Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: gvu trojaner auf win7

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 03.03.2013, 16:14   #1
Borsti1971
 
gvu trojaner auf win7 - Standard

gvu trojaner auf win7



hallo habe heute leider auch kontackt mit den lieben gvu trojaner gemacht. habe schon ein logfile erstellt und wie das programm wollte alles gelöscht.hoffe ihr könnt mir sagen was ich jetzt noch machen muss. bin ein ziehmlicher pc neuling und baue auf eure hilfe. danke
Angehängte Dateien
Dateityp: txt MBAM-log-2013-03-03 (15-35-54).txt (7,3 KB, 182x aufgerufen)

Alt 03.03.2013, 16:26   #2
M-K-D-B
/// TB-Ausbilder
 
gvu trojaner auf win7 - Standard

gvu trojaner auf win7






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
    Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
  • Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.





Wenn der normale Modus nicht funktioniert, so führe bitte die folgenden Schritte im abgesicherten Modus mit Netzwerkunterstützung durch:





Schritt 1
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).
  • Starte bitte die OTL.exe.
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Standard Ausgabe.
  • Setze einen Haken bei Scanne alle Benutzer.
  • Unter Extra Registry, wähle bitte Use SafeList.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
drivers32
safebootminimal
safebootnetwork
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
         
  • Schließe bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Scan Button.
  • Am Ende des Suchlaufs werden 2 Logdateien erstellt.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread





Schritt 2
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
  • Starte das Tool mit Doppelklick.
  • Klicke nun auf den Disable Button, um die Treiber gewisser Emulatoren zu deaktivieren.
  • Defogger wird dich fragen "Defogger will forcefully terminate and disable all CD Emulator related drivers and processes... Continue?" bestätige diese Sicherheitsabfrage mit Ja.
  • Wenn der Scan beendet wurde (Finished), klicke auf OK.
  • Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
  • Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.txt. Poste deren Inhalt mit deiner nächsten Antwort.
Klicke den Re-enable Button nicht ohne Anweisung!





Schritt 3
Bitte lade dir GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.




Bitte poste mit deiner nächsten Antwort
  • die beiden Logdateien von OTL,
  • die Logdatei von DeFogger,
  • die Logdatei von GMER.
__________________

__________________

Alt 03.03.2013, 16:57   #3
Borsti1971
 
gvu trojaner auf win7 - Standard

gvu trojaner auf win7



erstmal danke für die schnelle hilfe echt super!!

die otl ist zu groß icH hoffe das geht so:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.03.2013 16:44:56 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Vetter\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,75 Gb Total Physical Memory | 5,64 Gb Available Physical Memory | 72,82% Memory free
15,49 Gb Paging File | 13,11 Gb Available in Paging File | 84,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 







und defogger

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:59 on 03/03/2013 (Vetter)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921,75 Gb Total Space | 278,21 Gb Free Space | 30,18% Space Free | Partition Type: NTFS
Drive D: | 2,16 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 1,91 Gb Total Space | 1,89 Gb Free Space | 98,88% Space Free | Partition Type: FAT32
 
Computer Name: VETTER-PC | User Name: Vetter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.03 16:25:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vetter\Desktop\OTL.exe
PRC - [2013.01.29 14:30:58 | 000,188,760 | ---- | M] () -- C:\Programme\IB Updater\ExtensionUpdaterService.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012.12.05 02:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe
PRC - [2012.11.26 12:26:58 | 000,068,168 | ---- | M] (Simplygen) -- C:\Program Files (x86)\Protected Search\ProtectedSearch.exe
PRC - [2012.07.17 14:14:08 | 000,132,056 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
PRC - [2011.11.07 20:37:20 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.11.21 04:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010.03.05 10:15:12 | 000,235,752 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2010.03.05 10:15:04 | 000,411,864 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2010.02.03 16:17:18 | 005,756,544 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2009.09.23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.14 13:00:09 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.01.10 11:52:11 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013.01.10 10:45:57 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.10 10:45:19 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 10:45:13 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.05.30 07:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.2.1.22\wincfi39.dll
MOD - [2009.09.30 04:33:08 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009.07.31 21:39:08 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009.03.25 16:53:14 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
MOD - [2009.03.19 22:35:52 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AiNap.dll
MOD - [2009.03.19 22:35:50 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\vvc.dll
MOD - [2009.01.15 14:55:10 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.10.02 16:20:24 | 001,261,936 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (IBUpdaterService)
SRV:64bit: - [2012.09.28 15:43:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012.04.06 03:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.02.27 13:28:24 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.20 07:20:47 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.29 14:30:58 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Programme\IB Updater\ExtensionUpdaterService.exe -- (IB Updater)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012.12.05 02:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe -- (N360)
SRV - [2012.07.17 14:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.07.17 14:14:08 | 000,132,056 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011.11.07 20:37:20 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.09.27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.10.22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.05 10:15:12 | 000,235,752 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.10.21 18:15:34 | 000,376,832 | ---- | M] (T-Systems International GmbH) [Auto | Running] -- C:\Program Files (x86)\T-Home\Dialerschutz-Software\DFInject64.exe -- (DFSVC)
SRV - [2009.09.23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.10.09 02:00:02 | 000,776,864 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012.10.04 02:40:35 | 001,133,216 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012.10.04 02:40:20 | 000,493,216 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symds64.sys -- (SymDS)
DRV:64bit: - [2012.09.27 09:47:38 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012.09.07 03:05:14 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symnets.sys -- (SymNetS)
DRV:64bit: - [2012.09.07 03:05:07 | 000,043,680 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2012.09.07 02:48:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012.08.20 20:50:10 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012.07.28 01:15:28 | 000,057,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.05.24 22:36:56 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012.04.06 06:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 02:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.09.02 07:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2011.09.02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.09.02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.08.19 16:50:52 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.08.19 16:50:52 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.01.15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.11 23:16:00 | 000,037,504 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010.11.11 23:15:58 | 000,077,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010.05.20 08:30:58 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2010.02.18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.10.15 18:14:38 | 000,028,192 | ---- | M] (T-Systems International GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SipIMNDI64.sys -- (SipIMNDI)
DRV:64bit: - [2009.07.17 12:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013.01.16 15:04:32 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130302.016\ex64.sys -- (NAVEX15)
DRV - [2013.01.16 15:04:32 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130302.016\eng64.sys -- (NAVENG)
DRV - [2013.01.16 03:51:11 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130208.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012.09.26 14:45:52 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130301.002\IDSviA64.sys -- (IDSVia64)
DRV - [2012.08.18 02:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012.08.18 02:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.04.09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV - [2009.10.15 18:14:38 | 000,017,952 | ---- | M] (T-Systems International GmbH) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\T-Home\Dialerschutz-Software\DFSYS64.SYS -- (DFSYS)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.03.09 19:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2937
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = hxxp://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2937
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2937
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=2937&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.protectedsearch.com?si=41570&bs=true&tid=3026&q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-370278466-1842527618-776855722-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-370278466-1842527618-776855722-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKU\S-1-5-21-370278466-1842527618-776855722-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-370278466-1842527618-776855722-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2937
IE - HKU\S-1-5-21-370278466-1842527618-776855722-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://t-online.de/
IE - HKU\S-1-5-21-370278466-1842527618-776855722-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-370278466-1842527618-776855722-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-370278466-1842527618-776855722-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7A 72 A2 D7 D3 E4 CC 01  [binary data]
IE - HKU\S-1-5-21-370278466-1842527618-776855722-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/
IE - HKU\S-1-5-21-370278466-1842527618-776855722-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = hxxp://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
IE - HKU\S-1-5-21-370278466-1842527618-776855722-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
IE - HKU\S-1-5-21-370278466-1842527618-776855722-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2937
IE - HKU\S-1-5-21-370278466-1842527618-776855722-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2937
IE - HKU\S-1-5-21-370278466-1842527618-776855722-1001\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-370278466-1842527618-776855722-1001\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-370278466-1842527618-776855722-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=2937&q={searchTerms}
IE - HKU\S-1-5-21-370278466-1842527618-776855722-1001\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKU\S-1-5-21-370278466-1842527618-776855722-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&tt=100512_3_&babsrc=SP_ss&mntrId=ceb8296c0000000000005404a6010a81
IE - HKU\S-1-5-21-370278466-1842527618-776855722-1001\..\SearchScopes\{1880F156-1949-496E-AE6F-9EB4C83FE4DF}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=D25D3239-D686-40F7-AD58-1D0085AC5AA1&apn_sauid=FB42C9CC-CD73-48B2-A8FD-DB7D7107FF89
IE - HKU\S-1-5-21-370278466-1842527618-776855722-1001\..\SearchScopes\{1F8432C8-96F0-42cd-B0CC-FF0B583EDFE1}: "URL" = hxxp://search.chatzum.com/?q={searchTerms}
IE - HKU\S-1-5-21-370278466-1842527618-776855722-1001\..\SearchScopes\{534E882A-B0D6-4CA6-8873-409BE1B129BD}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
IE - HKU\S-1-5-21-370278466-1842527618-776855722-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-370278466-1842527618-776855722-1001\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://search.chatzum.com/?q={SearchTerms}
IE - HKU\S-1-5-21-370278466-1842527618-776855722-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.protectedsearch.com?si=41570&bs=true&tid=3026&q={searchTerms}
IE - HKU\S-1-5-21-370278466-1842527618-776855722-1001\..\SearchScopes\{C8EAD400-6FF9-4cd2-A51F-095B542F65E4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
IE - HKU\S-1-5-21-370278466-1842527618-776855722-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb205/?search={searchTerms}&loc=IB_DS&a=6OyYnMdUFj&i=26
IE - HKU\S-1-5-21-370278466-1842527618-776855722-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7BFE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052%7D:2.0.0.578
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Vetter\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013.03.02 15:36:49 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013.03.02 15:36:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.19 16:24:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2012.09.27 09:47:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013.03.03 15:42:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2013.03.02 15:36:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\IB Updater\Firefox [2013.03.02 15:36:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.20 07:20:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.19 16:24:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.20 07:20:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.02.04 16:59:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vetter\AppData\Roaming\mozilla\Extensions
[2013.03.02 15:36:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vetter\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2012.11.06 17:19:24 | 000,214,034 | ---- | M] () (No name found) -- C:\Users\Vetter\AppData\Roaming\mozilla\firefox\profiles\extensions\putlockerdownloader@putlockerdownloader.com.xpi
[2013.02.20 07:20:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.02 15:36:49 | 000,000,000 | ---D | M] (IB Updater) -- C:\PROGRAM FILES\IB UPDATER\FIREFOX
[2013.02.20 07:20:47 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.05 04:45:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.11 16:53:05 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.02.25 21:20:48 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src
[2013.02.20 07:20:47 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Vetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Vetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfdadfinodckpcehhdhjlgiphgnbfci\1.0_0\
CHR - Extension: No name found = C:\Users\Vetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Vetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: IB Updater = C:\Users\Vetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.557_0\
CHR - Extension: IB Updater = C:\Users\Vetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.578_0\
CHR - Extension: No name found = C:\Users\Vetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.1.36_0\
CHR - Extension: No name found = C:\Users\Vetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\
CHR - Extension: No name found = C:\Users\Vetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\IB Updater\Extension64.dll ()
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\IB Updater\Extension32.dll ()
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (smartdownloader Class) - {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - C:\Program Files (x86)\PutLockerDownloader\smarterdownloader.dll (TODO: <Company name>)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\Vetter\AppData\Roaming\toolplugin\toolbar.dll ()
O3 - HKU\S-1-5-21-370278466-1842527618-776855722-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-370278466-1842527618-776855722-1001\..\Toolbar\WebBrowser: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\Vetter\AppData\Roaming\toolplugin\toolbar.dll ()
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [Driver Genius]  File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [T-Home Dialerschutz-Software] C:\Program Files (x86)\T-Home\Dialerschutz-Software\Defender64.exe (T-Systems International GmbH)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-370278466-1842527618-776855722-1001..\Run: [Facebook Update] C:\Users\Vetter\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-370278466-1842527618-776855722-1001..\Run: [Windows Index Searcher] C:\Users\Vetter\Documents\searchindex.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Vetter\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Vetter\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-370278466-1842527618-776855722-1001\..Trusted Domains: telekom.de ([kundencenter] https in Vertrauenswürdige Sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D277AB90-1EDC-4A07-953E-50A633555628}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.01.14 03:01:16 | 000,000,000 | R--D | M] - D:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2007.01.14 02:28:44 | 000,630,784 | R--- | M] (Electronic Arts Inc.) - D:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2007.01.14 02:55:12 | 000,000,156 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2007.01.13 22:30:07 | 000,585,728 | R--- | M] (Electronic Arts Inc.) - D:\AutoRunGUI.dll -- [ UDF ]
O33 - MountPoints2\{16b5861b-20e9-11e2-b504-5404a6010a81}\Shell - "" = AutoRun
O33 - MountPoints2\{16b5861b-20e9-11e2-b504-5404a6010a81}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{21fc819e-2c8e-11e1-b547-5404a6010a81}\Shell - "" = AutoRun
O33 - MountPoints2\{21fc819e-2c8e-11e1-b547-5404a6010a81}\Shell\AutoRun\command - "" = J:\EasySuite.exe
O33 - MountPoints2\{94dfbb65-28a9-11e1-ab7f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{94dfbb65-28a9-11e1-ab7f-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2007.01.14 02:28:44 | 000,630,784 | R--- | M] (Electronic Arts Inc.)
O33 - MountPoints2\{af1991a4-05a4-11e2-b72c-5404a6010a81}\Shell - "" = AutoRun
O33 - MountPoints2\{af1991a4-05a4-11e2-b72c-5404a6010a81}\Shell\AutoRun\command - "" = E:\EasySuite.exe
O33 - MountPoints2\{b70b40bb-8937-11e1-bcac-5404a6010a81}\Shell - "" = AutoRun
O33 - MountPoints2\{b70b40bb-8937-11e1-bcac-5404a6010a81}\Shell\AutoRun\command - "" = J:\EasySuite.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: SMR300 - Service
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SMR300 - Service
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.03 16:25:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Vetter\Desktop\OTL.exe
[2013.03.03 13:09:11 | 000,000,000 | ---D | C] -- C:\Users\Vetter\AppData\Roaming\Malwarebytes
[2013.03.03 13:09:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.03 13:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.03 13:09:07 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.03 13:09:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.03 13:08:51 | 000,000,000 | ---D | C] -- C:\Users\Vetter\AppData\Local\Programs
[2013.02.22 13:22:17 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.22 13:21:43 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.22 13:21:43 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.22 13:21:43 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.20 07:20:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.19 15:00:54 | 000,000,000 | ---D | C] -- C:\Users\Vetter\Desktop\Hexe handy
[2013.02.13 19:41:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.13 19:41:32 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.13 19:41:32 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.13 19:41:31 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.13 19:41:31 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.13 19:41:31 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.13 19:41:30 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.13 19:41:30 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.13 19:41:30 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.13 19:41:30 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.13 19:41:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.13 19:41:29 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.13 19:41:27 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.13 19:41:27 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.13 19:41:27 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.13 12:43:35 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.13 12:43:34 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.13 12:43:34 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.13 12:43:27 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.13 12:43:26 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.13 12:43:26 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.13 12:43:26 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.13 12:43:26 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.13 12:43:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.13 12:43:24 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.04 21:05:13 | 000,000,000 | ---D | C] -- C:\Users\Vetter\AppData\Local\Facebook
[2013.02.04 17:09:13 | 000,000,000 | ---D | C] -- C:\Users\Vetter\AppData\Local\Macromedia
[2013.02.04 17:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013.02.04 16:59:14 | 000,000,000 | ---D | C] -- C:\Users\Vetter\AppData\Local\Mozilla
[2013.02.04 16:59:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.02.04 16:59:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.02.04 16:58:33 | 000,000,000 | ---D | C] -- C:\Users\Vetter\AppData\Roaming\0D1G1I1Q1B2Z1C1V0A1N1N1C1P1N1T2Z1F1C
[2013.02.04 16:58:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013.02.04 16:58:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.03 16:46:46 | 000,050,477 | ---- | M] () -- C:\Users\Vetter\Desktop\Defogger.exe
[2013.03.03 16:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.03 16:25:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vetter\Desktop\OTL.exe
[2013.03.03 15:47:15 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.03 15:47:15 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.03 15:39:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.03 15:39:14 | 1944,674,303 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.03 13:09:09 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.03 12:36:38 | 095,023,320 | ---- | M] () -- C:\ProgramData\4629317.pad
[2013.03.03 12:22:20 | 000,000,153 | ---- | M] () -- C:\ProgramData\4629317.reg
[2013.03.03 12:22:20 | 000,000,061 | ---- | M] () -- C:\ProgramData\4629317.bat
[2013.03.03 12:10:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-370278466-1842527618-776855722-1001UA.job
[2013.03.03 10:32:10 | 000,097,792 | ---- | M] () -- C:\Users\Vetter\7139264.dll
[2013.03.01 23:02:21 | 001,614,852 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.01 23:02:21 | 000,697,276 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.01 23:02:21 | 000,652,594 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.01 23:02:21 | 000,148,314 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.01 23:02:21 | 000,121,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.01 21:10:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-370278466-1842527618-776855722-1001Core.job
[2013.02.27 13:28:22 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.27 13:28:22 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.22 13:21:37 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013.02.22 13:21:37 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.02.22 13:21:37 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.22 13:21:37 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.22 13:21:37 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.22 13:21:37 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.18 17:00:13 | 000,000,001 | ---- | M] () -- C:\Users\Vetter\.SIG_PINSTATUS_VOREINSTELLUNG
[2013.02.18 17:00:13 | 000,000,001 | ---- | M] () -- C:\Users\Vetter\.SIG_DIALOG_VOREINSTELLUNG
[2013.02.14 18:41:44 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\isolate.ini
[2013.02.14 12:57:22 | 000,271,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.04 16:59:11 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.03 13:09:09 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.03 12:22:20 | 000,000,153 | ---- | C] () -- C:\ProgramData\4629317.reg
[2013.03.03 12:22:20 | 000,000,061 | ---- | C] () -- C:\ProgramData\4629317.bat
[2013.03.03 12:22:15 | 095,023,320 | ---- | C] () -- C:\ProgramData\4629317.pad
[2013.03.03 10:32:09 | 000,097,792 | ---- | C] () -- C:\Users\Vetter\7139264.dll
[2013.02.19 15:16:48 | 004,390,818 | ---- | C] () -- C:\Users\Vetter\Desktop\Facebook Lied _ Song - Every Day Im Facebooking.mp3
[2013.02.18 17:00:13 | 000,000,001 | ---- | C] () -- C:\Users\Vetter\.SIG_PINSTATUS_VOREINSTELLUNG
[2013.02.18 17:00:13 | 000,000,001 | ---- | C] () -- C:\Users\Vetter\.SIG_DIALOG_VOREINSTELLUNG
[2013.02.04 21:05:20 | 000,000,932 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-370278466-1842527618-776855722-1001UA.job
[2013.02.04 21:05:20 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-370278466-1842527618-776855722-1001Core.job
[2013.02.04 20:44:14 | 000,001,180 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013.02.04 16:59:10 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.02.04 16:59:10 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.01.30 18:36:41 | 000,003,584 | ---- | C] () -- C:\Users\Vetter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.26 17:46:42 | 000,011,264 | ---- | C] () -- C:\Windows\Launcher.exe
[2012.07.23 13:25:52 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2012.06.05 12:08:34 | 000,007,605 | ---- | C] () -- C:\Users\Vetter\AppData\Local\resmon.resmoncfg
[2012.05.29 11:16:19 | 000,000,600 | ---- | C] () -- C:\Users\Vetter\AppData\Roaming\winscp.rnd
[2012.04.10 13:01:53 | 000,000,820 | ---- | C] () -- C:\Windows\eReg.dat
[2012.04.06 02:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 02:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.05 16:08:27 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012.02.05 15:54:30 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2011.12.24 11:27:37 | 000,000,223 | ---- | C] () -- C:\Users\Vetter\AppData\Roaming\default.rss
[2011.12.19 16:22:01 | 000,245,514 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011.12.19 16:22:01 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011.12.19 12:43:19 | 001,591,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.17 15:30:41 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011.12.17 15:30:40 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.12.17 15:30:33 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011.12.17 15:30:33 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011.12.17 15:23:26 | 000,042,392 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011.12.17 15:19:13 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.12.17 15:18:48 | 000,033,216 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.12.17 14:57:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.02.04 16:58:33 | 000,000,000 | ---D | M] -- C:\Users\Vetter\AppData\Roaming\0D1G1I1Q1B2Z1C1V0A1N1N1C1P1N1T2Z1F1C
[2012.05.30 17:03:16 | 000,000,000 | ---D | M] -- C:\Users\Vetter\AppData\Roaming\AlawarEntertainment
[2012.10.28 16:51:43 | 000,000,000 | ---D | M] -- C:\Users\Vetter\AppData\Roaming\aliasworlds
[2012.05.19 16:14:34 | 000,000,000 | ---D | M] -- C:\Users\Vetter\AppData\Roaming\Babylon
[2011.12.17 15:32:14 | 000,000,000 | ---D | M] -- C:\Users\Vetter\AppData\Roaming\DeviceVm
[2012.09.15 20:35:22 | 000,000,000 | ---D | M] -- C:\Users\Vetter\AppData\Roaming\DVDVideoSoft
[2013.01.25 16:03:26 | 000,000,000 | ---D | M] -- C:\Users\Vetter\AppData\Roaming\eType
[2012.10.31 12:14:52 | 000,000,000 | ---D | M] -- C:\Users\Vetter\AppData\Roaming\Farm Mania 2.1
[2012.09.15 12:55:24 | 000,000,000 | ---D | M] -- C:\Users\Vetter\AppData\Roaming\Foxit Software
[2012.04.24 10:44:00 | 000,000,000 | ---D | M] -- C:\Users\Vetter\AppData\Roaming\IrfanView
[2012.07.16 14:45:57 | 000,000,000 | ---D | M] -- C:\Users\Vetter\AppData\Roaming\Leadertech
[2012.01.05 18:36:06 | 000,000,000 | ---D | M] -- C:\Users\Vetter\AppData\Roaming\MP3Find
[2012.09.15 20:20:25 | 000,000,000 | ---D | M] -- C:\Users\Vetter\AppData\Roaming\OpenCandy
[2012.09.19 16:05:03 | 000,000,000 | ---D | M] -- C:\Users\Vetter\AppData\Roaming\PCCUStubInstaller
[2012.05.03 20:36:50 | 000,000,000 | ---D | M] -- C:\Users\Vetter\AppData\Roaming\Sierra
[2011.12.31 12:55:46 | 000,000,000 | ---D | M] -- C:\Users\Vetter\AppData\Roaming\Similarity
[2013.02.25 23:04:47 | 000,000,000 | ---D | M] -- C:\Users\Vetter\AppData\Roaming\SoftGrid Client
[2012.09.13 12:03:03 | 000,000,000 | ---D | M] -- C:\Users\Vetter\AppData\Roaming\Systweak
[2012.08.06 13:31:16 | 000,000,000 | ---D | M] -- C:\Users\Vetter\AppData\Roaming\TeamViewer
[2012.02.23 19:59:48 | 000,000,000 | ---D | M] -- C:\Users\Vetter\AppData\Roaming\toolplugin
[2011.12.19 12:44:01 | 000,000,000 | ---D | M] -- C:\Users\Vetter\AppData\Roaming\TP
[2013.03.01 23:00:39 | 000,000,000 | ---D | M] -- C:\Users\Vetter\AppData\Roaming\UseNeXT
[2012.03.02 15:08:28 | 000,000,000 | ---D | M] -- C:\Users\Vetter\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013.02.20 07:20:47 | 000,865,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013.02.20 07:20:47 | 000,865,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013.02.20 07:20:47 | 000,865,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2013.02.20 07:20:47 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2013.02.20 07:20:47 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2013.02.20 07:20:47 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011.08.19 16:29:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011.08.19 16:29:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011.08.19 16:29:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2013.01.08 23:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2013.01.08 23:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation)
 
< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2013.02.20 07:20:47 | 000,865,704 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2013.02.20 07:20:47 | 000,865,704 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2013.02.20 07:20:47 | 000,865,704 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2013.02.20 07:20:47 | 000,917,400 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2013.02.20 07:20:47 | 000,917,400 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2013.02.20 07:20:47 | 000,917,400 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011.08.19 16:29:54 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011.08.19 16:29:54 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011.08.19 16:29:54 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2013.01.08 23:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2013.01.08 23:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation)

< End of report >
         
--- --- ---
__________________
Angehängte Dateien
Dateityp: txt Extras.Txt (71,1 KB, 166x aufgerufen)

Alt 03.03.2013, 17:04   #4
M-K-D-B
/// TB-Ausbilder
 
gvu trojaner auf win7 - Standard

gvu trojaner auf win7



Servus,


fehlen noch die Logdateien von DeFogger und GMER.

Bitte erst antworten, wenn du alle Logdateien hast (außer es gibt Probleme).
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 04.03.2013, 12:08   #5
Borsti1971
 
gvu trojaner auf win7 - Standard

gvu trojaner auf win7



sorry das ich so schnell war .ist die aufregung! Bitte schreiben wenn noch was fehlt. hatte den defogger schon gestern mitgeschickt oder meint ihr was anderes?

defogger:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:59 on 03/03/2013 (Vetter)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-


gmer:



GMER Logfile:
Code:
ATTFilter
GMER 2.1.19115 - hxxp://www.gmer.net
Rootkit scan 2013-03-03 21:05:22
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000066 ST1000DL rev.CC32 931,51GB
Running: gmer_2.1.19115.exe; Driver: C:\Users\Vetter\AppData\Local\Temp\uxliypow.sys


