Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Groupon Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.03.2013, 13:06   #1
muccy
 
Groupon Trojaner - Standard

Groupon Trojaner



Hallo liebe Trojaner Zerstörer,

Ich habe mir gestern auch den Trojaner über eine Nachricht von Groupon eingefangen und bräuchte eure Hilfe.
Habe die Zip. Datei geöffnet aber alles blockiert was danach kam, hab meinen PC vom Internet getrennt und mit der Malwarebytes Software und Ariva die Trojaner gesucht und zerstört.
Ich habe soweit Zugriff auf alle meine Dateien und sonst auch keine Probleme, allerdings findet Malwarebytes bei jedem neuen Suchlauf immer wieder neue Trojaner, oder denselben...

Fühle mich nicht sicher und würde gerne eure Meinung zu dem Thema hören und was zu tun ist, denn ich weiß nicht was das für ein Trojaner ist und was er anrichten kann...

Anbei sämtliche Logfiles. (die von Avira konnte ich iwie nicht finden)

Beste Grüße
Muccy

Email habe ich bereits weitergeleitet.
Sollte ich die Email Adresse dann löschen oder kann ich sie behalten?



mbam-log-2013-03-08 (05-23-38).txt

mbam-log-2013-03-08 (05-30-02).txt

mbam-log-2013-03-08 (09-06-04).txt

mbam-log-2013-03-07 (23-59-52).txt

mbam-log-2013-03-08 (13-29-59).txt

MBAM-log-2013-03-08 (13-34-17).txt

mbam-log-2013-03-08 (13-39-33).txt

Geändert von muccy (08.03.2013 um 13:20 Uhr)

Alt 08.03.2013, 14:52   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Groupon Trojaner - Standard

Groupon Trojaner



Hallo muccy und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________

__________________

Alt 08.03.2013, 15:29   #3
muccy
 
Groupon Trojaner - Standard

Groupon Trojaner



Ich würde wirklich gerne mehr darüber erfahren, um was für einen Trojaner es sich handelt und inwiefern er mir schadet.

Habe wie gesagt keine sichtbaren Einschränkungen, Sperrbildschirme oder Verschlüsselungen, bin in großer Sorge, um meine Bankdaten, vieleicht kannst du mich da beruhigen?

Vielen Danke schonmal bist meine Rettung!

Hier sind die Infos aus dem OTL:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 3/8/2013 4:03:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Muccy3001\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 59.58% Memory free
8.00 Gb Paging File | 6.17 Gb Available in Paging File | 77.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1366.17 Gb Total Space | 1107.25 Gb Free Space | 81.05% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 10.38 Gb Free Space | 34.59% Space Free | Partition Type: NTFS
 
Computer Name: MUCCY3001-PC | User Name: Muccy3001 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Muccy3001\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Muccy3001\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Users\Muccy3001\AppData\Roaming\Urobz\taqeh.exe ()
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
MOD - C:\Users\Muccy3001\AppData\Roaming\Urobz\taqeh.exe ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software)
DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3511931958-2117292522-3197319374-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKU\S-1-5-21-3511931958-2117292522-3197319374-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3511931958-2117292522-3197319374-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=ca8fa289000000000000000272b0b9d0
IE - HKU\S-1-5-21-3511931958-2117292522-3197319374-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3511931958-2117292522-3197319374-1000\..\SearchScopes\{02B3E1F1-C35B-49BA-BCFF-A1B1F4B87383}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393
IE - HKU\S-1-5-21-3511931958-2117292522-3197319374-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=ca8fa289000000000000000272b0b9d0
IE - HKU\S-1-5-21-3511931958-2117292522-3197319374-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3511931958-2117292522-3197319374-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=ca8fa289000000000000000272b0b9d0"
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=110819&babsrc=KW_ss&mntrId=ca8fa289000000000000000272b0b9d0&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 09:20:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/08 09:20:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 09:20:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/08 09:20:00 | 000,000,000 | ---D | M]
 
