Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Backdoor.Win32.ZAccess.mbg und Trojan.Win32.Small.bmph (https://www.trojaner-board.de/117824-backdoor-win32-zaccess-mbg-trojan-win32-small-bmph.html)

Patient X 23.06.2012 14:34
Backdoor.Win32.ZAccess.mbg und Trojan.Win32.Small.bmph
 
Hallo!
Ich habe leider keine große Ahnung von Computern und versuche deshalb jetzt hier etwas Hilfe zu bekommen.
Die meisten Programme auf dem Pc sind von Bekannten und Kollegen empfohlen worden.

Nun zum Problem:

Meine Tochter hat während meiner Abwesenheit den Computer benutzt und seit dem sagt Kaspersky das eine Malware auf dem Laptop ist.

Folgendes zeigt Kaspersky an:

Backdoor.Win32.ZAccess.mbg
Trojan.Win32.Small.bmph
Trojan.Win32.Zapchast.acdo
HEUR:Exploit.Script.Generic

Ich bin durch Google auf dieses Forum aufmerksam geworden.
Ich habe nun wie hier zu lesen:
http://www.trojaner-board.de/117206-...entfernen.html

schon nach dortiger Anleitung den Defogger laufen lassen und danach wie beschrieben das OTL Programm gestartet.

Davon sind diese Logfiles:

Extras.Txt
Code:
OTL Extras logfile created on: 23.06.2012 14:46:39 - Run 1
OTL by OldTimer - Version 3.2.52.0    Folder = C:\Users\DD\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 51,38% Memory free
6,13 Gb Paging File | 4,45 Gb Available in Paging File | 72,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 452,75 Gb Total Space | 5,77 Gb Free Space | 1,27% Space Free | Partition Type: NTFS
 
Computer Name: ODIN | User Name: DD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"#APPID_is1" = Projekt Japanisch 1.0.0.0
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}" = USB Flash Port Driver
"{0B96C1A6-73A1-8648-BB59-9AA8E0EC3BBD}" = ATI Catalyst Install Manager
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0EA5CCBB-EAE1-863F-42C7-2200ECB5C215}" = ccc-utility
"{196CF234-5A24-2F2F-82D9-03E8794A8DB2}" = CCC Help Danish
"{19F71F50-EE15-4213-A1ED-EA74FFA60C51}" = CacheStats
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F2A5DF9-40E1-4644-ADBD-D80F347BA6C8}" = Windows Mobile-Gerätecenter
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{221E3442-5E36-4444-45C3-69022B3A818B}" = Catalyst Control Center Graphics Full Existing
"{22392D35-2541-5D02-7159-A1C6F93D08DB}" = CCC Help Chinese Standard
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26966185-1610-386E-A249-2D05A5C6861C}" = Catalyst Control Center Graphics Previews Vista
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MYMOVIES)
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2CCEEB92-631F-FC35-0757-122A8EA82573}" = CCC Help Portuguese
"{3BBBF916-D04B-7388-46FB-21EA257B6756}" = CCC Help Italian
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell PowerSave Solution
"{3FE2C6E2-8A57-D9EF-5005-FDFF43A4BA99}" = CCC Help English
"{4297D072-09F0-F2E7-4B0F-009098303CB9}" = CCC Help Czech
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{48D60246-3600-CF3A-9B9C-BD8C0145BABA}" = CCC Help Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56B777D9-9D85-4A81-BF59-1EED7401ADC4}" = Google Cloud Connect for Microsoft Office
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EAEE5D7-F4D6-0D20-3EAE-D971E35A1F48}" = CCC Help Russian
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{662AF9F7-2728-B97D-D806-CB529B5B6572}" = CCC Help Greek
"{673ACCCA-79B5-EFD0-C08F-C6160188F837}" = CCC Help Japanese
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6DA250F4-CC00-CD57-3081-97C5AEEB6517}" = CCC Help Polish
"{709817E4-5439-4206-8738-796B34B623BD}" = MetaBoli
"{70D0D8A6-4A55-5D59-D9F0-0BD2E63BE4CB}" = Skins
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{7687F1D7-BA02-E78A-38B8-CC2E80441F02}" = CCC Help Spanish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C20E89E-4C3D-468E-97A0-9ECF6B1C93DD}" = Catalyst Control Center - Branding
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7E69211F-9327-68CC-B854-CCE0A73951FD}" = CCC Help Thai
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{80E59E27-B816-A3F1-69FB-DAF5623A5320}" = Catalyst Control Center InstallProxy
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{896B238F-7CFE-4952-82EB-96E63E8E67B6}" = COMPUTERBILD-Abzockschutz
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}" = Epson Event Manager
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8D580EFB-6B85-2680-77F9-F6B05335995D}" = CCC Help German
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2
"{A32563F0-671A-B71C-6D5D-F1BCC5D9820A}" = PX Profile Update
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9}" = LG MC USB U330 driver
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AF74E427-69CD-71EF-34A1-AAD7BBF98571}" = Catalyst Control Center Core Implementation
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B423FEBB-A980-3F0C-019D-39570AB69F52}" = CCC Help Chinese Traditional
"{B7B8F5CF-A83E-0485-A5D6-A04F437BE9E3}" = CCC Help French
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB8CA439-DA83-419C-A4CF-5A0A50025144}" = Windows Mobile-Gerätecenter: Treiberupdate
"{CCB71FF8-DE82-469C-8641-44378F4443EB}" = Garmin WebUpdater
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF1A3128-AE8D-6CDD-97E2-EB21AE072578}" = Catalyst Control Center Localization All
"{CFAE5CA5-3757-B38A-3CEF-26C275098EF3}" = CCC Help Turkish
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{D1F45DA3-0747-FE7F-BD90-AA030DE37B47}" = CCC Help Korean
"{D8547BA0-E3B7-DEE8-FE37-660F8C69EF83}" = CCC Help Dutch
"{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1" = LG PC Suite III deinstallieren
"{DB64492B-AE9C-1C8F-5158-0B204B42410A}" = ccc-core-static
"{DBAD3D0A-7A98-95F5-ACFB-C6B5CCB47A95}" = CCC Help Finnish
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DE41E729-2E45-D6C5-F06F-F686D6C9E472}" = CCC Help Swedish
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{DF61C694-F6D1-37C6-35B7-1320F836FE57}" = Catalyst Control Center Graphics Light
"{E0D839A8-C888-C560-9332-43D73D7BDE21}" = Catalyst Control Center Graphics Full New
"{E128FE24-9C62-6642-1D18-BEAC991C5E62}" = CCC Help Norwegian
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"7D6D030B3D73FCCA3D4E45319380F315DFBE7A54" = Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB  (04/16/2009 1.0.0.6)
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Ashampoo Burning Studio 2009_is1" = Ashampoo Burning Studio 2009
"Ashampoo WinOptimizer 6_is1" = Ashampoo WinOptimizer 6.60
"Ashampoo WinOptimizer 7_is1" = Ashampoo WinOptimizer 7.01
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"EPSON SX130 Series" = EPSON SX130 Series Printer Uninstall
"EPSON SX130 Series Useg" = Benutzerhandbuch EPSON SX130 Series
"FILEminimizer Pictures_is1" = FILEminimizer Pictures
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"GoldWave v5.22" = GoldWave v5.22
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"Identity Card" = Identity Card
"Infineon USB driver_is1" = Infineon USB driver 1.0.0.6
"InfoCentre" = InfoCentre
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"InvelosDVDProfiler_is1" = DVD Profiler Version 3.7.2
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.1.6
"LManager" = Launch Manager
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Packard Bell Customer Registration" = Packard Bell Customer Registration
"PackardBell Screensaver" = PackardBell ScreenSaver
"Ravensburger tiptoi" = Ravensburger tiptoi
"Security Task Manager" = Security Task Manager 1.8d
"SetupMyPC" = SetupMyPC
"starwars_screensaver_pc" = starwars_screensaver_pc
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.8.2.2264
"TreeSize Free_is1" = TreeSize Free V2.6
"Updator" = Updator
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"a0262b137d239919" = Urwigo
"Geocaching Live" = Geocaching Live
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.06.2012 00:38:51 | Computer Name = ODIN | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 23.06.2012 00:38:51 | Computer Name = ODIN | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 23.06.2012 00:38:51 | Computer Name = ODIN | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 23.06.2012 00:38:52 | Computer Name = ODIN | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 23.06.2012 08:35:31 | Computer Name = ODIN | Source = WinMgmt | ID = 10
Description =
 
Error - 23.06.2012 08:38:16 | Computer Name = ODIN | Source = VSS | ID = 8194
Description =
 
Error - 23.06.2012 08:38:43 | Computer Name = ODIN | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 23.06.2012 08:38:44 | Computer Name = ODIN | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 23.06.2012 08:38:50 | Computer Name = ODIN | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 23.06.2012 08:41:16 | Computer Name = ODIN | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ Media Center Events ]
Error - 06.06.2010 15:56:54 | Computer Name = ODIN | Source = McrMgr | ID = 107
Description =
 
Error - 06.06.2010 15:57:09 | Computer Name = ODIN | Source = McrMgr | ID = 107
Description =
 
Error - 06.06.2010 15:57:14 | Computer Name = ODIN | Source = McrMgr | ID = 107
Description =
 
Error - 06.06.2010 16:06:10 | Computer Name = ODIN | Source = McrMgr | ID = 107
Description =
 
[ OSession Events ]
Error - 07.10.2010 08:06:10 | Computer Name = ODIN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 20177
 seconds with 6300 seconds of active time.  This session ended with a crash.
 
Error - 25.04.2012 06:27:37 | Computer Name = ODIN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3224
 seconds with 120 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 23.06.2012 08:35:32 | Computer Name = ODIN | Source = Service Control Manager | ID = 7009
Description =
 
Error - 23.06.2012 08:35:32 | Computer Name = ODIN | Source = Service Control Manager | ID = 7000
Description =
 
Error - 23.06.2012 08:35:32 | Computer Name = ODIN | Source = Service Control Manager | ID = 7003
Description =
 
Error - 23.06.2012 08:35:32 | Computer Name = ODIN | Source = Service Control Manager | ID = 7009
Description =
 
Error - 23.06.2012 08:35:32 | Computer Name = ODIN | Source = Service Control Manager | ID = 7000
Description =
 
Error - 23.06.2012 08:35:32 | Computer Name = ODIN | Source = Service Control Manager | ID = 7003
Description =
 
Error - 23.06.2012 08:36:00 | Computer Name = ODIN | Source = WMPNetworkSvc | ID = 866293
Description =
 
Error - 23.06.2012 08:36:42 | Computer Name = ODIN | Source = DCOM | ID = 10000
Description =
 
Error - 23.06.2012 08:37:44 | Computer Name = ODIN | Source = DCOM | ID = 10000
Description =
 
Error - 23.06.2012 08:40:26 | Computer Name = ODIN | Source = Service Control Manager | ID = 7022
Description =
 
[ TuneUp Events ]
Error - 13.05.2011 10:39:44 | Computer Name = ODIN | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-05-13 16:39:44', '\device\cdrom0\lucas
 learning folder\star wars yoda's challenge\setup.exe','4332',0)
 
Error - 13.05.2011 10:39:49 | Computer Name = ODIN | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-05-13 16:39:49', '\device\cdrom0\lucas
 learning folder\star wars yoda's challenge\_isdel.exe','4600',0)
 
Error - 13.05.2011 10:43:14 | Computer Name = ODIN | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-05-13 16:43:14', '\device\harddiskvolume2\program
 files\lucas learning\star wars yoda's abenteuer\yoda's challenge.exe','1544',0)
 
Error - 13.05.2011 10:43:29 | Computer Name = ODIN | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-05-13 16:43:29', '\device\harddiskvolume2\program
 files\lucas learning\star wars yoda's abenteuer\yoda's challenge.icd','5672',0)
 
Error - 13.05.2011 10:43:44 | Computer Name = ODIN | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-05-13 16:43:44', '\device\harddiskvolume2\program
 files\lucas learning\star wars yoda's abenteuer\yoda's challenge.exe','5244',0)
 
Error - 13.05.2011 10:43:54 | Computer Name = ODIN | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-05-13 16:43:54', '\device\harddiskvolume2\program
 files\lucas learning\star wars yoda's abenteuer\yoda's challenge.icd','4544',0)
 
Error - 13.05.2011 10:44:14 | Computer Name = ODIN | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-05-13 16:44:14', '\device\harddiskvolume2\program
 files\lucas learning\star wars yoda's abenteuer\yoda's challenge.exe','956',0)
 
Error - 13.05.2011 10:45:09 | Computer Name = ODIN | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-05-13 16:45:09', '\device\cdrom0\lucas
 learning folder\star wars yoda's challenge\directx\dxsetup.exe','5896',0)
 
Error - 13.05.2011 10:45:34 | Computer Name = ODIN | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-05-13 16:45:34', '\device\harddiskvolume2\program
 files\lucas learning\star wars yoda's abenteuer\yoda's challenge.exe','5108',0)
 
Error - 13.05.2011 10:45:44 | Computer Name = ODIN | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-05-13 16:45:44', '\device\harddiskvolume2\program
 files\lucas learning\star wars yoda's abenteuer\yoda's challenge.icd','3308',0)
 
 
< End of report >
Und OTL.Txt
Code:
OTL logfile created on: 23.06.2012 14:46:39 - Run 1
OTL by OldTimer - Version 3.2.52.0    Folder = C:\Users\DD\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 51,38% Memory free
6,13 Gb Paging File | 4,45 Gb Available in Paging File | 72,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 452,75 Gb Total Space | 5,77 Gb Free Space | 1,27% Space Free | Partition Type: NTFS
 
Computer Name: ODIN | User Name: DD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\DD\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee\SiteAdvisor\saUI.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Users\DD\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\PACKARD BELL\SetupMyPC\SmpSys.exe (Acer Incorporated)
PRC - C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerTray.exe (Acer Incorporated)
PRC - C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3331.38812__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3331.38795__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3331.38814__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3331.38809__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3331.38803__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3331.38896__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3331.38874__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3331.38802__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3331.38853__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3331.38838__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3331.38859__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3331.38896__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3331.38897__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3331.38860__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3331.38858__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3331.38895__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3331.38841__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3331.38869__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3331.38840__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3331.38804__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3331.38815__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3331.38835__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3331.38839__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3331.38852__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3331.38819__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3331.38814__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3331.38850__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3331.38839__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3331.38818__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3331.38840__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3331.38850__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3331.38852__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3331.38930__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3331.38890__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3331.38906__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3331.38791__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3331.38883__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3331.38808__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3331.38888__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3331.38794__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3331.38793__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3331.38799__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3331.38793__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3331.38792__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3331.38791__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3331.38889__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\ContextHandler.dll ()
MOD - C:\Program Files\FILEminimizer Pictures\FILEMShell.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Launch Manager\PowerUtl.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (MOBKbackup) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (DfSdkS) -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 7\DfSdkS.exe (mst software GmbH, Germany)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
SRV - (ePowerSvc) -- C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (FlashUSB) -- C:\Windows\System32\drivers\FlashUSB.sys (Danish Wireless Design A/S)
DRV - (MOBKFilter) -- C:\Windows\System32\drivers\MOBK.sys (Mozy, Inc.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (LgBttPort) -- C:\Windows\System32\drivers\lgbtport.sys (LG Electronics Inc.)
DRV - (LGVMODEM) -- C:\Windows\System32\drivers\lgvmodem.sys (LG Electronics Inc.)
DRV - (lgbusenum) -- C:\Windows\System32\drivers\lgbtbus.sys (LG Electronics Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.)
DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (DritekPortIO) -- C:\Program Files\Launch Manager\DPortIO.sys (Dritek System Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0410&m=easynote_lj65
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0410&m=easynote_lj65
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0410&m=easynote_lj65
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0410&m=easynote_lj65
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{6CFA647A-7824-4CF5-999D-5D188E2D7961}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKCU\..\SearchScopes\{EC2F0341-0A64-4045-B18C-93CD9FEFAC77}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACPW
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Sichere Suche"
FF - prefs.js..browser.search.selectedEngine: "Sichere Suche"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.30
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1
FF - prefs.js..extensions.enabledItems: toolbar@gmx.net:1.5.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: rikaichan-jpde@polarcloud.com:2.01.110409
FF - prefs.js..extensions.enabledItems: {b8cbd8e0-e642-11dd-ba2f-0800200c9a66}:1.6
FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.265.2
FF - prefs.js..extensions.enabledItems: {20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}:1.9
FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.7.82
FF - prefs.js..extensions.enabledItems: {265b0520-499e-11d9-9669-0800200c9a66}:2.0.6
FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009110501
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.1
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.50
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=mcafee&p="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\DD\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\DD\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\DD\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\DD\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012.02.23 19:51:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012.06.21 14:43:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.06.22 07:20:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.06.22 07:20:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.06.22 07:20:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.17 11:44:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.19 01:23:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.17 11:44:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.19 01:23:29 | 000,000,000 | ---D | M]
 
[2010.05.16 22:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DD\AppData\Roaming\mozilla\Extensions
[2010.05.16 22:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DD\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.06.23 07:13:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions
[2012.06.19 07:19:34 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.08.25 12:23:55 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011.04.01 15:28:39 | 000,000,000 | ---D | M] ("Facebook PhotoZoom") -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}
[2011.04.01 15:50:20 | 000,000,000 | ---D | M] (Ebay Negs!) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{265b0520-499e-11d9-9669-0800200c9a66}
[2011.04.01 16:02:55 | 000,000,000 | ---D | M] ("Split Browser") -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2012.03.02 19:57:31 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2012.04.08 00:16:19 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012.05.17 23:22:36 | 000,000,000 | ---D | M] (WOT) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.04.01 16:31:16 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2011.03.24 16:01:35 | 000,000,000 | ---D | M] ("DHL Packstation Bestellhelfer") -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{b8cbd8e0-e642-11dd-ba2f-0800200c9a66}
[2012.03.30 06:51:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.05.13 10:26:02 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2012.06.23 07:13:37 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012.05.20 11:27:20 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.09.29 17:23:01 | 000,000,000 | ---D | M] ("DHL Toolbar") -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{edc0b8a5-c050-4bb2-b785-a623b4515abf}
[2010.11.26 15:10:48 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.12.25 09:28:15 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2012.05.17 23:22:35 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\ich@maltegoetz.de
[2011.04.19 21:08:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\nostmp
[2011.04.01 16:05:12 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\tineye@ideeinc.com
[2011.11.03 15:35:05 | 000,000,933 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\11-suche.xml
[2010.07.03 10:39:55 | 000,009,837 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\ddl-search-v2.xml
[2011.11.03 15:35:05 | 000,002,419 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\englische-ergebnisse.xml
[2010.10.20 20:27:50 | 000,010,567 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\gmx-suche.xml
[2011.03.02 09:48:59 | 000,002,342 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\icq-search.xml
[2011.03.10 20:27:35 | 000,000,950 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\icqplugin-1.xml
[2011.03.24 13:44:18 | 000,000,950 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\icqplugin-2.xml
[2011.03.05 13:33:44 | 000,000,950 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\icqplugin.xml
[2011.11.03 15:35:05 | 000,002,457 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\lastminute.xml
[2012.05.01 10:47:55 | 000,005,489 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\webde-suche.xml
[2012.06.09 03:20:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.06.21 14:43:35 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE
[2012.02.23 19:51:54 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2012.01.02 22:48:13 | 000,130,514 | ---- | M] () (No name found) -- C:\USERS\DD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N63AA2N9.DEFAULT\EXTENSIONS\{249DF6A2-E336-47D1-B6C3-EC711AD140CA}.XPI
[2012.01.05 19:17:45 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\DD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N63AA2N9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.01.22 00:05:06 | 000,138,614 | ---- | M] () (No name found) -- C:\USERS\DD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N63AA2N9.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2012.06.01 19:03:09 | 000,395,898 | ---- | M] () (No name found) -- C:\USERS\DD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N63AA2N9.DEFAULT\EXTENSIONS\{D49175B3-3FD8-43B8-B28E-DA5D47F3C398}.XPI
[2012.05.19 00:56:15 | 005,438,448 | ---- | M] () (No name found) -- C:\USERS\DD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N63AA2N9.DEFAULT\EXTENSIONS\GREASEFIRE@SKRUL.COM.XPI
[2011.06.23 05:39:57 | 000,046,484 | ---- | M] () (No name found) -- C:\USERS\DD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N63AA2N9.DEFAULT\EXTENSIONS\LANGPACK-DE@CHATZILLA.MOZILLA.ORG.XPI
[2012.05.01 10:47:43 | 000,574,144 | ---- | M] () (No name found) -- C:\USERS\DD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N63AA2N9.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
[2010.08.04 13:40:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.06.17 11:44:20 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2012.03.26 10:09:54 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.01 18:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.01 18:33:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.01 18:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.01 18:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.02 09:17:02 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012.06.01 18:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.01 18:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\DD\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\DD\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\DD\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\DD\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: getPlusPlus for Adobe 16291 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\DD\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\DD\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - Extension: Adblock Plus (Beta) = C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Ragdoll Avalanche 2 = C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\dijphmcdlkiiagnjoheephkicadkcoan\1.0_0\
CHR - Extension: SiteAdvisor = C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: Webcam Toy = C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade\1.2.2_0\
CHR - Extension: Zombie Drop = C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhmhllfgcoopjdmcmdeobhgimokcabmc\1.0_0\
CHR - Extension: Texas Holdem Poker = C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojbaogcpfpkhbmjmefladpimcmfggkjl\1.0.0.2_0\
CHR - Extension: Love Calculator = C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolmcecgdmgibngcbeedeljjadklplag\1.3_0\
 
O1 HOSTS File: ([2011.07.31 15:18:35 | 000,423,246 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 14592 more lines...
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20120430014745.dll (McAfee, Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [bdinstaller] C:\Program Files\Common Files\Bitdefender\setupinformation\setuplauncher.exe (Bitdefender)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [k0kcwz1xjp] C:\Users\DD\k0kcwz1xjp.exe File not found
O4 - HKCU..\Run: [Regedit32] C:\Windows\system32\regedit.exe File not found
O4 - HKCU..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetupMyPC\SmpSys.exe (Acer Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C6E75D3-C364-4A41-A1F0-0591696E0B3C}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Users\DD\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\DD\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7c7ae5c0-44a0-11e0-9482-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7c7ae5c0-44a0-11e0-9482-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe
O33 - MountPoints2\{7fa77a76-b768-11df-a38c-00235a89b8d3}\Shell - "" = AutoRun
O33 - MountPoints2\{7fa77a76-b768-11df-a38c-00235a89b8d3}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe
O33 - MountPoints2\{97d8c732-f6d1-11df-8535-00235a89b8d3}\Shell - "" = AutoRun
O33 - MountPoints2\{97d8c732-f6d1-11df-8535-00235a89b8d3}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.23 14:42:02 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\DD\Desktop\OTL.exe
[2012.06.23 07:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2012.06.23 07:13:54 | 000,000,000 | ---D | C] -- C:\Users\DD\AppData\Roaming\QuickScan
[2012.06.22 17:00:13 | 000,335,504 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\TrufosAlt.sys
[2012.06.22 07:47:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.06.21 20:19:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012
[2012.06.21 20:16:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.06.21 20:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2012.06.21 20:14:40 | 000,570,160 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012.06.21 14:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012.06.21 07:15:39 | 000,000,000 | ---D | C] -- C:\Users\DD\AppData\Local\Macromedia
[2012.06.21 07:15:28 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.21 07:15:27 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.21 07:14:48 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.21 07:14:48 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.21 07:14:47 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.21 07:14:35 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.21 07:14:35 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.06.19 20:55:49 | 000,000,000 | ---D | C] -- C:\Users\DD\Desktop\URLAUB 2012
[2012.06.12 22:02:56 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.06.12 22:02:56 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.06.12 22:02:54 | 000,629,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.06.12 22:02:51 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.06.12 22:02:51 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012.06.12 22:02:50 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012.06.12 22:02:50 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.06.12 22:02:50 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.06.12 22:02:49 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.06.12 22:02:49 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.06.12 22:02:48 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012.06.12 22:02:48 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012.06.12 22:02:48 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012.06.12 22:02:48 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012.06.12 22:02:47 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012.06.12 22:02:47 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012.06.12 22:02:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012.06.12 22:02:46 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.06.12 22:01:52 | 002,045,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.23 15:01:01 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.23 15:00:06 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2012.06.23 14:44:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4170860937-2119410488-3439256695-1000UA.job
[2012.06.23 14:42:10 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\DD\Desktop\OTL.exe
[2012.06.23 14:34:28 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.23 14:34:03 | 000,004,512 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.23 14:34:03 | 000,004,512 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.23 14:33:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.23 14:32:42 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.06.23 14:31:05 | 000,000,020 | ---- | M] () -- C:\Users\DD\defogger_reenable
[2012.06.23 14:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.23 13:30:02 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4170860937-2119410488-3439256695-1000UA.job
[2012.06.23 07:11:15 | 000,335,504 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\TrufosAlt.sys
[2012.06.22 19:44:01 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4170860937-2119410488-3439256695-1000Core.job
[2012.06.22 19:30:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4170860937-2119410488-3439256695-1000Core.job
[2012.06.22 17:50:46 | 000,001,174 | ---- | M] () -- C:\Users\DD\Desktop\1334230738_BDRemovalTool_sirefef_x86 - Verknüpfung.lnk
[2012.06.22 07:47:30 | 000,002,489 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.06.21 20:29:52 | 000,017,408 | ---- | M] () -- C:\Users\DD\AppData\Local\WebpageIcons.db
[2012.06.21 20:19:13 | 000,115,369 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2012.06.21 20:19:13 | 000,097,961 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2012.06.21 20:14:40 | 000,570,160 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012.06.21 19:33:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.21 19:33:09 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.06.21 07:05:31 | 000,656,494 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.21 07:05:31 | 000,128,442 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.21 07:05:30 | 000,691,636 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.21 07:05:30 | 000,152,156 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.19 16:29:40 | 000,000,680 | ---- | M] () -- C:\Users\DD\AppData\Local\d3d9caps.dat
[2012.06.18 20:53:20 | 000,134,144 | ---- | M] () -- C:\Users\DD\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.13 05:48:03 | 000,393,952 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.09 03:20:53 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.06.03 00:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.03 00:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.03 00:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.03 00:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.03 00:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.23 14:30:10 | 000,000,020 | ---- | C] () -- C:\Users\DD\defogger_reenable
[2012.06.22 17:50:43 | 000,001,174 | ---- | C] () -- C:\Users\DD\Desktop\1334230738_BDRemovalTool_sirefef_x86 - Verknüpfung.lnk
[2012.06.21 20:29:44 | 000,017,408 | ---- | C] () -- C:\Users\DD\AppData\Local\WebpageIcons.db
[2012.06.21 20:19:13 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2012.06.21 20:19:13 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2012.04.04 04:49:18 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2012.01.10 22:14:13 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{eb9819ac-a943-f0d9-e6db-ec8b5a2ef808}\@
[2012.01.10 22:14:13 | 000,002,048 | -HS- | C] () -- C:\Users\DD\AppData\Local\{eb9819ac-a943-f0d9-e6db-ec8b5a2ef808}\@
[2011.10.13 00:01:50 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011.09.21 06:59:27 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll
[2011.07.31 12:43:46 | 000,065,536 | ---- | C] () -- C:\Windows\revolutions_uninstall.exe
[2011.03.11 12:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2010.12.30 16:37:25 | 000,000,090 | ---- | C] () -- C:\Users\DD\AppData\Local\fusioncache.dat
[2010.12.28 13:58:59 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.12.05 22:16:02 | 000,000,249 | ---- | C] () -- C:\Windows\bctester_de.INI
[2010.10.10 20:15:43 | 000,000,465 | ---- | C] () -- C:\Windows\iScreensaver.ini
[2010.10.10 20:15:00 | 000,029,184 | -H-- | C] () -- C:\Windows\MBSRectPlugin1635.dll
[2010.09.04 18:06:46 | 000,221,291 | ---- | C] () -- C:\Windows\Imei_dll.dll
[2010.09.04 18:06:46 | 000,040,960 | ---- | C] () -- C:\Windows\Sublock.dll
[2010.09.03 21:36:46 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2010.09.03 21:36:46 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2010.04.27 20:28:25 | 000,000,680 | ---- | C] () -- C:\Users\DD\AppData\Local\d3d9caps.dat
[2010.04.22 12:53:25 | 000,134,144 | ---- | C] () -- C:\Users\DD\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

< End of report >
Ist das bis jetzt soweit richtig gewesen?

cosinus 26.06.2012 14:44
Zitat:
Folgendes zeigt Kaspersky an:

Backdoor.Win32.ZAccess.mbg
Trojan.Win32.Small.bmph
Trojan.Win32.Zapchast.acdo
HEUR:Exploit.Script.Generic
Schön und wo sind die Logs dazu? http://cosgan.de/images/midi/boese/a040.gif

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Patient X 28.06.2012 07:34
Vielen Dank für deine Antwort!