---- User code sections - GMER 2.1 ----

.text  C:\Windows\System32\svchost.exe[124] C:\Windows\System32\RASAPI32.dll!RasDialA + 1                                                                           000007fef51293c1 5 bytes {JMP QWORD [RIP+0x3e6c70]}
.text  C:\Windows\System32\svchost.exe[124] C:\Windows\System32\RASAPI32.dll!RasDialW + 1                                                                           000007fef51296f5 5 bytes {JMP QWORD [RIP+0x40693c]}
.text  C:\Windows\system32\svchost.exe[316] C:\Windows\system32\RasApi32.dll!RasDialA + 1                                                                           000007fef51293c1 5 bytes JMP 9bc
.text  C:\Windows\system32\svchost.exe[316] C:\Windows\system32\RasApi32.dll!RasDialW + 1                                                                           000007fef51296f5 5 bytes {JMP QWORD [RIP+0x9693c]}
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1552] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                          000000007765fc90 5 bytes JMP 000000010017091c
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1552] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                        000000007765fdf4 5 bytes JMP 0000000100170048
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1552] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                 000000007765fe88 5 bytes JMP 00000001001702ee
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1552] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                              000000007765ffe4 5 bytes JMP 00000001001704b2
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1552] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                      0000000077660018 5 bytes JMP 00000001001709fe
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1552] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                              0000000077660048 5 bytes JMP 0000000100170ae0
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1552] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                           0000000077660064 5 bytes JMP 000000010002004c
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1552] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                              000000007766077c 5 bytes JMP 000000010017012a
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1552] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                  000000007766086c 5 bytes JMP 0000000100170758
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1552] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                            0000000077660884 5 bytes JMP 0000000100170676
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1552] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                0000000077660dd4 5 bytes JMP 00000001001703d0
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1552] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                          0000000077661900 5 bytes JMP 0000000100170594
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1552] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                      0000000077661bc4 5 bytes JMP 000000010017083a
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1552] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                             0000000077661d50 5 bytes JMP 000000010017020c
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1552] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                                           0000000076c84945 6 bytes JMP 5f040f5a
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1552] C:\Windows\syswow64\kernel32.dll!Process32Next                                            0000000076ca888c 6 bytes JMP 5f070f5a
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1552] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                 0000000075fb1492 7 bytes JMP 000000010018059e
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1552] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                            0000000075cc524f 7 bytes JMP 0000000100170f52
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1552] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                0000000075cc53d0 7 bytes JMP 0000000100180210
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1552] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                               0000000075cc5677 1 byte JMP 0000000100180048
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1552] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                               0000000075cc5679 5 bytes {JMP 0xffffffff8a4ba9d1}
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1552] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                      0000000075cc589a 7 bytes JMP 0000000100170ca6
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1552] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                      0000000075cc5a1d 7 bytes JMP 00000001001803d8
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1552] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                 0000000075cc5c9b 7 bytes JMP 000000010018012c
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1552] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                   0000000075cc5d87 7 bytes JMP 00000001001802f4
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1552] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                  0000000075cc7240 7 bytes JMP 0000000100170e6e
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                          000000007765fc90 5 bytes JMP 000000010028091c
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                        000000007765fdf4 5 bytes JMP 0000000100280048
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                 000000007765fe88 5 bytes JMP 00000001002802ee
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                              000000007765ffe4 5 bytes JMP 00000001002804b2
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                      0000000077660018 5 bytes JMP 00000001002809fe
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                              0000000077660048 5 bytes JMP 0000000100280ae0
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                           0000000077660064 5 bytes JMP 000000010002004c
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                              000000007766077c 5 bytes JMP 000000010028012a
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                  000000007766086c 5 bytes JMP 0000000100280758
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                            0000000077660884 5 bytes JMP 0000000100280676
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                0000000077660dd4 5 bytes JMP 00000001002803d0
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                          0000000077661900 5 bytes JMP 0000000100280594
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                      0000000077661bc4 5 bytes JMP 000000010028083a
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                             0000000077661d50 5 bytes JMP 000000010028020c
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1700] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                           0000000076c84945 6 bytes JMP 5f040f5a
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1700] C:\Windows\syswow64\kernel32.dll!Process32Next                            0000000076ca888c 6 bytes JMP 5f070f5a
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1700] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                 0000000075fb1492 7 bytes JMP 000000010029059e
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1700] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206            0000000075cc524f 7 bytes JMP 0000000100280f52
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1700] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                0000000075cc53d0 7 bytes JMP 0000000100290210
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1700] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149               0000000075cc5677 1 byte JMP 0000000100290048
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1700] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151               0000000075cc5679 5 bytes {JMP 0xffffffff8a5ca9d1}
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1700] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                      0000000075cc589a 7 bytes JMP 0000000100280ca6
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1700] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                      0000000075cc5a1d 7 bytes JMP 00000001002903d8
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1700] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                 0000000075cc5c9b 7 bytes JMP 000000010029012c
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1700] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                   0000000075cc5d87 7 bytes JMP 00000001002902f4
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1700] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123  0000000075cc7240 7 bytes JMP 0000000100280e6e
.text  C:\Windows\SysWOW64\svchost.exe[1796] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                                                                        0000000076c84945 6 bytes JMP 5f040f5a
.text  C:\Windows\SysWOW64\svchost.exe[1796] C:\Windows\syswow64\kernel32.dll!Process32Next                                                                         0000000076ca888c 6 bytes JMP 5f070f5a
.text  C:\Program Files\IB Updater\ExtensionUpdaterService.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                               000000007765fc90 5 bytes JMP 000000010011091c
.text  C:\Program Files\IB Updater\ExtensionUpdaterService.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                             000000007765fdf4 5 bytes JMP 0000000100110048
.text  C:\Program Files\IB Updater\ExtensionUpdaterService.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                      000000007765fe88 5 bytes JMP 00000001001102ee
.text  C:\Program Files\IB Updater\ExtensionUpdaterService.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                   000000007765ffe4 5 bytes JMP 00000001001104b2
.text  C:\Program Files\IB Updater\ExtensionUpdaterService.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                           0000000077660018 5 bytes JMP 00000001001109fe
.text  C:\Program Files\IB Updater\ExtensionUpdaterService.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                   0000000077660048 5 bytes JMP 0000000100110ae0
.text  C:\Program Files\IB Updater\ExtensionUpdaterService.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                0000000077660064 5 bytes JMP 000000010002004c
.text  C:\Program Files\IB Updater\ExtensionUpdaterService.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                   000000007766077c 5 bytes JMP 000000010011012a
.text  C:\Program Files\IB Updater\ExtensionUpdaterService.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                       000000007766086c 5 bytes JMP 0000000100110758
.text  C:\Program Files\IB Updater\ExtensionUpdaterService.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                 0000000077660884 5 bytes JMP 0000000100110676
.text  C:\Program Files\IB Updater\ExtensionUpdaterService.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                     0000000077660dd4 5 bytes JMP 00000001001103d0
.text  C:\Program Files\IB Updater\ExtensionUpdaterService.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                               0000000077661900 5 bytes JMP 0000000100110594
.text  C:\Program Files\IB Updater\ExtensionUpdaterService.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                           0000000077661bc4 5 bytes JMP 000000010011083a
.text  C:\Program Files\IB Updater\ExtensionUpdaterService.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                  0000000077661d50 5 bytes JMP 000000010011020c
.text  C:\Program Files\IB Updater\ExtensionUpdaterService.exe[1828] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                                                0000000076c84945 6 bytes JMP 5f040f5a
.text  C:\Program Files\IB Updater\ExtensionUpdaterService.exe[1828] C:\Windows\syswow64\kernel32.dll!Process32Next                                                 0000000076ca888c 6 bytes JMP 5f070f5a
.text  C:\Program Files\IB Updater\ExtensionUpdaterService.exe[1828] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                      0000000075fb1492 7 bytes JMP 0000000100120762
.text  C:\Program Files\IB Updater\ExtensionUpdaterService.exe[1828] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                 0000000075cc524f 7 bytes JMP 0000000100110f52
.text  C:\Program Files\IB Updater\ExtensionUpdaterService.exe[1828] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                     0000000075cc53d0 7 bytes JMP 0000000100120210
.text  C:\Program Files\IB Updater\ExtensionUpdaterService.exe[1828] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                    0000000075cc5677 1 byte JMP 0000000100120048
.text  C:\Program Files\IB Updater\ExtensionUpdaterService.exe[1828] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                    0000000075cc5679 5 bytes {JMP 0xffffffff8a45a9d1}
.text  C:\Program Files\IB Updater\ExtensionUpdaterService.exe[1828] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                           0000000075cc589a 7 bytes JMP 0000000100110ca6
.text  C:\Program Files\IB Updater\ExtensionUpdaterService.exe[1828] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                           0000000075cc5a1d 7 bytes JMP 00000001001203d8
.text  C:\Program Files\IB Updater\ExtensionUpdaterService.exe[1828] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                      0000000075cc5c9b 7 bytes JMP 000000010012012c
.text  C:\Program Files\IB Updater\ExtensionUpdaterService.exe[1828] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                        0000000075cc5d87 7 bytes JMP 00000001001202f4
.text  C:\Program Files\IB Updater\ExtensionUpdaterService.exe[1828] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                       0000000075cc7240 7 bytes JMP 0000000100110e6e
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1952] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                   000000007765fc90 5 bytes JMP 000000010012091c
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1952] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                 000000007765fdf4 5 bytes JMP 0000000100120048
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1952] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                          000000007765fe88 5 bytes JMP 00000001001202ee
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1952] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                       000000007765ffe4 5 bytes JMP 00000001001204b2
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1952] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                               0000000077660018 5 bytes JMP 00000001001209fe
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1952] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                       0000000077660048 5 bytes JMP 0000000100120ae0
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1952] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                    0000000077660064 5 bytes JMP 000000010010004c
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1952] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                       000000007766077c 5 bytes JMP 000000010012012a
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1952] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                           000000007766086c 5 bytes JMP 0000000100120758
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1952] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                     0000000077660884 5 bytes JMP 0000000100120676
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1952] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                         0000000077660dd4 5 bytes JMP 00000001001203d0
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1952] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                   0000000077661900 5 bytes JMP 0000000100120594
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1952] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                               0000000077661bc4 5 bytes JMP 000000010012083a
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1952] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                      0000000077661d50 5 bytes JMP 000000010012020c
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1952] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                                    0000000076c84945 6 bytes JMP 5f040f5a
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1952] C:\Windows\syswow64\kernel32.dll!Process32Next                                     0000000076ca888c 6 bytes JMP 5f070f5a
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1952] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                          0000000075fb1492 7 bytes JMP 000000010013059e
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1952] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                     0000000075cc524f 7 bytes JMP 0000000100120f52
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1952] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                         0000000075cc53d0 7 bytes JMP 0000000100130210
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1952] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                        0000000075cc5677 1 byte JMP 0000000100130048
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1952] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                        0000000075cc5679 5 bytes {JMP 0xffffffff8a46a9d1}
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1952] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                               0000000075cc589a 7 bytes JMP 0000000100120ca6
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1952] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                               0000000075cc5a1d 7 bytes JMP 00000001001303d8
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1952] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                          0000000075cc5c9b 7 bytes JMP 000000010013012c
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1952] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                            0000000075cc5d87 7 bytes JMP 00000001001302f4
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1952] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123           0000000075cc7240 7 bytes JMP 0000000100120e6e
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                     000000007765fc90 5 bytes JMP 000000010020091c
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                   000000007765fdf4 5 bytes JMP 0000000100200048
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                            000000007765fe88 5 bytes JMP 00000001002002ee
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                         000000007765ffe4 5 bytes JMP 00000001002004b2
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                 0000000077660018 5 bytes JMP 00000001002009fe
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                         0000000077660048 5 bytes JMP 0000000100200ae0
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                      0000000077660064 5 bytes JMP 00000001000a004c
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                         000000007766077c 5 bytes JMP 000000010020012a
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                             000000007766086c 5 bytes JMP 0000000100200758
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                       0000000077660884 5 bytes JMP 0000000100200676
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                           0000000077660dd4 5 bytes JMP 00000001002003d0
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                     0000000077661900 5 bytes JMP 0000000100200594
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                 0000000077661bc4 5 bytes JMP 000000010020083a
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                        0000000077661d50 5 bytes JMP 000000010020020c
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2012] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                                      0000000076c84945 6 bytes JMP 5f040f5a
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2012] C:\Windows\syswow64\kernel32.dll!Process32Next                                       0000000076ca888c 6 bytes JMP 5f070f5a
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2012] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                       0000000075cc524f 7 bytes JMP 0000000100200f52
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2012] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                           0000000075cc53d0 7 bytes JMP 0000000100210210
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2012] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                          0000000075cc5677 1 byte JMP 0000000100210048
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2012] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                          0000000075cc5679 5 bytes {JMP 0xffffffff8a54a9d1}
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2012] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                 0000000075cc589a 7 bytes JMP 0000000100200ca6
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2012] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                 0000000075cc5a1d 7 bytes JMP 00000001002103d8
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2012] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                            0000000075cc5c9b 7 bytes JMP 000000010021012c
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2012] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                              0000000075cc5d87 7 bytes JMP 00000001002102f4
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2012] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123             0000000075cc7240 7 bytes JMP 0000000100200e6e
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2012] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                            0000000075fb1492 7 bytes JMP 000000010021059e
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                              0000000077611465 2 bytes [61, 77]
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                             00000000776114bb 2 bytes [61, 77]
.text  ...                                                                                                                                                          * 2
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2012] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses                                          0000000077611544 6 bytes JMP 5f0a0f5a
.text  C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                000000007765fc90 5 bytes JMP 00000001001d091c
.text  C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                              000000007765fdf4 5 bytes JMP 00000001001d0048
.text  C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                       000000007765fe88 5 bytes JMP 00000001001d02ee
.text  C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                    000000007765ffe4 5 bytes JMP 00000001001d04b2
.text  C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                            0000000077660018 5 bytes JMP 00000001001d09fe
.text  C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                    0000000077660048 5 bytes JMP 00000001001d0ae0
.text  C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                 0000000077660064 5 bytes JMP 000000010002004c
.text  C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                    000000007766077c 5 bytes JMP 00000001001d012a
.text  C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                        000000007766086c 5 bytes JMP 00000001001d0758
.text  C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                  0000000077660884 5 bytes JMP 00000001001d0676
.text  C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                      0000000077660dd4 5 bytes JMP 00000001001d03d0
.text  C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                0000000077661900 5 bytes JMP 00000001001d0594
.text  C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                            0000000077661bc4 5 bytes JMP 00000001001d083a
.text  C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                   0000000077661d50 5 bytes JMP 00000001001d020c
.text  C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1240] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                                 0000000076c84945 6 bytes JMP 5f040f5a
.text  C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1240] C:\Windows\syswow64\kernel32.dll!Process32Next                                  0000000076ca888c 6 bytes JMP 5f070f5a
.text  C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1240] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                       0000000075fb1492 7 bytes JMP 00000001001e059e
.text  C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1240] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                  0000000075cc524f 7 bytes JMP 00000001001d0f52
.text  C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1240] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                      0000000075cc53d0 7 bytes JMP 00000001001e0210
.text  C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1240] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                     0000000075cc5677 1 byte JMP 00000001001e0048
.text  C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1240] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                     0000000075cc5679 5 bytes {JMP 0xffffffff8a51a9d1}
.text  C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1240] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                            0000000075cc589a 7 bytes JMP 00000001001d0ca6
.text  C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1240] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                            0000000075cc5a1d 7 bytes JMP 00000001001e03d8
.text  C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1240] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                       0000000075cc5c9b 7 bytes JMP 00000001001e012c
.text  C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1240] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                         0000000075cc5d87 7 bytes JMP 00000001001e02f4
.text  C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1240] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123        0000000075cc7240 7 bytes JMP 00000001001d0e6e
.text  C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe[1592] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                                     0000000076c84945 6 bytes JMP 5f040f5a
.text  C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe[1592] C:\Windows\syswow64\kernel32.dll!Process32Next                                      0000000076ca888c 6 bytes JMP 5f070f5a
.text  C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe[1696] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                                 0000000076c84945 6 bytes JMP 5f040f5a
.text  C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe[1696] C:\Windows\syswow64\kernel32.dll!Process32Next                                  0000000076ca888c 6 bytes JMP 5f070f5a
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2524] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                          0000000076c84945 6 bytes JMP 5f040f5a
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2524] C:\Windows\syswow64\kernel32.dll!Process32Next                           0000000076ca888c 6 bytes JMP 5f070f5a
.text  C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                     000000007765fc90 5 bytes JMP 000000010009091c
.text  C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                   000000007765fdf4 5 bytes JMP 0000000100090048
.text  C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                            000000007765fe88 5 bytes JMP 00000001000902ee
.text  C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                         000000007765ffe4 5 bytes JMP 00000001000904b2
.text  C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                 0000000077660018 5 bytes JMP 00000001000909fe
.text  C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                         0000000077660048 5 bytes JMP 0000000100090ae0
.text  C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                      0000000077660064 5 bytes JMP 000000010002004c
.text  C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                         000000007766077c 5 bytes JMP 000000010009012a
.text  C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                             000000007766086c 5 bytes JMP 0000000100090758
.text  C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                       0000000077660884 5 bytes JMP 0000000100090676
.text  C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                           0000000077660dd4 5 bytes JMP 00000001000903d0
.text  C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                     0000000077661900 5 bytes JMP 0000000100090594
.text  C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                 0000000077661bc4 5 bytes JMP 000000010009083a
.text  C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                        0000000077661d50 5 bytes JMP 000000010009020c
.text  C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2692] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                                      0000000076c84945 6 bytes JMP 5f040f5a
.text  C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2692] C:\Windows\syswow64\kernel32.dll!Process32Next                                       0000000076ca888c 6 bytes JMP 5f070f5a
.text  C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2692] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                            0000000075fb1492 7 bytes JMP 00000001000a0762
.text  C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2692] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                       0000000075cc524f 7 bytes JMP 0000000100090f52
.text  C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2692] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                           0000000075cc53d0 7 bytes JMP 00000001000a0210
.text  C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2692] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                          0000000075cc5677 1 byte JMP 00000001000a0048
.text  C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2692] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                          0000000075cc5679 5 bytes {JMP 0xffffffff8a3da9d1}
.text  C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2692] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                 0000000075cc589a 7 bytes JMP 0000000100090ca6
.text  C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2692] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                 0000000075cc5a1d 7 bytes JMP 00000001000a03d8
.text  C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2692] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                            0000000075cc5c9b 7 bytes JMP 00000001000a012c
.text  C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2692] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                              0000000075cc5d87 7 bytes JMP 00000001000a02f4
.text  C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2692] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123             0000000075cc7240 7 bytes JMP 0000000100090e6e
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2316] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                         0000000076c84945 6 bytes JMP 5f040f5a
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2316] C:\Windows\syswow64\kernel32.dll!Process32Next                          0000000076ca888c 6 bytes JMP 5f070f5a
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2328] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                 0000000076c84945 6 bytes JMP 5f040f5a
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2328] C:\Windows\syswow64\kernel32.dll!Process32Next                  0000000076ca888c 6 bytes JMP 5f070f5a
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69         0000000077611465 2 bytes [61, 77]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155        00000000776114bb 2 bytes [61, 77]
.text  ...                                                                                                                                                          * 2
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2328] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses                     0000000077611544 6 bytes JMP 5f0a0f5a
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3376] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                         000000007765fc90 5 bytes JMP 000000010013091c
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3376] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                       000000007765fdf4 5 bytes JMP 0000000100130048
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3376] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                000000007765fe88 5 bytes JMP 00000001001302ee
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3376] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                             000000007765ffe4 5 bytes JMP 00000001001304b2
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3376] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                     0000000077660018 5 bytes JMP 00000001001309fe
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3376] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                             0000000077660048 5 bytes JMP 0000000100130ae0
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3376] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                          0000000077660064 5 bytes JMP 000000010010004c
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3376] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                             000000007766077c 5 bytes JMP 000000010013012a
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3376] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                 000000007766086c 5 bytes JMP 0000000100130758
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3376] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                           0000000077660884 5 bytes JMP 0000000100130676
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3376] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                               0000000077660dd4 5 bytes JMP 00000001001303d0
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3376] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                         0000000077661900 5 bytes JMP 0000000100130594
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3376] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                     0000000077661bc4 5 bytes JMP 000000010013083a
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3376] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                            0000000077661d50 5 bytes JMP 000000010013020c
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3376] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                                          0000000076c84945 6 bytes JMP 5f040f5a
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3376] C:\Windows\syswow64\kernel32.dll!Process32Next                                           0000000076ca888c 6 bytes JMP 5f070f5a
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3376] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                0000000075fb1492 7 bytes JMP 000000010014059e
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3376] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                           0000000075cc524f 7 bytes JMP 0000000100130f52
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3376] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                               0000000075cc53d0 7 bytes JMP 0000000100140210
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3376] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                              0000000075cc5677 1 byte JMP 0000000100140048
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3376] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                              0000000075cc5679 5 bytes {JMP 0xffffffff8a47a9d1}
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3376] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                     0000000075cc589a 7 bytes JMP 0000000100130ca6
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3376] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                     0000000075cc5a1d 7 bytes JMP 00000001001403d8
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3376] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                0000000075cc5c9b 7 bytes JMP 000000010014012c
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3376] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                  0000000075cc5d87 7 bytes JMP 00000001001402f4
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3376] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                 0000000075cc7240 7 bytes JMP 0000000100130e6e
.text  C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe[3632] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                                 0000000076c84945 6 bytes JMP 5f040f5a
.text  C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe[3632] C:\Windows\syswow64\kernel32.dll!Process32Next                                  0000000076ca888c 6 bytes JMP 5f070f5a
.text  C:\Program Files (x86)\Protected Search\ProtectedSearch.exe[4020] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryExW                                            0000000076c84945 6 bytes {JMP QWORD [RIP+0x5f05001e]}
.text  C:\Program Files (x86)\Protected Search\ProtectedSearch.exe[4020] C:\Windows\syswow64\KERNEL32.dll!Process32Next                                             0000000076ca888c 6 bytes {JMP QWORD [RIP+0x5f08001e]}
.text  C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe[4056] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                               000000007765fc90 5 bytes JMP 000000010025091c
.text  C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe[4056] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                             000000007765fdf4 5 bytes JMP 0000000100250048
.text  C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe[4056] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                      000000007765fe88 5 bytes JMP 00000001002502ee
.text  C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe[4056] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                   000000007765ffe4 5 bytes JMP 00000001002504b2
.text  C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe[4056] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                           0000000077660018 5 bytes JMP 00000001002509fe