[2011/03/11 11:19:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Muccy3001\AppData\Roaming\mozilla\Extensions
[2013/02/26 17:44:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Muccy3001\AppData\Roaming\mozilla\Firefox\Profiles\ikvvofgf.default\extensions
[2013/02/26 17:44:22 | 000,021,487 | ---- | M] () (No name found) -- C:\Users\Muccy3001\AppData\Roaming\mozilla\firefox\profiles\ikvvofgf.default\extensions\plugin@yontoo.com.xpi
[2012/12/12 18:14:59 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Muccy3001\AppData\Roaming\mozilla\firefox\profiles\ikvvofgf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013/02/15 19:01:59 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Muccy3001\AppData\Roaming\mozilla\firefox\profiles\ikvvofgf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/03/08 09:19:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013/03/08 09:20:02 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/01/17 01:11:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/06/05 00:37:58 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2013/01/17 01:11:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/01/17 01:11:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013/01/17 01:11:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013/01/17 01:11:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013/01/17 01:11:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3:64bit: - HKU\S-1-5-21-3511931958-2117292522-3197319374-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [JAVA] C:\Windows\java.vbs ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3511931958-2117292522-3197319374-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3511931958-2117292522-3197319374-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3511931958-2117292522-3197319374-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKU\S-1-5-21-3511931958-2117292522-3197319374-1000..\Run: [monag] "C:\Users\Muccy3001\AppData\Roaming\monag.exe" -autorun File not found
O4 - HKU\S-1-5-21-3511931958-2117292522-3197319374-1000..\Run: [Oxycenpyi] C:\Users\Muccy3001\AppData\Roaming\Urobz\taqeh.exe ()
O4 - HKU\S-1-5-21-3511931958-2117292522-3197319374-1000..\Run: [Wyadsym] C:\Users\Muccy3001\AppData\Roaming\Tyvifo\kifea.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Muccy3001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Muccy3001\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Muccy3001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Muccy3001\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Muccy3001\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1FC4AE18-1088-4A4E-A5C3-01A88EF86339}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{968D1D2D-689F-407A-9952-71D7A2706EF2}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e54b6737-4538-11e0-bd9b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e54b6737-4538-11e0-bd9b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.bat
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/03/08 16:00:48 | 000,000,000 | R--D | C] -- C:\Users\Muccy3001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013/03/08 14:49:07 | 000,000,000 | ---D | C] -- C:\Users\Muccy3001\AppData\Roaming\Zoas
[2013/03/08 14:49:07 | 000,000,000 | ---D | C] -- C:\Users\Muccy3001\AppData\Roaming\Zesua
[2013/03/08 14:49:07 | 000,000,000 | ---D | C] -- C:\Users\Muccy3001\AppData\Roaming\Anakab
[2013/03/08 14:37:44 | 000,000,000 | ---D | C] -- C:\Users\Muccy3001\Dtvmr
[2013/03/08 13:37:03 | 000,000,000 | -H-D | C] -- C:\Users\Muccy3001\AppData\Roaming\E8BEE989
[2013/03/08 12:14:44 | 000,000,000 | ---D | C] -- C:\Users\Muccy3001\AppData\Roaming\Zuluud
[2013/03/08 12:14:44 | 000,000,000 | ---D | C] -- C:\Users\Muccy3001\AppData\Roaming\Wucyhy
[2013/03/08 12:14:44 | 000,000,000 | ---D | C] -- C:\Users\Muccy3001\AppData\Roaming\Urobz
[2013/03/08 09:19:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/03/08 05:21:22 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/03/07 23:14:06 | 000,000,000 | ---D | C] -- C:\Users\Muccy3001\AppData\Roaming\Malwarebytes
[2013/03/07 23:13:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/07 23:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/07 23:13:49 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/07 23:13:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/07 23:13:34 | 000,000,000 | ---D | C] -- C:\Users\Muccy3001\AppData\Local\Programs
[2013/03/07 21:41:16 | 000,000,000 | ---D | C] -- C:\Users\Muccy3001\AppData\Roaming\Tyvifo
[2013/03/07 21:41:16 | 000,000,000 | ---D | C] -- C:\Users\Muccy3001\AppData\Roaming\Myhu
[2013/03/07 21:41:16 | 000,000,000 | ---D | C] -- C:\Users\Muccy3001\AppData\Roaming\Ahyld
[2013/03/06 21:08:29 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/03/06 21:08:07 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/02/27 18:49:09 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/02/27 18:49:08 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/02/27 18:49:08 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013/02/27 18:49:08 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013/02/27 18:49:05 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/02/27 18:49:05 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/02/27 18:49:02 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/02/27 18:49:02 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/02/27 18:49:02 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/02/27 18:49:02 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/02/27 18:49:02 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/27 18:49:02 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/27 18:49:02 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/27 18:49:02 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/27 18:49:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/27 18:49:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/27 18:49:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/27 18:49:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/27 