Verzeih mir bitte mein Unwissen, aber wo kann man bei Kaspersky sich ein Log ausgeben lassen.

Ich habe bis jetzt immer auf dem Bildschirm eine Warnmeldung bekommen.
Dort steht dann immer der Name des Trojanischen Programms und darunter dann der Datei-Pfad.
Dies habe Ich dann abgeschrieben und hier dann im Text wiedergegeben.

Ich habe jetzt etwas gefunden was eventuell als Log definiert werden könnte.
Code:
Typ: trojanisches Programm (4)       
Trojan.Win32.Small.bmph        Wird nach dem Neustart des Computers verarbeitet        28.06.2012 08:17:30        C:\Windows\Installer\{eb9819ac-a943-f0d9-e6db-ec8b5a2ef808}\U\        80000000.@       
Trojan.Win32.Zapchast.acdo        Wird nach dem Neustart des Computers verarbeitet        28.06.2012 08:17:19        C:\Windows\Installer\{eb9819ac-a943-f0d9-e6db-ec8b5a2ef808}\U\        800000cb.@       
Backdoor.Win32.ZAccess.mbg        Wird nach dem Neustart des Computers verarbeitet        28.06.2012 08:17:05        C:\Windows\Installer\{eb9819ac-a943-f0d9-e6db-ec8b5a2ef808}\U\        00000001.@       
Trojan.Win32.Jorik.Totem.lt        Gelöscht        27.06.2012 14:01:46        C:\Users\DD\AppData\Local\Temp\        13995723.exe       
Typ: Virus (1)       
Virus.Win32.ZAccess.m        Wird nach dem Neustart des Computers verarbeitet        28.06.2012 08:20:01        C:\Windows\System32\        services.exe
Hilft das?




Zwischenzeitlich habe Ich auch nach der Checkliste das Gmer Programm laufen lassen.
Da kam dann am Ende die Meldung das ein Rootkit gefunden wurde.
Das Log davon ist hier:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-28 08:27:18
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545050B9A300 rev.PB4OC60F
Running: csyqu7rd.exe; Driver: C:\Users\DD\AppData\Local\Temp\fxldapog.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwAdjustPrivilegesToken [0x9147D28A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwAlpcConnectPort [0x91497342]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwAlpcCreatePort [0x91497678]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwAlpcSendWaitReceivePort [0x914979EE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwClose [0x9147DD04]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwConnectPort [0x9149702A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwCreateEvent [0x9147E276]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwCreateMutant [0x9147E164]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwCreatePort [0x914974E8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwCreateSection [0x9147D046]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwCreateSemaphore [0x9147E38E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwCreateThread [0x9147D8BA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwCreateWaitablePort [0x914975B0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwDebugActiveProcess [0x9147E74E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwDeviceIoControlFile [0x9147DD46]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwDuplicateObject [0x9147F750]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwLoadDriver [0x9147E840]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwMapViewOfSection [0x9147EDAC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwNotifyChangeKey [0x91495840]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwOpenEvent [0x9147E308]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwOpenMutant [0x9147E1F0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwOpenProcess [0x9147D4C4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwOpenSection [0x9147EB90]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwOpenSemaphore [0x9147E420]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwOpenThread [0x9147D3B8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwQueryDirectoryObject [0x9147E55C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwQueryObject [0x91495A38]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwQuerySection [0x9147F0D2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwQueueApcThread [0x9147E9E0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwReplyPort [0x914977DC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwReplyWaitReceivePort [0x9149772A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwRequestWaitReplyPort [0x91497848]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwResumeThread [0x9147F5F2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwSecureConnectPort [0x914971B2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwSetContextThread [0x9147DBA4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwSetInformationToken [0x9147E5FA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwSetSystemInformation [0x9147F222]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwSuspendProcess [0x9147F316]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwSuspendThread [0x9147F450]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwSystemDebugControl [0x9147E670]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwTerminateProcess [0x9147D664]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwTerminateThread [0x9147D5BA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwUnmapViewOfSection [0x9147EF8A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwWriteVirtualMemory [0x9147D750]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwCreateThreadEx [0x9147DA2A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwCreateUserProcess [0x9147E4A6]

Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                    ZwMapViewOfSection [0x807345A8]
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                    ZwYieldExecution [0x80734594]
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                    NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwYieldExecution                                                                                8302D992 5 Bytes  JMP 80734598 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text          ntkrnlpa.exe!KeSetEvent + 119                                                                                830AE7DC 4 Bytes  [8A, D2, 47, 91] {MOV DL, DL; INC EDI; XCHG ECX, EAX}
.text          ntkrnlpa.exe!KeSetEvent + 13D                                                                                830AE800 8 Bytes  [42, 73, 49, 91, 78, 76, 49, ...] {INC EDX; JAE 0x4c; XCHG ECX, EAX; JS 0x7c; DEC ECX; XCHG ECX, EAX}
.text          ntkrnlpa.exe!KeSetEvent + 181                                                                                830AE844 4 Bytes  [EE, 79, 49, 91] {OUT DX, AL ; JNS 0x4c; XCHG ECX, EAX}
.text          ntkrnlpa.exe!KeSetEvent + 1A9                                                                                830AE86C 4 Bytes  [04, DD, 47, 91] {ADD AL, 0xdd; INC EDI; XCHG ECX, EAX}
.text          ntkrnlpa.exe!KeSetEvent + 1C1                                                                                830AE884 4 Bytes  [2A, 70, 49, 91] {SUB DH, [EAX+0x49]; XCHG ECX, EAX}
.text          ...                                                                                                         
PAGE            ntkrnlpa.exe!NtMapViewOfSection                                                                              8321289A 7 Bytes  JMP 807345AC \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text          C:\Windows\system32\DRIVERS\atipmdag.sys                                                                      section is writeable [0x90206000, 0x25826A, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text          C:\Windows\system32\svchost.exe[716] ntdll.dll!NtCreateFile                                                  77824244 5 Bytes  JMP 002A0FEF
.text          C:\Windows\system32\svchost.exe[716] ntdll.dll!NtCreateProcess                                                77824304 5 Bytes  JMP 002A0FCA
.text          C:\Windows\system32\svchost.exe[716] ntdll.dll!NtProtectVirtualMemory                                        77824BA4 5 Bytes  JMP 002A000A
.text          C:\Windows\system32\svchost.exe[716] kernel32.dll!GetStartupInfoW                                            778F1929 5 Bytes  JMP 00760F5B
.text          C:\Windows\system32\svchost.exe[716] kernel32.dll!GetStartupInfoA                                            778F19C9 5 Bytes  JMP 007600AB
.text          C:\Windows\system32\svchost.exe[716] kernel32.dll!CreateProcessW                                              778F1BF3 5 Bytes  JMP 007600D7
.text          C:\Windows\system32\svchost.exe[716] kernel32.dll!CreateProcessA                                              778F1C28 5 Bytes  JMP 007600C6
.text          C:\Windows\system32\svchost.exe[716] kernel32.dll!VirtualProtect                                              778F1DC3 5 Bytes  JMP 0076007F
.text          C:\Windows\system32\svchost.exe[716] kernel32.dll!CreateNamedPipeA                                            778F2EF5 5 Bytes  JMP 00760011
.text          C:\Windows\system32\svchost.exe[716] kernel32.dll!CreateNamedPipeW                                            778F5C0C 5 Bytes  JMP 00760022
.text          C:\Windows\system32\svchost.exe[716] kernel32.dll!CreatePipe                                                  77918F06 5 Bytes  JMP 00760F80
.text          C:\Windows\system32\svchost.exe[716] kernel32.dll!LoadLibraryExW                                              7791927C 5 Bytes  JMP 00760062
.text          C:\Windows\system32\svchost.exe[716] kernel32.dll!LoadLibraryW                                                77919400 5 Bytes  JMP 00760FB6
.text          C:\Windows\system32\svchost.exe[716] kernel32.dll!LoadLibraryExA                                              77919554 5 Bytes  JMP 00760FA5
.text          C:\Windows\system32\svchost.exe[716] kernel32.dll!LoadLibraryA                                                7791957C 5 Bytes  JMP 0076003D
.text          C:\Windows\system32\svchost.exe[716] kernel32.dll!VirtualProtectEx                                            7791DC52 5 Bytes  JMP 00760090
.text          C:\Windows\system32\svchost.exe[716] kernel32.dll!GetProcAddress                                              7793925B 5 Bytes  JMP 00760F25
.text          C:\Windows\system32\svchost.exe[716] kernel32.dll!CreateFileW                                                7793B0EB 5 Bytes  JMP 00760000
.text          C:\Windows\system32\svchost.exe[716] kernel32.dll!CreateFileA                                                7793D07F 5 Bytes  JMP 00760FE5
.text          C:\Windows\system32\svchost.exe[716] kernel32.dll!WinExec                                                    779860CF 5 Bytes  JMP 00760F4A
.text          C:\Windows\system32\svchost.exe[716] msvcrt.dll!_wsystem                                                      77497F3F 5 Bytes  JMP 00750F92
.text          C:\Windows\system32\svchost.exe[716] msvcrt.dll!system                                                        7749805B 5 Bytes  JMP 00750FA3
.text          C:\Windows\system32\svchost.exe[716] msvcrt.dll!_creat                                                        7749BBF1 5 Bytes  JMP 0075001D
.text          C:\Windows\system32\svchost.exe[716] msvcrt.dll!_open                                                        7749D116 5 Bytes  JMP 00750000
.text          C:\Windows\system32\svchost.exe[716] msvcrt.dll!_wcreat                                                      7749D336 5 Bytes  JMP 00750FBE
.text          C:\Windows\system32\svchost.exe[716] msvcrt.dll!_wopen                                                        7749D511 5 Bytes  JMP 00750FE3
.text          C:\Windows\system32\svchost.exe[716] ADVAPI32.dll!RegCreateKeyExA                                            76D439AB 5 Bytes  JMP 0074002F
.text          C:\Windows\system32\svchost.exe[716] ADVAPI32.dll!RegCreateKeyA                                              76D43BA9 5 Bytes  JMP 00740FA8
.text          C:\Windows\system32\svchost.exe[716] ADVAPI32.dll!RegOpenKeyA                                                76D489C7 5 Bytes  JMP 00740000
.text          C:\Windows\system32\svchost.exe[716] ADVAPI32.dll!RegCreateKeyW                                              76D5391E 5 Bytes  JMP 00740F8D
.text          C:\Windows\system32\svchost.exe[716] ADVAPI32.dll!RegCreateKeyExW                                            76D541F1 5 Bytes  JMP 00740F72
.text          C:\Windows\system32\svchost.exe[716] ADVAPI32.dll!RegOpenKeyExA                                              76D57C42 5 Bytes  JMP 00740FD4
.text          C:\Windows\system32\svchost.exe[716] ADVAPI32.dll!RegOpenKeyW                                                76D5E2B5 5 Bytes  JMP 00740FEF
.text          C:\Windows\system32\svchost.exe[716] ADVAPI32.dll!RegOpenKeyExW                                              76D67BA1 5 Bytes  JMP 00740FC3
.text          C:\Windows\system32\svchost.exe[716] WS2_32.dll!socket                                                        75F236D1 5 Bytes  JMP 00730000
.text          C:\Windows\System32\svchost.exe[852] ntdll.dll!NtCreateFile                                                  77824244 5 Bytes  JMP 00CF0000
.text          C:\Windows\System32\svchost.exe[852] ntdll.dll!NtCreateProcess                                                77824304 5 Bytes  JMP 00CF0FCA
.text          C:\Windows\System32\svchost.exe[852] ntdll.dll!NtProtectVirtualMemory                                        77824BA4 5 Bytes  JMP 00CF0FE5
.text          C:\Windows\System32\svchost.exe[852] kernel32.dll!GetStartupInfoW                                            778F1929 5 Bytes  JMP 00DF0F35
.text          C:\Windows\System32\svchost.exe[852] kernel32.dll!GetStartupInfoA                                            778F19C9 5 Bytes  JMP 00DF0F46
.text          C:\Windows\System32\svchost.exe[852] kernel32.dll!CreateProcessW                                              778F1BF3 5 Bytes  JMP 00DF0F02
.text          C:\Windows\System32\svchost.exe[852] kernel32.dll!CreateProcessA                                              778F1C28 5 Bytes  JMP 00DF0F13
.text          C:\Windows\System32\svchost.exe[852] kernel32.dll!VirtualProtect                                              778F1DC3 5 Bytes  JMP 00DF0F83
.text          C:\Windows\System32\svchost.exe[852] kernel32.dll!CreateNamedPipeA                                            778F2EF5 5 Bytes  JMP 00DF0014
.text          C:\Windows\System32\svchost.exe[852] kernel32.dll!CreateNamedPipeW                                            778F5C0C 5 Bytes  JMP 00DF0FC3
.text          C:\Windows\System32\svchost.exe[852] kernel32.dll!CreatePipe                                                  77918F06 5 Bytes  JMP 00DF0F57
.text          C:\Windows\System32\svchost.exe[852] kernel32.dll!LoadLibraryExW                                              7791927C 5 Bytes  JMP 00DF0F9E
.text          C:\Windows\System32\svchost.exe[852] kernel32.dll!LoadLibraryW                                                77919400 5 Bytes  JMP 00DF004A
.text          C:\Windows\System32\svchost.exe[852] kernel32.dll!LoadLibraryExA                                              77919554 5 Bytes  JMP 00DF005B
.text          C:\Windows\System32\svchost.exe[852] kernel32.dll!LoadLibraryA                                                7791957C 5 Bytes  JMP 00DF002F
.text          C:\Windows\System32\svchost.exe[852] kernel32.dll!VirtualProtectEx                                            7791DC52 5 Bytes  JMP 00DF0F68
.text          C:\Windows\System32\svchost.exe[852] kernel32.dll!GetProcAddress                                              7793925B 5 Bytes  JMP 00DF00AA
.text          C:\Windows\System32\svchost.exe[852] kernel32.dll!CreateFileW                                                7793B0EB 5 Bytes  JMP 00DF0FDE
.text          C:\Windows\System32\svchost.exe[852] kernel32.dll!CreateFileA                                                7793D07F 5 Bytes  JMP 00DF0FEF
.text          C:\Windows\System32\svchost.exe[852] kernel32.dll!WinExec                                                    779860CF 5 Bytes  JMP 00DF0F24
.text          C:\Windows\System32\svchost.exe[852] msvcrt.dll!_wsystem                                                      77497F3F 5 Bytes  JMP 00DA001B
.text          C:\Windows\System32\svchost.exe[852] msvcrt.dll!system                                                        7749805B 5 Bytes  JMP 00DA0F9A
.text          C:\Windows\System32\svchost.exe[852] msvcrt.dll!_creat                                                        7749BBF1 5 Bytes  JMP 00DA0000
.text          C:\Windows\System32\svchost.exe[852] msvcrt.dll!_open                                                        7749D116 5 Bytes  JMP 00DA0FE3
.text          C:\Windows\System32\svchost.exe[852] msvcrt.dll!_wcreat                                                      7749D336 5 Bytes  JMP 00DA0FAB
.text          C:\Windows\System32\svchost.exe[852] msvcrt.dll!_wopen                                                        7749D511 5 Bytes  JMP 00DA0FC6
.text          C:\Windows\System32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyExA                                            76D439AB 5 Bytes  JMP 00D90F9E
.text          C:\Windows\System32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyA                                              76D43BA9 5 Bytes  JMP 00D9002F
.text          C:\Windows\System32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyA                                                76D489C7 5 Bytes  JMP 00D90000
.text          C:\Windows\System32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyW                                              76D5391E 5 Bytes  JMP 00D90040
.text          C:\Windows\System32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyExW                                            76D541F1 5 Bytes  JMP 00D90F8D
.text          C:\Windows\System32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyExA                                              76D57C42 5 Bytes  JMP 00D90FD4
.text          C:\Windows\System32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyW                                                76D5E2B5 5 Bytes  JMP 00D90FEF
.text          C:\Windows\System32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyExW                                              76D67BA1 5 Bytes  JMP 00D90FC3
.text          C:\Windows\system32\services.exe[860] ntdll.dll!NtCreateFile                                                  77824244 5 Bytes  JMP 00670FEF
.text          C:\Windows\system32\services.exe[860] ntdll.dll!NtCreateProcess                                              77824304 5 Bytes  JMP 00670014
.text          C:\Windows\system32\services.exe[860] ntdll.dll!NtProtectVirtualMemory                                        77824BA4 5 Bytes  JMP 00670FDE
.text          C:\Windows\system32\services.exe[860] kernel32.dll!GetStartupInfoW                                            778F1929 5 Bytes  JMP 009D0F3A
.text          C:\Windows\system32\services.exe[860] kernel32.dll!GetStartupInfoA                                            778F19C9 5 Bytes  JMP 009D0F4B
.text          C:\Windows\system32\services.exe[860] kernel32.dll!CreateProcessW                                            778F1BF3 5 Bytes  JMP 009D0F0B
.text          C:\Windows\system32\services.exe[860] kernel32.dll!CreateProcessA                                            778F1C28 5 Bytes  JMP 009D00AC
.text          C:\Windows\system32\services.exe[860] kernel32.dll!VirtualProtect                                            778F1DC3 5 Bytes  JMP 009D005B
.text          C:\Windows\system32\services.exe[860] kernel32.dll!CreateNamedPipeA                                          778F2EF5 5 Bytes  JMP 009D0FC3
.text          C:\Windows\system32\services.exe[860] kernel32.dll!CreateNamedPipeW                                          778F5C0C 5 Bytes  JMP 009D0FA8
.text          C:\Windows\system32\services.exe[860] kernel32.dll!CreatePipe                                                77918F06 5 Bytes  JMP 009D0F66
.text          C:\Windows\system32\services.exe[860] kernel32.dll!LoadLibraryExW                                            7791927C 5 Bytes  JMP 009D004A
.text          C:\Windows\system32\services.exe[860] kernel32.dll!LoadLibraryW                                              77919400 5 Bytes  JMP 009D001E
.text          C:\Windows\system32\services.exe[860] kernel32.dll!LoadLibraryExA                                            77919554 5 Bytes  JMP 009D0039
.text          C:\Windows\system32\services.exe[860] kernel32.dll!LoadLibraryA                                              7791957C 5 Bytes  JMP 009D0F97
.text          C:\Windows\system32\services.exe[860] kernel32.dll!VirtualProtectEx                                          7791DC52 5 Bytes  JMP 009D0076
.text          C:\Windows\system32\services.exe[860] kernel32.dll!GetProcAddress                                            7793925B 5 Bytes  JMP 009D0EF0
.text          C:\Windows\system32\services.exe[860] kernel32.dll!CreateFileW                                                7793B0EB 5 Bytes  JMP 009D0FD4
.text          C:\Windows\system32\services.exe[860] kernel32.dll!CreateFileA                                                7793D07F 5 Bytes  JMP 009D0FEF
.text          C:\Windows\system32\services.exe[860] kernel32.dll!WinExec                                                    779860CF 5 Bytes  JMP 009D009B
.text          C:\Windows\system32\services.exe[860] ADVAPI32.dll!RegCreateKeyExA                                            76D439AB 5 Bytes  JMP 00690025
.text          C:\Windows\system32\services.exe[860] ADVAPI32.dll!RegCreateKeyA                                              76D43BA9 5 Bytes  JMP 0069000A
.text          C:\Windows\system32\services.exe[860] ADVAPI32.dll!RegOpenKeyA                                                76D489C7 5 Bytes  JMP 00690FEF
.text          C:\Windows\system32\services.exe[860] ADVAPI32.dll!RegCreateKeyW                                              76D5391E 5 Bytes  JMP 00690F83
.text          C:\Windows\system32\services.exe[860] ADVAPI32.dll!RegCreateKeyExW                                            76D541F1 5 Bytes  JMP 00690040
.text          C:\Windows\system32\services.exe[860] ADVAPI32.dll!RegOpenKeyExA                                              76D57C42 5 Bytes  JMP 00690FC3
.text          C:\Windows\system32\services.exe[860] ADVAPI32.dll!RegOpenKeyW                                                76D5E2B5 5 Bytes  JMP 00690FD4
.text          C:\Windows\system32\services.exe[860] ADVAPI32.dll!RegOpenKeyExW                                              76D67BA1 5 Bytes  JMP 00690F9E
.text          C:\Windows\system32\services.exe[860] msvcrt.dll!_wsystem                                                    77497F3F 5 Bytes  JMP 009C0047
.text          C:\Windows\system32\services.exe[860] msvcrt.dll!system                                                      7749805B 5 Bytes  JMP 009C002C
.text          C:\Windows\system32\services.exe[860] msvcrt.dll!_creat                                                      7749BBF1 5 Bytes  JMP 009C0011
.text          C:\Windows\system32\services.exe[860] msvcrt.dll!_open                                                        7749D116 5 Bytes  JMP 009C0000
.text          C:\Windows\system32\services.exe[860] msvcrt.dll!_wcreat                                                      7749D336 5 Bytes  JMP 009C0FBC
.text          C:\Windows\system32\services.exe[860] msvcrt.dll!_wopen                                                      7749D511 5 Bytes  JMP 009C0FE3
.text          C:\Windows\system32\services.exe[860] WS2_32.dll!socket                                                      75F236D1 5 Bytes  JMP 00680000
?              C:\Windows\system32\services.exe[860] C:\Windows\system32\smss.exe                                            image checksum mismatch; time/date stamp mismatch; unknown module: MSWSOCK.dll
.text          C:\Windows\system32\lsass.exe[872] ntdll.dll!NtCreateFile                                                    77824244 5 Bytes  JMP 00220000
.text          C:\Windows\system32\lsass.exe[872] ntdll.dll!NtCreateProcess                                                  77824304 5 Bytes  JMP 0022002C
.text          C:\Windows\system32\lsass.exe[872] ntdll.dll!NtProtectVirtualMemory                                          77824BA4 5 Bytes  JMP 0022001B
.text          C:\Windows\system32\lsass.exe[872] kernel32.dll!GetStartupInfoW                                              778F1929 5 Bytes  JMP 009900AB
.text          C:\Windows\system32\lsass.exe[872] kernel32.dll!GetStartupInfoA                                              778F19C9 5 Bytes  JMP 00990F65
.text          C:\Windows\system32\lsass.exe[872] kernel32.dll!CreateProcessW                                                778F1BF3 5 Bytes  JMP 009900EB
.text          C:\Windows\system32\lsass.exe[872] kernel32.dll!CreateProcessA                                                778F1C28 5 Bytes  JMP 00990F4A
.text          C:\Windows\system32\lsass.exe[872] kernel32.dll!VirtualProtect                                                778F1DC3 5 Bytes  JMP 0099007F
.text          C:\Windows\system32\lsass.exe[872] kernel32.dll!CreateNamedPipeA                                              778F2EF5 5 Bytes  JMP 0099001B
.text          C:\Windows\system32\lsass.exe[872] kernel32.dll!CreateNamedPipeW                                              778F5C0C 5 Bytes  JMP 0099002C
.text          C:\Windows\system32\lsass.exe[872] kernel32.dll!CreatePipe                                                    77918F06 5 Bytes  JMP 0099009A
.text          C:\Windows\system32\lsass.exe[872] kernel32.dll!LoadLibraryExW                                                7791927C 5 Bytes  JMP 00990F9B
.text          C:\Windows\system32\lsass.exe[872] kernel32.dll!LoadLibraryW                                                  77919400 5 Bytes  JMP 00990058
.text          C:\Windows\system32\lsass.exe[872] kernel32.dll!LoadLibraryExA                                                77919554 5 Bytes  JMP 00990FB6
.text          C:\Windows\system32\lsass.exe[872] kernel32.dll!LoadLibraryA                                                  7791957C 5 Bytes  JMP 0099003D
.text          C:\Windows\system32\lsass.exe[872] kernel32.dll!VirtualProtectEx                                              7791DC52 5 Bytes  JMP 00990F8A
.text          C:\Windows\system32\lsass.exe[872] kernel32.dll!GetProcAddress                                                7793925B 5 Bytes  JMP 009900FC
.text          C:\Windows\system32\lsass.exe[872] kernel32.dll!CreateFileW                                                  7793B0EB 5 Bytes  JMP 00990FE5
.text          C:\Windows\system32\lsass.exe[872] kernel32.dll!CreateFileA                                                  7793D07F 5 Bytes  JMP 00990000
.text          C:\Windows\system32\lsass.exe[872] kernel32.dll!WinExec                                                      779860CF 5 Bytes  JMP 009900D0
.text          C:\Windows\system32\lsass.exe[872] ADVAPI32.dll!RegCreateKeyExA                                              76D439AB 5 Bytes  JMP 003F0FB9
.text          C:\Windows\system32\lsass.exe[872] ADVAPI32.dll!RegCreateKeyA                                                76D43BA9 5 Bytes  JMP 003F0FE5
.text          C:\Windows\system32\lsass.exe[872] ADVAPI32.dll!RegOpenKeyA                                                  76D489C7 5 Bytes  JMP 003F000A
.text          C:\Windows\system32\lsass.exe[872] ADVAPI32.dll!RegCreateKeyW                                                76D5391E 5 Bytes  JMP 003F0FD4
.text          C:\Windows\system32\lsass.exe[872] ADVAPI32.dll!RegCreateKeyExW                                              76D541F1 5 Bytes  JMP 003F0076
.text          C:\Windows\system32\lsass.exe[872] ADVAPI32.dll!RegOpenKeyExA                                                76D57C42 5 Bytes  JMP 003F0036
.text          C:\Windows\system32\lsass.exe[872] ADVAPI32.dll!RegOpenKeyW                                                  76D5E2B5 5 Bytes  JMP 003F001B
.text          C:\Windows\system32\lsass.exe[872] ADVAPI32.dll!RegOpenKeyExW                                                76D67BA1 5 Bytes  JMP 003F0051
.text          C:\Windows\system32\lsass.exe[872] msvcrt.dll!_wsystem                                                        77497F3F 5 Bytes  JMP 00400070
.text          C:\Windows\system32\lsass.exe[872] msvcrt.dll!system                                                          7749805B 1 Byte  [E9]
.text          C:\Windows\system32\lsass.exe[872] msvcrt.dll!system                                                          7749805B 5 Bytes  JMP 0040005F
.text          C:\Windows\system32\lsass.exe[872] msvcrt.dll!_creat                                                          7749BBF1 5 Bytes  JMP 00400029
.text          C:\Windows\system32\lsass.exe[872] msvcrt.dll!_open                                                          7749D116 5 Bytes  JMP 00400FEF
.text          C:\Windows\system32\lsass.exe[872] msvcrt.dll!_wcreat                                                        7749D336 5 Bytes  JMP 00400044
.text          C:\Windows\system32\lsass.exe[872] msvcrt.dll!_wopen                                                          7749D511 5 Bytes  JMP 00400018
.text          C:\Windows\system32\lsass.exe[872] WS2_32.dll!socket                                                          75F236D1 5 Bytes  JMP 003E0000
.text          C:\Windows\system32\svchost.exe[1064] ntdll.dll!NtCreateFile                                                  77824244 5 Bytes  JMP 00700000
.text          C:\Windows\system32\svchost.exe[1064] ntdll.dll!NtCreateProcess                                              77824304 5 Bytes  JMP 00700FDB
.text          C:\Windows\system32\svchost.exe[1064] ntdll.dll!NtProtectVirtualMemory                                        77824BA4 5 Bytes  JMP 00700011
.text          C:\Windows\system32\svchost.exe[1064] kernel32.dll!GetStartupInfoW                                            778F1929 5 Bytes  JMP 00780F30
.text          C:\Windows\system32\svchost.exe[1064] kernel32.dll!GetStartupInfoA                                            778F19C9 5 Bytes  JMP 00780F4B
.text          C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreateProcessW                                            778F1BF3 5 Bytes  JMP 007800A2
.text          C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreateProcessA                                            778F1C28 5 Bytes  JMP 00780091
.text          C:\Windows\system32\svchost.exe[1064] kernel32.dll!VirtualProtect                                            778F1DC3 5 Bytes  JMP 00780051
.text          C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreateNamedPipeA                                          778F2EF5 5 Bytes  JMP 00780FD4
.text          C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreateNamedPipeW                                          778F5C0C 5 Bytes  JMP 00780FB9
.text          C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreatePipe                                                77918F06 5 Bytes  JMP 00780F66
.text          C:\Windows\system32\svchost.exe[1064] kernel32.dll!LoadLibraryExW                                            7791927C 5 Bytes  JMP 00780F77
.text          C:\Windows\system32\svchost.exe[1064] kernel32.dll!LoadLibraryW                                              77919400 5 Bytes  JMP 00780036
.text          C:\Windows\system32\svchost.exe[1064] kernel32.dll!LoadLibraryExA                                            77919554 5 Bytes  JMP 00780F94
.text          C:\Windows\system32\svchost.exe[1064] kernel32.dll!LoadLibraryA                                              7791957C 5 Bytes  JMP 00780025
.text          C:\Windows\system32\svchost.exe[1064] kernel32.dll!VirtualProtectEx                                          7791DC52 5 Bytes  JMP 0078006C
.text          C:\Windows\system32\svchost.exe[1064] kernel32.dll!GetProcAddress                                            7793925B 5 Bytes  JMP 00780EE6
.text          C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreateFileW                                                7793B0EB 5 Bytes  JMP 00780000
.text          C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreateFileA                                                7793D07F 5 Bytes  JMP 00780FEF
.text          C:\Windows\system32\svchost.exe[1064] kernel32.dll!WinExec                                                    779860CF 5 Bytes  JMP 00780F15
.text          C:\Windows\system32\svchost.exe[1064] msvcrt.dll!_wsystem                                                    77497F3F 5 Bytes  JMP 00770042
.text          C:\Windows\system32\svchost.exe[1064] msvcrt.dll!system                                                      7749805B 5 Bytes  JMP 00770FB7
.text          C:\Windows\system32\svchost.exe[1064] msvcrt.dll!_creat                                                      7749BBF1 5 Bytes  JMP 00770027
.text          C:\Windows\system32\svchost.exe[1064] msvcrt.dll!_open                                                        7749D116 5 Bytes  JMP 0077000C
.text          C:\Windows\system32\svchost.exe[1064] msvcrt.dll!_wcreat                                                      7749D336 5 Bytes  JMP 00770FC8
.text          C:\Windows\system32\svchost.exe[1064] msvcrt.dll!_wopen                                                      7749D511 5 Bytes  JMP 00770FEF
.text          C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyExA                                            76D439AB 5 Bytes  JMP 00720051
.text          C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyA                                              76D43BA9 5 Bytes  JMP 00720036
.text          C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyA                                                76D489C7 5 Bytes  JMP 00720000
.text          C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyW                                              76D5391E 5 Bytes  JMP 00720FA5
.text          C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyExW                                            76D541F1 5 Bytes  JMP 00720F94
.text          C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyExA                                              76D57C42 5 Bytes  JMP 00720FE5
.text          C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyW                                                76D5E2B5 5 Bytes  JMP 0072001B
.text          C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyExW                                              76D67BA1 5 Bytes  JMP 00720FCA
.text          C:\Windows\system32\svchost.exe[1064] WS2_32.dll!socket                                                      75F236D1 5 Bytes  JMP 00710000
.text          C:\Windows\system32\svchost.exe[1124] ntdll.dll!NtCreateFile                                                  77824244 5 Bytes  JMP 00610FEF
.text          C:\Windows\system32\svchost.exe[1124] ntdll.dll!NtCreateProcess                                              77824304 5 Bytes  JMP 00610FC3
.text          C:\Windows\system32\svchost.exe[1124] ntdll.dll!NtProtectVirtualMemory                                        77824BA4 5 Bytes  JMP 00610FDE
.text          C:\Windows\system32\svchost.exe[1124] kernel32.dll!GetStartupInfoW                                            778F1929 5 Bytes  JMP 006500B5
.text          C:\Windows\system32\svchost.exe[1124] kernel32.dll!GetStartupInfoA                                            778F19C9 5 Bytes  JMP 0065009A
.text          C:\Windows\system32\svchost.exe[1124] kernel32.dll!CreateProcessW                                            778F1BF3 5 Bytes  JMP 006500F5
.text          C:\Windows\system32\svchost.exe[1124] kernel32.dll!CreateProcessA                                            778F1C28 5 Bytes  JMP 00650F54
.text          C:\Windows\system32\svchost.exe[1124] kernel32.dll!VirtualProtect                                            778F1DC3 5 Bytes  JMP 0065006E
.text          C:\Windows\system32\svchost.exe[1124] kernel32.dll!CreateNamedPipeA                                          778F2EF5 5 Bytes  JMP 00650000
.text          C:\Windows\system32\svchost.exe[1124] kernel32.dll!CreateNamedPipeW                                          778F5C0C 5 Bytes  JMP 00650FAF
.text          C:\Windows\system32\svchost.exe[1124] kernel32.dll!CreatePipe                                                77918F06 5 Bytes  JMP 00650089
.text          C:\Windows\system32\svchost.exe[1124] kernel32.dll!LoadLibraryExW                                            7791927C 5 Bytes  JMP 00650053
.text          C:\Windows\system32\svchost.exe[1124] kernel32.dll!LoadLibraryW                                              77919400 5 Bytes  JMP 0065001B
.text          C:\Windows\system32\svchost.exe[1124] kernel32.dll!LoadLibraryExA                                            77919554 5 Bytes  JMP 00650036
.text          C:\Windows\system32\svchost.exe[1124] kernel32.dll!LoadLibraryA                                              7791957C 5 Bytes  JMP 00650F94
.text          C:\Windows\system32\svchost.exe[1124] kernel32.dll!VirtualProtectEx                                          7791DC52 5 Bytes  JMP 00650F6F
.text          C:\Windows\system32\svchost.exe[1124] kernel32.dll!GetProcAddress                                            7793925B 5 Bytes  JMP 00650F43
.text          C:\Windows\system32\svchost.exe[1124] kernel32.dll!CreateFileW                                                7793B0EB 5 Bytes  JMP 00650FCA
.text          C:\Windows\system32\svchost.exe[1124] kernel32.dll!CreateFileA                                                7793D07F 5 Bytes  JMP 00650FEF
.text          C:\Windows\system32\svchost.exe[1124] kernel32.dll!WinExec                                                    779860CF 5 Bytes  JMP 006500DA
.text          C:\Windows\system32\svchost.exe[1124] msvcrt.dll!_wsystem                                                    77497F3F 5 Bytes  JMP 00640F9E
.text          C:\Windows\system32\svchost.exe[1124] msvcrt.dll!system                                                      7749805B 5 Bytes  JMP 00640FAF
.text          C:\Windows\system32\svchost.exe[1124] msvcrt.dll!_creat                                                      7749BBF1 5 Bytes  JMP 00640018
.text          C:\Windows\system32\svchost.exe[1124] msvcrt.dll!_open                                                        7749D116 5 Bytes  JMP 00640FEF
.text          C:\Windows\system32\svchost.exe[1124] msvcrt.dll!_wcreat                                                      7749D336 5 Bytes  JMP 00640029
.text          C:\Windows\system32\svchost.exe[1124] msvcrt.dll!_wopen                                                      7749D511 5 Bytes  JMP 00640FDE
.text          C:\Windows\system32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyExA                                            76D439AB 5 Bytes  JMP 00630051
.text          C:\Windows\system32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyA                                              76D43BA9 5 Bytes  JMP 00630FB9
.text          C:\Windows\system32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyA                                                76D489C7 5 Bytes  JMP 00630000
.text          C:\Windows\system32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyW                                              76D5391E 5 Bytes  JMP 00630040
.text          C:\Windows\system32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyExW                                            76D541F1 5 Bytes  JMP 00630062
.text          C:\Windows\system32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyExA                                              76D57C42 5 Bytes  JMP 00630FE5
.text          C:\Windows\system32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyW                                                76D5E2B5 5 Bytes  JMP 0063001B
.text          C:\Windows\system32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyExW                                              76D67BA1 5 Bytes  JMP 00630FCA
.text          C:\Windows\system32\svchost.exe[1124] WS2_32.dll!socket                                                      75F236D1 5 Bytes  JMP 00620FEF
.text          C:\Windows\System32\svchost.exe[1232] ntdll.dll!NtCreateFile                                                  77824244 5 Bytes  JMP 00190FEF
.text          C:\Windows\System32\svchost.exe[1232] ntdll.dll!NtCreateProcess                                              77824304 5 Bytes  JMP 00190FCD
.text          C:\Windows\System32\svchost.exe[1232] ntdll.dll!NtProtectVirtualMemory                                        77824BA4 5 Bytes  JMP 00190FDE
.text          C:\Windows\System32\svchost.exe[1232] kernel32.dll!GetStartupInfoW                                            778F1929 5 Bytes  JMP 00F20F52
.text          C:\Windows\System32\svchost.exe[1232] kernel32.dll!GetStartupInfoA                                            778F19C9 5 Bytes  JMP 00F20F6D
.text          C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateProcessW                                            778F1BF3 5 Bytes  JMP 00F200CE
.text          C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateProcessA                                            778F1C28 5 Bytes  JMP 00F20F41
.text          C:\Windows\System32\svchost.exe[1232] kernel32.dll!VirtualProtect                                            778F1DC3 5 Bytes  JMP 00F20076
.text          C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateNamedPipeA                                          778F2EF5 5 Bytes  JMP 00F2002F
.text          C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateNamedPipeW                                          778F5C0C 5 Bytes  JMP 00F20FDE
.text          C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreatePipe                                                77918F06 5 Bytes  JMP 00F20098
.text          C:\Windows\System32\svchost.exe[1232] kernel32.dll!LoadLibraryExW                                            7791927C 5 Bytes  JMP 00F20FA8
.text          C:\Windows\System32\svchost.exe[1232] kernel32.dll!LoadLibraryW                                              77919400 5 Bytes  JMP 00F20FB9
.text          C:\Windows\System32\svchost.exe[1232] kernel32.dll!LoadLibraryExA                                            77919554 5 Bytes  JMP 00F20065
.text          C:\Windows\System32\svchost.exe[1232] kernel32.dll!LoadLibraryA                                              7791957C 5 Bytes  JMP 00F20040
.text          C:\Windows\System32\svchost.exe[1232] kernel32.dll!VirtualProtectEx                                          7791DC52 5 Bytes  JMP 00F20087
.text          C:\Windows\System32\svchost.exe[1232] kernel32.dll!GetProcAddress                                            7793925B 5 Bytes  JMP 00F200DF
.text          C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateFileW                                                7793B0EB 1 Byte  [E9]
.text          C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateFileW                                                7793B0EB 5 Bytes  JMP 00F20FEF
.text          C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateFileA                                                7793D07F 5 Bytes  JMP 00F2000A
.text          C:\Windows\System32\svchost.exe[1232] kernel32.dll!WinExec                                                    779860CF 5 Bytes  JMP 00F200BD
.text          C:\Windows\System32\svchost.exe[1232] msvcrt.dll!_wsystem                                                    77497F3F 5 Bytes  JMP 00ED0FB7
.text          C:\Windows\System32\svchost.exe[1232] msvcrt.dll!system                                                      7749805B 5 Bytes  JMP 00ED0042
.text          C:\Windows\System32\svchost.exe[1232] msvcrt.dll!_creat                                                      7749BBF1 5 Bytes  JMP 00ED000C
.text          C:\Windows\System32\svchost.exe[1232] msvcrt.dll!_open                                                        7749D116 5 Bytes  JMP 00ED0FEF
.text          C:\Windows\System32\svchost.exe[1232] msvcrt.dll!_wcreat                                                      7749D336 5 Bytes  JMP 00ED0031
.text          C:\Windows\System32\svchost.exe[1232] msvcrt.dll!_wopen                                                      7749D511 5 Bytes  JMP 00ED0FDE
.text          C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyExA                                            76D439AB 5 Bytes  JMP 00630FA1
.text          C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyA                                              76D43BA9 5 Bytes  JMP 00630FB2
.text          C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyA                                                76D489C7 5 Bytes  JMP 00630FEF
.text          C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyW                                              76D5391E 5 Bytes  JMP 00630043
.text          C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyExW                                            76D541F1 5 Bytes  JMP 00630F86
.text          C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyExA                                              76D57C42 5 Bytes  JMP 00630FC3
.text          C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyW                                                76D5E2B5 5 Bytes  JMP 00630FDE
.text          C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyExW                                              76D67BA1 5 Bytes  JMP 0063001E
.text          C:\Windows\System32\svchost.exe[1232] WS2_32.dll!socket                                                      75F236D1 5 Bytes  JMP 00170000
.text          C:\Windows\System32\svchost.exe[1284] ntdll.dll!NtCreateFile                                                  77824244 5 Bytes  JMP 00360000
.text          C:\Windows\System32\svchost.exe[1284] ntdll.dll!NtCreateProcess                                              77824304 5 Bytes  JMP 0036001B
.text          C:\Windows\System32\svchost.exe[1284] ntdll.dll!NtProtectVirtualMemory                                        77824BA4 5 Bytes  JMP 00360FE5
.text          C:\Windows\System32\svchost.exe[1284] kernel32.dll!GetStartupInfoW                                            778F1929 5 Bytes  JMP 010200CB
.text          C:\Windows\System32\svchost.exe[1284] kernel32.dll!GetStartupInfoA                                            778F19C9 5 Bytes  JMP 010200BA
.text          C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreateProcessW                                            778F1BF3 5 Bytes  JMP 010200F0
.text          C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreateProcessA                                            778F1C28 5 Bytes  JMP 01020F4F
.text          C:\Windows\System32\svchost.exe[1284] kernel32.dll!VirtualProtect                                            778F1DC3 5 Bytes  JMP 0102008E
.text          C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreateNamedPipeA                                          778F2EF5 5 Bytes  JMP 0102002C
.text          C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreateNamedPipeW                                          778F5C0C 5 Bytes  JMP 01020FE5
.text          C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreatePipe                                                77918F06 5 Bytes  JMP 010200A9
.text          C:\Windows\System32\svchost.exe[1284] kernel32.dll!LoadLibraryExW                                            7791927C 5 Bytes  JMP 01020FC0
.text          C:\Windows\System32\svchost.exe[1284] kernel32.dll!LoadLibraryW                                              77919400 5 Bytes  JMP 0102006C
.text          C:\Windows\System32\svchost.exe[1284] kernel32.dll!LoadLibraryExA                                            77919554 5 Bytes  JMP 0102007D
.text          C:\Windows\System32\svchost.exe[1284] kernel32.dll!LoadLibraryA                                              7791957C 5 Bytes  JMP 0102005B
.text          C:\Windows\System32\svchost.exe[1284] kernel32.dll!VirtualProtectEx                                          7791DC52 5 Bytes  JMP 01020F8F
.text          C:\Windows\System32\svchost.exe[1284] kernel32.dll!GetProcAddress                                            7793925B 5 Bytes  JMP 01020F3E
.text          C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreateFileW                                                7793B0EB 5 Bytes  JMP 0102001B
.text          C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreateFileA                                                7793D07F 5 Bytes  JMP 01020000
.text          C:\Windows\System32\svchost.exe[1284] kernel32.dll!WinExec                                                    779860CF 5 Bytes  JMP 01020F6A
.text          C:\Windows\System32\svchost.exe[1284] msvcrt.dll!_wsystem                                                    77497F3F 5 Bytes  JMP 00F90044
.text          C:\Windows\System32\svchost.exe[1284] msvcrt.dll!system                                                      7749805B 5 Bytes  JMP 00F90033
.text          C:\Windows\System32\svchost.exe[1284] msvcrt.dll!_creat                                                      7749BBF1 5 Bytes  JMP 00F90022
.text          C:\Windows\System32\svchost.exe[1284] msvcrt.dll!_open                                                        7749D116 5 Bytes  JMP 00F90000
.text          C:\Windows\System32\svchost.exe[1284] msvcrt.dll!_wcreat                                                      7749D336 5 Bytes  JMP 00F90FCD
.text          C:\Windows\System32\svchost.exe[1284] msvcrt.dll!_wopen                                                      7749D511 5 Bytes  JMP 00F90011
.text          C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyExA                                            76D439AB 5 Bytes  JMP 00F80087
.text          C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyA                                              76D43BA9 5 Bytes  JMP 00F8005B
.text          C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyA                                                76D489C7 5 Bytes  JMP 00F80000
.text          C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyW                                              76D5391E 5 Bytes  JMP 00F8006C
.text          C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyExW                                            76D541F1 5 Bytes  JMP 00F80FD4
.text          C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyExA                                              76D57C42 5 Bytes  JMP 00F80040
.text          C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyW                                                76D5E2B5 5 Bytes  JMP 00F80025
.text          C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyExW                                              76D67BA1 5 Bytes  JMP 00F80FEF
.text          C:\Windows\System32\svchost.exe[1284] WS2_32.dll!socket                                                      75F236D1 5 Bytes  JMP 00F60FEF
.text          C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtCreateFile                                                  77824244 5 Bytes  JMP 008A0FEF
.text          C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtCreateProcess                                              77824304 5 Bytes  JMP 008A0FDE
.text          C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtProtectVirtualMemory                                        77824BA4 5 Bytes  JMP 008A0014
.text          C:\Windows\system32\svchost.exe[1328] kernel32.dll!GetStartupInfoW                                            778F1929 5 Bytes  JMP 00930F3A
.text          C:\Windows\system32\svchost.exe[1328] kernel32.dll!GetStartupInfoA                                            778F19C9 5 Bytes  JMP 00930080
.text          C:\Windows\system32\svchost.exe[1328] kernel32.dll!CreateProcessW                                            778F1BF3 5 Bytes  JMP 00930F0B
.text          C:\Windows\system32\svchost.exe[1328] kernel32.dll!CreateProcessA                                            778F1C28 5 Bytes  JMP 009300A2
.text          C:\Windows\system32\svchost.exe[1328] kernel32.dll!VirtualProtect                                            778F1DC3 5 Bytes  JMP 00930F70
.text          C:\Windows\system32\svchost.exe[1328] kernel32.dll!CreateNamedPipeA                                          778F2EF5 5 Bytes  JMP 0093000A
.text          C:\Windows\system32\svchost.exe[1328] kernel32.dll!CreateNamedPipeW                                          778F5C0C 5 Bytes  JMP 00930FB9
.text          C:\Windows\system32\svchost.exe[1328] kernel32.dll!CreatePipe                                                77918F06 5 Bytes  JMP 0093006F
.text          C:\Windows\system32\svchost.exe[1328] kernel32.dll!LoadLibraryExW                                            7791927C 5 Bytes  JMP 0093004A
.text          C:\Windows\system32\svchost.exe[1328] kernel32.dll!LoadLibraryW                                              77919400 5 Bytes  JMP 00930025
.text          C:\Windows\system32\svchost.exe[1328] kernel32.dll!LoadLibraryExA                                            77919554 5 Bytes  JMP 00930F8D
.text          C:\Windows\system32\svchost.exe[1328] kernel32.dll!LoadLibraryA                                              7791957C 5 Bytes  JMP 00930F9E
.text          C:\Windows\system32\svchost.exe[1328] kernel32.dll!VirtualProtectEx                                          7791DC52 5 Bytes  JMP 00930F55
.text          C:\Windows\system32\svchost.exe[1328] kernel32.dll!GetProcAddress                                            7793925B 5 Bytes  JMP 009300B3
.text          C:\Windows\system32\svchost.exe[1328] kernel32.dll!CreateFileW                                                7793B0EB 5 Bytes  JMP 00930FCA
.text          C:\Windows\system32\svchost.exe[1328] kernel32.dll!CreateFileA                                                7793D07F 5 Bytes  JMP 00930FEF
.text          C:\Windows\system32\svchost.exe[1328] kernel32.dll!WinExec                                                    779860CF 5 Bytes  JMP 00930091
.text          C:\Windows\system32\svchost.exe[1328] msvcrt.dll!_wsystem                                                    77497F3F 5 Bytes  JMP 00920064
.text          C:\Windows\system32\svchost.exe[1328] msvcrt.dll!system                                                      7749805B 5 Bytes  JMP 00920FD9
.text          C:\Windows\system32\svchost.exe[1328] msvcrt.dll!_creat                                                      7749BBF1 5 Bytes  JMP 0092002E
.text          C:\Windows\system32\svchost.exe[1328] msvcrt.dll!_open                                                        7749D116 5 Bytes  JMP 00920000
.text          C:\Windows\system32\svchost.exe[1328] msvcrt.dll!_wcreat                                                      7749D336 5 Bytes  JMP 0092003F
.text          C:\Windows\system32\svchost.exe[1328] msvcrt.dll!_wopen                                                      7749D511 5 Bytes  JMP 0092001D
.text          C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyExA                                            76D439AB 5 Bytes  JMP 008D0FAC
.text          C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyA                                              76D43BA9 5 Bytes  JMP 008D0047
.text          C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyA                                                76D489C7 5 Bytes  JMP 008D0FEF
.text          C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyW                                              76D5391E 5 Bytes  JMP 008D0058
.text          C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyExW                                            76D541F1 5 Bytes  JMP 008D0F91
.text          C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyExA                                              76D57C42 5 Bytes  JMP 008D001B
.text          C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyW                                                76D5E2B5 5 Bytes  JMP 008D0000
.text          C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyExW                                              76D67BA1 5 Bytes  JMP 008D002C
.text          C:\Windows\system32\svchost.exe[1328] WS2_32.dll!socket                                                      75F236D1 5 Bytes  JMP 008C000A
.text          C:\Windows\system32\svchost.exe[1436] ntdll.dll!NtCreateFile                                                  77824244 5 Bytes  JMP 00150000
.text          C:\Windows\system32\svchost.exe[1436] ntdll.dll!NtCreateProcess                                              77824304 5 Bytes  JMP 00150022
.text          C:\Windows\system32\svchost.exe[1436] ntdll.dll!NtProtectVirtualMemory                                        77824BA4 5 Bytes  JMP 00150011
.text          C:\Windows\system32\svchost.exe[1436] kernel32.dll!GetStartupInfoW                                            778F1929 5 Bytes  JMP 008200B5
.text          C:\Windows\system32\svchost.exe[1436] kernel32.dll!GetStartupInfoA                                            778F19C9 5 Bytes  JMP 00820090
.text          C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateProcessW                                            778F1BF3 5 Bytes  JMP 00820F2F
.text          C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateProcessA                                            778F1C28 5 Bytes  JMP 008200C6
.text          C:\Windows\system32\svchost.exe[1436] kernel32.dll!VirtualProtect                                            778F1DC3 5 Bytes  JMP 00820064
.text          C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateNamedPipeA                                          778F2EF5 5 Bytes  JMP 00820FCA
.text          C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateNamedPipeW                                          778F5C0C 5 Bytes  JMP 0082001B