.text  C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe[4056] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                   0000000077660048 5 bytes JMP 0000000100250ae0
.text  C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe[4056] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                0000000077660064 5 bytes JMP 000000010003004c
.text  C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe[4056] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                   000000007766077c 5 bytes JMP 000000010025012a
.text  C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe[4056] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                       000000007766086c 5 bytes JMP 0000000100250758
.text  C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe[4056] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                 0000000077660884 5 bytes JMP 0000000100250676
.text  C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe[4056] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                     0000000077660dd4 5 bytes JMP 00000001002503d0
.text  C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe[4056] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                               0000000077661900 5 bytes JMP 0000000100250594
.text  C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe[4056] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                           0000000077661bc4 5 bytes JMP 000000010025083a
.text  C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe[4056] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                  0000000077661d50 5 bytes JMP 000000010025020c
.text  C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe[4056] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                                                0000000076c84945 6 bytes {JMP QWORD [RIP+0x5f05001e]}
.text  C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe[4056] C:\Windows\syswow64\kernel32.dll!Process32Next                                                 0000000076ca888c 6 bytes {JMP QWORD [RIP+0x5f08001e]}
.text  C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe[4056] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                      0000000075fb1492 7 bytes JMP 000000010026059e
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                            000000007765fc90 5 bytes JMP 00000001001d091c
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                          000000007765fdf4 5 bytes JMP 00000001001d0048
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                   000000007765fe88 5 bytes JMP 00000001001d02ee
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                000000007765ffe4 5 bytes JMP 00000001001d04b2
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                        0000000077660018 5 bytes JMP 00000001001d09fe
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                0000000077660048 5 bytes JMP 00000001001d0ae0
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                             0000000077660064 5 bytes JMP 000000010002004c
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                000000007766077c 5 bytes JMP 00000001001d012a
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                    000000007766086c 5 bytes JMP 00000001001d0758
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                              0000000077660884 5 bytes JMP 00000001001d0676
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                  0000000077660dd4 5 bytes JMP 00000001001d03d0
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                            0000000077661900 5 bytes JMP 00000001001d0594
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                        0000000077661bc4 5 bytes JMP 00000001001d083a
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                               0000000077661d50 5 bytes JMP 00000001001d020c
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4088] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                                             0000000076c84945 6 bytes JMP 5f040f5a
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4088] C:\Windows\syswow64\kernel32.dll!Process32Next                                              0000000076ca888c 6 bytes JMP 5f070f5a
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4088] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                              0000000075cc524f 7 bytes JMP 00000001001d0f52
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4088] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                  0000000075cc53d0 7 bytes JMP 00000001001e0210
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4088] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                 0000000075cc5677 1 byte JMP 00000001001e0048
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4088] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                 0000000075cc5679 5 bytes {JMP 0xffffffff8a51a9d1}
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4088] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                        0000000075cc589a 7 bytes JMP 00000001001d0ca6
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4088] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                        0000000075cc5a1d 7 bytes JMP 00000001001e03d8
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4088] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                   0000000075cc5c9b 7 bytes JMP 00000001001e012c
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4088] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                     0000000075cc5d87 7 bytes JMP 00000001001e02f4
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4088] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                    0000000075cc7240 7 bytes JMP 00000001001d0e6e
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4088] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                   0000000075fb1492 7 bytes JMP 00000001001e04bc
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[3864] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                 000000007765fc90 5 bytes JMP 000000010038091c
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[3864] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                               000000007765fdf4 5 bytes JMP 0000000100380048
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[3864] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                        000000007765fe88 5 bytes JMP 00000001003802ee
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[3864] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                     000000007765ffe4 5 bytes JMP 00000001003804b2
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[3864] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                             0000000077660018 5 bytes JMP 00000001003809fe
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[3864] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                     0000000077660048 5 bytes JMP 0000000100380ae0
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[3864] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                  0000000077660064 5 bytes JMP 000000010002004c
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[3864] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                     000000007766077c 5 bytes JMP 000000010038012a
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[3864] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                         000000007766086c 5 bytes JMP 0000000100380758
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[3864] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                   0000000077660884 5 bytes JMP 0000000100380676
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[3864] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                       0000000077660dd4 5 bytes JMP 00000001003803d0
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[3864] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                 0000000077661900 5 bytes JMP 0000000100380594
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[3864] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                             0000000077661bc4 5 bytes JMP 000000010038083a
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[3864] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                    0000000077661d50 5 bytes JMP 000000010038020c
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[3864] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                                  0000000076c84945 6 bytes JMP 5f040f5a
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[3864] C:\Windows\syswow64\kernel32.dll!Process32Next                                   0000000076ca888c 6 bytes JMP 5f070f5a
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[3864] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                        0000000075fb1492 7 bytes JMP 000000010039059e
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[3864] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                   0000000075cc524f 7 bytes JMP 0000000100380f52
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[3864] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                       0000000075cc53d0 7 bytes JMP 0000000100390210
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[3864] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                      0000000075cc5677 1 byte JMP 0000000100390048
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[3864] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                      0000000075cc5679 5 bytes {JMP 0xffffffff8a6ca9d1}
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[3864] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                             0000000075cc589a 7 bytes JMP 0000000100380ca6
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[3864] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                             0000000075cc5a1d 7 bytes JMP 00000001003903d8
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[3864] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                        0000000075cc5c9b 7 bytes JMP 000000010039012c
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[3864] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                          0000000075cc5d87 7 bytes JMP 00000001003902f4
.text  C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[3864] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123         0000000075cc7240 7 bytes JMP 0000000100380e6e
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                            000000007765fc90 5 bytes JMP 000000010028091c
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                          000000007765fdf4 5 bytes JMP 0000000100280048
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                   000000007765fe88 5 bytes JMP 00000001002802ee
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                000000007765ffe4 5 bytes JMP 00000001002804b2
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                        0000000077660018 5 bytes JMP 00000001002809fe
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                0000000077660048 5 bytes JMP 0000000100280ae0
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                             0000000077660064 5 bytes JMP 000000010002004c
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                000000007766077c 5 bytes JMP 000000010028012a
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                    000000007766086c 5 bytes JMP 0000000100280758
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                              0000000077660884 5 bytes JMP 0000000100280676
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                  0000000077660dd4 5 bytes JMP 00000001002803d0
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                            0000000077661900 5 bytes JMP 0000000100280594
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                        0000000077661bc4 5 bytes JMP 000000010028083a
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                               0000000077661d50 5 bytes JMP 000000010028020c
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3636] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                                             0000000076c84945 6 bytes JMP 5f040f5a
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3636] C:\Windows\syswow64\kernel32.dll!Process32Next                                              0000000076ca888c 6 bytes JMP 5f070f5a
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3636] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                   0000000075fb1492 7 bytes JMP 000000010029059e
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3636] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                              0000000075cc524f 7 bytes JMP 0000000100280f52
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3636] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                  0000000075cc53d0 7 bytes JMP 0000000100290210
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3636] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                 0000000075cc5677 1 byte JMP 0000000100290048
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3636] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                 0000000075cc5679 5 bytes {JMP 0xffffffff8a5ca9d1}
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3636] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                        0000000075cc589a 7 bytes JMP 0000000100280ca6
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3636] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                        0000000075cc5a1d 7 bytes JMP 00000001002903d8
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3636] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                   0000000075cc5c9b 7 bytes JMP 000000010029012c
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3636] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                     0000000075cc5d87 7 bytes JMP 00000001002902f4
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3636] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                    0000000075cc7240 7 bytes JMP 0000000100280e6e
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[4212] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                                                                  0000000076c84945 6 bytes JMP 5f040f5a
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[4212] C:\Windows\syswow64\kernel32.dll!Process32Next                                                                   0000000076ca888c 6 bytes JMP 5f070f5a
.text  C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[4260] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                000000007765fc90 5 bytes JMP 00000001002a091c
.text  C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[4260] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                              000000007765fdf4 5 bytes JMP 00000001002a0048
.text  C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[4260] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                       000000007765fe88 5 bytes JMP 00000001002a02ee
.text  C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[4260] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                    000000007765ffe4 5 bytes JMP 00000001002a04b2
.text  C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[4260] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                            0000000077660018 5 bytes JMP 00000001002a09fe
.text  C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[4260] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                    0000000077660048 5 bytes JMP 00000001002a0ae0
.text  C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[4260] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                 0000000077660064 5 bytes JMP 000000010024004c
.text  C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[4260] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                    000000007766077c 5 bytes JMP 00000001002a012a
.text  C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[4260] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                        000000007766086c 5 bytes JMP 00000001002a0758
.text  C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[4260] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                  0000000077660884 5 bytes JMP 00000001002a0676
.text  C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[4260] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                      0000000077660dd4 5 bytes JMP 00000001002a03d0
.text  C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[4260] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                0000000077661900 5 bytes JMP 00000001002a0594
.text  C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[4260] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                            0000000077661bc4 5 bytes JMP 00000001002a083a
.text  C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[4260] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                   0000000077661d50 5 bytes JMP 00000001002a020c
.text  C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[4260] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                  0000000075cc524f 7 bytes JMP 00000001002a0f52
.text  C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[4260] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                      0000000075cc53d0 7 bytes JMP 00000001002b0210
.text  C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[4260] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                     0000000075cc5677 1 byte JMP 00000001002b0048
.text  C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[4260] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                     0000000075cc5679 5 bytes {JMP 0xffffffff8a5ea9d1}
.text  C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[4260] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                            0000000075cc589a 7 bytes JMP 00000001002a0ca6
.text  C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[4260] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                            0000000075cc5a1d 7 bytes JMP 00000001002b03d8
.text  C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[4260] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                       0000000075cc5c9b 7 bytes JMP 00000001002b012c
.text  C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[4260] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                         0000000075cc5d87 7 bytes JMP 00000001002b02f4
.text  C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[4260] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123        0000000075cc7240 7 bytes JMP 00000001002a0e6e
.text  C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[4260] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                       0000000075fb1492 7 bytes JMP 00000001002b059e
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                      000000007765fc90 5 bytes JMP 00000001003d091c
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                    000000007765fdf4 5 bytes JMP 00000001003d0048
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                             000000007765fe88 5 bytes JMP 00000001003d02ee
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                          000000007765ffe4 5 bytes JMP 00000001003d04b2
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                  0000000077660018 5 bytes JMP 00000001003d09fe
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                          0000000077660048 5 bytes JMP 00000001003d0ae0
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                       0000000077660064 5 bytes JMP 000000010002004c
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                          000000007766077c 5 bytes JMP 00000001003d012a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                              000000007766086c 5 bytes JMP 00000001003d0758
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                        0000000077660884 5 bytes JMP 00000001003d0676
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                            0000000077660dd4 5 bytes JMP 00000001003d03d0
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                      0000000077661900 5 bytes JMP 00000001003d0594
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                  0000000077661bc4 5 bytes JMP 00000001003d083a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                         0000000077661d50 5 bytes JMP 00000001003d020c
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4724] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                        0000000075cc524f 7 bytes JMP 00000001003d0f52
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4724] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                            0000000075cc53d0 7 bytes JMP 00000001003e0210
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4724] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                           0000000075cc5677 1 byte JMP 00000001003e0048
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4724] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                           0000000075cc5679 5 bytes {JMP 0xffffffff8a71a9d1}
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4724] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                  0000000075cc589a 7 bytes JMP 00000001003d0ca6
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4724] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                  0000000075cc5a1d 7 bytes JMP 00000001003e03d8
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4724] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                             0000000075cc5c9b 7 bytes JMP 00000001003e012c
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4724] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                               0000000075cc5d87 7 bytes JMP 00000001003e02f4
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4724] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123              0000000075cc7240 7 bytes JMP 00000001003d0e6e
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4724] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                             0000000075fb1492 7 bytes JMP 00000001003e0762
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                            000000007765fc90 5 bytes JMP 000000010044091c
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                          000000007765fdf4 5 bytes JMP 0000000100440048
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                   000000007765fe88 5 bytes JMP 00000001004402ee
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                000000007765ffe4 5 bytes JMP 00000001004404b2
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                        0000000077660018 5 bytes JMP 00000001004409fe
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                0000000077660048 5 bytes JMP 0000000100440ae0
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                             0000000077660064 5 bytes JMP 000000010002004c
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                000000007766077c 5 bytes JMP 000000010044012a
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                    000000007766086c 5 bytes JMP 0000000100440758
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                              0000000077660884 5 bytes JMP 0000000100440676
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                  0000000077660dd4 5 bytes JMP 00000001004403d0
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                            0000000077661900 5 bytes JMP 0000000100440594
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                        0000000077661bc4 5 bytes JMP 000000010044083a
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                               0000000077661d50 5 bytes JMP 000000010044020c
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4532] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                                             0000000076c84945 6 bytes JMP 5f040f5a
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4532] C:\Windows\syswow64\kernel32.dll!Process32Next                                              0000000076ca888c 6 bytes JMP 5f070f5a
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4532] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                   0000000075fb1492 7 bytes JMP 00000001004504bc
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4532] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                              0000000075cc524f 7 bytes JMP 0000000100440f52
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4532] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                  0000000075cc53d0 7 bytes JMP 0000000100450210
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4532] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                 0000000075cc5677 1 byte JMP 0000000100450048
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4532] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                 0000000075cc5679 5 bytes {JMP 0xffffffff8a78a9d1}
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4532] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                        0000000075cc589a 7 bytes JMP 0000000100440ca6
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4532] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                        0000000075cc5a1d 7 bytes JMP 00000001004503d8
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4532] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                   0000000075cc5c9b 7 bytes JMP 000000010045012c
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4532] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                     0000000075cc5d87 7 bytes JMP 00000001004502f4
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4532] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                    0000000075cc7240 7 bytes JMP 0000000100440e6e
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4456] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                            000000007765fc90 5 bytes JMP 000000010024091c
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4456] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                          000000007765fdf4 5 bytes JMP 0000000100240048
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4456] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                   000000007765fe88 5 bytes JMP 00000001002402ee
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4456] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                000000007765ffe4 5 bytes JMP 00000001002404b2
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4456] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                        0000000077660018 5 bytes JMP 00000001002409fe
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4456] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                0000000077660048 5 bytes JMP 0000000100240ae0
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4456] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                             0000000077660064 5 bytes JMP 000000010002004c
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4456] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                000000007766077c 5 bytes JMP 000000010024012a
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4456] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                    000000007766086c 5 bytes JMP 0000000100240758
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4456] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                              0000000077660884 5 bytes JMP 0000000100240676
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4456] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                  0000000077660dd4 5 bytes JMP 00000001002403d0
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4456] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                            0000000077661900 5 bytes JMP 0000000100240594
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4456] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                        0000000077661bc4 5 bytes JMP 000000010024083a
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4456] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                               0000000077661d50 5 bytes JMP 000000010024020c
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4456] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                                             0000000076c84945 6 bytes JMP 5f040f5a
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4456] C:\Windows\syswow64\kernel32.dll!Process32Next                                              0000000076ca888c 6 bytes JMP 5f070f5a
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4456] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                   0000000075fb1492 7 bytes JMP 00000001002504bc
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4456] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                              0000000075cc524f 7 bytes JMP 0000000100240f52
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4456] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                  0000000075cc53d0 7 bytes JMP 0000000100250210
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4456] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                 0000000075cc5677 1 byte JMP 0000000100250048
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4456] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                 0000000075cc5679 5 bytes {JMP 0xffffffff8a58a9d1}
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4456] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                        0000000075cc589a 7 bytes JMP 0000000100240ca6
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4456] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                        0000000075cc5a1d 7 bytes JMP 00000001002503d8
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4456] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                   0000000075cc5c9b 7 bytes JMP 000000010025012c
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4456] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                     0000000075cc5d87 7 bytes JMP 00000001002502f4
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4456] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                    0000000075cc7240 7 bytes JMP 0000000100240e6e
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[2352] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                            000000007765fc90 5 bytes JMP 000000010028091c
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[2352] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                          000000007765fdf4 5 bytes JMP 0000000100280048
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[2352] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                   000000007765fe88 5 bytes JMP 00000001002802ee
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[2352] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                000000007765ffe4 5 bytes JMP 00000001002804b2
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[2352] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                        0000000077660018 5 bytes JMP 00000001002809fe
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[2352] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                0000000077660048 5 bytes JMP 0000000100280ae0
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[2352] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                             0000000077660064 5 bytes JMP 000000010002004c
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[2352] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                000000007766077c 5 bytes JMP 000000010028012a
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[2352] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                    000000007766086c 5 bytes JMP 0000000100280758
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[2352] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                              0000000077660884 5 bytes JMP 0000000100280676
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[2352] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                  0000000077660dd4 5 bytes JMP 00000001002803d0
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[2352] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                            0000000077661900 5 bytes JMP 0000000100280594
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[2352] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                        0000000077661bc4 5 bytes JMP 000000010028083a
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[2352] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                               0000000077661d50 5 bytes JMP 000000010028020c
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[2352] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                                             0000000076c84945 6 bytes JMP 5f040f5a
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[2352] C:\Windows\syswow64\kernel32.dll!Process32Next                                              0000000076ca888c 6 bytes JMP 5f070f5a
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[2352] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                   0000000075fb1492 7 bytes JMP 000000010029059e
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[2352] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                              0000000075cc524f 7 bytes JMP 0000000100280f52
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[2352] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                  0000000075cc53d0 7 bytes JMP 0000000100290210
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[2352] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                 0000000075cc5677 1 byte JMP 0000000100290048
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[2352] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                 0000000075cc5679 5 bytes {JMP 0xffffffff8a5ca9d1}
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[2352] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                        0000000075cc589a 7 bytes JMP 0000000100280ca6
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[2352] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                        0000000075cc5a1d 7 bytes JMP 00000001002903d8
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[2352] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                   0000000075cc5c9b 7 bytes JMP 000000010029012c
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[2352] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                     0000000075cc5d87 7 bytes JMP 00000001002902f4
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[2352] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                    0000000075cc7240 7 bytes JMP 0000000100280e6e
.text  C:\Users\Vetter\Desktop\gmer_2.1.19115.exe[504] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                             000000007765fc90 5 bytes JMP 000000010028091c
.text  C:\Users\Vetter\Desktop\gmer_2.1.19115.exe[504] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                           000000007765fdf4 5 bytes JMP 0000000100280048
.text  C:\Users\Vetter\Desktop\gmer_2.1.19115.exe[504] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                    000000007765fe88 5 bytes JMP 00000001002802ee
.text  C:\Users\Vetter\Desktop\gmer_2.1.19115.exe[504] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                 000000007765ffe4 5 bytes JMP 00000001002804b2
.text  C:\Users\Vetter\Desktop\gmer_2.1.19115.exe[504] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                         0000000077660018 5 bytes JMP 00000001002809fe
.text  C:\Users\Vetter\Desktop\gmer_2.1.19115.exe[504] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                 0000000077660048 5 bytes JMP 0000000100280ae0
.text  C:\Users\Vetter\Desktop\gmer_2.1.19115.exe[504] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                              0000000077660064 5 bytes JMP 000000010002004c
.text  C:\Users\Vetter\Desktop\gmer_2.1.19115.exe[504] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                 000000007766077c 5 bytes JMP 000000010028012a
.text  C:\Users\Vetter\Desktop\gmer_2.1.19115.exe[504] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                     000000007766086c 5 bytes JMP 0000000100280758
.text  C:\Users\Vetter\Desktop\gmer_2.1.19115.exe[504] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                               0000000077660884 5 bytes JMP 0000000100280676
.text  C:\Users\Vetter\Desktop\gmer_2.1.19115.exe[504] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                   0000000077660dd4 5 bytes JMP 00000001002803d0
.text  C:\Users\Vetter\Desktop\gmer_2.1.19115.exe[504] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                             0000000077661900 5 bytes JMP 0000000100280594
.text  C:\Users\Vetter\Desktop\gmer_2.1.19115.exe[504] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                         0000000077661bc4 5 bytes JMP 000000010028083a
.text  C:\Users\Vetter\Desktop\gmer_2.1.19115.exe[504] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                0000000077661d50 5 bytes JMP 000000010028020c
.text  C:\Users\Vetter\Desktop\gmer_2.1.19115.exe[504] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                                                              0000000076c84945 6 bytes JMP 5f040f5a
.text  C:\Users\Vetter\Desktop\gmer_2.1.19115.exe[504] C:\Windows\syswow64\kernel32.dll!Process32Next                                                               0000000076ca888c 6 bytes JMP 5f070f5a
.text  C:\Users\Vetter\Desktop\gmer_2.1.19115.exe[504] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                    0000000075fb1492 7 bytes JMP 0000000100280bc2
.text  C:\Users\Vetter\Desktop\gmer_2.1.19115.exe[504] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                               0000000075cc524f 7 bytes JMP 0000000100320048
.text  C:\Users\Vetter\Desktop\gmer_2.1.19115.exe[504] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                   0000000075cc53d0 7 bytes JMP 00000001003202f4
.text  C:\Users\Vetter\Desktop\gmer_2.1.19115.exe[504] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                  0000000075cc5677 7 bytes JMP 000000010032012c
.text  C:\Users\Vetter\Desktop\gmer_2.1.19115.exe[504] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                         0000000075cc589a 7 bytes JMP 0000000100280d88
.text  C:\Users\Vetter\Desktop\gmer_2.1.19115.exe[504] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                         0000000075cc5a1d 7 bytes JMP 00000001003204bc
.text  C:\Users\Vetter\Desktop\gmer_2.1.19115.exe[504] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                    0000000075cc5c9b 7 bytes JMP 0000000100320210
.text  C:\Users\Vetter\Desktop\gmer_2.1.19115.exe[504] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                      0000000075cc5d87 7 bytes JMP 00000001003203d8
.text  C:\Users\Vetter\Desktop\gmer_2.1.19115.exe[504] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                     0000000075cc7240 7 bytes JMP 0000000100280f50