18:49:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/27 18:49:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/27 18:49:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/27 18:49:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/27 18:49:02 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/27 18:49:02 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/27 18:49:01 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/02/27 18:49:01 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013/02/27 18:49:01 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/02/27 18:49:01 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/02/27 18:49:01 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013/02/27 18:49:01 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/02/27 18:49:01 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/02/27 18:49:01 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/02/27 18:49:01 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/02/27 18:49:01 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/27 18:49:01 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/27 18:49:01 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/27 18:49:01 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/27 18:49:00 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/02/27 18:49:00 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/02/27 18:49:00 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/02/27 18:49:00 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013/02/27 18:30:40 | 000,000,000 | R--D | C] -- C:\Users\Muccy3001\Documents\Scanned Documents
[2013/02/27 18:30:39 | 000,000,000 | ---D | C] -- C:\Users\Muccy3001\Documents\Fax
[2013/02/25 15:02:01 | 000,000,000 | ---D | C] -- C:\Users\Muccy3001\Desktop\Rheinenergie
[2013/02/13 18:34:30 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/02/13 18:34:27 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/02/13 18:34:27 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/02/13 18:34:07 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/02/13 18:34:04 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/02/13 18:34:03 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/02/13 18:34:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/02/13 18:34:03 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/02/13 18:34:03 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/02/13 18:34:03 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/02/13 18:33:58 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/02/13 18:33:57 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/02/13 18:33:56 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/02/13 18:33:56 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/02/13 18:33:56 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/02/13 18:33:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/02/13 18:33:54 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/03/08 16:08:06 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/08 16:08:06 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/08 16:00:43 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2013/03/08 16:00:41 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/08 16:00:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/08 16:00:18 | 3220,664,320 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/08 14:48:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/08 14:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/08 05:21:20 | 564,114,586 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/03/07 23:13:52 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/03/07 21:47:47 | 001,526,786 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/07 21:47:47 | 000,668,692 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/03/07 21:47:47 | 000,620,284 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/07 21:47:47 | 000,134,540 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/03/07 21:47:47 | 000,110,472 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/06 21:08:24 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/03/06 21:08:24 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/03/06 21:08:24 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/03/06 21:08:24 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/03/06 21:08:24 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/03/06 21:08:24 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/03/04 19:21:53 | 000,013,455 | ---- | M] () -- C:\Users\Muccy3001\Desktop\Remigiusstr. 14 Übersicht.ods
[2013/02/28 19:15:14 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/28 19:15:14 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/14 20:15:09 | 000,306,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/07 20:29:36 | 000,001,061 | ---- | M] () -- C:\Users\Muccy3001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/03/08 05:21:20 | 564,114,586 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/03/07 23:13:52 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/03/04 19:21:50 | 000,013,455 | ---- | C] () -- C:\Users\Muccy3001\Desktop\Remigiusstr. 14 Übersicht.ods
[2012/02/01 18:46:48 | 000,000,000 | ---- | C] () -- C:\Users\Muccy3001\AppData\Local\{44BBEA8D-CE39-4449-A097-59734AADA1CD}
[2011/11/10 03:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011/11/10 03:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/11/09 22:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/11/09 22:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/09/13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/08 10:58:00 | 000,000,000 | ---- | C] () -- C:\Users\Muccy3001\AppData\Local\{91DE0AFF-B692-42D4-9A53-173573533C95}
[2011/05/24 17:18:39 | 000,000,000 | ---- | C] () -- C:\Users\Muccy3001\AppData\Local\{0CB6DFF5-08C6-4E2F-81FB-1BE86D7E0E80}
[2011/05/24 17:16:41 | 000,000,000 | ---- | C] () -- C:\Users\Muccy3001\AppData\Local\{1C162DBE-D987-4BC5-8DCE-AEDAFCE1922D}
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
--- --- ---
[code]