.text          C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreatePipe                                                77918F06 5 Bytes  JMP 00820F6F
.text          C:\Windows\system32\svchost.exe[1436] kernel32.dll!LoadLibraryExW                                            7791927C 5 Bytes  JMP 00820047
.text          C:\Windows\system32\svchost.exe[1436] kernel32.dll!LoadLibraryW                                              77919400 5 Bytes  JMP 00820036
.text          C:\Windows\system32\svchost.exe[1436] kernel32.dll!LoadLibraryExA                                            77919554 5 Bytes  JMP 00820F8A
.text          C:\Windows\system32\svchost.exe[1436] kernel32.dll!LoadLibraryA                                              7791957C 5 Bytes  JMP 00820FAF
.text          C:\Windows\system32\svchost.exe[1436] kernel32.dll!VirtualProtectEx                                          7791DC52 5 Bytes  JMP 0082007F
.text          C:\Windows\system32\svchost.exe[1436] kernel32.dll!GetProcAddress                                            7793925B 5 Bytes  JMP 008200E1
.text          C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateFileW                                                7793B0EB 5 Bytes  JMP 00820FE5
.text          C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateFileA                                                7793D07F 5 Bytes  JMP 0082000A
.text          C:\Windows\system32\svchost.exe[1436] kernel32.dll!WinExec                                                    779860CF 5 Bytes  JMP 00820F4A
.text          C:\Windows\system32\svchost.exe[1436] msvcrt.dll!_wsystem                                                    77497F3F 5 Bytes  JMP 00810F5A
.text          C:\Windows\system32\svchost.exe[1436] msvcrt.dll!system                                                      7749805B 5 Bytes  JMP 00810F7F
.text          C:\Windows\system32\svchost.exe[1436] msvcrt.dll!_creat                                                      7749BBF1 5 Bytes  JMP 00810FAB
.text          C:\Windows\system32\svchost.exe[1436] msvcrt.dll!_open                                                        7749D116 5 Bytes  JMP 00810FEF
.text          C:\Windows\system32\svchost.exe[1436] msvcrt.dll!_wcreat                                                      7749D336 5 Bytes  JMP 00810F9A
.text          C:\Windows\system32\svchost.exe[1436] msvcrt.dll!_wopen                                                      7749D511 5 Bytes  JMP 00810FD2
.text          C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyExA                                            76D439AB 5 Bytes  JMP 0023004E
.text          C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyA                                              76D43BA9 5 Bytes  JMP 0023002C
.text          C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyA                                                76D489C7 5 Bytes  JMP 00230000
.text          C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyW                                              76D5391E 5 Bytes  JMP 0023003D
.text          C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyExW                                            76D541F1 5 Bytes  JMP 0023005F
.text          C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyExA                                              76D57C42 5 Bytes  JMP 00230FDB
.text          C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyW                                                76D5E2B5 5 Bytes  JMP 00230011
.text          C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyExW                                              76D67BA1 5 Bytes  JMP 00230FCA
.text          C:\Windows\system32\svchost.exe[1436] WS2_32.dll!socket                                                      75F236D1 5 Bytes  JMP 00160FEF
.text          C:\Windows\system32\svchost.exe[1524] ntdll.dll!NtCreateFile                                                  77824244 5 Bytes  JMP 00960FE5
.text          C:\Windows\system32\svchost.exe[1524] ntdll.dll!NtCreateProcess                                              77824304 5 Bytes  JMP 00960FCA
.text          C:\Windows\system32\svchost.exe[1524] ntdll.dll!NtProtectVirtualMemory                                        77824BA4 5 Bytes  JMP 00960000
.text          C:\Windows\system32\svchost.exe[1524] kernel32.dll!GetStartupInfoW                                            778F1929 5 Bytes  JMP 00D300A2
.text          C:\Windows\system32\svchost.exe[1524] kernel32.dll!GetStartupInfoA                                            778F19C9 5 Bytes  JMP 00D30F52
.text          C:\Windows\system32\svchost.exe[1524] kernel32.dll!CreateProcessW                                            778F1BF3 5 Bytes  JMP 00D30F0B
.text          C:\Windows\system32\svchost.exe[1524] kernel32.dll!CreateProcessA                                            778F1C28 5 Bytes  JMP 00D30F26
.text          C:\Windows\system32\svchost.exe[1524] kernel32.dll!VirtualProtect                                            778F1DC3 5 Bytes  JMP 00D30F6D
.text          C:\Windows\system32\svchost.exe[1524] kernel32.dll!CreateNamedPipeA                                          778F2EF5 5 Bytes  JMP 00D30FCA
.text          C:\Windows\system32\svchost.exe[1524] kernel32.dll!CreateNamedPipeW                                          778F5C0C 5 Bytes  JMP 00D3001B
.text          C:\Windows\system32\svchost.exe[1524] kernel32.dll!CreatePipe                                                77918F06 5 Bytes  JMP 00D30087
.text          C:\Windows\system32\svchost.exe[1524] kernel32.dll!LoadLibraryExW                                            7791927C 5 Bytes  JMP 00D30051
.text          C:\Windows\system32\svchost.exe[1524] kernel32.dll!LoadLibraryW                                              77919400 5 Bytes  JMP 00D30FA5
.text          C:\Windows\system32\svchost.exe[1524] kernel32.dll!LoadLibraryExA                                            77919554 5 Bytes  JMP 00D30F94
.text          C:\Windows\system32\svchost.exe[1524] kernel32.dll!LoadLibraryA                                              7791957C 5 Bytes  JMP 00D3002C
.text          C:\Windows\system32\svchost.exe[1524] kernel32.dll!VirtualProtectEx                                          7791DC52 5 Bytes  JMP 00D3006C
.text          C:\Windows\system32\svchost.exe[1524] kernel32.dll!GetProcAddress                                            7793925B 5 Bytes  JMP 00D300BD
.text          C:\Windows\system32\svchost.exe[1524] kernel32.dll!CreateFileW                                                7793B0EB 5 Bytes  JMP 00D30FE5
.text          C:\Windows\system32\svchost.exe[1524] kernel32.dll!CreateFileA                                                7793D07F 5 Bytes  JMP 00D30000
.text          C:\Windows\system32\svchost.exe[1524] kernel32.dll!WinExec                                                    779860CF 5 Bytes  JMP 00D30F41
.text          C:\Windows\system32\svchost.exe[1524] msvcrt.dll!_wsystem                                                    77497F3F 5 Bytes  JMP 00D20FC3
.text          C:\Windows\system32\svchost.exe[1524] msvcrt.dll!system                                                      7749805B 5 Bytes  JMP 00D20044
.text          C:\Windows\system32\svchost.exe[1524] msvcrt.dll!_creat                                                      7749BBF1 5 Bytes  JMP 00D20FD4
.text          C:\Windows\system32\svchost.exe[1524] msvcrt.dll!_open                                                        7749D116 5 Bytes  JMP 00D2000C
.text          C:\Windows\system32\svchost.exe[1524] msvcrt.dll!_wcreat                                                      7749D336 5 Bytes  JMP 00D20029
.text          C:\Windows\system32\svchost.exe[1524] msvcrt.dll!_wopen                                                      7749D511 5 Bytes  JMP 00D20FEF
.text          C:\Windows\system32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyExA                                            76D439AB 5 Bytes  JMP 00D10F94
.text          C:\Windows\system32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyA                                              76D43BA9 5 Bytes  JMP 00D10036
.text          C:\Windows\system32\svchost.exe[1524] ADVAPI32.dll!RegOpenKeyA                                                76D489C7 5 Bytes  JMP 00D10FEF
.text          C:\Windows\system32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyW                                              76D5391E 5 Bytes  JMP 00D10FAF
.text          C:\Windows\system32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyExW                                            76D541F1 5 Bytes  JMP 00D10051
.text          C:\Windows\system32\svchost.exe[1524] ADVAPI32.dll!RegOpenKeyExA                                              76D57C42 5 Bytes  JMP 00D10014
.text          C:\Windows\system32\svchost.exe[1524] ADVAPI32.dll!RegOpenKeyW                                                76D5E2B5 5 Bytes  JMP 00D10FD4
.text          C:\Windows\system32\svchost.exe[1524] ADVAPI32.dll!RegOpenKeyExW                                              76D67BA1 5 Bytes  JMP 00D10025
.text          C:\Windows\system32\svchost.exe[1524] WS2_32.dll!socket                                                      75F236D1 5 Bytes  JMP 00D00FE5
.text          C:\Windows\system32\svchost.exe[1712] ntdll.dll!NtCreateFile                                                  77824244 5 Bytes  JMP 00330FEF
.text          C:\Windows\system32\svchost.exe[1712] ntdll.dll!NtCreateProcess                                              77824304 5 Bytes  JMP 0033000A
.text          C:\Windows\system32\svchost.exe[1712] ntdll.dll!NtProtectVirtualMemory                                        77824BA4 5 Bytes  JMP 00330FDE
.text          C:\Windows\system32\svchost.exe[1712] kernel32.dll!GetStartupInfoW                                            778F1929 5 Bytes  JMP 008C0F3E
.text          C:\Windows\system32\svchost.exe[1712] kernel32.dll!GetStartupInfoA                                            778F19C9 5 Bytes  JMP 008C008E
.text          C:\Windows\system32\svchost.exe[1712] kernel32.dll!CreateProcessW                                            778F1BF3 5 Bytes  JMP 008C00C1
.text          C:\Windows\system32\svchost.exe[1712] kernel32.dll!CreateProcessA                                            778F1C28 5 Bytes  JMP 008C00B0
.text          C:\Windows\system32\svchost.exe[1712] kernel32.dll!VirtualProtect                                            778F1DC3 5 Bytes  JMP 008C0F77
.text          C:\Windows\system32\svchost.exe[1712] kernel32.dll!CreateNamedPipeA                                          778F2EF5 5 Bytes  JMP 008C001B
.text          C:\Windows\system32\svchost.exe[1712] kernel32.dll!CreateNamedPipeW                                          778F5C0C 5 Bytes  JMP 008C002C
.text          C:\Windows\system32\svchost.exe[1712] kernel32.dll!CreatePipe                                                77918F06 5 Bytes  JMP 008C0073
.text          C:\Windows\system32\svchost.exe[1712] kernel32.dll!LoadLibraryExW                                            7791927C 5 Bytes  JMP 008C0F94
.text          C:\Windows\system32\svchost.exe[1712] kernel32.dll!LoadLibraryW                                              77919400 5 Bytes  JMP 008C0FAF
.text          C:\Windows\system32\svchost.exe[1712] kernel32.dll!LoadLibraryExA                                            77919554 5 Bytes  JMP 008C0051
.text          C:\Windows\system32\svchost.exe[1712] kernel32.dll!LoadLibraryA                                              7791957C 5 Bytes  JMP 008C0FCA
.text          C:\Windows\system32\svchost.exe[1712] kernel32.dll!VirtualProtectEx                                          7791DC52 5 Bytes  JMP 008C0062
.text          C:\Windows\system32\svchost.exe[1712] kernel32.dll!GetProcAddress                                            7793925B 5 Bytes  JMP 008C00D2
.text          C:\Windows\system32\svchost.exe[1712] kernel32.dll!CreateFileW                                                7793B0EB 5 Bytes  JMP 008C0FE5
.text          C:\Windows\system32\svchost.exe[1712] kernel32.dll!CreateFileA                                                7793D07F 5 Bytes  JMP 008C0000
.text          C:\Windows\system32\svchost.exe[1712] kernel32.dll!WinExec                                                    779860CF 5 Bytes  JMP 008C009F
.text          C:\Windows\system32\svchost.exe[1712] msvcrt.dll!_wsystem                                                    77497F3F 5 Bytes  JMP 008B0058
.text          C:\Windows\system32\svchost.exe[1712] msvcrt.dll!system                                                      7749805B 5 Bytes  JMP 008B0033
.text          C:\Windows\system32\svchost.exe[1712] msvcrt.dll!_creat                                                      7749BBF1 5 Bytes  JMP 008B0FD4
.text          C:\Windows\system32\svchost.exe[1712] msvcrt.dll!_open                                                        7749D116 5 Bytes  JMP 008B0FEF
.text          C:\Windows\system32\svchost.exe[1712] msvcrt.dll!_wcreat                                                      7749D336 5 Bytes  JMP 008B0FC3
.text          C:\Windows\system32\svchost.exe[1712] msvcrt.dll!_wopen                                                      7749D511 5 Bytes  JMP 008B000C
.text          C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyExA                                            76D439AB 5 Bytes  JMP 00890040
.text          C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyA                                              76D43BA9 5 Bytes  JMP 00890FA8
.text          C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyA                                                76D489C7 5 Bytes  JMP 00890FEF
.text          C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyW                                              76D5391E 5 Bytes  JMP 0089002F
.text          C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyExW                                            76D541F1 5 Bytes  JMP 0089005B
.text          C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyExA                                              76D57C42 5 Bytes  JMP 00890FCA
.text          C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyW                                                76D5E2B5 5 Bytes  JMP 0089000A
.text          C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyExW                                              76D67BA1 5 Bytes  JMP 00890FB9
.text          C:\Windows\system32\svchost.exe[1712] WS2_32.dll!socket                                                      75F236D1 5 Bytes  JMP 00880000
.text          C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2176] kernel32.dll!LoadLibraryW                  77919400 5 Bytes  JMP 70DD9A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text          C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2176] kernel32.dll!LoadLibraryA                  7791957C 5 Bytes  JMP 70DD99A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text          c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] ntdll.dll!NtCreateFile            77824244 5 Bytes  JMP 4BA30000
.text          c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] ntdll.dll!NtCreateProcess        77824304 5 Bytes  JMP 4BA30FD4
.text          c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] ntdll.dll!NtProtectVirtualMemory  77824BA4 5 Bytes  JMP 4BA30FE5
.text          c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] kernel32.dll!GetStartupInfoW      778F1929 5 Bytes  JMP 4BB40EEE
.text          c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] kernel32.dll!GetStartupInfoA      778F19C9 5 Bytes  JMP 4BB40EFF
.text          c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] kernel32.dll!CreateProcessW      778F1BF3 5 Bytes  JMP 4BB40059
.text          c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] kernel32.dll!CreateProcessA      778F1C28 5 Bytes  JMP 4BB40EC2
.text          c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] kernel32.dll!VirtualProtect      778F1DC3 5 Bytes  JMP 4BB40F46
.text          c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] kernel32.dll!CreateNamedPipeA    778F2EF5 5 Bytes  JMP 4BB40FCA
.text          c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] kernel32.dll!CreateNamedPipeW    778F5C0C 5 Bytes  JMP 4BB40FB9
.text          c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] kernel32.dll!CreatePipe          77918F06 5 Bytes  JMP 4BB40F1A
.text          c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] kernel32.dll!LoadLibraryExW      7791927C 5 Bytes  JMP 4BB40F57
.text          c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] kernel32.dll!LoadLibraryW        77919400 5 Bytes  JMP 4BB40F8D
.text          c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] kernel32.dll!LoadLibraryExA      77919554 5 Bytes  JMP 4BB40F68
.text          c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] kernel32.dll!LoadLibraryA        7791957C 5 Bytes  JMP 4BB40FA8
.text          c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] kernel32.dll!VirtualProtectEx    7791DC52 5 Bytes  JMP 4BB40F35
.text          c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] kernel32.dll!GetProcAddress      7793925B 5 Bytes  JMP 4BB4006A
.text          c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] kernel32.dll!CreateFileW          7793B0EB 5 Bytes  JMP 4BB40FE5
.text          c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] kernel32.dll!CreateFileA          7793D07F 5 Bytes  JMP 4BB40000
.text          c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] kernel32.dll!WinExec              779860CF 1 Byte  [E9]
.text          c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] kernel32.dll!WinExec              779860CF 5 Bytes  JMP 4BB40ED3
.text          c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] msvcrt.dll!_wsystem              77497F3F 5 Bytes  JMP 4BB3006E
.text          c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] msvcrt.dll!system                7749805B 5 Bytes  JMP 4BB30053
.text          c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] msvcrt.dll!_creat                7749BBF1 5 Bytes  JMP 4BB30038
.text          c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] msvcrt.dll!_open                  7749D116 5 Bytes  JMP 4BB3000C
.text          c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] msvcrt.dll!_wcreat                7749D336 5 Bytes  JMP 4BB30FE3
.text          c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] msvcrt.dll!_wopen                7749D511 5 Bytes  JMP 4BB3001D
.text          c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] ADVAPI32.dll!RegCreateKeyExA      76D439AB 5 Bytes  JMP 4BB20058
.text          c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] ADVAPI32.dll!RegCreateKeyA        76D43BA9 5 Bytes  JMP 4BB2003D
.text          c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] ADVAPI32.dll!RegOpenKeyA          76D489C7 5 Bytes  JMP 4BB20000
.text          c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] ADVAPI32.dll!RegCreateKeyW        76D5391E 5 Bytes  JMP 4BB20FB6
.text          c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] ADVAPI32.dll!RegCreateKeyExW      76D541F1 5 Bytes  JMP 4BB20069
.text          c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] ADVAPI32.dll!RegOpenKeyExA        76D57C42 5 Bytes  JMP 4BB20FDB
.text          c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] ADVAPI32.dll!RegOpenKeyW          76D5E2B5 5 Bytes  JMP 4BB20011
.text          c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] ADVAPI32.dll!RegOpenKeyExW        76D67BA1 5 Bytes  JMP 4BB20022
.text          c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] WS2_32.dll!socket                75F236D1 5 Bytes  JMP 4BAD0FEF
.text          C:\Windows\system32\svchost.exe[2436] ntdll.dll!NtCreateFile                                                  77824244 5 Bytes  JMP 00C5000A
.text          C:\Windows\system32\svchost.exe[2436] ntdll.dll!NtCreateProcess                                              77824304 5 Bytes  JMP 00C50025
.text          C:\Windows\system32\svchost.exe[2436] ntdll.dll!NtProtectVirtualMemory                                        77824BA4 5 Bytes  JMP 00C50FEF
.text          C:\Windows\system32\svchost.exe[2436] kernel32.dll!GetStartupInfoW                                            778F1929 5 Bytes  JMP 00F50F79
.text          C:\Windows\system32\svchost.exe[2436] kernel32.dll!GetStartupInfoA                                            778F19C9 5 Bytes  JMP 00F500BF
.text          C:\Windows\system32\svchost.exe[2436] kernel32.dll!CreateProcessW                                            778F1BF3 5 Bytes  JMP 00F500F5
.text          C:\Windows\system32\svchost.exe[2436] kernel32.dll!CreateProcessA                                            778F1C28 5 Bytes  JMP 00F50F5E
.text          C:\Windows\system32\svchost.exe[2436] kernel32.dll!VirtualProtect                                            778F1DC3 5 Bytes  JMP 00F500A4
.text          C:\Windows\system32\svchost.exe[2436] kernel32.dll!CreateNamedPipeA                                          778F2EF5 5 Bytes  JMP 00F50FE5
.text          C:\Windows\system32\svchost.exe[2436] kernel32.dll!CreateNamedPipeW                                          778F5C0C 5 Bytes  JMP 00F50FD4
.text          C:\Windows\system32\svchost.exe[2436] kernel32.dll!CreatePipe                                                77918F06 5 Bytes  JMP 00F50F94
.text          C:\Windows\system32\svchost.exe[2436] kernel32.dll!LoadLibraryExW                                            7791927C 5 Bytes  JMP 00F50087
.text          C:\Windows\system32\svchost.exe[2436] kernel32.dll!LoadLibraryW                                              77919400 5 Bytes  JMP 00F5005B
.text          C:\Windows\system32\svchost.exe[2436] kernel32.dll!LoadLibraryExA                                            77919554 5 Bytes  JMP 00F50076
.text          C:\Windows\system32\svchost.exe[2436] kernel32.dll!LoadLibraryA                                              7791957C 5 Bytes  JMP 00F50040
.text          C:\Windows\system32\svchost.exe[2436] kernel32.dll!VirtualProtectEx                                          7791DC52 5 Bytes  JMP 00F50FAF
.text          C:\Windows\system32\svchost.exe[2436] kernel32.dll!GetProcAddress                                            7793925B 5 Bytes  JMP 00F50F43
.text          C:\Windows\system32\svchost.exe[2436] kernel32.dll!CreateFileW                                                7793B0EB 5 Bytes  JMP 00F5001B
.text          C:\Windows\system32\svchost.exe[2436] kernel32.dll!CreateFileA                                                7793D07F 5 Bytes  JMP 00F50000
.text          C:\Windows\system32\svchost.exe[2436] kernel32.dll!WinExec                                                    779860CF 5 Bytes  JMP 00F500DA
.text          C:\Windows\system32\svchost.exe[2436] msvcrt.dll!_wsystem                                                    77497F3F 5 Bytes  JMP 00F40F9C
.text          C:\Windows\system32\svchost.exe[2436] msvcrt.dll!system                                                      7749805B 5 Bytes  JMP 00F40FB7
.text          C:\Windows\system32\svchost.exe[2436] msvcrt.dll!_creat                                                      7749BBF1 5 Bytes  JMP 00F4000C
.text          C:\Windows\system32\svchost.exe[2436] msvcrt.dll!_open                                                        7749D116 5 Bytes  JMP 00F40FEF
.text          C:\Windows\system32\svchost.exe[2436] msvcrt.dll!_wcreat                                                      7749D336 5 Bytes  JMP 00F40027
.text          C:\Windows\system32\svchost.exe[2436] msvcrt.dll!_wopen                                                      7749D511 5 Bytes  JMP 00F40FD2
.text          C:\Windows\system32\svchost.exe[2436] ADVAPI32.dll!RegCreateKeyExA                                            76D439AB 5 Bytes  JMP 00E00047
.text          C:\Windows\system32\svchost.exe[2436] ADVAPI32.dll!RegCreateKeyA                                              76D43BA9 5 Bytes  JMP 00E00FB9
.text          C:\Windows\system32\svchost.exe[2436] ADVAPI32.dll!RegOpenKeyA                                                76D489C7 5 Bytes  JMP 00E00000
.text          C:\Windows\system32\svchost.exe[2436] ADVAPI32.dll!RegCreateKeyW                                              76D5391E 5 Bytes  JMP 00E00036
.text          C:\Windows\system32\svchost.exe[2436] ADVAPI32.dll!RegCreateKeyExW                                            76D541F1 5 Bytes  JMP 00E00062
.text          C:\Windows\system32\svchost.exe[2436] ADVAPI32.dll!RegOpenKeyExA                                              76D57C42 5 Bytes  JMP 00E00FDB
.text          C:\Windows\system32\svchost.exe[2436] ADVAPI32.dll!RegOpenKeyW                                                76D5E2B5 5 Bytes  JMP 00E00011
.text          C:\Windows\system32\svchost.exe[2436] ADVAPI32.dll!RegOpenKeyExW                                              76D67BA1 5 Bytes  JMP 00E00FCA
.text          C:\Windows\system32\svchost.exe[2436] WS2_32.dll!socket                                                      75F236D1 5 Bytes  JMP 00CE000A
.text          C:\Windows\system32\wuauclt.exe[3248] ntdll.dll!NtCreateFile                                                  77824244 5 Bytes  JMP 00040FEF
.text          C:\Windows\system32\wuauclt.exe[3248] ntdll.dll!NtCreateProcess                                              77824304 5 Bytes  JMP 00040FDE
.text          C:\Windows\system32\wuauclt.exe[3248] ntdll.dll!NtProtectVirtualMemory                                        77824BA4 5 Bytes  JMP 00040014
.text          C:\Windows\system32\wuauclt.exe[3248] kernel32.dll!GetStartupInfoW                                            778F1929 5 Bytes  JMP 00010F30
.text          C:\Windows\system32\wuauclt.exe[3248] kernel32.dll!GetStartupInfoA                                            778F19C9 5 Bytes  JMP 00010F41
.text          C:\Windows\system32\wuauclt.exe[3248] kernel32.dll!CreateProcessW                                            778F1BF3 5 Bytes  JMP 00010F01
.text          C:\Windows\system32\wuauclt.exe[3248] kernel32.dll!CreateProcessA                                            778F1C28 5 Bytes  JMP 00010098
.text          C:\Windows\system32\wuauclt.exe[3248] kernel32.dll!VirtualProtect                                            778F1DC3 5 Bytes  JMP 00010058
.text          C:\Windows\system32\wuauclt.exe[3248] kernel32.dll!CreateNamedPipeA                                          778F2EF5 5 Bytes  JMP 00010FCA
.text          C:\Windows\system32\wuauclt.exe[3248] kernel32.dll!CreateNamedPipeW                                          778F5C0C 5 Bytes  JMP 0001001B
.text          C:\Windows\system32\wuauclt.exe[3248] kernel32.dll!CreatePipe                                                77918F06 5 Bytes  JMP 00010F52
.text          C:\Windows\system32\wuauclt.exe[3248] kernel32.dll!LoadLibraryExW                                            7791927C 5 Bytes  JMP 00010F8A
.text          C:\Windows\system32\wuauclt.exe[3248] kernel32.dll!LoadLibraryW                                              77919400 5 Bytes  JMP 0001002C
.text          C:\Windows\system32\wuauclt.exe[3248] kernel32.dll!LoadLibraryExA                                            77919554 5 Bytes  JMP 0001003D
.text          C:\Windows\system32\wuauclt.exe[3248] kernel32.dll!LoadLibraryA                                              7791957C 5 Bytes  JMP 00010FA5
.text          C:\Windows\system32\wuauclt.exe[3248] kernel32.dll!VirtualProtectEx                                          7791DC52 5 Bytes  JMP 00010F63
.text          C:\Windows\system32\wuauclt.exe[3248] kernel32.dll!GetProcAddress                                            7793925B 5 Bytes  JMP 000100B3
.text          C:\Windows\system32\wuauclt.exe[3248] kernel32.dll!CreateFileW                                                7793B0EB 5 Bytes  JMP 00010000
.text          C:\Windows\system32\wuauclt.exe[3248] kernel32.dll!CreateFileA                                                7793D07F 5 Bytes  JMP 00010FEF
.text          C:\Windows\system32\wuauclt.exe[3248] kernel32.dll!WinExec                                                    779860CF 5 Bytes  JMP 00010087
.text          C:\Windows\system32\wuauclt.exe[3248] msvcrt.dll!_wsystem                                                    77497F3F 5 Bytes  JMP 000B0055
.text          C:\Windows\system32\wuauclt.exe[3248] msvcrt.dll!system                                                      7749805B 5 Bytes  JMP 000B0FD4
.text          C:\Windows\system32\wuauclt.exe[3248] msvcrt.dll!_creat                                                      7749BBF1 5 Bytes  JMP 000B003A
.text          C:\Windows\system32\wuauclt.exe[3248] msvcrt.dll!_open                                                        7749D116 5 Bytes  JMP 000B000C
.text          C:\Windows\system32\wuauclt.exe[3248] msvcrt.dll!_wcreat                                                      7749D336 5 Bytes  JMP 000B0FE5
.text          C:\Windows\system32\wuauclt.exe[3248] msvcrt.dll!_wopen                                                      7749D511 5 Bytes  JMP 000B001D
.text          C:\Windows\system32\wuauclt.exe[3248] ADVAPI32.dll!RegCreateKeyExA                                            76D439AB 5 Bytes  JMP 000D0FD1
.text          C:\Windows\system32\wuauclt.exe[3248] ADVAPI32.dll!RegCreateKeyA                                              76D43BA9 5 Bytes  JMP 000D0058
.text          C:\Windows\system32\wuauclt.exe[3248] ADVAPI32.dll!RegOpenKeyA                                                76D489C7 5 Bytes  JMP 000D0000
.text          C:\Windows\system32\wuauclt.exe[3248] ADVAPI32.dll!RegCreateKeyW                                              76D5391E 5 Bytes  JMP 000D0069
.text          C:\Windows\system32\wuauclt.exe[3248] ADVAPI32.dll!RegCreateKeyExW                                            76D541F1 5 Bytes  JMP 000D0FB6
.text          C:\Windows\system32\wuauclt.exe[3248] ADVAPI32.dll!RegOpenKeyExA                                              76D57C42 5 Bytes  JMP 000D002C
.text          C:\Windows\system32\wuauclt.exe[3248] ADVAPI32.dll!RegOpenKeyW                                                76D5E2B5 5 Bytes  JMP 000D0011
.text          C:\Windows\system32\wuauclt.exe[3248] ADVAPI32.dll!RegOpenKeyExW                                              76D67BA1 5 Bytes  JMP 000D0047
.text          C:\Windows\Explorer.EXE[3596] ntdll.dll!NtCreateFile                                                          77824244 5 Bytes  JMP 0004000A
.text          C:\Windows\Explorer.EXE[3596] ntdll.dll!NtCreateProcess                                                      77824304 5 Bytes  JMP 00040FD4
.text          C:\Windows\Explorer.EXE[3596] ntdll.dll!NtProtectVirtualMemory                                                77824BA4 5 Bytes  JMP 00040FE5
.text          C:\Windows\Explorer.EXE[3596] kernel32.dll!GetStartupInfoW                                                    778F1929 5 Bytes  JMP 00010093
.text          C:\Windows\Explorer.EXE[3596] kernel32.dll!GetStartupInfoA                                                    778F19C9 5 Bytes  JMP 00010F43
.text          C:\Windows\Explorer.EXE[3596] kernel32.dll!CreateProcessW                                                    778F1BF3 5 Bytes  JMP 000100D0
.text          C:\Windows\Explorer.EXE[3596] kernel32.dll!CreateProcessA                                                    778F1C28 5 Bytes  JMP 000100BF
.text          C:\Windows\Explorer.EXE[3596] kernel32.dll!VirtualProtect                                                    778F1DC3 5 Bytes  JMP 00010053
.text          C:\Windows\Explorer.EXE[3596] kernel32.dll!CreateNamedPipeA                                                  778F2EF5 5 Bytes  JMP 00010FC3
.text          C:\Windows\Explorer.EXE[3596] kernel32.dll!CreateNamedPipeW                                                  778F5C0C 5 Bytes  JMP 00010FA8
.text          C:\Windows\Explorer.EXE[3596] kernel32.dll!CreatePipe                                                        77918F06 5 Bytes  JMP 00010F54
.text          C:\Windows\Explorer.EXE[3596] kernel32.dll!LoadLibraryExW                                                    7791927C 5 Bytes  JMP 0001002C
.text          C:\Windows\Explorer.EXE[3596] kernel32.dll!LoadLibraryW                                                      77919400 5 Bytes  JMP 00010F83
.text          C:\Windows\Explorer.EXE[3596] kernel32.dll!LoadLibraryExA                                                    77919554 5 Bytes  JMP 0001001B
.text          C:\Windows\Explorer.EXE[3596] kernel32.dll!LoadLibraryA                                                      7791957C 5 Bytes  JMP 0001000A
.text          C:\Windows\Explorer.EXE[3596] kernel32.dll!VirtualProtectEx                                                  7791DC52 5 Bytes  JMP 00010064
.text          C:\Windows\Explorer.EXE[3596] kernel32.dll!GetProcAddress                                                    7793925B 5 Bytes  JMP 00010F1E
.text          C:\Windows\Explorer.EXE[3596] kernel32.dll!CreateFileW                                                        7793B0EB 5 Bytes  JMP 00010FD4
.text          C:\Windows\Explorer.EXE[3596] kernel32.dll!CreateFileA                                                        7793D07F 5 Bytes  JMP 00010FE5
.text          C:\Windows\Explorer.EXE[3596] kernel32.dll!WinExec                                                            779860CF 5 Bytes  JMP 000100A4
.text          C:\Windows\Explorer.EXE[3596] ADVAPI32.dll!RegCreateKeyExA                                                    76D439AB 5 Bytes  JMP 00060051
.text          C:\Windows\Explorer.EXE[3596] ADVAPI32.dll!RegCreateKeyA                                                      76D43BA9 5 Bytes  JMP 0006002F
.text          C:\Windows\Explorer.EXE[3596] ADVAPI32.dll!RegOpenKeyA                                                        76D489C7 5 Bytes  JMP 00060FEF
.text          C:\Windows\Explorer.EXE[3596] ADVAPI32.dll!RegCreateKeyW                                                      76D5391E 5 Bytes  JMP 00060040
.text          C:\Windows\Explorer.EXE[3596] ADVAPI32.dll!RegCreateKeyExW                                                    76D541F1 5 Bytes  JMP 0006006C
.text          C:\Windows\Explorer.EXE[3596] ADVAPI32.dll!RegOpenKeyExA                                                      76D57C42 5 Bytes  JMP 0006000A
.text          C:\Windows\Explorer.EXE[3596] ADVAPI32.dll!RegOpenKeyW                                                        76D5E2B5 5 Bytes  JMP 00060FDE
.text          C:\Windows\Explorer.EXE[3596] ADVAPI32.dll!RegOpenKeyExW                                                      76D67BA1 5 Bytes  JMP 00060FC3
.text          C:\Windows\Explorer.EXE[3596] msvcrt.dll!_wsystem                                                            77497F3F 5 Bytes  JMP 00070FCD
.text          C:\Windows\Explorer.EXE[3596] msvcrt.dll!system                                                              7749805B 5 Bytes  JMP 00070FDE
.text          C:\Windows\Explorer.EXE[3596] msvcrt.dll!_creat                                                              7749BBF1 5 Bytes  JMP 00070033
.text          C:\Windows\Explorer.EXE[3596] msvcrt.dll!_open                                                                7749D116 5 Bytes  JMP 00070000
.text          C:\Windows\Explorer.EXE[3596] msvcrt.dll!_wcreat                                                              7749D336 5 Bytes  JMP 0007004E
.text          C:\Windows\Explorer.EXE[3596] msvcrt.dll!_wopen                                                              7749D511 5 Bytes  JMP 00070FEF
.text          C:\Windows\Explorer.EXE[3596] WININET.dll!InternetOpenA                                                      7713D6A8 5 Bytes  JMP 003D000A
.text          C:\Windows\Explorer.EXE[3596] WININET.dll!InternetOpenW                                                      7713DB21 5 Bytes  JMP 003D0FEF
.text          C:\Windows\Explorer.EXE[3596] WININET.dll!InternetOpenUrlA                                                    7713F3BC 5 Bytes  JMP 003D0FD4
.text          C:\Windows\Explorer.EXE[3596] WININET.dll!InternetOpenUrlW                                                    77186DFF 5 Bytes  JMP 003D0FC3
.text          C:\Windows\Explorer.EXE[3596] WS2_32.dll!socket                                                              75F236D1 5 Bytes  JMP 018A0FE5
.text          C:\Windows\system32\svchost.exe[4312] ntdll.dll!NtCreateFile                                                  77824244 5 Bytes  JMP 00040FEF
.text          C:\Windows\system32\svchost.exe[4312] ntdll.dll!NtCreateProcess                                              77824304 5 Bytes  JMP 00040FDE
.text          C:\Windows\system32\svchost.exe[4312] ntdll.dll!NtProtectVirtualMemory                                        77824BA4 5 Bytes  JMP 0004000A
.text          C:\Windows\system32\svchost.exe[4312] kernel32.dll!GetStartupInfoW                                            778F1929 5 Bytes  JMP 00010F57
.text          C:\Windows\system32\svchost.exe[4312] kernel32.dll!GetStartupInfoA                                            778F19C9 5 Bytes  JMP 0001009D
.text          C:\Windows\system32\svchost.exe[4312] kernel32.dll!CreateProcessW                                            778F1BF3 5 Bytes  JMP 00010F06
.text          C:\Windows\system32\svchost.exe[4312] kernel32.dll!CreateProcessA                                            778F1C28 5 Bytes  JMP 00010F17
.text          C:\Windows\system32\svchost.exe[4312] kernel32.dll!VirtualProtect                                            778F1DC3 5 Bytes  JMP 00010F83
.text          C:\Windows\system32\svchost.exe[4312] kernel32.dll!CreateNamedPipeA                                          778F2EF5 5 Bytes  JMP 00010025
.text          C:\Windows\system32\svchost.exe[4312] kernel32.dll!CreateNamedPipeW                                          778F5C0C 5 Bytes  JMP 00010040
.text          C:\Windows\system32\svchost.exe[4312] kernel32.dll!CreatePipe                                                77918F06 5 Bytes  JMP 0001008C
.text          C:\Windows\system32\svchost.exe[4312] kernel32.dll!LoadLibraryExW                                            7791927C 5 Bytes  JMP 00010F94
.text          C:\Windows\system32\svchost.exe[4312] kernel32.dll!LoadLibraryW                                              77919400 5 Bytes  JMP 00010051
.text          C:\Windows\system32\svchost.exe[4312] kernel32.dll!LoadLibraryExA                                            77919554 5 Bytes  JMP 00010FA5
.text          C:\Windows\system32\svchost.exe[4312] kernel32.dll!LoadLibraryA                                              7791957C 5 Bytes  JMP 00010FD4
.text          C:\Windows\system32\svchost.exe[4312] kernel32.dll!VirtualProtectEx                                          7791DC52 5 Bytes  JMP 00010F72
.text          C:\Windows\system32\svchost.exe[4312] kernel32.dll!GetProcAddress                                            7793925B 5 Bytes  JMP 00010EE1
.text          C:\Windows\system32\svchost.exe[4312] kernel32.dll!CreateFileW                                                7793B0EB 1 Byte  [E9]
.text          C:\Windows\system32\svchost.exe[4312] kernel32.dll!CreateFileW                                                7793B0EB 5 Bytes  JMP 00010FEF
.text          C:\Windows\system32\svchost.exe[4312] kernel32.dll!CreateFileA                                                7793D07F 5 Bytes  JMP 0001000A
.text          C:\Windows\system32\svchost.exe[4312] kernel32.dll!WinExec                                                    779860CF 5 Bytes  JMP 00010F3C
.text          C:\Windows\system32\svchost.exe[4312] msvcrt.dll!_wsystem                                                    77497F3F 5 Bytes  JMP 00060FC3
.text          C:\Windows\system32\svchost.exe[4312] msvcrt.dll!system                                                      7749805B 5 Bytes  JMP 00060044
.text          C:\Windows\system32\svchost.exe[4312] msvcrt.dll!_creat                                                      7749BBF1 5 Bytes  JMP 00060033
.text          C:\Windows\system32\svchost.exe[4312] msvcrt.dll!_open                                                        7749D116 5 Bytes  JMP 00060000
.text          C:\Windows\system32\svchost.exe[4312] msvcrt.dll!_wcreat                                                      7749D336 5 Bytes  JMP 00060FD4
.text          C:\Windows\system32\svchost.exe[4312] msvcrt.dll!_wopen                                                      7749D511 5 Bytes  JMP 00060FEF
.text          C:\Windows\system32\svchost.exe[4312] ADVAPI32.dll!RegCreateKeyExA                                            76D439AB 5 Bytes  JMP 00070F72
.text          C:\Windows\system32\svchost.exe[4312] ADVAPI32.dll!RegCreateKeyA                                              76D43BA9 5 Bytes  JMP 0007000A
.text          C:\Windows\system32\svchost.exe[4312] ADVAPI32.dll!RegOpenKeyA                                                76D489C7 5 Bytes  JMP 00070FE5
.text          C:\Windows\system32\svchost.exe[4312] ADVAPI32.dll!RegCreateKeyW                                              76D5391E 5 Bytes  JMP 00070F8D
.text          C:\Windows\system32\svchost.exe[4312] ADVAPI32.dll!RegCreateKeyExW                                            76D541F1 5 Bytes  JMP 00070F57
.text          C:\Windows\system32\svchost.exe[4312] ADVAPI32.dll!RegOpenKeyExA                                              76D57C42 5 Bytes  JMP 00070FB9
.text          C:\Windows\system32\svchost.exe[4312] ADVAPI32.dll!RegOpenKeyW                                                76D5E2B5 5 Bytes  JMP 00070FD4
.text          C:\Windows\system32\svchost.exe[4312] ADVAPI32.dll!RegOpenKeyExW                                              76D67BA1 5 Bytes  JMP 00070F9E
.text          C:\Windows\system32\svchost.exe[4312] WS2_32.dll!socket                                                      75F236D1 5 Bytes  JMP 00080000
.text          C:\Windows\System32\svchost.exe[5224] ntdll.dll!NtCreateFile                                                  77824244 5 Bytes  JMP 00040FE5
.text          C:\Windows\System32\svchost.exe[5224] ntdll.dll!NtCreateProcess                                              77824304 5 Bytes  JMP 00040FB9
.text          C:\Windows\System32\svchost.exe[5224] ntdll.dll!NtProtectVirtualMemory                                        77824BA4 5 Bytes  JMP 00040FCA
.text          C:\Windows\System32\svchost.exe[5224] kernel32.dll!GetStartupInfoW                                            778F1929 5 Bytes  JMP 000100D0
.text          C:\Windows\System32\svchost.exe[5224] kernel32.dll!GetStartupInfoA                                            778F19C9 5 Bytes  JMP 000100B5
.text          C:\Windows\System32\svchost.exe[5224] kernel32.dll!CreateProcessW                                            778F1BF3 5 Bytes  JMP 00010F5E
.text          C:\Windows\System32\svchost.exe[5224] kernel32.dll!CreateProcessA                                            778F1C28 5 Bytes  JMP 000100F5
.text          C:\Windows\System32\svchost.exe[5224] kernel32.dll!VirtualProtect                                            778F1DC3 5 Bytes  JMP 00010078
.text          C:\Windows\System32\svchost.exe[5224] kernel32.dll!CreateNamedPipeA                                          778F2EF5 5 Bytes  JMP 00010025
.text          C:\Windows\System32\svchost.exe[5224] kernel32.dll!CreateNamedPipeW                                          778F5C0C 5 Bytes  JMP 00010036
.text          C:\Windows\System32\svchost.exe[5224] kernel32.dll!CreatePipe                                                77918F06 5 Bytes  JMP 000100A4
.text          C:\Windows\System32\svchost.exe[5224] kernel32.dll!LoadLibraryExW                                            7791927C 5 Bytes  JMP 00010F9E
.text          C:\Windows\System32\svchost.exe[5224] kernel32.dll!LoadLibraryW                                              77919400 5 Bytes  JMP 00010FB9
.text          C:\Windows\System32\svchost.exe[5224] kernel32.dll!LoadLibraryExA                                            77919554 5 Bytes  JMP 0001005B
.text          C:\Windows\System32\svchost.exe[5224] kernel32.dll!LoadLibraryA                                              7791957C 5 Bytes  JMP 00010FD4
.text          C:\Windows\System32\svchost.exe[5224] kernel32.dll!VirtualProtectEx                                          7791DC52 5 Bytes  JMP 00010093
.text          C:\Windows\System32\svchost.exe[5224] kernel32.dll!GetProcAddress                                            7793925B 5 Bytes  JMP 00010106
.text          C:\Windows\System32\svchost.exe[5224] kernel32.dll!CreateFileW                                                7793B0EB 5 Bytes  JMP 00010014
.text          C:\Windows\System32\svchost.exe[5224] kernel32.dll!CreateFileA                                                7793D07F 5 Bytes  JMP 00010FEF
.text          C:\Windows\System32\svchost.exe[5224] kernel32.dll!WinExec                                                    779860CF 5 Bytes  JMP 00010F6F
.text          C:\Windows\System32\svchost.exe[5224] msvcrt.dll!_wsystem                                                    77497F3F 5 Bytes  JMP 000A0FD2
.text          C:\Windows\System32\svchost.exe[5224] msvcrt.dll!system                                                      7749805B 5 Bytes  JMP 000A0FE3
.text          C:\Windows\System32\svchost.exe[5224] msvcrt.dll!_creat                                                      7749BBF1 5 Bytes  JMP 000A0038
.text          C:\Windows\System32\svchost.exe[5224] msvcrt.dll!_open                                                        7749D116 5 Bytes  JMP 000A0000
.text          C:\Windows\System32\svchost.exe[5224] msvcrt.dll!_wcreat                                                      7749D336 5 Bytes  JMP 000A0049
.text          C:\Windows\System32\svchost.exe[5224] msvcrt.dll!_wopen                                                      7749D511 5 Bytes  JMP 000A001D
.text          C:\Windows\System32\svchost.exe[5224] ADVAPI32.dll!RegCreateKeyExA                                            76D439AB 5 Bytes  JMP 000B0036
.text          C:\Windows\System32\svchost.exe[5224] ADVAPI32.dll!RegCreateKeyA                                              76D43BA9 5 Bytes  JMP 000B0025
.text          C:\Windows\System32\svchost.exe[5224] ADVAPI32.dll!RegOpenKeyA                                                76D489C7 5 Bytes  JMP 000B0FE5
.text          C:\Windows\System32\svchost.exe[5224] ADVAPI32.dll!RegCreateKeyW                                              76D5391E 5 Bytes  JMP 000B0F94
.text          C:\Windows\System32\svchost.exe[5224] ADVAPI32.dll!RegCreateKeyExW                                            76D541F1 5 Bytes  JMP 000B0051
.text          C:\Windows\System32\svchost.exe[5224] ADVAPI32.dll!RegOpenKeyExA                                              76D57C42 5 Bytes  JMP 000B0FB9
.text          C:\Windows\System32\svchost.exe[5224] ADVAPI32.dll!RegOpenKeyW                                                76D5E2B5 5 Bytes  JMP 000B0FD4
.text          C:\Windows\System32\svchost.exe[5224] ADVAPI32.dll!RegOpenKeyExW                                              76D67BA1 5 Bytes  JMP 000B0014
.text          C:\Windows\system32\svchost.exe[5412] ntdll.dll!NtCreateFile                                                  77824244 5 Bytes  JMP 00040FEF
.text          C:\Windows\system32\svchost.exe[5412] ntdll.dll!NtCreateProcess                                              77824304 5 Bytes  JMP 00040FD4
.text          C:\Windows\system32\svchost.exe[5412] ntdll.dll!NtProtectVirtualMemory                                        77824BA4 5 Bytes  JMP 0004000A
.text          C:\Windows\system32\svchost.exe[5412] kernel32.dll!GetStartupInfoW                                            778F1929 5 Bytes  JMP 00010F4D
.text          C:\Windows\system32\svchost.exe[5412] kernel32.dll!GetStartupInfoA                                            778F19C9 5 Bytes  JMP 00010093
.text          C:\Windows\system32\svchost.exe[5412] kernel32.dll!CreateProcessW                                            778F1BF3 5 Bytes  JMP 000100C9
.text          C:\Windows\system32\svchost.exe[5412] kernel32.dll!CreateProcessA                                            778F1C28 5 Bytes  JMP 000100AE
.text          C:\Windows\system32\svchost.exe[5412] kernel32.dll!VirtualProtect                                            778F1DC3 5 Bytes  JMP 00010071
.text          C:\Windows\system32\svchost.exe[5412] kernel32.dll!CreateNamedPipeA                                          778F2EF5 5 Bytes  JMP 00010FEF
.text          C:\Windows\system32\svchost.exe[5412] kernel32.dll!CreateNamedPipeW                                          778F5C0C 5 Bytes  JMP 00010040
.text          C:\Windows\system32\svchost.exe[5412] kernel32.dll!CreatePipe                                                77918F06 5 Bytes  JMP 00010082
.text          C:\Windows\system32\svchost.exe[5412] kernel32.dll!LoadLibraryExW                                            7791927C 5 Bytes  JMP 00010F8D
.text          C:\Windows\system32\svchost.exe[5412] kernel32.dll!LoadLibraryW                                              77919400 5 Bytes  JMP 00010FB9
.text          C:\Windows\system32\svchost.exe[5412] kernel32.dll!LoadLibraryExA                                            77919554 5 Bytes  JMP 00010F9E
.text          C:\Windows\system32\svchost.exe[5412] kernel32.dll!LoadLibraryA                                              7791957C 5 Bytes  JMP 00010FD4
.text          C:\Windows\system32\svchost.exe[5412] kernel32.dll!VirtualProtectEx                                          7791DC52 5 Bytes  JMP 00010F7C
.text          C:\Windows\system32\svchost.exe[5412] kernel32.dll!GetProcAddress                                            7793925B 5 Bytes  JMP 00010F0D
.text          C:\Windows\system32\svchost.exe[5412] kernel32.dll!CreateFileW                                                7793B0EB 5 Bytes  JMP 0001001B
.text          C:\Windows\system32\svchost.exe[5412] kernel32.dll!CreateFileA                                                7793D07F 5 Bytes  JMP 00010000
.text          C:\Windows\system32\svchost.exe[5412] kernel32.dll!WinExec                                                    779860CF 5 Bytes  JMP 00010F28
.text          C:\Windows\system32\svchost.exe[5412] msvcrt.dll!_wsystem                                                    77497F3F 5 Bytes  JMP 0006001D
.text          C:\Windows\system32\svchost.exe[5412] msvcrt.dll!system                                                      7749805B 5 Bytes  JMP 00060F92
.text          C:\Windows\system32\svchost.exe[5412] msvcrt.dll!_creat                                                      7749BBF1 5 Bytes  JMP 00060FB7
.text          C:\Windows\system32\svchost.exe[5412] msvcrt.dll!_open                                                        7749D116 5 Bytes  JMP 00060FEF
.text          C:\Windows\system32\svchost.exe[5412] msvcrt.dll!_wcreat                                                      7749D336 5 Bytes  JMP 0006000C
.text          C:\Windows\system32\svchost.exe[5412] msvcrt.dll!_wopen                                                      7749D511 5 Bytes  JMP 00060FD2
.text          C:\Windows\system32\svchost.exe[5412] ADVAPI32.dll!RegCreateKeyExA                                            76D439AB 5 Bytes  JMP 00070043
.text          C:\Windows\system32\svchost.exe[5412] ADVAPI32.dll!RegCreateKeyA                                              76D43BA9 5 Bytes  JMP 00070FB2
.text          C:\Windows\system32\svchost.exe[5412] ADVAPI32.dll!RegOpenKeyA                                                76D489C7 5 Bytes  JMP 00070FEF
.text          C:\Windows\system32\svchost.exe[5412] ADVAPI32.dll!RegCreateKeyW                                              76D5391E 5 Bytes  JMP 00070FA1
.text          C:\Windows\system32\svchost.exe[5412] ADVAPI32.dll!RegCreateKeyExW                                            76D541F1 5 Bytes  JMP 00070054
.text          C:\Windows\system32\svchost.exe[5412] ADVAPI32.dll!RegOpenKeyExA                                              76D57C42 5 Bytes  JMP 00070014
.text          C:\Windows\system32\svchost.exe[5412] ADVAPI32.dll!RegOpenKeyW                                                76D5E2B5 5 Bytes  JMP 00070FD4
.text          C:\Windows\system32\svchost.exe[5412] ADVAPI32.dll!RegOpenKeyExW                                              76D67BA1 5 Bytes  JMP 00070FC3
.text          C:\Windows\system32\svchost.exe[5412] WS2_32.dll!socket                                                      75F236D1 5 Bytes  JMP 00080FE5