---- Files - GMER 2.1 ----

File   C:\N360_BACKUP\{9C67E5C3-CA15-4FCF-9C28-DDCF6ED8DB18}\{9\4063CAE-73C4-4A3D-9BAB-A6AF302C73FE}                                                                1271 bytes
File   C:\N360_BACKUP\{9C67E5C3-CA15-4FCF-9C28-DDCF6ED8DB18}\{9\0A49DAC-23BA-411F-B5B4-E8780DF5E624}                                                                1930 bytes

---- EOF - GMER 2.1 ----
         
--- --- ---


Geändert von Borsti1971 (04.03.2013 um 12:17 Uhr)

Alt 04.03.2013, 19:43   #6
M-K-D-B
/// TB-Ausbilder
 
gvu trojaner auf win7 - Standard

gvu trojaner auf win7



Servus,




Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Schritt 2

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 3
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT,
  • die Logdatei von ComboFix.
__________________
--> gvu trojaner auf win7

Alt 05.03.2013, 14:27   #7
Borsti1971
 
gvu trojaner auf win7 - Standard

gvu trojaner auf win7



weiss nicht wie das verschlüsseln geht. verstehe die anleitung im inet nicht!
hoffe es geht auch so!


AdwCleaner[S1].txt

JRT.txt

ComboFix.txt

Alt 05.03.2013, 16:27   #8
M-K-D-B
/// TB-Ausbilder
 
gvu trojaner auf win7 - Standard

gvu trojaner auf win7



Servus,




Schritt 1
  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
c:\windows\SysWow64\searchplugins\*.* /S
c:\windows\SysWow64\Extensions\*.* /S
c:\users\Vetter\AppData\Roaming\0D1G1I1Q1B2Z1C1V0A1N1N1C1P1N1T2Z1F1C\*.* /S
         
  • Schließe bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread





Schritt 2
Lade SystemLook von jpshortstuff vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop.
SystemLook (64 bit)
  • Doppelklicke auf die SystemLook_x64.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
    Code:
    ATTFilter
    :filefind
    IB Updater*
    ChatZum*
    Iminent*
    Protected Search*
    PutLockerDownloader*
    Yontoo*
    Babylon*
    DownTango*
    simplytech*
    Toolplugin*
    OpenCandy*
    DataMngr*
    
    :folderfind
    IB Updater*
    ChatZum*
    Iminent*
    Protected Search*
    PutLockerDownloader*
    Yontoo*
    Babylon*
    DownTango*
    simplytech*
    Toolplugin*
    OpenCandy*
    DataMngr*
    
    :regfind
    IB Updater
    IBUpdaterService
    ChatZum
    Iminent
    Protected Search
    PutLockerDownloader
    Yontoo
    Babylon
    DownTango
    simplytech
    Toolplugin
    OpenCandy
    DataMngr
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.





Wie läuft dein Rechner momentan?
Gibt es noch Probleme? Wenn ja, welche?





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von OTL,
  • die Logdatei von SystemLook,
  • die Beantwortung der gestellten Fragen.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 05.03.2013, 18:48   #9
Borsti1971
 
gvu trojaner auf win7 - Standard

gvu trojaner auf win7



Hi bisher habe ich nur noch probleme beim runterfahren . ein programm scheint etwas länger zu brauchen. sonnst sind eigentlich alle probleme die ich die letzten tage hatte weg! bisher ist mir sonnst nichts aufgefallen!
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 05.03.2013 17:54:51 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Vetter\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,75 Gb Total Physical Memory | 6,09 Gb Available Physical Memory | 78,61% Memory free
15,49 Gb Paging File | 13,54 Gb Available in Paging File | 87,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921,75 Gb Total Space | 277,32 Gb Free Space | 30,09% Space Free | Partition Type: NTFS
Drive D: | 2,16 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: VETTER-PC | User Name: Vetter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.03 16:25:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vetter\Desktop\OTL.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012.12.05 02:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe
PRC - [2012.07.17 14:14:08 | 000,132,056 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
PRC - [2011.11.07 20:37:20 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.11.21 04:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010.03.05 10:15:12 | 000,235,752 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2010.03.05 10:15:04 | 000,411,864 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2010.02.03 16:17:18 | 005,756,544 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2009.09.23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.30 07:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.2.1.22\wincfi39.dll
MOD - [2009.09.30 04:33:08 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009.07.31 21:39:08 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009.03.25 16:53:14 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
MOD - [2009.03.19 22:35:52 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AiNap.dll
MOD - [2009.03.19 22:35:50 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\vvc.dll
MOD - [2009.01.15 14:55:10 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.09.28 15:43:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012.04.06 03:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.02.27 13:28:24 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.20 07:20:47 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012.12.05 02:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe -- (N360)
SRV - [2012.07.17 14:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.07.17 14:14:08 | 000,132,056 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011.11.07 20:37:20 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.09.27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.10.22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.05 10:15:12 | 000,235,752 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.10.21 18:15:34 | 000,376,832 | ---- | M] (T-Systems International GmbH) [Auto | Running] -- C:\Program Files (x86)\T-Home\Dialerschutz-Software\DFInject64.exe -- (DFSVC)
SRV - [2009.09.23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.10.09 02:00:02 | 000,776,864 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012.10.04 02:40:35 | 001,133,216 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012.10.04 02:40:20 | 000,493,216 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symds64.sys -- (SymDS)
DRV:64bit: - [2012.09.27 09:47:38 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012.09.07 03:05:14 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symnets.sys -- (SymNetS)
DRV:64bit: - [2012.09.07 03:05:07 | 000,043,680 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2012.09.07 02:48:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012.08.20 20:50:10 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012.07.28 01:15:28 | 000,057,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.05.24 22:36:56 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012.04.06 06:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 02:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.09.02 07:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2011.09.02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.09.02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.08.19 16:50:52 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.08.19 16:50:52 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.01.15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.11 23:16:00 | 000,037,504 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010.11.11 23:15:58 | 000,077,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010.05.20 08:30:58 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2010.02.18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.10.15 18:14:38 | 000,028,192 | ---- | M] (T-Systems International GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SipIMNDI64.sys -- (SipIMNDI)
DRV:64bit: - [2009.07.17 12:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013.01.16 15:04:32 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130304.048\ex64.sys -- (NAVEX15)
DRV - [2013.01.16 15:04:32 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130304.048\eng64.sys -- (NAVENG)
DRV - [2013.01.16 03:51:11 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130208.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012.09.26 14:45:52 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130301.002\IDSviA64.sys -- (IDSVia64)
DRV - [2012.08.18 02:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012.08.18 02:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.04.09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV - [2009.10.15 18:14:38 | 000,017,952 | ---- | M] (T-Systems International GmbH) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\T-Home\Dialerschutz-Software\DFSYS64.SYS -- (DFSYS)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.03.09 19:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://t-online.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7A 72 A2 D7 D3 E4 CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://www.google.com
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search
IE - HKCU\..\SearchScopes\{1880F156-1949-496E-AE6F-9EB4C83FE4DF}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=D25D3239-D686-40F7-AD58-1D0085AC5AA1&apn_sauid=FB42C9CC-CD73-48B2-A8FD-DB7D7107FF89
IE - HKCU\..\SearchScopes\{1F8432C8-96F0-42cd-B0CC-FF0B583EDFE1}: "URL" = hxxp://search.chatzum.com/?q={searchTerms}
IE - HKCU\..\SearchScopes\{534E882A-B0D6-4CA6-8873-409BE1B129BD}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
IE - HKCU\..\SearchScopes\{C8EAD400-6FF9-4cd2-A51F-095B542F65E4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7BFE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052%7D:2.0.0.578
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Vetter\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.19 16:24:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2012.09.27 09:47:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013.03.05 17:48:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\IB Updater\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.20 07:20:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.19 16:24:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.20 07:20:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.02.04 16:59:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vetter\AppData\Roaming\mozilla\Extensions
[2013.03.05 12:05:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vetter\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2012.11.06 17:19:24 | 000,214,034 | ---- | M] () (No name found) -- C:\Users\Vetter\AppData\Roaming\mozilla\firefox\profiles\extensions\putlockerdownloader@putlockerdownloader.com.xpi
[2013.02.20 07:20:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\IB UPDATER\FIREFOX
[2013.02.20 07:20:47 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.05 04:45:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.25 21:20:48 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src
[2013.02.20 07:20:47 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Vetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Vetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Vetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Vetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.1.36_0\
CHR - Extension: No name found = C:\Users\Vetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.03.05 13:23:30 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (smartdownloader Class) - {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - C:\Program Files (x86)\PutLockerDownloader\smarterdownloader.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [T-Home Dialerschutz-Software] C:\Program Files (x86)\T-Home\Dialerschutz-Software\Defender64.exe (T-Systems International GmbH)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Vetter\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Vetter\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Vetter\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: telekom.de ([kundencenter] https in Vertrauenswürdige Sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D277AB90-1EDC-4A07-953E-50A633555628}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.01.14 03:01:16 | 000,000,000 | R--D | M] - D:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2007.01.14 02:28:44 | 000,630,784 | R--- | M] (Electronic Arts Inc.) - D:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2007.01.14 02:55:12 | 000,000,156 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2007.01.13 22:30:07 | 000,585,728 | R--- | M] (Electronic Arts Inc.) - D:\AutoRunGUI.dll -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.05 12:34:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.05 12:34:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.05 12:34:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.05 12:30:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.05 12:29:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.05 12:10:28 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.05 12:09:43 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.04 12:15:14 | 000,000,000 | ---D | C] -- C:\Users\Vetter\Desktop\Neuer Ordner (2)
[2013.03.03 16:25:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Vetter\Desktop\OTL.exe
[2013.03.03 13:09:11 | 000,000,000 | ---D | C] -- C:\Users\Vetter\AppData\Roaming\Malwarebytes
[2013.03.03 13:09:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.03 13:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.03 13:09:07 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.03 13:09:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.03 13:08:51 | 000,000,000 | ---D | C] -- C:\Users\Vetter\AppData\Local\Programs
[2013.02.22 13:22:17 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.22 13:21:43 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.22 13:21:43 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.22 13:21:43 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.20 07:20:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.19 15:00:54 | 000,000,000 | ---D | C] -- C:\Users\Vetter\Desktop\Hexe handy
[2013.02.13 19:41:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.13 19:41:32 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.13 19:41:32 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.13 19:41:31 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.13 19:41:31 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.13 19:41:31 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.13 19:41:30 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.13 19:41:30 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.13 19:41:30 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.13 19:41:30 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.13 19:41:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.13 19:41:29 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.13 19:41:27 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.13 19:41:27 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.13 19:41:27 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.13 12:43:35 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.13 12:43:34 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.13 12:43:34 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.13 12:43:27 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.13 12:43:26 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.13 12:43:26 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.13 12:43:26 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.13 12:43:26 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.13 12:43:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.13 12:43:24 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.04 21:05:13 | 000,000,000 | ---D | C] -- C:\Users\Vetter\AppData\Local\Facebook
[2013.02.04 17:09:13 | 000,000,000 | ---D | C] -- C:\Users\Vetter\AppData\Local\Macromedia
[2013.02.04 17:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013.02.04 16:59:14 | 000,000,000 | ---D | C] -- C:\Users\Vetter\AppData\Local\Mozilla
[2013.02.04 16:59:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.02.04 16:59:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.02.04 16:58:33 | 000,000,000 | ---D | C] -- C:\Users\Vetter\AppData\Roaming\0D1G1I1Q1B2Z1C1V0A1N1N1C1P1N1T2Z1F1C
[2013.02.04 16:58:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013.02.04 16:58:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.05 17:53:19 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.05 17:53:19 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.05 17:45:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.05 17:44:59 | 1944,674,303 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.05 15:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.05 15:10:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-370278466-1842527618-776855722-1001UA.job
[2013.03.05 13:23:30 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.03.03 16:59:01 | 000,000,000 | ---- | M] () -- C:\Users\Vetter\defogger_reenable
[2013.03.03 16:25:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vetter\Desktop\OTL.exe
[2013.03.01 23:02:21 | 001,614,852 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.01 23:02:21 | 000,697,276 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.01 23:02:21 | 000,652,594 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.01 23:02:21 | 000,148,314 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.01 23:02:21 | 000,121,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.01 21:10:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-370278466-1842527618-776855722-1001Core.job
[2013.02.27 13:28:22 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.27 13:28:22 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.22 13:21:37 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013.02.22 13:21:37 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.02.22 13:21:37 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.22 13:21:37 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.22 13:21:37 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.22 13:21:37 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.18 17:00:13 | 000,000,001 | ---- | M] () -- C:\Users\Vetter\.SIG_PINSTATUS_VOREINSTELLUNG
[2013.02.18 17:00:13 | 000,000,001 | ---- | M] () -- C:\Users\Vetter\.SIG_DIALOG_VOREINSTELLUNG
[2013.02.14 18:41:44 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\isolate.ini
[2013.02.14 12:57:22 | 000,271,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.04 16:59:11 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.05 12:34:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.05 12:34:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.05 12:34:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.05 12:34:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.05 12:34:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.03 16:59:01 | 000,000,000 | ---- | C] () -- C:\Users\Vetter\defogger_reenable
[2013.02.19 15:16:48 | 004,390,818 | ---- | C] () -- C:\Users\Vetter\Desktop\Facebook Lied _ Song - Every Day Im Facebooking.mp3
[2013.02.18 17:00:13 | 000,000,001 | ---- | C] () -- C:\Users\Vetter\.SIG_PINSTATUS_VOREINSTELLUNG
[2013.02.18 17:00:13 | 000,000,001 | ---- | C] () -- C:\Users\Vetter\.SIG_DIALOG_VOREINSTELLUNG
[2013.02.04 21:05:20 | 000,000,932 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-370278466-1842527618-776855722-1001UA.job
[2013.02.04 21:05:20 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-370278466-1842527618-776855722-1001Core.job
[2013.02.04 20:44:14 | 000,001,180 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013.02.04 16:59:10 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.02.04 16:59:10 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.01.30 18:36:41 | 000,003,584 | ---- | C] () -- C:\Users\Vetter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.26 17:46:42 | 000,011,264 | ---- | C] () -- C:\Windows\Launcher.exe
[2012.07.23 13:25:52 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2012.06.05 12:08:34 | 000,007,605 | ---- | C] () -- C:\Users\Vetter\AppData\Local\resmon.resmoncfg
[2012.05.29 11:16:19 | 000,000,600 | ---- | C] () -- C:\Users\Vetter\AppData\Roaming\winscp.rnd
[2012.04.10 13:01:53 | 000,000,820 | ---- | C] () -- C:\Windows\eReg.dat
[2012.04.06 02:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 02:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.05 16:08:27 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012.02.05 15:54:30 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2011.12.24 11:27:37 | 000,000,223 | ---- | C] () -- C:\Users\Vetter\AppData\Roaming\default.rss
[2011.12.19 16:22:01 | 000,245,514 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011.12.19 16:22:01 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011.12.19 12:43:19 | 001,591,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.17 15:30:41 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011.12.17 15:30:40 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.12.17 15:30:33 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011.12.17 15:30:33 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011.12.17 15:23:26 | 000,042,392 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011.12.17 15:19:13 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.12.17 15:18:48 | 000,033,216 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.12.17 14:57:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
< c:\windows\SysWow64\searchplugins\*.* /S >
 
< c:\windows\SysWow64\Extensions\*.* /S >
 
< c:\users\Vetter\AppData\Roaming\0D1G1I1Q1B2Z1C1V0A1N1N1C1P1N1T2Z1F1C\*.* /S >
[2013.01.30 14:45:44 | 001,114,624 | ---- | M] () -- c:\users\Vetter\AppData\Roaming\0D1G1I1Q1B2Z1C1V0A1N1N1C1P1N1T2Z1F1C\Firefox Packages\uninstaller.exe

< End of report >
         
--- --- ---





SystemLook 30.07.11 by jpshortstuff
Log created at 18:09 on 05/03/2013 by Vetter
Administrator - Elevation successful

========== filefind ==========

Searching for "IB Updater*"
No files found.

Searching for "ChatZum*"
No files found.

Searching for "Iminent*"
No files found.

Searching for "Protected Search*"
C:\Windows\System32\Tasks\ProtectedSearch\Protected Search --a---- 3122 bytes [17:46 26/12/2012] [17:46 26/12/2012] 3255AC0AB5B5F47530DC3773A3D5A8E2

Searching for "PutLockerDownloader*"
C:\Users\Vetter\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\putlockerdownloader@putlockerdownloader.com.xpi --a---- 214034 bytes [16:19 06/11/2012] [16:19 06/11/2012] B205D04BC63AD0AD05AD072E4158E5AB

Searching for "Yontoo*"
No files found.

Searching for "Babylon*"
No files found.

Searching for "DownTango*"
No files found.

Searching for "simplytech*"
No files found.

Searching for "Toolplugin*"
No files found.

Searching for "OpenCandy*"
No files found.

Searching for "DataMngr*"
No files found.

========== folderfind ==========

Searching for "IB Updater*"
No folders found.

Searching for "ChatZum*"
No folders found.

Searching for "Iminent*"
No folders found.

Searching for "Protected Search*"
No folders found.

Searching for "PutLockerDownloader*"
No folders found.

Searching for "Yontoo*"
No folders found.

Searching for "Babylon*"
No folders found.

Searching for "DownTango*"
No folders found.

Searching for "simplytech*"
No folders found.

Searching for "Toolplugin*"
No folders found.

Searching for "OpenCandy*"
No folders found.

Searching for "DataMngr*"
No folders found.

========== regfind ==========

Searching for "IB Updater"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-370278466-1842527618-776855722-1001\Software\IB Updater]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-370278466-1842527618-776855722-1001\Software\IB Updater\script_storage]
"product_name"="IB Updater"
[HKEY_LOCAL_MACHINE\SOFTWARE\IB Updater]
[HKEY_LOCAL_MACHINE\SOFTWARE\IB Updater]
"product_name"="IB Updater"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]
"{336D0C35-8A85-403a-B9D2-65C292C39087}"="C:\Program Files\IB Updater\Firefox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]
"{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}"="C:\Program Files\IB Updater\Firefox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions]
"{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}"="C:\Program Files\IB Updater\Firefox"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\IB Updater]
[HKEY_USERS\S-1-5-21-370278466-1842527618-776855722-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-370278466-1842527618-776855722-1001\Software\IB Updater]
[HKEY_USERS\S-1-5-21-370278466-1842527618-776855722-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-370278466-1842527618-776855722-1001\Software\IB Updater\script_storage]
"product_name"="IB Updater"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\IB Updater]

Searching for "IBUpdaterService"
No data found.