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 3/8/2013 4:03:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Muccy3001\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 59.58% Memory free
8.00 Gb Paging File | 6.17 Gb Available in Paging File | 77.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1366.17 Gb Total Space | 1107.25 Gb Free Space | 81.05% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 10.38 Gb Free Space | 34.59% Space Free | Partition Type: NTFS
 
Computer Name: MUCCY3001-PC | User Name: Muccy3001 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-3511931958-2117292522-3197319374-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\windows\system32\rundll32.exe" "C:\windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06CDE38E-2885-4D26-ACD2-B9195F2963E4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{0945B96D-BAF5-4BAC-99E7-CFB7A32A2E97}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{1B23C507-E817-4FC5-811F-F7981539F711}" = lport=138 | protocol=17 | dir=in | app=system | 
"{1FCDF2E3-14C1-4863-9B17-79FE3F626D53}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{260DDC66-2E99-41AE-ACEB-FA8D58F04692}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{274BB6E4-D970-4421-889F-97E245254889}" = lport=139 | protocol=6 | dir=in | app=system | 
"{38B2CD93-155E-4C1F-BA51-426A4FD22750}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3B619D04-5C1F-4DB4-9302-0216D4945162}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{5F681FF8-A0EF-48BF-B7A3-DA6A61C3D683}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7271F9FB-336F-4615-BE2F-37E37A1E3723}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{80591EF5-A4A2-46D9-B4FF-D46C8FC39EEA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{93E8355B-7270-4F7C-8596-705E2CB2BD62}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9BA27086-A1EF-44F5-8566-F91568F052F4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A98E8EFB-15AE-4740-A5CA-9EDEAF78E59F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A9EAF0F2-A11D-45FA-9B0D-1583BAF6617A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{AF6FFF33-55A7-4A56-9441-7C023B0F50CF}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B1EBA578-B569-4AB7-881A-75C6F45380F2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B4D588A5-F106-4293-9C62-D18C2700EEBF}" = lport=137 | protocol=17 | dir=in | app=system | 
"{BEE6AC12-3C94-4C08-885F-C00E1634B74A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C42790FE-87E4-4FAE-95A5-CC9DAC73D954}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C57ED8A6-760A-4C02-B208-AB276902C170}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DC7CC21E-20DB-4EFD-B71A-8AE62CE076B9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EB55A1E1-FC0E-4D06-BBF4-54AB788CD657}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{051963CD-35CA-43DA-B51C-CC4D1D0F72A6}" = protocol=6 | dir=out | app=system | 
"{0D86D9F9-F8DC-4F21-B839-03352DAD7A14}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0F30EE61-5868-4128-8CAF-2DAF7E152BE6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{13149270-227A-4615-A9BC-2EBDBF0A4D43}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{1436E55B-C6B2-4870-873A-0292C1D9211D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{167E6C97-7346-4B14-AAE9-870D254E7DAC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{19712371-E774-471B-920B-817732D0DB34}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{1DA3BD12-BE16-407A-879C-896557BC9080}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{24076498-DA07-409A-AD52-50DAEDFB6944}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2E0ABF55-5B5A-457B-A523-ABA8020738FD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3AB97D1A-58D1-4B60-968C-17B4FD8AAB5C}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe | 
"{44025FC2-A026-4483-89C1-03531B1907A1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{53C95FBD-86E1-48C8-966B-BC0A5CDF125C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5CF842B2-1484-400D-93C9-508B1176A83D}" = protocol=6 | dir=in | app=c:\users\muccy3001\appdata\roaming\dropbox\bin\dropbox.exe | 
"{6B2DA4EA-1D4C-41A7-83FE-39F01A513EDF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{6DBF9567-D9B3-45B6-85F1-A94E7B9E54BB}" = protocol=17 | dir=in | app=c:\users\muccy3001\appdata\roaming\dropbox\bin\dropbox.exe | 
"{734A1096-E8E6-4544-9901-261828D00602}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{745C78EC-0174-478F-B218-3466CE54AB7A}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe | 
"{7C22EBDB-02C9-4762-BD52-F6CC2771544C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{7E8223FE-FB5D-49B2-93BD-0A2A50876342}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{8CB35B77-6A70-46AA-B733-C6AA455AA0C7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A076DD21-514E-4173-82C5-B0A92E179B05}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A4E362A9-0BE1-497A-AB9D-4B9545823BB8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{AB1C0002-0BE0-4BA8-94DF-C90E63398D2E}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe | 
"{AEE44679-64A1-4A4C-94C9-8DA50E2A872C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{B5A02968-C342-4A68-A1AE-FEC85BD641C4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BC517430-0569-4CC0-9555-4884DA1E1EEF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{BDDDA87F-BCF5-4913-9B87-09ABD57FC443}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe | 
"{BFE7D5E7-3A6B-4029-8B8F-DF9738734047}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C8F43C5B-F9D3-4A82-BD69-56555369219D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D8058E8F-A6BA-45D4-91A3-B044CDAEE49C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{EA63862D-702F-4CD1-BD0D-5E0A9C6E9EF5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{F5F71530-2FF7-4974-A6C8-68D339D863E0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FB73772E-D22E-4CA3-A1BC-0B42BD479028}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{1314A973-54CE-4666-8C8E-3DE78A6D67AE}C:\users\muccy3001\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\muccy3001\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{77CE6796-4CB7-4812-8965-36561911DA06}C:\program files (x86)\hp\hp deskjet 3050 j610 series\bin\scantopcactivationapp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hp\hp deskjet 3050 j610 series\bin\scantopcactivationapp.exe | 