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                        MOBK.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                      Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                      Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                      mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                      kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                      mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                      kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                    kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
---- Processes - GMER 1.0.15 ----

Library        c:\windows\system32\n (*** hidden *** ) @ C:\Windows\Explorer.EXE [3596]                                      0x45670000                                                                                                                         

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00027241b5f7                                 
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                             
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                          0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                        0x4A 0x3E 0x03 0xA6 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00027241b5f7 (not active ControlSet)             
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)         
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                              0
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                            0x4A 0x3E 0x03 0xA6 ...

---- EOF - GMER 1.0.15 ----
Wie schon geschrieben bin Ich noch nicht sehr vertraut mit diesen Dingen.
Ich habe diesen Laptop gebraucht von meinem Kollegen gekauft und versuche jetzt seit Weihnachten damit klar zu kommen.
Deshalb entschuldigt bitte falls Ich etwas falsch mache.

Die Programme sind teilweise schon alle drauf gewesen und löschen trau Ich mich mit meinem beschränkten Kenntnissen noch nicht.

cosinus 28.06.2012 13:25
Ja das hilft :)
Das ist ein z.Zt. verbreiteter Schädling

Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Patient X 29.06.2012 09:35
Hallo Arne!

Ich habe leider Spätschicht diese Woche, weshalb sich meine Antworten etwas verzögern.

Ich habe heute Nacht Malwarebytes nach deinen Anweisungen laufen lassen.