Searching for "ChatZum"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-370278466-1842527618-776855722-1001\Software\IB Updater\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q"," search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.c om":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q ","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","searc h.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.com ":"query","isearch.babylon.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1F8432C8-96F0-42cd-B0CC-FF0B583EDFE1}]
"DisplayName"="ChatZum Search"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1F8432C8-96F0-42cd-B0CC-FF0B583EDFE1}]
"URL"="hxxp://search.chatzum.com/?q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1F8432C8-96F0-42cd-B0CC-FF0B583EDFE1}]
"TopResultURLFallback"="hxxp://search.chatzum.com/?q={searchTerms}"
[HKEY_USERS\S-1-5-21-370278466-1842527618-776855722-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-370278466-1842527618-776855722-1001\Software\IB Updater\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q"," search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.c om":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q ","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","searc h.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","searc
[HKEY_USERS\S-1-5-21-370278466-1842527618-776855722-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1F8432C8-96F0-42cd-B0CC-FF0B583EDFE1}]
"DisplayName"="ChatZum Search"
[HKEY_USERS\S-1-5-21-370278466-1842527618-776855722-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1F8432C8-96F0-42cd-B0CC-FF0B583EDFE1}]
"URL"="hxxp://search.chatzum.com/?q={searchTerms}"
[HKEY_USERS\S-1-5-21-370278466-1842527618-776855722-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1F8432C8-96F0-42cd-B0CC-FF0B583EDFE1}]
"TopResultURLFallback"="hxxp://search.chatzum.com/?q={searchTerms}"

Searching for "Iminent"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\TBSB01620\Toolbar]
"toolbar_version"="IMinent Toolbar 1.0.256"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-370278466-1842527618-776855722-1001\Software\IB Updater\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q"," search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.c om":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q ","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","searc h.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.com ":"query","isearch.babylon.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\inst\Bootstrapper\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\inst\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]
"00000000000000000000000000000000"="C:\Program Files (x86)\Iminent\inst\Bootstrapper\Bootstrapper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]
"00000000000000000000000000000000"="02:\SOFTWARE\Iminent\AppInstanceUid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7]
"00000000000000000000000000000000"="C:\Program Files (x86)\Iminent\SearchTheWeb.xml"
[HKEY_USERS\S-1-5-21-370278466-1842527618-776855722-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\TBSB01620\Toolbar]
"toolbar_version"="IMinent Toolbar 1.0.256"
[HKEY_USERS\S-1-5-21-370278466-1842527618-776855722-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-370278466-1842527618-776855722-1001\Software\IB Updater\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q"," search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.c om":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q ","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","searc h.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","searc

Searching for "Protected Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{501E27ED-6F8D-4384-B078-EF46EADDC5AF}]
"Path"="\ProtectedSearch\Protected Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProtectedSearch\Protected Search]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4EB8FE64-7A26-462E-AA13-D682B6AE7F2B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Protected Search\ProtectedSearch.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6D936F17-6696-40C2-88F7-ABB04BBCB2F4}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\Protected Search\ProtectedSearch.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0752CAD6-483D-4086-B63D-B3C4B76AF981}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Protected Search\ProtectedSearch.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{028D6735-3B5E-44B2-868F-6EF0B39B5B64}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\Protected Search\ProtectedSearch.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4EB8FE64-7A26-462E-AA13-D682B6AE7F2B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Protected Search\ProtectedSearch.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6D936F17-6696-40C2-88F7-ABB04BBCB2F4}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\Protected Search\ProtectedSearch.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0752CAD6-483D-4086-B63D-B3C4B76AF981}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Protected Search\ProtectedSearch.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{028D6735-3B5E-44B2-868F-6EF0B39B5B64}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\Protected Search\ProtectedSearch.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4EB8FE64-7A26-462E-AA13-D682B6AE7F2B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Protected Search\ProtectedSearch.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6D936F17-6696-40C2-88F7-ABB04BBCB2F4}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\Protected Search\ProtectedSearch.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0752CAD6-483D-4086-B63D-B3C4B76AF981}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Protected Search\ProtectedSearch.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{028D6735-3B5E-44B2-868F-6EF0B39B5B64}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\Protected Search\ProtectedSearch.exe|Name=Protected Search|"

Searching for "PutLockerDownloader"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\PutLockerDownloader.com\PutLockerDownloader.exe"="PutLockerDownloader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}\InprocServer32]
@="C:\Program Files (x86)\PutLockerDownloader\smarterdownloader.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}\InprocServer32]
@="C:\Program Files (x86)\PutLockerDownloader\smarterdownloader.dll"
[HKEY_USERS\S-1-5-21-370278466-1842527618-776855722-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\PutLockerDownloader.com\PutLockerDownloader.exe"="PutLockerDownloader"
[HKEY_USERS\S-1-5-21-370278466-1842527618-776855722-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\PutLockerDownloader.com\PutLockerDownloader.exe"="PutLockerDownloader"

Searching for "Yontoo"
No data found.

Searching for "Babylon"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-370278466-1842527618-776855722-1001\Software\IB Updater\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q"," search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.c om":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q ","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","searc h.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.com ":"query","isearch.babylon.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\Vetter\AppData\Roaming\BabylonToolbar\Shared\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\Vetter\AppData\Roaming\BabylonToolbar\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\Vetter\AppData\Roaming\BabylonToolbar\CR\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\Vetter\AppData\Roaming\BabylonToolbar\FF\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\Vetter\AppData\Roaming\BabylonToolbar\IE\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DA5BD2D3CA2D6943A1A233CD3F88CE7]
"3192AA38321C641458DBDAF83979D193"="01:\Software\Microsoft\Babylon\BabylonChromeToolbar1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC9EFC5C3366B4DB850DAB49330C52]
"3192AA38321C641458DBDAF83979D193"="01:\Software\Microsoft\Babylon\BabylonIEToolbar1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7]
"3192AA38321C641458DBDAF83979D193"="01:\Software\Microsoft\Babylon\BabylonChromeToolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E98451C7CA808F47AFE467BDABD02FA]
"3192AA38321C641458DBDAF83979D193"="01:\Software\Microsoft\Babylon\BabylonFFToolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BFD11FD45FC7B9E46A8F4B69F3A66E35]
"3192AA38321C641458DBDAF83979D193"="01:\Software\Microsoft\Babylon\BabylonIEToolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5979AD63CA2D6943A1A233CD3F88CE7]
"3192AA38321C641458DBDAF83979D193"="01:\Software\Microsoft\Babylon\BabylonToolbar1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DF9BD2952384A9C49B4A5D3D95329890]
"3192AA38321C641458DBDAF83979D193"="01:\Software\Microsoft\Babylon\BabylonFFToolbar1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FABA2A33488410A4AA40489BD2224282]
"3192AA38321C641458DBDAF83979D193"="01:\Software\Microsoft\Babylon\BabylonToolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193\InstallProperties]
"Publisher"="Babylon Ltd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193\InstallProperties]
"DisplayName"="BabylonObjectInstaller"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_USERS\S-1-5-21-370278466-1842527618-776855722-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-370278466-1842527618-776855722-1001\Software\IB Updater\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q"," search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.c om":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q ","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","searc h.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","searc

Searching for "DownTango"
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Red Sky\DownTango]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\Red Sky\DownTango]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DownTangoFTToolbar_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DownTangoFTToolbar_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windo ws\CurrentVersion\Uninstall\DownTango]
[HKEY_USERS\S-1-5-21-370278466-1842527618-776855722-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Red Sky\DownTango]
[HKEY_USERS\S-1-5-21-370278466-1842527618-776855722-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\Red Sky\DownTango]

Searching for "simplytech"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Simplytech]
[HKEY_USERS\S-1-5-21-370278466-1842527618-776855722-1001\Software\AppDataLow\Software\Simplytech]

Searching for "Toolplugin"
No data found.

Searching for "OpenCandy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Martin Prikryl\OpenCandy]

Searching for "DataMngr"
No data found.

-= EOF =-

Alt 05.03.2013, 19:32   #10
M-K-D-B
/// TB-Ausbilder
 
gvu trojaner auf win7 - Standard

gvu trojaner auf win7



Servus,




Schritt 1

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
IE - HKCU\..\SearchScopes\{1880F156-1949-496E-AE6F-9EB4C83FE4DF}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}
IE - HKCU\..\SearchScopes\{1F8432C8-96F0-42cd-B0CC-FF0B583EDFE1}: "URL" = hxxp://search.chatzum.com/?q={searchTerms}
FF - prefs.js..extensions.enabledAddons: %7BFE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052%7D:2.0.0.578
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\IB Updater\Firefox
[2012.11.06 17:19:24 | 000,214,034 | ---- | M] () (No name found) -- C:\Users\Vetter\AppData\Roaming\mozilla\firefox\profiles\extensions\putlockerdownloader@putlockerdownloader.com.xpi
[2012.02.25 21:20:48 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src
O2 - BHO: (smartdownloader Class) - {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - C:\Program Files (x86)\PutLockerDownloader\smarterdownloader.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Vetter\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Vetter\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
[2013.02.04 16:58:33 | 000,000,000 | ---D | C] -- C:\Users\Vetter\AppData\Roaming\0D1G1I1Q1B2Z1C1V0A1N1N1C1P1N1T2Z1F1C

:files
C:\Windows\System32\Tasks\ProtectedSearch

:reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-370278466-1842527618-776855722-1001\Software\IB Updater]
[-HKEY_LOCAL_MACHINE\SOFTWARE\IB Updater]

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]
"{336D0C35-8A85-403a-B9D2-65C292C39087}"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]
"{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions]
"{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}"=-

[-HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\IB Updater]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-370278466-1842527618-776855722-1001\Software\IB Updater]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\TBSB01620]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\inst\Bootstrapper\"=-
"C:\Program Files (x86)\Iminent\inst\"=-
"C:\Program Files (x86)\Iminent\"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{501E27ED-6F8D-4384-B078-EF46EADDC5AF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProtectedSearch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4EB8FE64-7A26-462E-AA13-D682B6AE7F2B}"=-
"{6D936F17-6696-40C2-88F7-ABB04BBCB2F4}"=-
"{0752CAD6-483D-4086-B63D-B3C4B76AF981}"=-
"{028D6735-3B5E-44B2-868F-6EF0B39B5B64}"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DownTangoFTToolbar_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DownTangoFTToolbar_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windo ws\CurrentVersion\Uninstall\DownTango]
[-HKEY_CURRENT_USER\Software\AppDataLow\Software\Simplytech]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Martin Prikryl\OpenCandy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\Vetter\AppData\Roaming\BabylonToolbar\Shared\"=-
"C:\Users\Vetter\AppData\Roaming\BabylonToolbar\"=-
"C:\Users\Vetter\AppData\Roaming\BabylonToolbar\CR\"=-
"C:\Users\Vetter\AppData\Roaming\BabylonToolbar\FF\"=-
"C:\Users\Vetter\AppData\Roaming\BabylonToolbar\IE\"=-

:commands
[Emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread






Schritt 2
Starte bitte OTL.exe und drücke den Quick Scan Button.
Poste die OTL.txt hier in deinen Thread.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei des OTL-Fix,
  • die neue Logdatei des OTL-Scans.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 06.03.2013, 11:16   #11
Borsti1971
 
gvu trojaner auf win7 - Standard

gvu trojaner auf win7



einen fehler macht er noch und zwar Kdbsync.exe funktioniert nicht mehr.hatte schon gegoogelt soll wohl nichts schlimmes sein!?

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1880F156-1949-496E-AE6F-9EB4C83FE4DF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1880F156-1949-496E-AE6F-9EB4C83FE4DF}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1F8432C8-96F0-42cd-B0CC-FF0B583EDFE1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F8432C8-96F0-42cd-B0CC-FF0B583EDFE1}\ not found.
Prefs.js: %7BFE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052%7D:2.0.0.578 removed from extensions.enabledAddons
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}\ not found.
File C:\Program Files\IB Updater\Firefox not found.
C:\Users\Vetter\AppData\Roaming\mozilla\firefox\profiles\extensions\putlockerdownloader@putlockerdownloader.com.xpi moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube Download\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube Download\ not found.
C:\Users\Vetter\AppData\Roaming\0D1G1I1Q1B2Z1C1V0A1N1N1C1P1N1T2Z1F1C\Firefox Packages folder moved successfully.
C:\Users\Vetter\AppData\Roaming\0D1G1I1Q1B2Z1C1V0A1N1N1C1P1N1T2Z1F1C folder moved successfully.
========== FILES ==========
File\Folder C:\Windows\System32\Tasks\ProtectedSearch not found.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-370278466-1842527618-776855722-1001\Software\IB Updater\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\IB Updater\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\IB Updater\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-370278466-1842527618-776855722-1001\Software\IB Updater\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\TBSB01620\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{501E27ED-6F8D-4384-B078-EF46EADDC5AF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{501E27ED-6F8D-4384-B078-EF46EADDC5AF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProtectedSearch\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4EB8FE64-7A26-462E-AA13-D682B6AE7F2B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4EB8FE64-7A26-462E-AA13-D682B6AE7F2B}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6D936F17-6696-40C2-88F7-ABB04BBCB2F4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D936F17-6696-40C2-88F7-ABB04BBCB2F4}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0752CAD6-483D-4086-B63D-B3C4B76AF981} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0752CAD6-483D-4086-B63D-B3C4B76AF981}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{028D6735-3B5E-44B2-868F-6EF0B39B5B64} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{028D6735-3B5E-44B2-868F-6EF0B39B5B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DownTangoFTToolbar_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DownTangoFTToolbar_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windo ws\CurrentVersion\Uninstall\DownTango\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\Simplytech\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Martin Prikryl\OpenCandy\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Vetter
->Temp folder emptied: 114880 bytes
->Temporary Internet Files folder emptied: 5164973 bytes
->Java cache emptied: 1227704 bytes
->FireFox cache emptied: 5015687 bytes
->Google Chrome cache emptied: 449141040 bytes
->Flash cache emptied: 506 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15821 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 518275 bytes

Total Files Cleaned = 440,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03062013_105557

