themen: Sparkassen-Trojaner


  1. Sparkassen Trojaner?!
    Plagegeister aller Art und deren Bekämpfung - 21.03.2015 (21)
  2. Sparkassen Trojaner
    Log-Analyse und Auswertung - 05.09.2013 (13)
  3. Sparkassen Trojaner Testüberweisung
    Plagegeister aller Art und deren Bekämpfung - 09.04.2013 (13)
  4. Sparkassen Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.04.2013 (13)
  5. Sparkassen Trojaner
    Log-Analyse und Auswertung - 02.04.2013 (17)
  6. Sparkassen Trojaner 50 Tans
    Plagegeister aller Art und deren Bekämpfung - 28.06.2012 (1)
  7. Sparkassen Trojaner die nächste...
    Plagegeister aller Art und deren Bekämpfung - 04.04.2012 (2)
  8. Sparkassen Trojaner Entfernen
    Plagegeister aller Art und deren Bekämpfung - 28.11.2011 (23)
  9. Sparkassen Trojaner
    Log-Analyse und Auswertung - 20.10.2011 (12)
  10. Sparkassen Trojaner
    Plagegeister aller Art und deren Bekämpfung - 28.09.2011 (5)
  11. Sparkassen TAN-Abfrage-Trojaner.
    Plagegeister aller Art und deren Bekämpfung - 15.12.2010 (4)
  12. Sparkassen Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 12.10.2010 (5)
  13. Sparkassen Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 25.08.2010 (15)
  14. Sparkassen 40 TAN Trojaner
    Plagegeister aller Art und deren Bekämpfung - 16.08.2010 (5)
  15. Sparkassen-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 14.08.2010 (9)
  16. Sparkassen Trojaner, 40 Tan´s eingeben
    Plagegeister aller Art und deren Bekämpfung - 04.08.2010 (28)

Zum Thema Sparkassen-Trojaner - Hallo, ich habe mir auch den Sparkassen-Trojaner eingefangen, wie er zB http://www.trojaner-board.de/134710-...sparkasse.html hier beschrieben wird. Die Meldung mit der Sicherheitsüberprüfung kommt auch. Der IE hängt sich daran auf, Firefox geht - Sparkassen-Trojaner...
Archiv
Du betrachtest: Sparkassen-Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.