Hier der Log davon:
Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.28.11

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19272
DD :: ODIN [Administrator]

Schutz: Aktiviert

28.06.2012 23:17:41
mbam-log-2012-06-28 (23-17-41).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 540062
Laufzeit: 3 Stunde(n), 9 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\DD\AppData\Local\{eb9819ac-a943-f0d9-e6db-ec8b5a2ef808}\n. -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Daten: C:\Windows\system32\regedit.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Users\DD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CR9MTY30\Testbundle23w_1254[1].exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\DD\AppData\Local\{eb9819ac-a943-f0d9-e6db-ec8b5a2ef808}\n (Trojan.Dropper.PE4) -> Löschen bei Neustart.
C:\Users\DD\AppData\Local\{eb9819ac-a943-f0d9-e6db-ec8b5a2ef808}\U\00000001.@ (Trojan.Small) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\DD\AppData\Local\{eb9819ac-a943-f0d9-e6db-ec8b5a2ef808}\U\80000000.@ (Trojan.Sirefef) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\DD\AppData\Local\{eb9819ac-a943-f0d9-e6db-ec8b5a2ef808}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{eb9819ac-a943-f0d9-e6db-ec8b5a2ef808}\n (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Den Eset-Scanner lasse Ich über den heutigen Tag laufen und schreibe das Log dann heute Abend.


Eine für mich wichtige Frage:
Kann Ich jetzt zur Sicherheit eine externe Festplatte anschließen und wichtige Daten darauf kopieren ohne das diese infiziert wird?
Nicht das die Trojaner sich auch da einnisten und später kommen die wieder auf den Laptop.

cosinus 29.06.2012 12:06
Wenn du wirklich sicher ein Backup machen willst, dann über eine Live-Umgebung, siehe Link mit Xubuntu in meiner Signatur

Patient X 29.06.2012 22:32
Danke für den Tipp!:daumenhoc

Hier der Log von Eset:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2e4c0f8a20f3b74c9d797fc6b2ff3b2c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-29 01:44:16
# local_time=2012-06-29 03:44:16 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1280 16777215 100 0 656814 656814 0 0
# compatibility_mode=5892 16776574 66 100 48285049 178492136 0 0
# compatibility_mode=8192 67108863 100 0 153 153 0 0
# scanned=419432
# found=4
# cleaned=0
# scan_time=18049
C:\Backup\Backup1\DD\Eigene Dateien\Tools\FLV konverter\Setup56_FreeFlvConverter.exe        Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
C:\Backup\DD\Eigene Dateien\Tools\FLV konverter\Setup56_FreeFlvConverter.exe        Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\25a31f7e-37bc5a14        a variant of Java/Exploit.CVE-2012-0507.CD trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\DD\Documents\Tools\FLV konverter\Setup56_FreeFlvConverter.exe        Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
Bereit für neue Anweisungen!:D

cosinus 01.07.2012 14:50
Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Patient X 01.07.2012 18:27
Seit den letzten 2 Anwendungen läuft alles ohne Probleme.
Kaspersky meldet "keine Bedrohungen"

Ordner sind alle da und gefüllt, soweit Ich das beurteilen kann.

cosinus 02.07.2012 10:34
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Patient X 02.07.2012 16:59
Hier das neue Log:

Code:
OTL logfile created on: 02.07.2012 15:12:26 - Run 2
OTL by OldTimer - Version 3.2.53.1    Folder = C:\Users\DD\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 71,65% Memory free
6,14 Gb Paging File | 5,14 Gb Available in Paging File | 83,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 452,75 Gb Total Space | 38,77 Gb Free Space | 8,56% Space Free | Partition Type: NTFS
Drive E: | 3,77 Gb Total Space | 2,70 Gb Free Space | 71,52% Space Free | Partition Type: FAT32
 
Computer Name: ODIN | User Name: DD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\DD\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Users\DD\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\PACKARD BELL\SetupMyPC\SmpSys.exe (Acer Incorporated)
PRC - C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerTray.exe (Acer Incorporated)
PRC - C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3331.38812__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3331.38795__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3331.38814__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3331.38809__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3331.38803__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3331.38896__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3331.38874__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3331.38802__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3331.38853__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3331.38838__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3331.38859__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3331.38896__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3331.38897__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3331.38860__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3331.38858__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3331.38895__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3331.38841__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3331.38869__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3331.38840__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3331.38804__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3331.38815__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3331.38835__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3331.38839__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3331.38852__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3331.38819__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3331.38814__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3331.38850__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3331.38839__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3331.38818__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3331.38840__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3331.38850__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3331.38852__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3331.38930__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3331.38890__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3331.38906__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3331.38791__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3331.38883__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3331.38808__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3331.38888__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3331.38794__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3331.38793__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3331.38799__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3331.38793__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3331.38792__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3331.38791__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3331.38889__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Program Files\Launch Manager\PowerUtl.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (MOBKbackup) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (DfSdkS) -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 7\DfSdkS.exe (mst software GmbH, Germany)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
SRV - (ePowerSvc) -- C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (FlashUSB) -- C:\Windows\System32\drivers\FlashUSB.sys (Danish Wireless Design A/S)
DRV - (MOBKFilter) -- C:\Windows\System32\drivers\MOBK.sys (Mozy, Inc.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (LgBttPort) -- C:\Windows\System32\drivers\lgbtport.sys (LG Electronics Inc.)
DRV - (LGVMODEM) -- C:\Windows\System32\drivers\lgvmodem.sys (LG Electronics Inc.)
DRV - (lgbusenum) -- C:\Windows\System32\drivers\lgbtbus.sys (LG Electronics Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.)
DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (DritekPortIO) -- C:\Program Files\Launch Manager\DPortIO.sys (Dritek System Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0410&m=easynote_lj65
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0410&m=easynote_lj65
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0410&m=easynote_lj65
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0410&m=easynote_lj65
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\..\SearchScopes\{6CFA647A-7824-4CF5-999D-5D188E2D7961}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\..\SearchScopes\{EC2F0341-0A64-4045-B18C-93CD9FEFAC77}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACPW
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Sichere Suche"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.30
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1
FF - prefs.js..extensions.enabledItems: toolbar@gmx.net:1.5.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: rikaichan-jpde@polarcloud.com:2.01.110409
FF - prefs.js..extensions.enabledItems: {b8cbd8e0-e642-11dd-ba2f-0800200c9a66}:1.6
FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.265.2
FF - prefs.js..extensions.enabledItems: {20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}:1.9
FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.7.82
FF - prefs.js..extensions.enabledItems: {265b0520-499e-11d9-9669-0800200c9a66}:2.0.6
FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009110501
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.1
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.50
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=mcafee&p="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\DD\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\DD\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\DD\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\DD\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012.02.23 19:51:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012.06.21 14:43:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.06.22 07:20:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.06.22 07:20:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.06.22 07:20:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.17 11:44:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.19 01:23:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.17 11:44:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.19 01:23:29 | 000,000,000 | ---D | M]
 
[2010.05.16 22:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DD\AppData\Roaming\mozilla\Extensions
[2010.05.16 22:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DD\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.07.01 23:36:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions
[2012.06.19 07:19:34 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.08.25 12:23:55 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011.04.01 15:28:39 | 000,000,000 | ---D | M] ("Facebook PhotoZoom") -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}
[2011.04.01 15:50:20 | 000,000,000 | ---D | M] (Ebay Negs!) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{265b0520-499e-11d9-9669-0800200c9a66}
[2011.04.01 16:02:55 | 000,000,000 | ---D | M] ("Split Browser") -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2012.03.02 19:57:31 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2012.04.08 00:16:19 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012.05.17 23:22:36 | 000,000,000 | ---D | M] (WOT) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.04.01 16:31:16 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2011.03.24 16:01:35 | 000,000,000 | ---D | M] ("DHL Packstation Bestellhelfer") -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{b8cbd8e0-e642-11dd-ba2f-0800200c9a66}
[2012.03.30 06:51:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.05.13 10:26:02 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2012.07.01 23:36:19 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012.05.20 11:27:20 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.09.29 17:23:01 | 000,000,000 | ---D | M] ("DHL Toolbar") -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{edc0b8a5-c050-4bb2-b785-a623b4515abf}
[2010.11.26 15:10:48 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.12.25 09:28:15 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2012.05.17 23:22:35 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\ich@maltegoetz.de
[2011.04.19 21:08:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\nostmp
[2011.04.01 16:05:12 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\tineye@ideeinc.com
[2012.06.29 10:24:53 | 000,000,853 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\11-suche.xml
[2010.07.03 10:39:55 | 000,009,837 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\ddl-search-v2.xml
[2012.06.29 10:24:53 | 000,002,209 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\englische-ergebnisse.xml
[2012.06.29 10:24:53 | 000,010,506 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\gmx-suche.xml
[2011.03.02 09:48:59 | 000,002,342 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\icq-search.xml
[2011.03.10 20:27:35 | 000,000,950 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\icqplugin-1.xml
[2011.03.24 13:44:18 | 000,000,950 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\icqplugin-2.xml
[2011.03.05 13:33:44 | 000,000,950 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\icqplugin.xml
[2012.06.29 10:24:53 | 000,002,368 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\lastminute.xml
[2012.06.29 10:24:52 | 000,005,489 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\webde-suche.xml
[2012.06.09 03:20:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.06.21 14:43:35 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE
[2012.02.23 19:51:54 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2012.01.02 22:48:13 | 000,130,514 | ---- | M] () (No name found) -- C:\USERS\DD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N63AA2N9.DEFAULT\EXTENSIONS\{249DF6A2-E336-47D1-B6C3-EC711AD140CA}.XPI
[2012.01.22 00:05:06 | 000,138,614 | ---- | M] () (No name found) -- C:\USERS\DD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N63AA2N9.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2012.06.01 19:03:09 | 000,395,898 | ---- | M] () (No name found) -- C:\USERS\DD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N63AA2N9.DEFAULT\EXTENSIONS\{D49175B3-3FD8-43B8-B28E-DA5D47F3C398}.XPI
[2012.05.19 00:56:15 | 005,438,448 | ---- | M] () (No name found) -- C:\USERS\DD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N63AA2N9.DEFAULT\EXTENSIONS\GREASEFIRE@SKRUL.COM.XPI
[2011.06.23 05:39:57 | 000,046,484 | ---- | M] () (No name found) -- C:\USERS\DD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N63AA2N9.DEFAULT\EXTENSIONS\LANGPACK-DE@CHATZILLA.MOZILLA.ORG.XPI
[2012.06.29 10:24:14 | 000,575,217 | ---- | M] () (No name found) -- C:\USERS\DD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N63AA2N9.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
[2010.08.04 13:40:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.06.17 11:44:20 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2012.03.26 10:09:54 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.01 18:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.01 18:33:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.01 18:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.01 18:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.02 09:17:02 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012.06.01 18:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.01 18:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\DD\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\DD\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\DD\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\DD\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: getPlusPlus for Adobe 16291 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\DD\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\DD\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - Extension: Adblock Plus (Beta) = C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Ragdoll Avalanche 2 = C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\dijphmcdlkiiagnjoheephkicadkcoan\1.0_0\
CHR - Extension: SiteAdvisor = C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: Webcam Toy = C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade\1.2.2_0\
CHR - Extension: Zombie Drop = C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhmhllfgcoopjdmcmdeobhgimokcabmc\1.0_0\
CHR - Extension: Texas Holdem Poker = C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojbaogcpfpkhbmjmefladpimcmfggkjl\1.0.0.2_0\
CHR - Extension: Love Calculator = C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolmcecgdmgibngcbeedeljjadklplag\1.3_0\
CHR - Extension: Anti-Banner = C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\
 
O1 HOSTS File: ([2011.07.31 15:18:35 | 000,423,246 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 14592 more lines...
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20120430014745.dll (McAfee, Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetupMyPC\SmpSys.exe (Acer Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O8 - Extra context menu item: Add to AMV/AVI Video Converter... - C:\Program Files\Media Player Utilities 4.28\AMVConverter\grab.html ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C6E75D3-C364-4A41-A1F0-0591696E0B3C}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Users\DD\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\DD\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7c7ae5c0-44a0-11e0-9482-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7c7ae5c0-44a0-11e0-9482-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe
O33 - MountPoints2\{7fa77a76-b768-11df-a38c-00235a89b8d3}\Shell - "" = AutoRun
O33 - MountPoints2\{7fa77a76-b768-11df-a38c-00235a89b8d3}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe
O33 - MountPoints2\{97d8c732-f6d1-11df-8535-00235a89b8d3}\Shell - "" = AutoRun
O33 - MountPoints2\{97d8c732-f6d1-11df-8535-00235a89b8d3}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Sharedaccess -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: B2C_AGENT - hkey= - key= - C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
MsConfig - StartUpReg: Steam - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: McMPFSvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: mcmscsvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SafeBootNet: mfefirek - C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfefirek.sys - C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfehidk - C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfehidk.sys - C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfevtp - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SharedAccess -  File not found
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vsmon - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.02 15:08:25 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\DD\Desktop\OTL.exe
[2012.07.02 00:23:31 | 000,000,000 | ---D | C] -- C:\Users\DD\Desktop\PC  retten
[2012.07.01 21:32:25 | 000,000,000 | ---D | C] -- C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Media Player Utilities 4.28
[2012.07.01 21:31:21 | 000,000,000 | ---D | C] -- C:\Program Files\Media Player Utilities 4.28
[2012.06.29 10:40:55 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.06.28 23:15:47 | 000,000,000 | ---D | C] -- C:\Users\DD\AppData\Roaming\Malwarebytes
[2012.06.28 23:15:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.28 23:15:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.28 23:15:38 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.28 23:15:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.27 11:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2012.06.27 11:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2012.06.27 11:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2012.06.27 11:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2012.06.23 07:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2012.06.23 07:13:54 | 000,000,000 | ---D | C] -- C:\Users\DD\AppData\Roaming\QuickScan
[2012.06.22 17:00:13 | 000,335,504 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\TrufosAlt.sys
[2012.06.21 20:19:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012
[2012.06.21 20:16:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.06.21 20:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2012.06.21 20:14:40 | 000,570,160 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012.06.21 14:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012.06.21 07:15:39 | 000,000,000 | ---D | C] -- C:\Users\DD\AppData\Local\Macromedia
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.02 15:14:19 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.02 15:08:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\DD\Desktop\OTL.exe
[2012.07.02 15:01:38 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.02 15:01:24 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2012.07.02 15:01:23 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.02 15:00:55 | 000,004,512 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.02 15:00:55 | 000,004,512 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.02 15:00:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.02 10:40:35 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.07.02 10:30:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4170860937-2119410488-3439256695-1000UA.job
[2012.07.02 05:46:26 | 000,691,636 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.02 05:46:26 | 000,656,494 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.02 05:46:26 | 000,152,156 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.02 05:46:26 | 000,128,442 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.02 05:44:02 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4170860937-2119410488-3439256695-1000UA.job
[2012.07.02 01:07:12 | 000,137,216 | ---- | M] () -- C:\Users\DD\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.01 19:44:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4170860937-2119410488-3439256695-1000Core.job
[2012.07.01 19:30:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4170860937-2119410488-3439256695-1000Core.job
[2012.06.30 11:52:56 | 000,000,868 | ---- | M] () -- C:\Users\DD\Desktop\DVD Profiler.lnk
[2012.06.23 14:31:05 | 000,000,020 | ---- | M] () -- C:\Users\DD\defogger_reenable
[2012.06.23 07:11:15 | 000,335,504 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\TrufosAlt.sys
[2012.06.22 07:47:30 | 000,002,489 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.06.21 20:29:52 | 000,017,408 | ---- | M] () -- C:\Users\DD\AppData\Local\WebpageIcons.db
[2012.06.21 20:19:13 | 000,115,369 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2012.06.21 20:19:13 | 000,097,961 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2012.06.21 20:14:40 | 000,570,160 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012.06.19 16:29:40 | 000,000,680 | ---- | M] () -- C:\Users\DD\AppData\Local\d3d9caps.dat
[2012.06.13 05:48:03 | 000,393,952 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.09 03:20:53 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.30 11:52:56 | 000,000,868 | ---- | C] () -- C:\Users\DD\Desktop\DVD Profiler.lnk
[2012.06.23 14:30:10 | 000,000,020 | ---- | C] () -- C:\Users\DD\defogger_reenable
[2012.06.21 20:29:44 | 000,017,408 | ---- | C] () -- C:\Users\DD\AppData\Local\WebpageIcons.db
[2012.06.21 20:19:13 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2012.06.21 20:19:13 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2012.04.04 04:49:18 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2012.01.10 22:14:13 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{eb9819ac-a943-f0d9-e6db-ec8b5a2ef808}\@
[2012.01.10 22:14:13 | 000,002,048 | -HS- | C] () -- C:\Users\DD\AppData\Local\{eb9819ac-a943-f0d9-e6db-ec8b5a2ef808}\@
[2011.10.13 00:01:50 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011.09.21 06:59:27 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll
[2011.07.31 12:43:46 | 000,065,536 | ---- | C] () -- C:\Windows\revolutions_uninstall.exe
[2011.03.11 12:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2010.12.30 16:37:25 | 000,000,090 | ---- | C] () -- C:\Users\DD\AppData\Local\fusioncache.dat
[2010.12.28 13:58:59 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.12.05 22:16:02 | 000,000,249 | ---- | C] () -- C:\Windows\bctester_de.INI
[2010.10.10 20:15:43 | 000,000,465 | ---- | C] () -- C:\Windows\iScreensaver.ini
[2010.10.10 20:15:00 | 000,029,184 | -H-- | C] () -- C:\Windows\MBSRectPlugin1635.dll
[2010.09.04 18:06:46 | 000,221,291 | ---- | C] () -- C:\Windows\Imei_dll.dll
[2010.09.04 18:06:46 | 000,040,960 | ---- | C] () -- C:\Windows\Sublock.dll
[2010.09.03 21:36:46 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2010.09.03 21:36:46 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2010.04.27 20:28:25 | 000,000,680 | ---- | C] () -- C:\Users\DD\AppData\Local\d3d9caps.dat
[2010.04.22 12:53:25 | 000,137,216 | ---- | C] () -- C:\Users\DD\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2010.04.22 21:59:57 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Ashampoo
[2010.08.23 18:25:11 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\BonkEnc
[2010.08.04 10:46:06 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\CheckPoint
[2010.08.10 23:08:44 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\COMPUTERBILD-Abzockschutz
[2011.10.17 11:03:32 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Epson
[2010.05.26 21:09:29 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\EurekaLog
[2012.06.11 20:07:22 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\FILEminimizerPictures
[2010.11.27 12:41:58 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\GARMIN
[2011.03.03 00:56:48 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\ICQ
[2011.12.09 17:20:16 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\IrfanView
[2010.10.10 20:15:36 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\iScreensaver
[2012.01.22 11:27:16 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\JAM Software
[2011.03.30 22:44:36 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\LG Electronics
[2010.11.21 15:32:22 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\LogicWeave Software
[2010.07.03 12:43:53 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Petroglyph
[2012.06.23 07:13:59 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\QuickScan
[2011.12.26 18:14:54 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\RavensburgerTipToi
[2012.01.14 20:11:20 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Rovio
[2010.06.22 09:36:58 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\ScreeNet iSaver
[2011.02.24 19:24:02 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\The Creative Assembly
[2010.05.16 22:11:25 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\TomTom
[2010.04.22 13:33:50 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\TuneUp Software
[2010.12.30 16:40:49 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Turbine
[2010.09.03 21:45:14 | 000,000,000 | -H-D | M] -- C:\Users\DD\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}
[2012.07.02 15:01:24 | 000,000,522 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2012.07.01 19:30:01 | 000,000,894 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4170860937-2119410488-3439256695-1000Core.job
[2012.07.02 10:30:00 | 000,000,916 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4170860937-2119410488-3439256695-1000UA.job
[2012.07.02 10:40:35 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.08.20 15:45:11 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Adobe
[2011.11.24 20:45:46 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Apple Computer
[2010.04.22 21:59:57 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Ashampoo
[2010.04.22 11:38:59 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\ATI
[2010.08.23 18:25:11 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\BonkEnc
[2010.08.04 10:46:06 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\CheckPoint
[2010.08.10 23:08:44 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\COMPUTERBILD-Abzockschutz
[2010.07.05 12:31:35 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\CyberLink
[2010.08.18 19:46:52 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\DivX
[2012.05.24 17:19:28 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\dvdcss
[2011.10.17 11:03:32 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Epson
[2010.05.26 21:09:29 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\EurekaLog
[2012.06.11 20:07:22 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\FILEminimizerPictures
[2010.11.27 12:41:58 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\GARMIN
[2010.04.22 12:18:33 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Google
[2011.03.03 00:56:48 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\ICQ
[2010.04.22 11:38:30 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Identities
[2011.10.12 18:41:11 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\InstallShield
[2011.12.09 17:20:16 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\IrfanView
[2010.10.10 20:15:36 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\iScreensaver
[2012.01.22 11:27:16 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\JAM Software
[2011.03.30 22:44:36 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\LG Electronics
[2010.11.21 15:32:22 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\LogicWeave Software
[2011.04.01 16:12:05 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Macromedia
[2012.06.28 23:15:47 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Media Center Programs
[2010.05.20 19:51:09 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Media Player Classic
[2012.01.01 16:28:35 | 000,000,000 | --SD | M] -- C:\Users\DD\AppData\Roaming\Microsoft
[2010.04.22 12:22:53 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Mozilla
[2010.07.11 14:39:16 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Nero
[2010.07.03 12:43:53 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Petroglyph
[2012.06.23 07:13:59 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\QuickScan
[2011.12.26 18:14:54 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\RavensburgerTipToi
[2010.08.12 22:09:01 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Real
[2012.01.14 20:11:20 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Rovio
[2010.06.22 09:36:58 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\ScreeNet iSaver
[2012.03.21 14:11:41 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Skype
[2011.02.24 19:24:02 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\The Creative Assembly
[2010.05.16 22:11:25 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\TomTom
[2010.04.22 13:33:50 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\TuneUp Software
[2010.12.30 16:40:49 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Turbine
[2012.07.02 15:23:25 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\vlc
[2010.04.23 09:28:04 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\WinRAR
[2010.07.03 12:35:07 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Xfire
[2010.09.03 21:45:14 | 000,000,000 | -H-D | M] -- C:\Users\DD\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}
 
< %APPDATA%\*.exe /s >
[2011.04.08 07:38:40 | 000,032,768 | ---- | M] ((주)테크노니아) -- C:\Users\DD\AppData\Roaming\LG Electronics\LG PC Suite III\UpdateHelper.exe
[2010.11.21 15:31:52 | 000,002,550 | R--- | M] () -- C:\Users\DD\AppData\Roaming\Microsoft\Installer\{19F71F50-EE15-4213-A1ED-EA74FFA60C51}\_52CFA3F3BFCA9A03BDDA97.exe
[2010.11.21 15:31:52 | 000,002,550 | R--- | M] () -- C:\Users\DD\AppData\Roaming\Microsoft\Installer\{19F71F50-EE15-4213-A1ED-EA74FFA60C51}\_6FEFF9B68218417F98F549.exe
[2010.11.21 15:31:53 | 000,002,550 | R--- | M] () -- C:\Users\DD\AppData\Roaming\Microsoft\Installer\{19F71F50-EE15-4213-A1ED-EA74FFA60C51}\_C788D9264F0B22B25F0E97.exe
[2012.07.01 21:34:59 | 000,001,078 | R--- | M] () -- C:\Users\DD\AppData\Roaming\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_25D7A4A9F2D862C2B977C4.exe
[2012.07.01 21:34:59 | 000,010,134 | R--- | M] () -- C:\Users\DD\AppData\Roaming\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_562F73C7672C28A61F1D00.exe
[2012.07.01 21:34:59 | 000,001,078 | R--- | M] () -- C:\Users\DD\AppData\Roaming\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_5A201C1BE64802367DC4E1.exe
[2012.07.01 21:34:59 | 000,000,766 | R--- | M] () -- C:\Users\DD\AppData\Roaming\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_6FEFF9B68218417F98F549.exe
[2012.07.01 21:34:59 | 000,016,262 | R--- | M] () -- C:\Users\DD\AppData\Roaming\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_94C5C199B759AAD5E732EF.exe
[2012.07.01 21:34:59 | 000,002,550 | R--- | M] () -- C:\Users\DD\AppData\Roaming\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_AC5A6C3DD52787B1AA40F8.exe
[2012.07.01 21:34:59 | 000,001,518 | R--- | M] () -- C:\Users\DD\AppData\Roaming\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_F34E49E98C52AC1EB6059D.exe
[2009.06.04 13:51:24 | 001,413,256 | R--- | M] () -- C:\Users\DD\AppData\Roaming\Microsoft\Windows\Templates\E\USBAutoRun.exe
[2009.05.12 08:46:36 | 000,212,992 | R--- | M] () -- C:\Users\DD\AppData\Roaming\Microsoft\Windows\Templates\E\tools\LGSetCDROMAutoRun.exe
[2010.09.01 16:52:56 | 000,032,032 | ---- | M] (NOS Microsystems Ltd.) -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\extensions\nostmp\content\getPlusPlus_Adobe_reg.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.12 08:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
[2008.06.03 05:29:54 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys
[2008.06.03 05:29:54 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys
[2008.06.03 05:27:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys
[2008.06.03 05:27:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011.03.04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl1.sys
[2011.03.04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl2.sys
[2012.06.21 20:14:40 | 000,570,160 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klif.sys
[2011.03.10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\klim6.sys
[2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klmouflt.sys
[1 C:\Windows\system32\drivers\*.tmp files -> C:\Windows\system32\drivers\*.tmp -> ]
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.02.13 16:34:32 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll
[2011.04.24 23:13:10 | 000,229,776 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\klogon.dll
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
<          >

< End of report >

cosinus 03.07.2012 11:12
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0410&m=easynote_lj65
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0410&m=easynote_lj65
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0410&m=easynote_lj65
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0410&m=easynote_lj65
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\..\SearchScopes\{6CFA647A-7824-4CF5-999D-5D188E2D7961}: "URL" = http://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
FF - prefs.js..browser.search.defaultenginename: "Sichere Suche"
FF - prefs.js..extensions.enabledItems: toolbar@gmx.net:1.5.4
FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=mcafee&p="
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
[2010.07.03 10:39:55 | 000,009,837 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\ddl-search-v2.xml
[2012.06.29 10:24:53 | 000,010,506 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\gmx-suche.xml
[2011.03.02 09:48:59 | 000,002,342 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\icq-search.xml
[2011.03.10 20:27:35 | 000,000,950 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\icqplugin-1.xml
[2011.03.24 13:44:18 | 000,000,950 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\icqplugin-2.xml
[2011.03.05 13:33:44 | 000,000,950 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\icqplugin.xml
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7c7ae5c0-44a0-11e0-9482-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7c7ae5c0-44a0-11e0-9482-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe
O33 - MountPoints2\{7fa77a76-b768-11df-a38c-00235a89b8d3}\Shell - "" = AutoRun
O33 - MountPoints2\{7fa77a76-b768-11df-a38c-00235a89b8d3}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe
O33 - MountPoints2\{97d8c732-f6d1-11df-8535-00235a89b8d3}\Shell - "" = AutoRun
O33 - MountPoints2\{97d8c732-f6d1-11df-8535-00235a89b8d3}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta
:Files
C:\Program Files\ICQ6Toolbar
C:\Windows\Installer\{eb9819ac-a943-f0d9-e6db-ec8b5a2ef808}\@
C:\Users\DD\AppData\Local\{eb9819ac-a943-f0d9-e6db-ec8b5a2ef808}\@
C:\Users\DD\AppData\Roaming\CheckPoint
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Patient X 03.07.2012 14:59
Erledigt!