Files\Folders moved on Reboot...
C:\Users\Vetter\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.03.2013 11:03:34 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Vetter\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,75 Gb Total Physical Memory | 5,85 Gb Available Physical Memory | 75,56% Memory free
15,49 Gb Paging File | 13,29 Gb Available in Paging File | 85,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921,75 Gb Total Space | 277,54 Gb Free Space | 30,11% Space Free | Partition Type: NTFS
Drive D: | 2,16 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: VETTER-PC | User Name: Vetter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.03 16:25:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vetter\Desktop\OTL.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012.12.05 02:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe
PRC - [2012.07.17 14:14:08 | 000,132,056 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
PRC - [2011.11.07 20:37:20 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.11.21 04:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010.03.05 10:15:12 | 000,235,752 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2010.03.05 10:15:04 | 000,411,864 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2010.02.03 16:17:18 | 005,756,544 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2009.09.23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.30 07:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.2.1.22\wincfi39.dll
MOD - [2009.09.30 04:33:08 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009.07.31 21:39:08 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009.03.19 22:35:52 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AiNap.dll
MOD - [2009.03.19 22:35:50 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\vvc.dll
MOD - [2009.01.15 14:55:10 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.09.28 15:43:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012.04.06 03:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.02.27 13:28:24 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.20 07:20:47 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012.12.05 02:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe -- (N360)
SRV - [2012.07.17 14:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.07.17 14:14:08 | 000,132,056 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011.11.07 20:37:20 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.09.27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.10.22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.05 10:15:12 | 000,235,752 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.10.21 18:15:34 | 000,376,832 | ---- | M] (T-Systems International GmbH) [Auto | Running] -- C:\Program Files (x86)\T-Home\Dialerschutz-Software\DFInject64.exe -- (DFSVC)
SRV - [2009.09.23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.10.09 02:00:02 | 000,776,864 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012.10.04 02:40:35 | 001,133,216 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012.10.04 02:40:20 | 000,493,216 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symds64.sys -- (SymDS)
DRV:64bit: - [2012.09.27 09:47:38 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012.09.07 03:05:14 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symnets.sys -- (SymNetS)
DRV:64bit: - [2012.09.07 03:05:07 | 000,043,680 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2012.09.07 02:48:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012.08.20 20:50:10 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012.07.28 01:15:28 | 000,057,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.05.24 22:36:56 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012.04.06 06:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 02:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.09.02 07:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2011.09.02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.09.02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.08.19 16:50:52 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.08.19 16:50:52 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.01.15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.11 23:16:00 | 000,037,504 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010.11.11 23:15:58 | 000,077,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010.05.20 08:30:58 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2010.02.18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.10.15 18:14:38 | 000,028,192 | ---- | M] (T-Systems International GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SipIMNDI64.sys -- (SipIMNDI)
DRV:64bit: - [2009.07.17 12:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013.01.16 15:04:32 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130305.005\ex64.sys -- (NAVEX15)
DRV - [2013.01.16 15:04:32 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130305.005\eng64.sys -- (NAVENG)
DRV - [2013.01.16 03:51:11 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130208.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012.09.26 14:45:52 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130301.002\IDSviA64.sys -- (IDSVia64)
DRV - [2012.08.18 02:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012.08.18 02:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.04.09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV - [2009.10.15 18:14:38 | 000,017,952 | ---- | M] (T-Systems International GmbH) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\T-Home\Dialerschutz-Software\DFSYS64.SYS -- (DFSYS)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.03.09 19:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://t-online.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7A 72 A2 D7 D3 E4 CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://www.google.com
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search
IE - HKCU\..\SearchScopes\{534E882A-B0D6-4CA6-8873-409BE1B129BD}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
IE - HKCU\..\SearchScopes\{C8EAD400-6FF9-4cd2-A51F-095B542F65E4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Vetter\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.19 16:24:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2012.09.27 09:47:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013.03.06 11:01:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.20 07:20:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.19 16:24:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.20 07:20:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.02.04 16:59:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vetter\AppData\Roaming\mozilla\Extensions
[2013.03.06 10:55:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vetter\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2013.02.20 07:20:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\IB UPDATER\FIREFOX
[2013.02.20 07:20:47 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.05 04:45:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.02.20 07:20:47 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Vetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Vetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Vetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Vetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.1.36_0\
CHR - Extension: No name found = C:\Users\Vetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.03.05 13:23:30 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [T-Home Dialerschutz-Software] C:\Program Files (x86)\T-Home\Dialerschutz-Software\Defender64.exe (T-Systems International GmbH)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Vetter\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: telekom.de ([kundencenter] https in Vertrauenswürdige Sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D277AB90-1EDC-4A07-953E-50A633555628}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.01.14 03:01:16 | 000,000,000 | R--D | M] - D:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2007.01.14 02:28:44 | 000,630,784 | R--- | M] (Electronic Arts Inc.) - D:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2007.01.14 02:55:12 | 000,000,156 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2007.01.13 22:30:07 | 000,585,728 | R--- | M] (Electronic Arts Inc.) - D:\AutoRunGUI.dll -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.06 10:55:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.03.05 12:34:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.05 12:34:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.05 12:34:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.05 12:30:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.05 12:29:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.05 12:10:28 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.05 12:09:43 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.04 12:15:14 | 000,000,000 | ---D | C] -- C:\Users\Vetter\Desktop\Neuer Ordner (2)
[2013.03.03 16:25:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Vetter\Desktop\OTL.exe
[2013.03.03 13:09:11 | 000,000,000 | ---D | C] -- C:\Users\Vetter\AppData\Roaming\Malwarebytes
[2013.03.03 13:09:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.03 13:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.03 13:09:07 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.03 13:09:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.03 13:08:51 | 000,000,000 | ---D | C] -- C:\Users\Vetter\AppData\Local\Programs
[2013.02.20 07:20:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.19 15:00:54 | 000,000,000 | ---D | C] -- C:\Users\Vetter\Desktop\Hexe handy
[2013.02.04 21:05:13 | 000,000,000 | ---D | C] -- C:\Users\Vetter\AppData\Local\Facebook
[2013.02.04 17:09:13 | 000,000,000 | ---D | C] -- C:\Users\Vetter\AppData\Local\Macromedia
[2013.02.04 17:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013.02.04 16:59:14 | 000,000,000 | ---D | C] -- C:\Users\Vetter\AppData\Local\Mozilla
[2013.02.04 16:59:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.02.04 16:59:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.02.04 16:58:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013.02.04 16:58:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.06 11:06:17 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.06 11:06:17 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.06 10:58:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.06 10:58:10 | 1944,674,303 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.05 18:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.05 18:10:07 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-370278466-1842527618-776855722-1001UA.job
[2013.03.05 13:23:30 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.03.03 16:59:01 | 000,000,000 | ---- | M] () -- C:\Users\Vetter\defogger_reenable
[2013.03.03 16:25:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vetter\Desktop\OTL.exe
[2013.03.01 23:02:21 | 001,614,852 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.01 23:02:21 | 000,697,276 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.01 23:02:21 | 000,652,594 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.01 23:02:21 | 000,148,314 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.01 23:02:21 | 000,121,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.01 21:10:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-370278466-1842527618-776855722-1001Core.job
[2013.02.18 17:00:13 | 000,000,001 | ---- | M] () -- C:\Users\Vetter\.SIG_PINSTATUS_VOREINSTELLUNG
[2013.02.18 17:00:13 | 000,000,001 | ---- | M] () -- C:\Users\Vetter\.SIG_DIALOG_VOREINSTELLUNG
[2013.02.14 18:41:44 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\isolate.ini
[2013.02.14 12:57:22 | 000,271,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.04 16:59:11 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
 
========== Files Created - No Company Name ==========
 
[2013.03.05 12:34:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.05 12:34:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.05 12:34:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.05 12:34:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.05 12:34:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.03 16:59:01 | 000,000,000 | ---- | C] () -- C:\Users\Vetter\defogger_reenable
[2013.02.19 15:16:48 | 004,390,818 | ---- | C] () -- C:\Users\Vetter\Desktop\Facebook Lied _ Song - Every Day Im Facebooking.mp3
[2013.02.18 17:00:13 | 000,000,001 | ---- | C] () -- C:\Users\Vetter\.SIG_PINSTATUS_VOREINSTELLUNG
[2013.02.18 17:00:13 | 000,000,001 | ---- | C] () -- C:\Users\Vetter\.SIG_DIALOG_VOREINSTELLUNG
[2013.02.04 21:05:20 | 000,000,932 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-370278466-1842527618-776855722-1001UA.job
[2013.02.04 21:05:20 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-370278466-1842527618-776855722-1001Core.job
[2013.02.04 20:44:14 | 000,001,180 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013.02.04 16:59:10 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.02.04 16:59:10 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.01.30 18:36:41 | 000,003,584 | ---- | C] () -- C:\Users\Vetter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.26 17:46:42 | 000,011,264 | ---- | C] () -- C:\Windows\Launcher.exe
[2012.07.23 13:25:52 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2012.06.05 12:08:34 | 000,007,605 | ---- | C] () -- C:\Users\Vetter\AppData\Local\resmon.resmoncfg
[2012.05.29 11:16:19 | 000,000,600 | ---- | C] () -- C:\Users\Vetter\AppData\Roaming\winscp.rnd
[2012.04.10 13:01:53 | 000,000,820 | ---- | C] () -- C:\Windows\eReg.dat
[2012.04.06 02:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 02:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.05 16:08:27 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012.02.05 15:54:30 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2011.12.24 11:27:37 | 000,000,223 | ---- | C] () -- C:\Users\Vetter\AppData\Roaming\default.rss
[2011.12.19 16:22:01 | 000,245,514 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011.12.19 16:22:01 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011.12.19 12:43:19 | 001,591,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.17 15:30:41 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011.12.17 15:30:40 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.12.17 15:30:33 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011.12.17 15:30:33 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011.12.17 15:23:26 | 000,042,392 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011.12.17 15:19:13 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.12.17 15:18:48 | 000,033,216 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.12.17 14:57:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.05.30 17:03:16 | 000,000,000 | ---D | M] -- C:\Users\Vetter\AppData\Roaming\AlawarEntertainment
[2012.10.28 16:51:43 | 000,000,000 | ---D | M] -- C:\Users\Vetter\AppData\Roaming\aliasworlds
[2011.12.17 15:32:14 | 000,000,000 | ---D | M] -- C:\Users\Vetter\AppData\Roaming\DeviceVm
[2012.09.15 20:35:22 | 000,000,000 | ---D | M] -- C:\Users\Vetter\AppData\Roaming\DVDVideoSoft
[2012.10.31 12:14:52 | 000,000,000 | ---D | M] -- C:\Users\Vetter\AppData\Roaming\Farm Mania 2.1
[2012.09.15 12:55:24 | 000,000,000 | ---D | M] -- C:\Users\Vetter\AppData\Roaming\Foxit Software
[2012.04.24 10:44:00 | 000,000,000 | ---D | M] -- C:\Users\Vetter\AppData\Roaming\IrfanView
[2012.07.16 14:45:57 | 000,000,000 | ---D | M] -- C:\Users\Vetter\AppData\Roaming\Leadertech
[2012.01.05 18:36:06 | 000,000,000 | ---D | M] -- C:\Users\Vetter\AppData\Roaming\MP3Find
[2012.05.03 20:36:50 | 000,000,000 | ---D | M] -- C:\Users\Vetter\AppData\Roaming\Sierra
[2011.12.31 12:55:46 | 000,000,000 | ---D | M] -- C:\Users\Vetter\AppData\Roaming\Similarity
[2013.02.25 23:04:47 | 000,000,000 | ---D | M] -- C:\Users\Vetter\AppData\Roaming\SoftGrid Client
[2012.08.06 13:31:16 | 000,000,000 | ---D | M] -- C:\Users\Vetter\AppData\Roaming\TeamViewer
[2011.12.19 12:44:01 | 000,000,000 | ---D | M] -- C:\Users\Vetter\AppData\Roaming\TP
[2013.03.01 23:00:39 | 000,000,000 | ---D | M] -- C:\Users\Vetter\AppData\Roaming\UseNeXT
[2012.03.02 15:08:28 | 000,000,000 | ---D | M] -- C:\Users\Vetter\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Alt 06.03.2013, 17:13   #12
M-K-D-B
/// TB-Ausbilder
 
gvu trojaner auf win7 - Standard

gvu trojaner auf win7



Servus,



das von dir geschilderte Problem lässt sich meist beheben, wenn du das folgende Programm über die Systemsteuerung deinstallierst:


Schritt 1
  • Folge folgendem Pfad: Start -> Systemsteuerung -> Software / Programme deinstallieren
  • Suche in der Liste Software mit dem folgenden Namen
    • AMD Accelerated Video Transcoding
    und deinstalliere das Programm.
  • Solltest du am Ende der Deinstallation zu einem Neustart aufgefordert werden, so führe diesen durch.
  • Sollte es Probleme mit der Deinstallation geben, so lass es mich bitte wissen.





Schritt 2
Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.




Bevor wir weitermachen:
Wie läuft dein Rechner derzeit?
Gibt es noch Probleme, die auf Malware hindeuten? Wenn ja, welche?






Bitte poste mit deiner nächsten Antwort
  • eine Rückmeldung bezüglich der Deinstallation,
  • die beiden Logdateien von OTL,
  • die Beantwortung der gestellten Fragen.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 06.03.2013, 18:18   #13
Borsti1971
 
gvu trojaner auf win7 - Standard

gvu trojaner auf win7



hi das programm finde ich nicht nur das amd catalyst install manager. soll ich das löschen?

Alt 06.03.2013, 19:42   #14
M-K-D-B
/// TB-Ausbilder
 
gvu trojaner auf win7 - Standard

gvu trojaner auf win7



Zitat:
Zitat von Borsti1971 Beitrag anzeigen
hi das programm finde ich nicht nur das amd catalyst install manager. soll ich das löschen?
Wähle den AMD Catalyst Install Manager aus und klicke auf Ändern.
Dort kannst du den Punkt Deinstallationsmanager auswählen. In einem der nächsten Schritte kannst du dann AMD Accelerated Video Transcoding zum Deinstallieren auswählen.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 07.03.2013, 12:25   #15
Borsti1971
 
gvu trojaner auf win7 - Standard

gvu trojaner auf win7



deinstalieren hat geklappt. das problem ist weg. das einzige was jetzt noch ist das trotz das alle töne ausgestellt sind immer ein dong zu hören ist wenn ich einen ordner anklicke. ansonnsten läuft der rechner wieder wie geschmierrt.

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 07.03.2013 12:12:54 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Vetter\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,75 Gb Total Physical Memory | 5,99 Gb Available Physical Memory | 77,30% Memory free
15,49 Gb Paging File | 13,39 Gb Available in Paging File | 86,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921,75 Gb Total Space | 277,14 Gb Free Space | 30,07% Space Free | Partition Type: NTFS
 
Computer Name: VETTER-PC | User Name: Vetter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.03 16:25:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vetter\Desktop\OTL.exe
PRC - [2012.12.24 04:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012.07.17 14:14:08 | 000,132,056 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
PRC - [2011.11.07 20:37:20 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.11.21 04:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010.03.05 10:15:12 | 000,235,752 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2010.03.05 10:15:04 | 000,411,864 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2010.02.03 16:17:18 | 005,756,544 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2009.09.23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.30 07:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.3.0.36\wincfi39.dll
MOD - [2009.09.30 04:33:08 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009.07.31 21:39:08 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009.03.25 16:53:14 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
MOD - [2009.03.19 22:35:52 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AiNap.dll
MOD - [2009.03.19 22:35:50 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\vvc.dll
MOD - [2009.01.15 14:55:10 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.09.28 15:43:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012.04.06 03:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.02.27 13:28:24 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.20 07:20:47 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.24 04:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe -- (N360)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012.07.17 14:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.07.17 14:14:08 | 000,132,056 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011.11.07 20:37:20 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.09.27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.10.22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.05 10:15:12 | 000,235,752 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.10.21 18:15:34 | 000,376,832 | ---- | M] (T-Systems International GmbH) [Auto | Running] -- C:\Program Files (x86)\T-Home\Dialerschutz-Software\DFInject64.exe -- (DFSVC)
SRV - [2009.09.23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.31 04:18:18 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symnets.sys -- (SymNetS)
DRV:64bit: - [2013.01.31 04:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013.01.29 02:45:19 | 000,796,248 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013.01.29 02:45:19 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013.01.22 03:15:33 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symds64.sys -- (SymDS)
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.11.16 03:22:01 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012.11.16 03:18:04 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012.09.27 09:47:38 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012.09.07 03:05:07 | 000,043,680 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2012.07.28 01:15:28 | 000,057,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.04.06 06:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 02:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.09.02 07:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2011.09.02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.09.02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.08.19 16:50:52 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.08.19 16:50:52 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.01.15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.11 23:16:00 | 000,037,504 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010.11.11 23:15:58 | 000,077,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010.05.20 08:30:58 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2010.02.18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.10.15 18:14:38 | 000,028,192 | ---- | M] (T-Systems International GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SipIMNDI64.sys -- (SipIMNDI)
DRV:64bit: - [2009.07.17 12:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013.01.16 15:04:32 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130306.035\ex64.sys -- (NAVEX15)
DRV - [2013.01.16 15:04:32 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130306.035\eng64.sys -- (NAVENG)
DRV - [2013.01.16 03:51:11 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130301.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012.09.26 14:45:52 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130305.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012.08.18 02:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012.08.18 02:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.04.09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV - [2009.10.15 18:14:38 | 000,017,952 | ---- | M] (T-Systems International GmbH) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\T-Home\Dialerschutz-Software\DFSYS64.SYS -- (DFSYS)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.03.09 19:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://t-online.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7A 72 A2 D7 D3 E4 CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://www.google.com
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search
IE - HKCU\..\SearchScopes\{534E882A-B0D6-4CA6-8873-409BE1B129BD}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
IE - HKCU\..\SearchScopes\{C8EAD400-6FF9-4cd2-A51F-095B542F65E4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Vetter\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.19 16:24:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2012.09.27 09:47:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013.03.07 12:11:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.20 07:20:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.19 16:24:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.20 07:20:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.02.04 16:59:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vetter\AppData\Roaming\mozilla\Extensions
[2013.03.06 10:55:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vetter\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2013.02.20 07:20:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.20 07:20:47 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.05 04:45:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.02.20 07:20:47 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Vetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Vetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Vetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Vetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.1.36_0\
CHR - Extension: No name found = C:\Users\Vetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.03.05 13:23:30 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [T-Home Dialerschutz-Software] C:\Program Files (x86)\T-Home\Dialerschutz-Software\Defender64.exe (T-Systems International GmbH)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Vetter\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: telekom.de ([kundencenter] https in Vertrauenswürdige Sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D277AB90-1EDC-4A07-953E-50A633555628}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.06 10:55:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.03.05 12:34:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.05 12:34:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.05 12:34:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.05 12:30:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.05 12:29:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.05 12:10:28 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.05 12:09:43 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.04 12:15:14 | 000,000,000 | ---D | C] -- C:\Users\Vetter\Desktop\Neuer Ordner (2)
[2013.03.03 16:25:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Vetter\Desktop\OTL.exe
[2013.03.03 13:09:11 | 000,000,000 | ---D | C] -- C:\Users\Vetter\AppData\Roaming\Malwarebytes
[2013.03.03 13:09:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.03 13:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.03 13:09:07 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.03 13:09:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.03 13:08:51 | 000,000,000 | ---D | C] -- C:\Users\Vetter\AppData\Local\Programs
[2013.02.22 13:22:17 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.22 13:21:43 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.22 13:21:43 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.22 13:21:43 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.20 07:20:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.19 15:00:54 | 000,000,000 | ---D | C] -- C:\Users\Vetter\Desktop\Hexe handy
[2013.02.13 19:41:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.13 19:41:32 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.13 19:41:32 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.13 19:41:31 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.13 19:41:31 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.13 19:41:31 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.13 19:41:30 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.13 19:41:30 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.13 19:41:30 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.13 19:41:30 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.13 19:41:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.13 19:41:29 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.13 19:41:27 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.13 19:41:27 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.13 19:41:27 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.13 12:43:35 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.13 12:43:34 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.13 12:43:34 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.13 12:43:27 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.13 12:43:26 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.13 12:43:26 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.13 12:43:26 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.13 12:43:26 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.13 12:43:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.13 12:43:24 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.07 12:15:43 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.07 12:15:43 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.07 12:10:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-370278466-1842527618-776855722-1001UA.job
[2013.03.07 12:07:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.07 12:07:11 | 1944,674,303 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.07 11:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.07 11:15:04 | 001,677,356 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\Cat.DB
[2013.03.07 11:14:09 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\VT20130115.021
[2013.03.05 13:23:30 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.03.03 16:59:01 | 000,000,000 | ---- | M] () -- C:\Users\Vetter\defogger_reenable
[2013.03.03 16:25:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vetter\Desktop\OTL.exe
[2013.03.01 23:02:21 | 001,614,852 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.01 23:02:21 | 000,697,276 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.01 23:02:21 | 000,652,594 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.01 23:02:21 | 000,148,314 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.01 23:02:21 | 000,121,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.01 21:10:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-370278466-1842527618-776855722-1001Core.job
[2013.02.27 13:28:22 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.27 13:28:22 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.22 13:21:37 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013.02.22 13:21:37 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.02.22 13:21:37 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.22 13:21:37 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.22 13:21:37 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.22 13:21:37 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.18 17:00:13 | 000,000,001 | ---- | M] () -- C:\Users\Vetter\.SIG_PINSTATUS_VOREINSTELLUNG
[2013.02.18 17:00:13 | 000,000,001 | ---- | M] () -- C:\Users\Vetter\.SIG_DIALOG_VOREINSTELLUNG
[2013.02.14 18:41:44 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\isolate.ini
[2013.02.14 12:57:22 | 000,271,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.03.05 12:34:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.05 12:34:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.05 12:34:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.05 12:34:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.05 12:34:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.03 16:59:01 | 000,000,000 | ---- | C] () -- C:\Users\Vetter\defogger_reenable
[2013.02.19 15:16:48 | 004,390,818 | ---- | C] () -- C:\Users\Vetter\Desktop\Facebook Lied _ Song - Every Day Im Facebooking.mp3
[2013.02.18 17:00:13 | 000,000,001 | ---- | C] () -- C:\Users\Vetter\.SIG_PINSTATUS_VOREINSTELLUNG
[2013.02.18 17:00:13 | 000,000,001 | ---- | C] () -- C:\Users\Vetter\.SIG_DIALOG_VOREINSTELLUNG
[2013.01.30 18:36:41 | 000,003,584 | ---- | C] () -- C:\Users\Vetter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.26 17:46:42 | 000,011,264 | ---- | C] () -- C:\Windows\Launcher.exe
[2012.07.23 13:25:52 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2012.06.05 12:08:34 | 000,007,605 | ---- | C] () -- C:\Users\Vetter\AppData\Local\resmon.resmoncfg
[2012.05.29 11:16:19 | 000,000,600 | ---- | C] () -- C:\Users\Vetter\AppData\Roaming\winscp.rnd
[2012.04.10 13:01:53 | 000,000,820 | ---- | C] () -- C:\Windows\eReg.dat
[2012.04.06 02:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 02:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.02.05 16:08:27 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012.02.05 15:54:30 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2011.12.24 11:27:37 | 000,000,223 | ---- | C] () -- C:\Users\Vetter\AppData\Roaming\default.rss
[2011.12.19 16:22:01 | 000,245,514 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011.12.19 16:22:01 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011.12.19 12:43:19 | 001,591,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.17 15:30:41 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011.12.17 15:30:40 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.12.17 15:30:33 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011.12.17 15:30:33 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011.12.17 15:23:26 | 000,042,392 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011.12.17 15:19:13 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.12.17 15:18:48 | 000,033,216 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.12.17 14:57:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 07.03.2013 12:12:54 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Vetter\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,75 Gb Total Physical Memory | 5,99 Gb Available Physical Memory | 77,30% Memory free
15,49 Gb Paging File | 13,39 Gb Available in Paging File | 86,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921,75 Gb Total Space | 277,14 Gb Free Space | 30,07% Space Free | Partition Type: NTFS
 