"TCP Query User{7865432B-49A4-42D4-9939-CFABEE09E189}C:\users\muccy3001\appdata\roaming\urobz\taqeh.exe" = protocol=6 | dir=in | app=c:\users\muccy3001\appdata\roaming\urobz\taqeh.exe | 
"TCP Query User{796401D1-92E9-42CF-A2AF-38BB788D1CFA}C:\users\muccy3001\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\muccy3001\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{B7F375BB-6EB2-441C-BE80-BDD051B54C3B}C:\users\muccy3001\appdata\roaming\tyvifo\kifea.exe" = protocol=6 | dir=in | app=c:\users\muccy3001\appdata\roaming\tyvifo\kifea.exe | 
"TCP Query User{D952A323-5F03-45F3-9FA1-DD514FE0FAC8}C:\users\muccy3001\appdata\roaming\urobz\taqeh.exe" = protocol=6 | dir=in | app=c:\users\muccy3001\appdata\roaming\urobz\taqeh.exe | 
"UDP Query User{26AD5D05-A868-405C-BC78-33B8C15321A9}C:\users\muccy3001\appdata\roaming\tyvifo\kifea.exe" = protocol=17 | dir=in | app=c:\users\muccy3001\appdata\roaming\tyvifo\kifea.exe | 
"UDP Query User{5420A7FE-C61A-4115-888E-00D06F6ECC8B}C:\program files (x86)\hp\hp deskjet 3050 j610 series\bin\scantopcactivationapp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hp\hp deskjet 3050 j610 series\bin\scantopcactivationapp.exe | 
"UDP Query User{6D54D3AA-F48F-4FF6-A616-2A06F5E398A9}C:\users\muccy3001\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\muccy3001\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{B8AC3E98-3723-4638-A0BE-8E0A9597F969}C:\users\muccy3001\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\muccy3001\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{C86E6077-4E53-4D5C-AA8F-75719A91A608}C:\users\muccy3001\appdata\roaming\urobz\taqeh.exe" = protocol=17 | dir=in | app=c:\users\muccy3001\appdata\roaming\urobz\taqeh.exe | 
"UDP Query User{DED651CA-A5D0-41B2-B719-F7247BB3C0B8}C:\users\muccy3001\appdata\roaming\urobz\taqeh.exe" = protocol=17 | dir=in | app=c:\users\muccy3001\appdata\roaming\urobz\taqeh.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{122C8DA5-1978-7BB6-6179-BE41806E8086}" = ccc-utility64
"{19DCDC0D-9D87-46DB-A4B0-08B35AA333A3}" = Corel Shell Extension - 64Bit
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{3DF2B8CD-072D-49F5-BCF8-1DB86B0DF632}" = HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89BDAE1A-7B8E-4A0E-A169-02F7F366451D}" = iCloud
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{03BB06DB-15FE-47F0-B872-E6477933C986}" = Windows Live UX Platform Language Pack
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{0482617D-DDC3-D703-2572-7D1E55FA24CB}" = Catalyst Control Center Graphics Previews Vista
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE}" = Windows Live UX Platform Language Pack
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{13FAE3E3-283E-4BF4-8FE5-17D256EDDD77}" = Windows Live UX Platform Language Pack
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E87F5D4-3502-4F8E-86A5-61DE5AAD1060}" = Windows Live UX Platform Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{216BE2D3-5317-10C1-6F02-C4665CFB4507}" = CCC Help Japanese
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{26E276AC-F6C2-883E-E665-E97C735AA0AA}" = CCC Help French
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{31760C30-2C21-75D1-675E-3388AAC04068}" = CCC Help Dutch
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{5380E159-9445-C146-ECBC-5DF6E97FAB85}" = CCC Help Swedish
"{543E6ACA-51B7-4283-82F2-57C0582A53C5}" = Windows Live UX Platform Language Pack
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{54F89819-7AF7-9A0A-1F45-2E19F0CA18A8}" = CCC Help Finnish
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{59F324A2-667C-EA14-0A8D-DC3794330056}" = CCC Help Danish
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B0A2ECE-E4C6-4BA3-AE9D-8B827F03B992}" = Windows Live UX Platform Language Pack
"{6B318C80-7BE4-4D79-9F53-4290958EA984}" = Windows Live UX Platform Language Pack
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{7189F66A-1560-1573-05C9-DE53613AEA1A}" = Versandhelfer
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{76046298-768C-492C-8C93-2983C9E3719E}" = Windows Live UX Platform Language Pack
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7D14B7C4-10DA-173B-D073-DED305D55099}" = Catalyst Control Center Localization All
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{934331FE-E81E-B486-A049-382715BE7416}" = CCC Help German
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A850B824-9CE5-EEDE-D762-3C9518ABAC98}" = ccc-core-static
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA0F476C-CA5F-F382-67B2-F0085C1EBC6E}" = CCC Help Norwegian
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B765F43A-6189-61F7-5D8A-0B9E8A851193}" = CCC Help English
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01AE05C-3C8C-75B3-C9F0-1B525DD3697C}" = Catalyst Control Center InstallProxy
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2131BFA-A0D6-4FDE-8614-75B07A9B15EE}" = Windows Live UX Platform Language Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE2A3E12-3592-1A8B-D3B3-60E2C07C52C2}" = CCC Help Italian
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED86C4AB-D1E5-42CF-BFA3-56BAAE617D4E}" = Windows Live UX Platform Language Pack
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F354B79F-C895-AC25-EC8F-72DAFF960B83}" = CCC Help Spanish
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Hilfe
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Photo Optimizer_is1" = Ashampoo Photo Optimizer
"Ashampoo Snap_is1" = Ashampoo Snap
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"dpdhl.versandhelfer.medionpc.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1" = Versandhelfer
"Free iPad Video Converter_is1" = Free iPad Video Converter 3.7.2.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"HP Photo Creations" = HP Photo Creations
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"VLC media player" = VLC media player 1.1.9
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"ZipALot" = ZipALot (remove only)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3511931958-2117292522-3197319374-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"PDF Reader" = PDF Reader
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 3/7/2013 9:05:53 PM | Computer Name = Muccy3001-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 561588
 