Code:
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Program Files\ICQ6Toolbar\ICQToolBar.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!
HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-4170860937-2119410488-3439256695-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4170860937-2119410488-3439256695-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ deleted successfully.
File move failed. c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-21-4170860937-2119410488-3439256695-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Program Files\ICQ6Toolbar\ICQToolBar.dll not found.
HKEY_USERS\S-1-5-21-4170860937-2119410488-3439256695-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4170860937-2119410488-3439256695-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-4170860937-2119410488-3439256695-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6CFA647A-7824-4CF5-999D-5D188E2D7961}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6CFA647A-7824-4CF5-999D-5D188E2D7961}\ not found.
Registry key HKEY_USERS\S-1-5-21-4170860937-2119410488-3439256695-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "Sichere Suche" removed from browser.search.defaultenginename
Prefs.js: toolbar@gmx.net:1.5.4 removed from extensions.enabledItems
Prefs.js: "hxxp://de.search.yahoo.com/search?fr=mcafee&p=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@checkpoint.com/FFApi\ deleted successfully.
C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\ddl-search-v2.xml moved successfully.
C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\gmx-suche.xml moved successfully.
C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\icq-search.xml moved successfully.
C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\icqplugin.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Program Files\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_USERS\S-1-5-21-4170860937-2119410488-3439256695-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c7ae5c0-44a0-11e0-9482-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c7ae5c0-44a0-11e0-9482-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c7ae5c0-44a0-11e0-9482-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c7ae5c0-44a0-11e0-9482-806e6f6e6963}\ not found.
File E:\Start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7fa77a76-b768-11df-a38c-00235a89b8d3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7fa77a76-b768-11df-a38c-00235a89b8d3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7fa77a76-b768-11df-a38c-00235a89b8d3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7fa77a76-b768-11df-a38c-00235a89b8d3}\ not found.
File E:\USBAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97d8c732-f6d1-11df-8535-00235a89b8d3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97d8c732-f6d1-11df-8535-00235a89b8d3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97d8c732-f6d1-11df-8535-00235a89b8d3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97d8c732-f6d1-11df-8535-00235a89b8d3}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta not found.
========== FILES ==========
C:\Program Files\ICQ6Toolbar folder moved successfully.
C:\Windows\Installer\{eb9819ac-a943-f0d9-e6db-ec8b5a2ef808}\@ moved successfully.
C:\Users\DD\AppData\Local\{eb9819ac-a943-f0d9-e6db-ec8b5a2ef808}\@ moved successfully.
C:\Users\DD\AppData\Roaming\CheckPoint\ZoneAlarm Toolbar\TrustChecker folder moved successfully.
C:\Users\DD\AppData\Roaming\CheckPoint\ZoneAlarm Toolbar\PTPCACHE folder moved successfully.
C:\Users\DD\AppData\Roaming\CheckPoint\ZoneAlarm Toolbar folder moved successfully.
C:\Users\DD\AppData\Roaming\CheckPoint folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\splash folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: DD
->Temp folder emptied: 82771170 bytes
->Temporary Internet Files folder emptied: 373515268 bytes
->FireFox cache emptied: 387212470 bytes
->Google Chrome cache emptied: 313845890 bytes
->Flash cache emptied: 18436 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Mcx1
->Temp folder emptied: 895256 bytes
->Temporary Internet Files folder emptied: 42148 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 28928 bytes
%systemroot%\System32\drivers .tmp files removed: 279440 bytes
Windows Temp folder emptied: 66636 bytes
RecycleBin emptied: 7642451939 bytes
 
Total Files Cleaned = 8.393,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: DD
->Flash cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: Mcx1
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.53.1 log created on 07032012_153128

Files\Folders moved on Reboot...
File move failed. c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll scheduled to be moved on reboot.

PendingFileRenameOperations files...
[2012.02.17 11:20:28 | 000,281,600 | ---- | M] (McAfee, Inc.) c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll : MD5=7B17107D054A88C6D1ECC285B502D2D9

Registry entries deleted on Reboot...
Bei FireFox sind jetzt einige bestehende AddOns neu geladen oder installiert worden.
Die Skins und Designelemente sind auch weg.
Ist das normal?

cosinus 03.07.2012 15:55
Ja evtl. hab ich da einiges von dir gewolltes gefixt, aber das kannst du ja so wieder nachinstallieren

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Patient X 03.07.2012 16:27
Auch erledigt!