Computer Name: VETTER-PC | User Name: Vetter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3AE6FE8A-B1A3-4A84-9BE2-7608C1D2209F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{647DD99D-8881-4FCF-AC7C-4FC95FC2BDCC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{67C96047-417C-4078-AA96-BA6D9FAAC858}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DBD05DAB-C2B0-40CC-88B9-191C447FCA71}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0029D049-5210-4DFB-8318-058FF3AB84A0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | 
"{0688B288-32B2-463D-9B5E-BE619B1EEDF5}" = protocol=17 | dir=in | app=c:\users\vetter\appdata\local\temp\7zse71.tmp\symnrt.exe | 
"{07F9877C-38ED-4192-AC4A-506F8A25DA0C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
"{0CB7CEAF-410C-449A-A458-479C3B0E3315}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | 
"{0D452A0E-9C12-4E25-AB45-28A79146E202}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{0EA9FF0B-BCD4-4AC6-AFCD-883A39CE156E}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{146E062F-BA6E-4EA4-B848-BC56D0840E2C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{17D03EE6-D9C8-4D62-8707-A6297CAD5D96}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{1CD995AC-A32D-4A7D-99F2-8F44A09193B2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{1D461663-A8B7-4515-A817-EF8CB5D3E0D6}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{1D798760-3FA7-4780-845F-B80D7B1F39DE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{1EF5CD19-F6F3-4F1F-9795-C46360EF2A9C}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013game.exe | 
"{2286F6F7-66F5-43A2-9E68-835F0E17B410}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{28D15493-5F62-4E08-94C4-5EE2D0F9F4CB}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{36560855-854F-4824-BA36-665BA04FA233}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{3A3A01C3-0FA6-40C1-A94D-365A6338C0E5}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013game.exe | 
"{3AC2BF10-F94C-4768-B98D-3AAA9C45C6B3}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{40A948BD-1867-4BCF-BD72-198608F8A298}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013.exe | 
"{42C93791-A8BD-4C7C-96EB-8B19F0936529}" = protocol=6 | dir=in | app=c:\users\vetter\appdata\local\temp\7zse71.tmp\symnrt.exe | 
"{43E25F4C-35E9-40F5-B476-F908AD220717}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{45E62A88-3E5A-42D1-ABEE-2E056755E1E8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{463A42BE-EFE8-4CBE-BC52-FCE6E596153F}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{4D0F32A0-F92C-4C76-A35D-7848B7A0D6E2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{555F54CD-1500-439D-9B3A-4D25F2DAF8C6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{5685B325-A6CC-4C8D-BD0F-561FC09E3026}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
"{59FA6A15-5166-4A6B-A0A6-64B559F43B0A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{627E143E-EA04-4F4A-94DE-0E67BDEF145B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
"{632C4EC3-B0A7-45C1-9D04-6F67326E749F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | 
"{65B59592-8149-430E-9950-D16CEFE18C24}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{6FDEA38B-CF4F-4331-9CF2-534CEE0D5C62}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{74F6F0DF-8B44-4079-90B8-1104042BAA59}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | 
"{7BE18DDF-5094-4362-8D34-065E792757B6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
"{804CA4F5-7215-41FF-814F-6D02DFF2C908}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{8C4B7DF9-C25E-42B2-A234-C779C25DEBDF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{A0A742E1-C97E-47CA-A81B-B026FDAB8DF9}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{B0EA940B-219D-4DA4-A8DB-B88C06996818}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe | 
"{B2E91FFD-850F-43ED-B87C-C127C6A2EFEF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{C1A3E2AE-054B-4DCF-804D-203EF5EF144E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{D50F0D07-5DC0-4DA7-A990-26F2E43A2479}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{DEEA8B5A-CAA3-43DA-900B-7A931B0EEA8B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{E07FA04E-C532-4D33-B25D-7E5AE79053AF}" = dir=in | app=c:\users\vetter\appdata\local\microsoft\skydrive\skydrive.exe | 
"{E4086BA5-B8F1-4289-B442-12CD3404325C}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013.exe | 
"{E619E8D4-BD18-4408-B459-4A1E0C761906}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
"{E646E1CF-3E83-49E5-A47E-F1A5108B0CDD}" = dir=in | app=c:\users\vetter\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{EC551268-1844-4CFC-80B5-722D062BF1A9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{F0C39F29-915D-453B-BE60-6A0BD16B7B7C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{F8D3BE7F-9EBF-4671-9665-3864924BD3CE}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{FE88A24B-5C32-4D47-8DCA-DE6CFCFF31ED}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{FF433569-9412-4AEB-A71B-DB799131747F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{FFFC8E32-E6CF-4795-8138-D6E256BEFD0C}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"TCP Query User{E5ED92D7-0F5B-4626-967E-081ED703E302}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{218682A4-F079-4D75-B3E5-7F83177F6B3D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{042B10AA-8233-A9E0-4DEB-B7253C686DBB}" = AMD Fuel
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{3ABFAF33-D6EE-9348-CE96-AF51E9D6D2FF}" = AMD Drag and Drop Transcoding
"{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}" = AMD Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{57580625-C673-7FEA-8791-E84B7AAF5069}" = ccc-utility64
"{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{777afb2a-98e5-4f14-b455-378a925cae15}.sdb" = CVE-2012-4969
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B74F48B3-F8BB-4A7C-A7AD-9FE142322BA8}" = O&O DiskRecovery
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"sp6" = Logitech SetPoint 6.32
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{09F25F86-F957-4051-8AB2-0E0D948BBB5D}" = 1310
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F7A6FD0-87F5-FB5D-973C-CF604DE1BC6B}" = CCC Help Polish
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1A9BE3D6-4D53-2C9D-B77D-562D85936B91}" = CCC Help Norwegian
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}" = Alcor Micro USB Card Reader
"{210DFA65-F805-1A2B-4F83-8E27279AE385}" = Catalyst Control Center Graphics Previews Common
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{29822CAD-C76A-0BEE-55F5-AAA524DA814F}" = CCC Help Greek
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3A1293DF-7D09-BB0F-9576-EC47EE4A9362}" = CCC Help Italian
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{625FC7D1-656D-1BEC-F86F-3EACAFDAA8FE}" = CCC Help English
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D4553DF-2095-4D10-92C0-17934733B51D}" = 1310_Help
"{6D7E031C-4C05-4265-854A-FE9FDEA9984D}" = 1310Trb
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7351EEF8-9D6C-5F46-5A19-F2C7456CE132}" = CCC Help German
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7F172E34-4107-8964-6AEA-5051FFD265FF}" = CCC Help Portuguese
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = Die*Sims*Mittelalter
"{85CE9026-C02A-46B4-B08C-4C77CCCC54FF}" = Windows Live Family Safety
"{86095E92-1959-8364-920E-82E81F64F8FB}" = AMD VISION Engine Control Center
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{89D05F35-933A-89C0-B935-C92BEE4229BD}" = CCC Help French
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{959E4378-CCA1-E4E4-2425-793DA92E8D95}" = CCC Help Czech
"{96BB3C67-4EB4-9757-E0C2-C0D2FE9053B1}" = CCC Help Turkish
"{974F4B73-2017-E174-9070-3F58F01B341F}" = CCC Help Danish
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{98E20A18-3C29-86FA-50B4-918C2B34A082}" = CCC Help Hungarian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E2E5EB3-DC6E-9277-E9DB-13175E7DDA39}" = CCC Help Dutch
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AAACC0A5-4382-04D0-C75E-0669C7B949B6}" = CCC Help Japanese
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACEF4078-9B86-2455-E18D-34D52D37D9D5}" = CCC Help Chinese Standard
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B55FB422-B803-11F5-5582-B3666EA1B9AC}" = Catalyst Control Center Localization All
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B8010864-15F8-613B-20EF-AC35B14B3E0D}" = CCC Help Russian
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{BA88EE67-8974-459D-A1DB-C8281D9AC6F6}" = Browser Configuration Utility
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C1342411-5A98-DE8A-5629-D0C518E1C280}" = CCC Help Finnish
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D08B4177-5160-6B66-8934-2F9012134D61}" = CCC Help Thai
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D34A6029-FB1A-9EA8-A938-5393F82A3A00}" = CCC Help Korean
"{d59b286e-f430-4fb6-9c1b-21c2093c6def}" = Nero 9
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DA932D71-E52A-43D5-009E-395A1AEC1474}" = Die Sims™ Lebensgeschichten
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DF315348-721C-40B8-BAE2-58C6C7D935A2}" = Empire Earth II
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3A09D13-4D40-3CF8-7D32-8BD55F8D1533}" = CCC Help Spanish
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E8C5BD56-F5D8-41D3-8A71-273468FE256A}" = T-Home Dialerschutz-Software
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F2C35491-9323-3AE7-6023-6B4128045153}" = CCC Help Swedish
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FC66A32F-1A57-AC5C-4F12-DAC2F4CB77A0}" = CCC Help Chinese Traditional
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"FarmingSimulator2013DE_is1" = Landwirtschafts Simulator 2013
"FFsim" = Feuerwehr-Simulator 2010
"Foxit Reader_is1" = Foxit Reader
"Game Booster_is1" = Game Booster 3
"InstallShield_{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}" = Alcor Micro USB Card Reader
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mein Landleben" = Mein Landleben
"Mozilla Firefox 19.0 (x86 en-US)" = Mozilla Firefox 19.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"Norton PC Checkup_is1" = Norton PC Checkup
"NortonPCCheckup" = Norton PC Checkup
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OpenAL" = OpenAL
"PS3 Media Server" = PS3 Media Server
"QuickPar" = QuickPar 0.9
"S4Uninst" = Die Siedler IV
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 8" = TeamViewer 8
"The Walking Dead (c) 3_is1" = The Walking Dead (c) 3 version 1
"UltraStar Deluxe" = UltraStar Deluxe
"UseNeXT_is1" = UseNeXT
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.2
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4237FF56-4BD0-481E-BD44-C1A8DDA9C753}Vetter_is1" = WinDS PRO 2011 (Vetter)
"Firefox Packages" = Firefox Packages
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.03.2013 06:00:51 | Computer Name = Vetter-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: kdbsync.exe, Version: 0.0.0.0, Zeitstempel:
 0x4f430944  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften Prozesses:
 0x1050  Startzeit der fehlerhaften Anwendung: 0x01ce1a5179ad7cd0  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe  Pfad des fehlerhaften 
Moduls: unknown  Berichtskennung: b9d2f733-8644-11e2-b8d0-5404a6010a81
 
Error - 06.03.2013 06:03:11 | Computer Name = Vetter-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in  Manifest-
 oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 06.03.2013 06:12:55 | Computer Name = Vetter-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in  Manifest-
 oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 06.03.2013 06:21:15 | Computer Name = Vetter-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in  Manifest-
 oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 06.03.2013 08:29:10 | Computer Name = Vetter-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in  Manifest-
 oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 07.03.2013 06:16:01 | Computer Name = Vetter-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.03.2013 06:26:07 | Computer Name = Vetter-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet
 werden.  
 
Error - 07.03.2013 06:57:23 | Computer Name = Vetter-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: kdbsync.exe, Version: 0.0.0.0, Zeitstempel:
 0x4f430944  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften Prozesses:
 0x1264  Startzeit der fehlerhaften Anwendung: 0x01ce1b22882647e6  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe  Pfad des fehlerhaften 
Moduls: unknown  Berichtskennung: ca073dc0-8715-11e2-b630-5404a6010a81
 
Error - 07.03.2013 07:08:37 | Computer Name = Vetter-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.03.2013 07:08:38 | Computer Name = Vetter-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in  Manifest-
 oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
[ System Events ]
Error - 05.03.2013 07:30:00 | Computer Name = Vetter-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "hpqcxs08" wurde unerwartet beendet. Dies ist bereits 1 Mal
 passiert.
 
Error - 05.03.2013 07:30:00 | Computer Name = Vetter-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "HP CUE DeviceDiscovery Service" wurde unerwartet beendet. 
Dies ist bereits 1 Mal passiert.
 
Error - 05.03.2013 08:09:38 | Computer Name = Vetter-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 05.03.2013 08:17:52 | Computer Name = Vetter-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 05.03.2013 08:23:46 | Computer Name = Vetter-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 06.03.2013 05:55:57 | Computer Name = Vetter-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 06.03.2013 05:55:57 | Computer Name = Vetter-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Common Client Job Manager Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000
 Millisekunden durchgeführt: Neustart des Diensts.
 
 
< End of report >
         
--- --- ---

Antwort

Themen zu gvu trojaner auf win7
erstell, erstellt, gvu trojaner, heute, hoffe, liebe, lieben, logfile, neuling, troja, trojaner, win, win7



Ähnliche Themen: gvu trojaner auf win7


  1. Div. Bluescreens bei Win7 und Win7-Installation nach durchgeb. Netzteil
    Alles rund um Windows - 24.11.2013 (8)
  2. GUV Trojaner Win7
    Plagegeister aller Art und deren Bekämpfung - 22.02.2013 (27)
  3. GVU-Trojaner auf Win7 x64
    Plagegeister aller Art und deren Bekämpfung - 16.02.2013 (5)
  4. GVU Trojaner Win7
    Plagegeister aller Art und deren Bekämpfung - 09.01.2013 (1)
  5. GVU-Trojaner auf Win7
    Plagegeister aller Art und deren Bekämpfung - 23.11.2012 (13)
  6. GVU Trojaner in Win7
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (3)
  7. BKA Trojaner 1.13 Win7
    Plagegeister aller Art und deren Bekämpfung - 11.11.2012 (10)
  8. GVU Win7 Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (4)
  9. GVU Trojaner auf Win7 Pro x64
    Plagegeister aller Art und deren Bekämpfung - 09.09.2012 (12)
  10. SUISA-Trojaner (Verschlüsselungs-Trojaner) befall auf HP-Pro-Laptop Win7 64Bit
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (19)
  11. GVU Trojaner auf Win7 :-(
    Plagegeister aller Art und deren Bekämpfung - 09.08.2012 (10)
  12. GVU Trojaner - Win7
    Log-Analyse und Auswertung - 06.08.2012 (12)
  13. gvu trojaner win7
    Plagegeister aller Art und deren Bekämpfung - 02.08.2012 (7)
  14. GVU-Trojaner, Win7 64-Bit
    Plagegeister aller Art und deren Bekämpfung - 26.07.2012 (1)
  15. BKA Trojaner 3.02 und 1.03 auf Win7
    Log-Analyse und Auswertung - 30.03.2012 (1)
  16. BKA Trojaner win7 pro 64 Bit
    Log-Analyse und Auswertung - 14.11.2011 (30)
  17. Ist Win7 Starter genau so sicher wie das normale Win7?
    Alles rund um Windows - 28.07.2011 (2)

Zum Thema gvu trojaner auf win7 - hallo habe heute leider auch kontackt mit den lieben gvu trojaner gemacht. habe schon ein logfile erstellt und wie das programm wollte alles gelöscht.hoffe ihr könnt mir sagen was ich - gvu trojaner auf win7...
Archiv
Du betrachtest: gvu trojaner auf win7 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.