Error - 3/7/2013 9:06:09 PM | Computer Name = Muccy3001-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 3/7/2013 9:06:09 PM | Computer Name = Muccy3001-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 577188
 
Error - 3/7/2013 9:06:09 PM | Computer Name = Muccy3001-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 577188
 
Error - 3/7/2013 9:06:25 PM | Computer Name = Muccy3001-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 3/7/2013 9:06:25 PM | Computer Name = Muccy3001-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 592788
 
Error - 3/7/2013 9:06:25 PM | Computer Name = Muccy3001-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 592788
 
Error - 3/8/2013 8:37:06 AM | Computer Name = Muccy3001-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: KB00410889.exe, Version: 8.7.3.5,
 Zeitstempel: 0x50ef19f6  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x001af056  ID des fehlerhaften
 Prozesses: 0x156c  Startzeit der fehlerhaften Anwendung: 0x01ce1bf9a2a616ea  Pfad der
 fehlerhaften Anwendung: C:\Users\Muccy3001\AppData\Roaming\KB00410889.exe  Pfad des
 fehlerhaften Moduls: unknown  Berichtskennung: e273bce9-87ec-11e2-93eb-000272b0b9d0
 
Error - 3/8/2013 9:38:13 AM | Computer Name = Muccy3001-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: KB00410889.exe, Version: 8.7.3.5,
 Zeitstempel: 0x50ef19f6  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x001af056  ID des fehlerhaften
 Prozesses: 0x164c  Startzeit der fehlerhaften Anwendung: 0x01ce1c022cdab358  Pfad der
 fehlerhaften Anwendung: C:\Users\Muccy3001\AppData\Roaming\KB00410889.exe  Pfad des
 fehlerhaften Moduls: unknown  Berichtskennung: 6bcfbc1e-87f5-11e2-93eb-000272b0b9d0
 
Error - 3/8/2013 9:42:29 AM | Computer Name = Muccy3001-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 19.0.2.4814,
 Zeitstempel: 0x5138a1d3  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000ce6c3  ID des fehlerhaften
 Prozesses: 0xf80  Startzeit der fehlerhaften Anwendung: 0x01ce1bfa4602a878  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 046cd56e-87f6-11e2-93eb-000272b0b9d0
 
[ System Events ]
Error - 4/17/2012 2:52:23 AM | Computer Name = Muccy3001-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 4/17/2012 2:58:08 AM | Computer Name = Muccy3001-PC | Source = Service Control Manager | ID = 7043
Description = Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements
 nicht richtig heruntergefahren werden.
 
Error - 7/15/2012 9:33:54 AM | Computer Name = Muccy3001-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 7/27/2012 6:13:54 AM | Computer Name = Muccy3001-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 8/16/2012 3:15:37 AM | Computer Name = Muccy3001-PC | Source = BTHUSB | ID = 327696
Description = Die beiderseitige Authentifizierung zwischen dem lokalen Bluetooth-Adapter
 und einem Gerät mit Bluetooth-Adapteradresse (78:ca:39:4a:a7:04) ist fehlgeschlagen.
 
Error - 9/3/2012 6:19:06 AM | Computer Name = Muccy3001-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 9/21/2012 4:40:34 AM | Computer Name = Muccy3001-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 9/21/2012 4:40:52 AM | Computer Name = Muccy3001-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 9/21/2012 4:41:52 AM | Computer Name = Muccy3001-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Apple Mobile Device" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
 ist fehlgeschlagen. Fehler:   %%1056
 
Error - 9/28/2012 4:30:49 AM | Computer Name = Muccy3001-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?09.?2012 um 10:28:51 unerwartet heruntergefahren.
 
 
< End of report >
         
--- --- ---
[code]
__________________

Alt 08.03.2013, 16:06   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Groupon Trojaner - Standard

Groupon Trojaner



Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus.

Anleitung MBAR:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.03.2013, 17:42   #5
muccy
 
Groupon Trojaner - Standard

Groupon Trojaner



Ich hoffe ich habe soweit alles richtig gemacht.
Es gab auch beim 2ten durchlauf keine Funde mehr.

Ich musste den GMER leider teilen die anderen logs kommen auch im nächsten beitrag!