Code:
17:16:36.0640 3100        TDSS rootkit removing tool 2.7.44.0 Jul  2 2012 20:01:08
17:16:36.0820 3100        ============================================================
17:16:36.0820 3100        Current date / time: 2012/07/03 17:16:36.0820
17:16:36.0820 3100        SystemInfo:
17:16:36.0820 3100       
17:16:36.0820 3100        OS Version: 6.0.6002 ServicePack: 2.0
17:16:36.0820 3100        Product type: Workstation
17:16:36.0820 3100        ComputerName: ODIN
17:16:36.0820 3100        UserName: DD
17:16:36.0820 3100        Windows directory: C:\Windows
17:16:36.0820 3100        System windows directory: C:\Windows
17:16:36.0820 3100        Processor architecture: Intel x86
17:16:36.0820 3100        Number of processors: 2
17:16:36.0820 3100        Page size: 0x1000
17:16:36.0820 3100        Boot type: Normal boot
17:16:36.0820 3100        ============================================================
17:16:46.0653 3100        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:16:46.0778 3100        ============================================================
17:16:46.0778 3100        \Device\Harddisk0\DR0:
17:16:46.0824 3100        MBR partitions:
17:16:46.0824 3100        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A04000, BlocksNum 0x38981800
17:16:46.0824 3100        ============================================================
17:16:47.0183 3100        C: <-> \Device\Harddisk0\DR0\Partition0
17:16:47.0183 3100        ============================================================
17:16:47.0183 3100        Initialize success
17:16:47.0183 3100        ============================================================
17:19:38.0430 3220        ============================================================
17:19:38.0430 3220        Scan started
17:19:38.0430 3220        Mode: Manual; SigCheck; TDLFS;
17:19:38.0430 3220        ============================================================
17:19:39.0989 3220        ABBYY.Licensing.FineReader.Sprint.9.0 (b33cf4de909a5b30f526d82053a63c8e) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
17:19:40.0223 3220        ABBYY.Licensing.FineReader.Sprint.9.0 - ok
17:19:40.0472 3220        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
17:19:40.0503 3220        ACPI - ok
17:19:40.0581 3220        AdobeActiveFileMonitor6.0 (e8fe4fce23d2809bd88bcc1d0f8408ce) C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
17:19:40.0613 3220        AdobeActiveFileMonitor6.0 - ok
17:19:40.0659 3220        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:19:40.0691 3220        AdobeARMservice - ok
17:19:40.0800 3220        AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:19:40.0831 3220        AdobeFlashPlayerUpdateSvc - ok
17:19:40.0893 3220        adp94xx        (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
17:19:40.0940 3220        adp94xx - ok
17:19:41.0003 3220        adpahci        (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
17:19:41.0034 3220        adpahci - ok
17:19:41.0081 3220        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
17:19:41.0096 3220        adpu160m - ok
17:19:41.0190 3220        adpu320        (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
17:19:41.0221 3220        adpu320 - ok
17:19:41.0283 3220        AeLookupSvc    (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
17:19:41.0408 3220        AeLookupSvc - ok
17:19:41.0471 3220        AFD            (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
17:19:41.0533 3220        AFD - ok
17:19:41.0580 3220        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
17:19:41.0611 3220        agp440 - ok
17:19:41.0642 3220        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
17:19:41.0658 3220        aic78xx - ok
17:19:41.0689 3220        ALG            (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
17:19:41.0814 3220        ALG - ok
17:19:41.0876 3220        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
17:19:41.0892 3220        aliide - ok
17:19:41.0954 3220        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
17:19:41.0970 3220        amdagp - ok
17:19:42.0017 3220        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
17:19:42.0048 3220        amdide - ok
17:19:42.0173 3220        AmdK7          (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
17:19:42.0282 3220        AmdK7 - ok
17:19:42.0329 3220        AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
17:19:42.0407 3220        AmdK8 - ok
17:19:43.0062 3220        amdkmdag        (7a46cf1f1075eb0340ea40f12d88a862) C:\Windows\system32\DRIVERS\atipmdag.sys
17:19:43.0701 3220        amdkmdag - ok
17:19:43.0951 3220        amdkmdap        (e786ac0fbab7acfa53a7f8ef64652dd5) C:\Windows\system32\DRIVERS\atikmpag.sys
17:19:43.0998 3220        amdkmdap - ok
17:19:44.0029 3220        Appinfo        (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
17:19:44.0091 3220        Appinfo - ok
17:19:44.0138 3220        arc            (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
17:19:44.0154 3220        arc - ok
17:19:44.0185 3220        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
17:19:44.0216 3220        arcsas - ok
17:19:44.0325 3220        aspnet_state    (40c145f12ff461a0220303bda134f598) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:19:44.0357 3220        aspnet_state - ok
17:19:44.0388 3220        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
17:19:44.0450 3220        AsyncMac - ok
17:19:44.0481 3220        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
17:19:44.0497 3220        atapi - ok
17:19:44.0575 3220        Ati External Event Utility (02cbd9af51be20608c21547582723fc8) C:\Windows\system32\Ati2evxx.exe
17:19:44.0637 3220        Ati External Event Utility - ok
17:19:44.0747 3220        AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
17:19:44.0793 3220        AudioEndpointBuilder - ok
17:19:44.0793 3220        Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
17:19:44.0825 3220        Audiosrv - ok
17:19:44.0965 3220        AVP            (2718dc27571bd1e37813f5759d2dc118) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
17:19:44.0996 3220        AVP - ok
17:19:45.0090 3220        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
17:19:45.0137 3220        Beep - ok
17:19:45.0293 3220        BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
17:19:45.0464 3220        BITS - ok
17:19:45.0511 3220        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
17:19:45.0589 3220        blbdrive - ok
17:19:45.0651 3220        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
17:19:45.0698 3220        bowser - ok
17:19:45.0761 3220        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
17:19:45.0807 3220        BrFiltLo - ok
17:19:45.0839 3220        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
17:19:45.0901 3220        BrFiltUp - ok
17:19:45.0917 3220        Browser        (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
17:19:45.0979 3220        Browser - ok
17:19:46.0041 3220        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
17:19:46.0197 3220        Brserid - ok
17:19:46.0260 3220        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
17:19:46.0322 3220        BrSerWdm - ok
17:19:46.0353 3220        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
17:19:46.0431 3220        BrUsbMdm - ok
17:19:46.0447 3220        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
17:19:46.0525 3220        BrUsbSer - ok
17:19:46.0572 3220        BthEnum        (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
17:19:46.0634 3220        BthEnum - ok
17:19:46.0759 3220        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
17:19:46.0853 3220        BTHMODEM - ok
17:19:46.0884 3220        BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
17:19:46.0931 3220        BthPan - ok
17:19:47.0133 3220        BTHPORT        (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
17:19:47.0258 3220        BTHPORT - ok
17:19:47.0367 3220        BthServ        (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
17:19:47.0414 3220        BthServ - ok
17:19:47.0445 3220        BTHUSB          (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
17:19:47.0477 3220        BTHUSB - ok
17:19:47.0508 3220        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
17:19:47.0555 3220        cdfs - ok
17:19:47.0601 3220        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
17:19:47.0648 3220        cdrom - ok
17:19:47.0679 3220        CertPropSvc    (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
17:19:47.0726 3220        CertPropSvc - ok
17:19:47.0789 3220        cfwids          (1c7b1e36f3ced9e4b0b13385e627fe8b) C:\Windows\system32\drivers\cfwids.sys
17:19:47.0804 3220        cfwids - ok
17:19:47.0851 3220        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
17:19:47.0898 3220        circlass - ok
17:19:47.0960 3220        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
17:19:47.0991 3220        CLFS - ok
17:19:48.0132 3220        clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:19:48.0163 3220        clr_optimization_v2.0.50727_32 - ok
17:19:48.0241 3220        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:19:48.0257 3220        clr_optimization_v4.0.30319_32 - ok
17:19:48.0319 3220        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
17:19:48.0366 3220        CmBatt - ok
17:19:48.0413 3220        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
17:19:48.0428 3220        cmdide - ok
17:19:48.0444 3220        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
17:19:48.0459 3220        Compbatt - ok
17:19:48.0475 3220        COMSysApp - ok
17:19:48.0475 3220        crcdisk        (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
17:19:48.0506 3220        crcdisk - ok
17:19:48.0537 3220        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
17:19:48.0600 3220        Crusoe - ok
17:19:48.0678 3220        CryptSvc        (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
17:19:48.0725 3220        CryptSvc - ok
17:19:48.0803 3220        DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
17:19:48.0896 3220        DcomLaunch - ok
17:19:48.0959 3220        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
17:19:49.0037 3220        DfsC - ok
17:19:49.0317 3220        DfSdkS          (92ae26f2caf4a67e24a0ba6ddf32cc3c) C:\Program Files\Ashampoo\Ashampoo WinOptimizer 7\Dfsdks.exe
17:19:49.0395 3220        DfSdkS ( UnsignedFile.Multi.Generic ) - warning
17:19:49.0395 3220        DfSdkS - detected UnsignedFile.Multi.Generic (1)
17:19:49.0957 3220        DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
17:19:50.0144 3220        DFSR - ok
17:19:50.0409 3220        Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
17:19:50.0441 3220        Dhcp - ok
17:19:50.0519 3220        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
17:19:50.0550 3220        disk - ok
17:19:50.0612 3220        DKbFltr        (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
17:19:50.0628 3220        DKbFltr - ok
17:19:50.0675 3220        Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
17:19:50.0721 3220        Dnscache - ok
17:19:50.0753 3220        dot3svc        (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
17:19:50.0799 3220        dot3svc - ok
17:19:50.0846 3220        DPS            (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
17:19:50.0909 3220        DPS - ok
17:19:51.0018 3220        DritekPortIO    (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
17:19:51.0033 3220        DritekPortIO - ok
17:19:51.0080 3220        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
17:19:51.0127 3220        drmkaud - ok
17:19:51.0267 3220        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
17:19:51.0392 3220        DXGKrnl - ok
17:19:51.0548 3220        E1G60          (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
17:19:51.0642 3220        E1G60 - ok
17:19:51.0689 3220        EapHost        (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
17:19:51.0720 3220        EapHost - ok
17:19:51.0782 3220        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
17:19:51.0813 3220        Ecache - ok
17:19:51.0938 3220        ehRecvr        (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
17:19:51.0985 3220        ehRecvr - ok
17:19:52.0016 3220        ehSched        (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
17:19:52.0063 3220        ehSched - ok
17:19:52.0079 3220        ehstart        (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
17:19:52.0110 3220        ehstart - ok
17:19:52.0172 3220        elxstor        (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
17:19:52.0203 3220        elxstor - ok
17:19:52.0406 3220        EMDMgmt        (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
17:19:52.0578 3220        EMDMgmt - ok
17:19:52.0812 3220        ePowerSvc      (926e9d64319454d1314858d348c3e963) C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe
17:19:52.0905 3220        ePowerSvc - ok
17:19:53.0030 3220        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
17:19:53.0108 3220        ErrDev - ok
17:19:53.0295 3220        EventSystem    (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
17:19:53.0342 3220        EventSystem - ok
17:19:53.0451 3220        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
17:19:53.0514 3220        exfat - ok
17:19:53.0545 3220        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
17:19:53.0592 3220        fastfat - ok
17:19:53.0639 3220        fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
17:19:53.0701 3220        fdc - ok
17:19:53.0732 3220        fdPHost        (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
17:19:53.0763 3220        fdPHost - ok
17:19:53.0841 3220        FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
17:19:53.0904 3220        FDResPub - ok
17:19:53.0935 3220        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
17:19:53.0966 3220        FileInfo - ok
17:19:53.0982 3220        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
17:19:54.0044 3220        Filetrace - ok
17:19:54.0091 3220        FlashUSB        (5575ee5823de1558f8486eb4e33ffa99) C:\Windows\system32\DRIVERS\FlashUSB.sys
17:19:54.0138 3220        FlashUSB - ok
17:19:54.0481 3220        FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:19:54.0543 3220        FLEXnet Licensing Service - ok
17:19:54.0575 3220        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
17:19:54.0668 3220        flpydisk - ok
17:19:54.0731 3220        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
17:19:54.0746 3220        FltMgr - ok
17:19:55.0323 3220        FontCache      (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
17:19:55.0464 3220        FontCache - ok
17:19:55.0651 3220        FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:19:55.0698 3220        FontCache3.0.0.0 - ok
17:19:55.0760 3220        Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
17:19:55.0854 3220        Fs_Rec - ok
17:19:56.0010 3220        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
17:19:56.0057 3220        gagp30kx - ok
17:19:56.0166 3220        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:19:56.0181 3220        GEARAspiWDM - ok
17:19:56.0275 3220        gpsvc          (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
17:19:56.0400 3220        gpsvc - ok
17:19:56.0618 3220        gupdate        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
17:19:56.0634 3220        gupdate - ok
17:19:56.0681 3220        gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
17:19:56.0696 3220        gupdatem - ok
17:19:56.0759 3220        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
17:19:56.0821 3220        HdAudAddService - ok
17:19:56.0899 3220        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:19:57.0024 3220        HDAudBus - ok
17:19:57.0117 3220        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
17:19:57.0195 3220        HidBth - ok
17:19:57.0258 3220        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
17:19:57.0320 3220        HidIr - ok
17:19:57.0367 3220        hidserv        (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
17:19:57.0398 3220        hidserv - ok
17:19:57.0429 3220        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
17:19:57.0461 3220        HidUsb - ok
17:19:57.0539 3220        hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
17:19:57.0601 3220        hkmsvc - ok
17:19:57.0648 3220        HpCISSs        (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
17:19:57.0663 3220        HpCISSs - ok
17:19:57.0804 3220        HSFHWAZL        (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
17:19:57.0882 3220        HSFHWAZL - ok
17:19:58.0116 3220        HsfXAudioService (1e7c79cbaf71aa92e0eee924907dcb55) C:\Windows\system32\XAudio32.dll
17:19:58.0209 3220        HsfXAudioService - ok
17:19:58.0303 3220        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
17:19:58.0397 3220        HTTP - ok
17:19:58.0443 3220        i2omp          (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
17:19:58.0475 3220        i2omp - ok
17:19:58.0537 3220        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
17:19:58.0568 3220        i8042prt - ok
17:19:58.0584 3220        iaStorV        (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
17:19:58.0615 3220        iaStorV - ok
17:19:58.0646 3220        ICQ Service - ok
17:19:58.0943 3220        idsvc          (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:19:59.0005 3220        idsvc - ok
17:19:59.0145 3220        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
17:19:59.0177 3220        iirsp - ok
17:19:59.0286 3220        IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
17:19:59.0364 3220        IKEEXT - ok
17:19:59.0645 3220        IntcAzAudAddService (de7d0a44de9eaf68165748a8d6af1c86) C:\Windows\system32\drivers\RTKVHDA.sys
17:19:59.0941 3220        IntcAzAudAddService - ok
17:20:00.0237 3220        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
17:20:00.0269 3220        intelide - ok
17:20:00.0300 3220        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
17:20:00.0362 3220        intelppm - ok
17:20:00.0409 3220        IPBusEnum      (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
17:20:00.0456 3220        IPBusEnum - ok
17:20:00.0487 3220        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:20:00.0549 3220        IpFilterDriver - ok
17:20:00.0549 3220        IpInIp - ok
17:20:00.0596 3220        IPMIDRV        (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
17:20:00.0659 3220        IPMIDRV - ok
17:20:00.0705 3220        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
17:20:00.0752 3220        IPNAT - ok
17:20:00.0815 3220        iPod Service - ok
17:20:00.0846 3220        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
17:20:00.0877 3220        IRENUM - ok
17:20:00.0955 3220        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
17:20:00.0971 3220        isapnp - ok
17:20:01.0033 3220        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
17:20:01.0064 3220        iScsiPrt - ok
17:20:01.0095 3220        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
17:20:01.0111 3220        iteatapi - ok
17:20:01.0158 3220        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
17:20:01.0173 3220        iteraid - ok
17:20:01.0251 3220        k57nd60x        (eac21e8014c7e6ee341afffb7e2bbd54) C:\Windows\system32\DRIVERS\k57nd60x.sys
17:20:01.0298 3220        k57nd60x - ok
17:20:01.0314 3220        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:20:01.0329 3220        kbdclass - ok
17:20:01.0345 3220        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
17:20:01.0439 3220        kbdhid - ok
17:20:01.0454 3220        KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:20:01.0517 3220        KeyIso - ok
17:20:01.0579 3220        KL1            (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\kl1.sys
17:20:01.0595 3220        KL1 - ok
17:20:01.0704 3220        kl2            (bf485bfba13c0ab116701fd9c55324d0) C:\Windows\system32\DRIVERS\kl2.sys
17:20:01.0719 3220        kl2 - ok
17:20:01.0797 3220        KLIF            (af04d0ce7939324e9a605b159295706c) C:\Windows\system32\DRIVERS\klif.sys
17:20:01.0829 3220        KLIF - ok
17:20:01.0875 3220        KLIM6          (6295a19003f935ecc6ccbe9e2376427b) C:\Windows\system32\DRIVERS\klim6.sys
17:20:01.0891 3220        KLIM6 - ok
17:20:01.0938 3220        klmouflt        (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys
17:20:01.0969 3220        klmouflt - ok
17:20:02.0031 3220        KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
17:20:02.0063 3220        KSecDD - ok
17:20:02.0125 3220        KtmRm          (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
17:20:02.0219 3220        KtmRm - ok
17:20:02.0265 3220        LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
17:20:02.0312 3220        LanmanServer - ok
17:20:02.0375 3220        LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
17:20:02.0421 3220        LanmanWorkstation - ok
17:20:02.0468 3220        LgBttPort      (4dd47b5af0b24871ebb9efc012a7474e) C:\Windows\system32\DRIVERS\lgbtport.sys
17:20:02.0484 3220        LgBttPort - ok
17:20:02.0499 3220        lgbusenum      (1d038ca6c529203087a990e5e97887b4) C:\Windows\system32\DRIVERS\lgbtbus.sys
17:20:02.0531 3220        lgbusenum - ok
17:20:02.0546 3220        LGVMODEM        (26f1976a330195d62a6224c76968cf0d) C:\Windows\system32\DRIVERS\lgvmodem.sys
17:20:02.0562 3220        LGVMODEM - ok
17:20:02.0593 3220        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
17:20:02.0640 3220        lltdio - ok
17:20:02.0718 3220        lltdsvc        (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
17:20:02.0749 3220        lltdsvc - ok
17:20:02.0765 3220        lmhosts        (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
17:20:02.0827 3220        lmhosts - ok
17:20:02.0858 3220        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
17:20:02.0889 3220        LSI_FC - ok
17:20:02.0905 3220        LSI_SAS        (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
17:20:02.0921 3220        LSI_SAS - ok
17:20:02.0967 3220        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
17:20:02.0999 3220        LSI_SCSI - ok
17:20:03.0014 3220        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
17:20:03.0061 3220        luafv - ok
17:20:03.0092 3220        MBAMProtector  (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
17:20:03.0123 3220        MBAMProtector - ok
17:20:03.0217 3220        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:20:03.0248 3220        MBAMService - ok
17:20:03.0342 3220        McAfee SiteAdvisor Service (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
17:20:03.0373 3220        McAfee SiteAdvisor Service - ok
17:20:03.0373 3220        McMPFSvc        (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
17:20:03.0389 3220        McMPFSvc - ok
17:20:03.0420 3220        mcmscsvc        (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
17:20:03.0435 3220        mcmscsvc - ok
17:20:03.0451 3220        McNASvc        (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
17:20:03.0482 3220        McNASvc - ok
17:20:03.0529 3220        McProxy        (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
17:20:03.0545 3220        McProxy - ok
17:20:03.0623 3220        McShield        (593fa4c378818ece76ba64a11ad56cf2) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
17:20:03.0638 3220        McShield - ok
17:20:03.0685 3220        Mcx2Svc        (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
17:20:03.0716 3220        Mcx2Svc - ok
17:20:03.0763 3220        mdmxsdk        (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
17:20:03.0794 3220        mdmxsdk - ok
17:20:03.0857 3220        megasas        (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
17:20:03.0872 3220        megasas - ok
17:20:03.0935 3220        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
17:20:04.0013 3220        MegaSR - ok
17:20:04.0091 3220        mfeapfk        (43c31bdf404a6d7a7ac1bfd5ead2a566) C:\Windows\system32\drivers\mfeapfk.sys
17:20:04.0106 3220        mfeapfk - ok
17:20:04.0169 3220        mfeavfk        (c1dc5f42d3367f33b6451be78b38bd46) C:\Windows\system32\drivers\mfeavfk.sys
17:20:04.0215 3220        mfeavfk - ok
17:20:04.0247 3220        mfebopk        (0435c43f4c2be01b84868ad2a906397b) C:\Windows\system32\drivers\mfebopk.sys
17:20:04.0278 3220        mfebopk - ok
17:20:04.0325 3220        mfefire        (7e1f8b1bdc8240f08bd358b3a466c005) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
17:20:04.0340 3220        mfefire - ok
17:20:04.0434 3220        mfefirek        (4ea6ff90015424517843e931448e00f1) C:\Windows\system32\drivers\mfefirek.sys
17:20:04.0481 3220        mfefirek - ok
17:20:04.0637 3220        mfehidk        (d1e998748ba24a731106611d535c6bbf) C:\Windows\system32\drivers\mfehidk.sys
17:20:04.0668 3220        mfehidk - ok
17:20:04.0730 3220        mfenlfk        (ac04a618aef3de0fce91c766f9e069da) C:\Windows\system32\DRIVERS\mfenlfk.sys
17:20:04.0761 3220        mfenlfk - ok
17:20:04.0808 3220        mferkdet        (f454a13377f0a006d20a8c14a753c432) C:\Windows\system32\drivers\mferkdet.sys
17:20:04.0824 3220        mferkdet - ok
17:20:04.0871 3220        mfevtp          (b10c4efd40810c08f4b44df2efcb54f7) C:\Windows\system32\mfevtps.exe
17:20:04.0902 3220        mfevtp - ok
17:20:04.0964 3220        mfewfpk        (f284337aedb7483df8a5fa840647e2b0) C:\Windows\system32\drivers\mfewfpk.sys
17:20:04.0995 3220        mfewfpk - ok
17:20:05.0245 3220        Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
17:20:05.0261 3220        Microsoft Office Groove Audit Service - ok
17:20:05.0292 3220        MMCSS          (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
17:20:05.0339 3220        MMCSS - ok
17:20:05.0495 3220        MOBKbackup      (35176fa09a0fc58db630991a81a0ba39) C:\Program Files\McAfee Online Backup\MOBKbackup.exe
17:20:05.0510 3220        MOBKbackup - ok
17:20:05.0541 3220        MOBKFilter      (e896775837a8bce436348df460522394) C:\Windows\system32\DRIVERS\MOBK.sys
17:20:05.0557 3220        MOBKFilter - ok
17:20:05.0604 3220        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
17:20:05.0682 3220        Modem - ok
17:20:05.0713 3220        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
17:20:05.0760 3220        monitor - ok
17:20:05.0775 3220        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
17:20:05.0791 3220        mouclass - ok
17:20:05.0822 3220        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
17:20:05.0869 3220        mouhid - ok
17:20:05.0885 3220        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
17:20:05.0900 3220        MountMgr - ok
17:20:05.0978 3220        MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:20:05.0994 3220        MozillaMaintenance - ok
17:20:06.0228 3220        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
17:20:06.0275 3220        mpio - ok
17:20:06.0290 3220        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
17:20:06.0337 3220        mpsdrv - ok
17:20:06.0368 3220        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
17:20:06.0384 3220        Mraid35x - ok
17:20:06.0633 3220        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
17:20:06.0696 3220        MRxDAV - ok
17:20:06.0727 3220        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:20:06.0758 3220        mrxsmb - ok
17:20:06.0867 3220        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:20:06.0930 3220        mrxsmb10 - ok
17:20:06.0961 3220        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:20:06.0992 3220        mrxsmb20 - ok
17:20:07.0039 3220        msahci          (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
17:20:07.0070 3220        msahci - ok
17:20:07.0117 3220        msdsm          (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
17:20:07.0148 3220        msdsm - ok
17:20:07.0179 3220        MSDTC          (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
17:20:07.0226 3220        MSDTC - ok
17:20:07.0257 3220        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
17:20:07.0304 3220        Msfs - ok
17:20:07.0351 3220        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
17:20:07.0367 3220        msisadrv - ok
17:20:07.0398 3220        MSiSCSI        (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
17:20:07.0507 3220        MSiSCSI - ok
17:20:07.0507 3220        msiserver - ok
17:20:07.0710 3220        MSK80Service    (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
17:20:07.0741 3220        MSK80Service - ok
17:20:07.0819 3220        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
17:20:07.0866 3220        MSKSSRV - ok
17:20:07.0897 3220        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
17:20:07.0944 3220        MSPCLOCK - ok
17:20:07.0975 3220        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
17:20:08.0006 3220        MSPQM - ok
17:20:08.0069 3220        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
17:20:08.0100 3220        MsRPC - ok
17:20:08.0131 3220        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
17:20:08.0162 3220        mssmbios - ok
17:20:08.0225 3220        MSSQL$MYMOVIES - ok
17:20:08.0256 3220        MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
17:20:08.0271 3220        MSSQLServerADHelper - ok
17:20:08.0303 3220        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
17:20:08.0334 3220        MSTEE - ok
17:20:08.0396 3220        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
17:20:08.0412 3220        Mup - ok
17:20:08.0474 3220        napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
17:20:08.0521 3220        napagent - ok
17:20:08.0568 3220        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
17:20:08.0599 3220        NativeWifiP - ok
17:20:08.0786 3220        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
17:20:08.0880 3220        NDIS - ok
17:20:08.0927 3220        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
17:20:08.0973 3220        NdisTapi - ok
17:20:09.0067 3220        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
17:20:09.0098 3220        Ndisuio - ok
17:20:09.0114 3220        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:20:09.0145 3220        NdisWan - ok
17:20:09.0192 3220        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
17:20:09.0223 3220        NDProxy - ok
17:20:09.0254 3220        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
17:20:09.0301 3220        NetBIOS - ok
17:20:09.0348 3220        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
17:20:09.0379 3220        netbt - ok
17:20:09.0410 3220        Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:20:09.0441 3220        Netlogon - ok
17:20:09.0488 3220        Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
17:20:09.0535 3220        Netman - ok
17:20:09.0566 3220        netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
17:20:09.0644 3220        netprofm - ok
17:20:09.0785 3220        NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:20:09.0816 3220        NetTcpPortSharing - ok
17:20:10.0799 3220        NETw5v32        (feb745e4669476c8d368f6c1ca7c7442) C:\Windows\system32\DRIVERS\NETw5v32.sys
17:20:11.0922 3220        NETw5v32 - ok
17:20:12.0140 3220        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
17:20:12.0156 3220        nfrd960 - ok
17:20:12.0187 3220        NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
17:20:12.0234 3220        NlaSvc - ok
17:20:12.0327 3220        nosGetPlusHelper (f44addbf29905cb19f52fc9fe6a0efa1) C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
17:20:12.0343 3220        nosGetPlusHelper - ok
17:20:12.0405 3220        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
17:20:12.0437 3220        Npfs - ok
17:20:12.0452 3220        nsi            (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
17:20:12.0499 3220        nsi - ok
17:20:12.0530 3220        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
17:20:12.0561 3220        nsiproxy - ok
17:20:12.0671 3220        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
17:20:12.0733 3220        Ntfs - ok
17:20:12.0858 3220        NTI IScheduleSvc (952bf6dfc96e3e94d1d88fd0b78ec443) C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
17:20:12.0889 3220        NTI IScheduleSvc - ok
17:20:12.0905 3220        NTIDrvr        (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\Drivers\NTIDrvr.sys
17:20:12.0920 3220        NTIDrvr - ok
17:20:12.0951 3220        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:20:13.0014 3220        ntrigdigi - ok
17:20:13.0045 3220        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
17:20:13.0092 3220        Null - ok
17:20:13.0248 3220        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
17:20:13.0295 3220        nvraid - ok
17:20:13.0326 3220        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
17:20:13.0357 3220        nvstor - ok
17:20:13.0388 3220        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
17:20:13.0404 3220        nv_agp - ok
17:20:13.0404 3220        NwlnkFlt - ok
17:20:13.0419 3220        NwlnkFwd - ok
17:20:13.0825 3220        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:20:13.0997 3220        odserv - ok
17:20:14.0090 3220        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
17:20:14.0137 3220        ohci1394 - ok
17:20:14.0340 3220        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:20:14.0355 3220        ose - ok
17:20:14.0511 3220        p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:20:14.0667 3220        p2pimsvc - ok
17:20:14.0683 3220        p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:20:14.0745 3220        p2psvc - ok
17:20:14.0823 3220        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
17:20:14.0917 3220        Parport - ok
17:20:14.0964 3220        partmgr        (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
17:20:14.0995 3220        partmgr - ok
17:20:15.0026 3220        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
17:20:15.0089 3220        Parvdm - ok
17:20:15.0167 3220        PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
17:20:15.0229 3220        PcaSvc - ok
17:20:15.0260 3220        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
17:20:15.0276 3220        pci - ok
17:20:15.0338 3220        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
17:20:15.0354 3220        pciide - ok
17:20:15.0416 3220        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
17:20:15.0447 3220        pcmcia - ok
17:20:15.0635 3220        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:20:15.0728 3220        PEAUTH - ok
17:20:15.0993 3220        pla            (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
17:20:16.0259 3220        pla - ok
17:20:16.0539 3220        PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
17:20:16.0586 3220        PlugPlay - ok
17:20:16.0727 3220        PNRPAutoReg    (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:20:16.0820 3220        PNRPAutoReg - ok
17:20:16.0820 3220        PNRPsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:20:16.0961 3220        PNRPsvc - ok
17:20:17.0054 3220        PolicyAgent    (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
17:20:17.0210 3220        PolicyAgent - ok
17:20:17.0288 3220        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
17:20:17.0351 3220        PptpMiniport - ok
17:20:17.0366 3220        Processor      (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
17:20:17.0429 3220        Processor - ok
17:20:17.0475 3220        ProfSvc        (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
17:20:17.0507 3220        ProfSvc - ok
17:20:17.0538 3220        ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:20:17.0553 3220        ProtectedStorage - ok
17:20:17.0585 3220        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
17:20:17.0616 3220        PSched - ok
17:20:17.0631 3220        PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
17:20:17.0647 3220        PxHelp20 - ok
17:20:17.0772 3220        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
17:20:17.0834 3220        ql2300 - ok
17:20:17.0865 3220        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:20:17.0881 3220        ql40xx - ok
17:20:17.0928 3220        QWAVE          (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
17:20:17.0975 3220        QWAVE - ok
17:20:18.0006 3220        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
17:20:18.0021 3220        QWAVEdrv - ok
17:20:18.0099 3220        RapiMgr        (eeac7aac7eeeda9de346bb2e0403f549) C:\Windows\WindowsMobile\rapimgr.dll
17:20:18.0115 3220        RapiMgr - ok
17:20:18.0131 3220        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
17:20:18.0177 3220        RasAcd - ok
17:20:18.0209 3220        RasAuto        (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
17:20:18.0255 3220        RasAuto - ok
17:20:18.0271 3220        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:20:18.0318 3220        Rasl2tp - ok
17:20:18.0349 3220        RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
17:20:18.0396 3220        RasMan - ok
17:20:18.0411 3220        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
17:20:18.0458 3220        RasPppoe - ok
17:20:18.0489 3220        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
17:20:18.0521 3220        RasSstp - ok
17:20:18.0567 3220        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
17:20:18.0630 3220        rdbss - ok
17:20:18.0661 3220        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:20:18.0692 3220        RDPCDD - ok
17:20:18.0723 3220        rdpdr          (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
17:20:18.0770 3220        rdpdr - ok
17:20:18.0770 3220        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
17:20:18.0817 3220        RDPENCDD - ok
17:20:18.0848 3220        RDPWD          (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
17:20:18.0895 3220        RDPWD - ok
17:20:18.0957 3220        RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
17:20:18.0989 3220        RemoteAccess - ok
17:20:19.0020 3220        RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
17:20:19.0051 3220        RemoteRegistry - ok
17:20:19.0082 3220        RFCOMM          (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
17:20:19.0129 3220        RFCOMM - ok
17:20:19.0145 3220        RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
17:20:19.0191 3220        RpcLocator - ok
17:20:19.0238 3220        RpcSs          (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
17:20:19.0301 3220        RpcSs - ok
17:20:19.0347 3220        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
17:20:19.0394 3220        rspndr - ok
17:20:19.0457 3220        RTHDMIAzAudService (a95b16ff762ff217847b97e6f05778ee) C:\Windows\system32\drivers\RtHDMIV.sys
17:20:19.0472 3220        RTHDMIAzAudService - ok
17:20:19.0519 3220        RTSTOR          (d97d8259293b7a82cb891f37f997df3f) C:\Windows\system32\drivers\RTSTOR.SYS
17:20:19.0550 3220        RTSTOR - ok
17:20:19.0581 3220        SamSs          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:20:19.0597 3220        SamSs - ok
17:20:19.0628 3220        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:20:19.0644 3220        sbp2port - ok
17:20:19.0691 3220        SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
17:20:19.0722 3220        SCardSvr - ok
17:20:20.0439 3220        Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
17:20:20.0549 3220        Schedule - ok
17:20:20.0564 3220        SCPolicySvc    (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
17:20:20.0595 3220        SCPolicySvc - ok
17:20:20.0767 3220        SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
17:20:20.0829 3220        SDRSVC - ok
17:20:20.0892 3220        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:20:20.0985 3220        secdrv - ok
17:20:21.0032 3220        seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
17:20:21.0079 3220        seclogon - ok
17:20:21.0095 3220        SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
17:20:21.0157 3220        SENS - ok
17:20:21.0173 3220        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
17:20:21.0235 3220        Serenum - ok
17:20:21.0547 3220        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
17:20:21.0641 3220        Serial - ok
17:20:21.0703 3220        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
17:20:21.0734 3220        sermouse - ok
17:20:21.0828 3220        SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
17:20:21.0859 3220        SessionEnv - ok
17:20:21.0968 3220        sffdisk        (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
17:20:21.0999 3220        sffdisk - ok
17:20:22.0015 3220        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
17:20:22.0077 3220        sffp_mmc - ok
17:20:22.0093 3220        sffp_sd        (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
17:20:22.0124 3220        sffp_sd - ok
17:20:22.0140 3220        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
17:20:22.0218 3220        sfloppy - ok
17:20:22.0249 3220        ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
17:20:22.0296 3220        ShellHWDetection - ok
17:20:22.0327 3220        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
17:20:22.0343 3220        sisagp - ok
17:20:22.0389 3220        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
17:20:22.0405 3220        SiSRaid2 - ok
17:20:22.0452 3220        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
17:20:22.0483 3220        SiSRaid4 - ok
17:20:24.0339 3220        slsvc          (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
17:20:24.0698 3220        slsvc - ok
17:20:24.0885 3220        SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
17:20:24.0932 3220        SLUINotify - ok
17:20:24.0979 3220        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
17:20:25.0026 3220        Smb - ok
17:20:25.0057 3220        SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
17:20:25.0088 3220        SNMPTRAP - ok
17:20:25.0104 3220        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
17:20:25.0135 3220        spldr - ok
17:20:25.0166 3220        Spooler        (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
17:20:25.0213 3220        Spooler - ok
17:20:25.0275 3220        sptd            (a199171385be17973fd800fa91f8f78a) C:\Windows\System32\Drivers\sptd.sys
17:20:25.0385 3220        sptd - ok
17:20:25.0541 3220        SQLBrowser      (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:20:25.0587 3220        SQLBrowser - ok
17:20:25.0697 3220        SQLWriter      (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:20:25.0712 3220        SQLWriter - ok
17:20:25.0853 3220        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
17:20:25.0931 3220        srv - ok
17:20:25.0962 3220        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
17:20:26.0009 3220        srv2 - ok
17:20:26.0024 3220        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
17:20:26.0071 3220        srvnet - ok
17:20:26.0118 3220        SSDPSRV        (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
17:20:26.0149 3220        SSDPSRV - ok
17:20:26.0196 3220        SstpSvc        (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
17:20:26.0227 3220        SstpSvc - ok
17:20:26.0289 3220        stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
17:20:26.0367 3220        stisvc - ok
17:20:26.0399 3220        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
17:20:26.0430 3220        swenum - ok
17:20:26.0492 3220        swprv          (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
17:20:26.0539 3220        swprv - ok
17:20:26.0570 3220        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
17:20:26.0586 3220        Symc8xx - ok
17:20:26.0664 3220        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
17:20:26.0679 3220        Sym_hi - ok
17:20:26.0695 3220        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
17:20:26.0726 3220        Sym_u3 - ok
17:20:26.0773 3220        SynTP          (5c3e900f41426a372de60675afc8aa07) C:\Windows\system32\DRIVERS\SynTP.sys
17:20:26.0820 3220        SynTP - ok
17:20:27.0116 3220        SysMain        (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
17:20:27.0225 3220        SysMain - ok
17:20:27.0241 3220        TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
17:20:27.0288 3220        TabletInputService - ok
17:20:27.0335 3220        TapiSrv        (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
17:20:27.0381 3220        TapiSrv - ok
17:20:27.0397 3220        TBS            (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
17:20:27.0444 3220        TBS - ok
17:20:27.0615 3220        Tcpip          (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
17:20:27.0662 3220        Tcpip - ok
17:20:27.0678 3220        Tcpip6          (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
17:20:27.0709 3220        Tcpip6 - ok
17:20:27.0771 3220        tcpipreg        (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
17:20:27.0803 3220        tcpipreg - ok
17:20:27.0896 3220        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
17:20:27.0974 3220        TDPIPE - ok
17:20:28.0099 3220        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
17:20:28.0146 3220        TDTCP - ok
17:20:28.0317 3220        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
17:20:28.0349 3220        tdx - ok
17:20:28.0411 3220        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
17:20:28.0427 3220        TermDD - ok
17:20:28.0551 3220        TermService    (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
17:20:28.0645 3220        TermService - ok
17:20:28.0879 3220        Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
17:20:28.0941 3220        Themes - ok
17:20:28.0988 3220        THREADORDER    (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
17:20:29.0019 3220        THREADORDER - ok
17:20:29.0097 3220        TomTomHOMEService (efef22b9577e5051057fde1ae381b50c) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
17:20:29.0113 3220        TomTomHOMEService - ok
17:20:29.0160 3220        TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
17:20:29.0222 3220        TrkWks - ok
17:20:29.0300 3220        TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
17:20:29.0331 3220        TrustedInstaller - ok
17:20:29.0363 3220        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:20:29.0409 3220        tssecsrv - ok
17:20:29.0472 3220        TuneUp.Defrag  (6a29cd69d1128bdf49a705befc614a5b) C:\Windows\System32\TuneUpDefragService.exe
17:20:29.0550 3220        TuneUp.Defrag - ok
17:20:29.0659 3220        TuneUp.ProgramStatisticsSvc (51ee2913ed525de18fda96dccbc5386a) C:\Windows\System32\TUProgSt.exe
17:20:29.0706 3220        TuneUp.ProgramStatisticsSvc - ok
17:20:29.0721 3220        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
17:20:29.0784 3220        tunmp - ok
17:20:29.0815 3220        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
17:20:29.0846 3220        tunnel - ok
17:20:29.0924 3220        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
17:20:29.0955 3220        uagp35 - ok
17:20:29.0971 3220        UBHelper        (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
17:20:29.0987 3220        UBHelper - ok
17:20:30.0049 3220        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
17:20:30.0080 3220        udfs - ok
17:20:30.0111 3220        UI0Detect      (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
17:20:30.0174 3220        UI0Detect - ok
17:20:30.0189 3220        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
17:20:30.0221 3220        uliagpkx - ok
17:20:30.0267 3220        uliahci        (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
17:20:30.0283 3220        uliahci - ok
17:20:30.0314 3220        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
17:20:30.0345 3220        UlSata - ok
17:20:30.0361 3220        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
17:20:30.0408 3220        ulsata2 - ok
17:20:30.0423 3220        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
17:20:30.0470 3220        umbus - ok
17:20:30.0501 3220        UMPass          (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
17:20:30.0548 3220        UMPass - ok
17:20:30.0611 3220        upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
17:20:30.0673 3220        upnphost - ok
17:20:30.0735 3220        usbbus          (9419faac6552a51542dbba02971c841c) C:\Windows\system32\DRIVERS\lgusbbus.sys
17:20:30.0767 3220        usbbus - ok
17:20:30.0813 3220        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
17:20:30.0845 3220        usbccgp - ok
17:20:30.0923 3220        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
17:20:30.0985 3220        usbcir - ok
17:20:31.0016 3220        UsbDiag        (c0a466fa4ffec464320e159bc1bbdc0c) C:\Windows\system32\DRIVERS\lgusbdiag.sys
17:20:31.0063 3220        UsbDiag - ok
17:20:31.0141 3220        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
17:20:31.0172 3220        usbehci - ok
17:20:31.0203 3220        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
17:20:31.0250 3220        usbhub - ok
17:20:31.0328 3220        USBModem        (f74a54774a9b0afeb3c40adec68aa600) C:\Windows\system32\DRIVERS\lgusbmodem.sys
17:20:31.0359 3220        USBModem - ok
17:20:31.0375 3220        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
17:20:31.0437 3220        usbohci - ok
17:20:31.0609 3220        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
17:20:31.0656 3220        usbprint - ok
17:20:31.0703 3220        usbscan        (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
17:20:31.0734 3220        usbscan - ok
17:20:31.0827 3220        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:20:31.0874 3220        USBSTOR - ok
17:20:31.0890 3220        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
17:20:31.0937 3220        usbuhci - ok
17:20:31.0983 3220        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
17:20:32.0015 3220        usbvideo - ok
17:20:32.0046 3220        usb_rndisx      (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
17:20:32.0093 3220        usb_rndisx - ok
17:20:32.0155 3220        UxSms          (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
17:20:32.0186 3220        UxSms - ok
17:20:32.0249 3220        UxTuneUp        (2e2e93041c8058bc7de6f0d743c4a0c6) C:\Windows\System32\uxtuneup.dll
17:20:32.0264 3220        UxTuneUp - ok
17:20:32.0295 3220        vds            (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
17:20:32.0389 3220        vds - ok
17:20:32.0467 3220        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
17:20:32.0514 3220        vga - ok
17:20:32.0545 3220        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
17:20:32.0607 3220        VgaSave - ok
17:20:32.0639 3220        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
17:20:32.0654 3220        viaagp - ok
17:20:32.0701 3220        ViaC7          (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
17:20:32.0732 3220        ViaC7 - ok
17:20:32.0779 3220        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
17:20:32.0795 3220        viaide - ok
17:20:32.0826 3220        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
17:20:32.0841 3220        volmgr - ok
17:20:32.0919 3220        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
17:20:32.0982 3220        volmgrx - ok
17:20:33.0044 3220        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
17:20:33.0091 3220        volsnap - ok
17:20:33.0153 3220        vsmraid        (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
17:20:33.0169 3220        vsmraid - ok
17:20:34.0167 3220        VSS            (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
17:20:34.0308 3220        VSS - ok
17:20:34.0448 3220        W32Time        (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
17:20:34.0511 3220        W32Time - ok
17:20:34.0589 3220        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
17:20:34.0682 3220        WacomPen - ok
17:20:34.0729 3220        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:20:34.0760 3220        Wanarp - ok
17:20:34.0760 3220        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:20:34.0791 3220        Wanarpv6 - ok
17:20:35.0088 3220        WcesComm        (3f2b5d989666786e57bb0d8d35b84052) C:\Windows\WindowsMobile\wcescomm.dll
17:20:35.0135 3220        WcesComm - ok
17:20:35.0291 3220        wcncsvc        (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
17:20:35.0322 3220        wcncsvc - ok
17:20:35.0353 3220        WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
17:20:35.0384 3220        WcsPlugInService - ok
17:20:35.0431 3220        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
17:20:35.0447 3220        Wd - ok
17:20:35.0525 3220        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
17:20:35.0571 3220        Wdf01000 - ok
17:20:35.0603 3220        WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
17:20:35.0649 3220        WdiServiceHost - ok
17:20:35.0649 3220        WdiSystemHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
17:20:35.0696 3220        WdiSystemHost - ok
17:20:35.0805 3220        WebClient      (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
17:20:35.0852 3220        WebClient - ok
17:20:35.0915 3220        Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
17:20:35.0977 3220        Wecsvc - ok
17:20:36.0008 3220        wercplsupport  (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
17:20:36.0071 3220        wercplsupport - ok
17:20:36.0102 3220        WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
17:20:36.0133 3220        WerSvc - ok
17:20:36.0133 3220        WinHttpAutoProxySvc - ok
17:20:36.0336 3220        Winmgmt        (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
17:20:36.0398 3220        Winmgmt - ok
17:20:36.0648 3220        WinRM          (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
17:20:36.0975 3220        WinRM - ok
17:20:37.0085 3220        Wlansvc        (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
17:20:37.0209 3220        Wlansvc - ok
17:20:37.0303 3220        WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:20:37.0365 3220        WmiAcpi - ok
17:20:37.0755 3220        wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
17:20:37.0787 3220        wmiApSrv - ok
17:20:37.0927 3220        WMPNetworkSvc  (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
17:20:38.0021 3220        WMPNetworkSvc - ok
17:20:38.0052 3220        WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
17:20:38.0083 3220        WPCSvc - ok
17:20:38.0114 3220        WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
17:20:38.0145 3220        WPDBusEnum - ok
17:20:38.0223 3220        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
17:20:38.0239 3220        WpdUsb - ok
17:20:38.0426 3220        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:20:38.0520 3220        WPFFontCache_v0400 - ok
17:20:38.0582 3220        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
17:20:38.0629 3220        ws2ifsl - ok
17:20:38.0645 3220        WSearch - ok
17:20:38.0832 3220        wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
17:20:38.0925 3220        wuauserv - ok
17:20:39.0097 3220        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:20:39.0128 3220        WUDFRd - ok
17:20:39.0175 3220        wudfsvc        (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
17:20:39.0222 3220        wudfsvc - ok
17:20:39.0237 3220        XAudio          (22a08b9faecd6a306868f59b7f03f188) C:\Windows\system32\DRIVERS\XAudio32.sys
17:20:39.0269 3220        XAudio - ok
17:20:39.0300 3220        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
17:20:39.0627 3220        \Device\Harddisk0\DR0 - ok
17:20:39.0627 3220        Boot (0x1200)  (691b351a0523192dd2e6e4eec7a66471) \Device\Harddisk0\DR0\Partition0
17:20:39.0627 3220        \Device\Harddisk0\DR0\Partition0 - ok
17:20:39.0627 3220        ============================================================
17:20:39.0627 3220        Scan finished
17:20:39.0627 3220        ============================================================
17:20:39.0705 0964        Detected object count: 1
17:20:39.0705 0964        Actual detected object count: 1
17:20:59.0564 0964        DfSdkS ( UnsignedFile.Multi.Generic ) - skipped by user
17:20:59.0564 0964        DfSdkS ( UnsignedFile.Multi.Generic ) - User select action: Skip
Ich will jetzt nicht umständlich werden aber was meinst Du z.B. mit "gewolltes" gefixt?

Waren das Fehleinstellungen oder AddOns die gefährlich waren/sind?

Mir geht es darum zukünftig Fehler zu vermeiden.


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:56 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131