GMER Teil 1

Code:
ATTFilter
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-08 17:27:47
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000055 ST315005 rev.CC34 1397,27GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\MUCCY3~1\AppData\Local\Temp\kxliiuog.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess                               00000000775008fc 6 bytes [68, 93, 5C, 08, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W                              00000000775125fd 6 bytes [68, D6, FC, 07, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                        000000007751c45a 6 bytes [68, BE, 5D, 08, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A                              0000000077522a63 6 bytes [68, 1C, FD, 07, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W                              0000000077544128 6 bytes [68, 62, FD, 07, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A                              000000007754e659 6 bytes [68, A8, FD, 07, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW                           000000007549455c 6 bytes [68, 27, 60, 08, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\kernel32.dll!ExitProcess                                    00000000754979f8 6 bytes [68, E6, 5F, 08, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW                           000000007686c592 6 bytes [68, A4, 60, 08, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                           00000000768a2538 6 bytes [68, 8D, 60, 08, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!GetDC                                            00000000762e72c4 6 bytes [68, FA, B0, 07, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!ReleaseDC                                        00000000762e7446 6 bytes [68, 78, B1, 07, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!TranslateMessage                                 00000000762e7809 6 bytes [68, 2C, B8, 07, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!GetMessageW                                      00000000762e78e2 6 bytes [68, 37, 5B, 08, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!GetMessageA                                      00000000762e7bd3 6 bytes [68, 5F, 5B, 08, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!GetWindowDC                                      00000000762e8048 6 bytes [68, 39, B1, 07, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!RegisterClassW                                   00000000762e8a65 6 bytes [68, DA, FF, 07, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!RegisterClassExW                                 00000000762eb17d 6 bytes [68, 74, 00, 08, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!RegisterClassExA                                 00000000762edb98 6 bytes [68, C6, 00, 08, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!PeekMessageW                                     00000000762f05ba 6 bytes [68, 87, 5B, 08, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!CallWindowProcW                                  00000000762f0d32 6 bytes [68, 0C, FF, 07, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!GetCursorPos                                     00000000762f1218 6 bytes [68, 6A, 59, 08, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!EndPaint                                         00000000762f1341 6 bytes [68, 5F, B0, 07, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!BeginPaint                                       00000000762f1361 6 bytes [68, EF, AF, 07, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!GetMessagePos                                    00000000762f2a8d 6 bytes [68, 38, 59, 08, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!GetCapture                                       00000000762f2aac 6 bytes [68, 98, 5A, 08, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!GetDCEx                                          00000000762f3391 6 bytes [68, 9F, B0, 07, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!RegisterClassA                                   00000000762f434b 6 bytes [68, 27, 00, 08, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!PeekMessageA                                     00000000762f5f74 6 bytes [68, B2, 5B, 08, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!GetUpdateRgn                                     00000000762f6222 6 bytes [68, 4B, B2, 07, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!CallWindowProcA                                  00000000762f792f 6 bytes [68, 55, FF, 07, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!DefFrameProcA                                    00000000762f7fbb 6 bytes [68, 37, FE, 07, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA                                 00000000762f810c 6 bytes [68, C6, FE, 07, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!DefFrameProcW                                    00000000762f85c1 6 bytes [68, EE, FD, 07, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW                                 00000000762f86b4 6 bytes [68, 80, FE, 07, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!GetUpdateRect                                    000000007630d41f 6 bytes [68, B8, B1, 07, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!ReleaseCapture                                   000000007630ed49 6 bytes [68, 48, 5A, 08, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!SetCapture                                       000000007630ed56 6 bytes [68, EE, 59, 08, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!SwitchDesktop                                    0000000076329854 6 bytes [68, B8, FC, 07, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!SetCursorPos                                     0000000076329cfd 6 bytes [68, B1, 59, 08, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!GetClipboardData                                 0000000076329f1d 6 bytes [68, DB, B9, 07, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!OpenInputDesktop                                 00000000763487cb 6 bytes [68, 68, FC, 07, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\WS2_32.dll!closesocket                                      0000000075443918 6 bytes [68, D4, 06, 08, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\WS2_32.dll!getaddrinfo                                      0000000075444296 6 bytes [68, E5, 02, 08, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\WS2_32.dll!WSASend                                          0000000075444406 6 bytes [68, 2D, 07, 08, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\WS2_32.dll!send                                             0000000075446f01 6 bytes [68, 0C, 07, 08, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                    0000000075457673 6 bytes [68, 75, 02, 08, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore                              0000000076bb1224 6 bytes [68, 51, 5C, 07, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA                                  00000000763ea336 6 bytes [68, 16, 74, 07, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\WININET.dll!InternetCloseHandle                             00000000763eab41 6 bytes [68, 76, 72, 07, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\WININET.dll!InternetReadFile                                00000000763eb3fe 6 bytes [68, E3, 72, 07, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW                                00000000763f4a42 6 bytes [68, 74, 6F, 07, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA                                00000000763f4c7d 6 bytes [68, B8, 6F, 07, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable                      00000000763f5e5d 6 bytes [68, EA, 73, 07, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\WININET.dll!HttpSendRequestW                                00000000763fba12 6 bytes [68, FC, 6F, 07, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\WININET.dll!HttpEndRequestA                                 00000000764045e2 6 bytes [68, E0, 71, 07, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW                              0000000076404a35 6 bytes [68, A6, 70, 07, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\WININET.dll!InternetReadFileExA                             000000007641ae56 6 bytes [68, 11, 73, 07, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer                          000000007644b04e 6 bytes [68, 90, 73, 07, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA                              0000000076461962 6 bytes [68, 43, 71, 07, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\WININET.dll!HttpEndRequestW                                 00000000764619e5 6 bytes [68, 2B, 72, 07, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\WININET.dll!HttpSendRequestA                                0000000076461a48 6 bytes [68, 51, 70, 07, 02, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess                            00000000775008fc 6 bytes [68, 93, 5C, 07, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W                           00000000775125fd 6 bytes [68, D6, FC, 06, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                     000000007751c45a 6 bytes [68, BE, 5D, 07, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A                           0000000077522a63 6 bytes [68, 1C, FD, 06, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W                           0000000077544128 6 bytes [68, 62, FD, 06, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A                           000000007754e659 6 bytes [68, A8, FD, 06, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW                        000000007549455c 6 bytes [68, 27, 60, 07, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\kernel32.dll!ExitProcess                                 00000000754979f8 6 bytes [68, E6, 5F, 07, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW                        000000007686c592 6 bytes [68, A4, 60, 07, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                        00000000768a2538 6 bytes [68, 8D, 60, 07, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!GetDC                                         00000000762e72c4 6 bytes [68, FA, B0, 06, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!ReleaseDC                                     00000000762e7446 6 bytes [68, 78, B1, 06, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!TranslateMessage                              00000000762e7809 6 bytes [68, 2C, B8, 06, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!GetMessageW                                   00000000762e78e2 6 bytes [68, 37, 5B, 07, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!GetMessageA                                   00000000762e7bd3 6 bytes [68, 5F, 5B, 07, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!GetWindowDC                                   00000000762e8048 6 bytes [68, 39, B1, 06, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!RegisterClassW                                00000000762e8a65 6 bytes [68, DA, FF, 06, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!RegisterClassExW                              00000000762eb17d 6 bytes [68, 74, 00, 07, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!RegisterClassExA                              00000000762edb98 6 bytes [68, C6, 00, 07, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!PeekMessageW                                  00000000762f05ba 6 bytes [68, 87, 5B, 07, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!CallWindowProcW                               00000000762f0d32 6 bytes [68, 0C, FF, 06, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!GetCursorPos                                  00000000762f1218 6 bytes [68, 6A, 59, 07, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!EndPaint                                      00000000762f1341 6 bytes [68, 5F, B0, 06, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!BeginPaint                                    00000000762f1361 6 bytes [68, EF, AF, 06, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!GetMessagePos                                 00000000762f2a8d 6 bytes [68, 38, 59, 07, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!GetCapture                                    00000000762f2aac 6 bytes [68, 98, 5A, 07, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!GetDCEx                                       00000000762f3391 6 bytes [68, 9F, B0, 06, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!RegisterClassA                                00000000762f434b 6 bytes [68, 27, 00, 07, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!PeekMessageA                                  00000000762f5f74 6 bytes [68, B2, 5B, 07, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!GetUpdateRgn                                  00000000762f6222 6 bytes [68, 4B, B2, 06, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!CallWindowProcA                               00000000762f792f 6 bytes [68, 55, FF, 06, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!DefFrameProcA                                 00000000762f7fbb 6 bytes [68, 37, FE, 06, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA                              00000000762f810c 6 bytes [68, C6, FE, 06, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!DefFrameProcW                                 00000000762f85c1 6 bytes [68, EE, FD, 06, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW                              00000000762f86b4 6 bytes [68, 80, FE, 06, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!GetUpdateRect                                 000000007630d41f 6 bytes [68, B8, B1, 06, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!ReleaseCapture                                000000007630ed49 6 bytes [68, 48, 5A, 07, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!SetCapture                                    000000007630ed56 6 bytes [68, EE, 59, 07, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!SwitchDesktop                                 0000000076329854 6 bytes [68, B8, FC, 06, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!SetCursorPos                                  0000000076329cfd 6 bytes [68, B1, 59, 07, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!GetClipboardData                              0000000076329f1d 6 bytes [68, DB, B9, 06, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!OpenInputDesktop                              00000000763487cb 6 bytes [68, 68, FC, 06, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\WS2_32.dll!closesocket                                   0000000075443918 6 bytes [68, D4, 06, 07, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\WS2_32.dll!getaddrinfo                                   0000000075444296 6 bytes [68, E5, 02, 07, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\WS2_32.dll!WSASend                                       0000000075444406 6 bytes [68, 2D, 07, 07, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\WS2_32.dll!send                                          0000000075446f01 6 bytes [68, 0C, 07, 07, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                 0000000075457673 6 bytes [68, 75, 02, 07, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore                           0000000076bb1224 6 bytes [68, 51, 5C, 06, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA                               00000000763ea336 6 bytes [68, 16, 74, 06, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\WININET.dll!InternetCloseHandle                          00000000763eab41 6 bytes [68, 76, 72, 06, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\WININET.dll!InternetReadFile                             00000000763eb3fe 6 bytes [68, E3, 72, 06, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW                             00000000763f4a42 6 bytes [68, 74, 6F, 06, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA                             00000000763f4c7d 6 bytes [68, B8, 6F, 06, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable                   00000000763f5e5d 6 bytes [68, EA, 73, 06, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\WININET.dll!HttpSendRequestW                             00000000763fba12 6 bytes [68, FC, 6F, 06, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\WININET.dll!HttpEndRequestA                              00000000764045e2 6 bytes [68, E0, 71, 06, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW                           0000000076404a35 6 bytes [68, A6, 70, 06, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\WININET.dll!InternetReadFileExA                          000000007641ae56 6 bytes [68, 11, 73, 06, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer                       000000007644b04e 6 bytes [68, 90, 73, 06, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA                           0000000076461962 6 bytes [68, 43, 71, 06, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\WININET.dll!HttpEndRequestW                              00000000764619e5 6 bytes [68, 2B, 72, 06, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\WININET.dll!HttpSendRequestA                             0000000076461a48 6 bytes [68, 51, 70, 06, 03, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      00000000753a1465 2 bytes [3A, 75]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                     00000000753a14bb 2 bytes [3A, 75]
.text   ...                                                                                                                                                                  * 2
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess                                                        00000000775008fc 6 bytes [68, 93, 5C, B3, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W                                                       00000000775125fd 6 bytes [68, D6, FC, B2, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                 000000007751c45a 6 bytes [68, BE, 5D, B3, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A                                                       0000000077522a63 6 bytes [68, 1C, FD, B2, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W                                                       0000000077544128 6 bytes [68, 62, FD, B2, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A                                                       000000007754e659 6 bytes [68, A8, FD, B2, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW                                                    000000007549455c 6 bytes [68, 27, 60, B3, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\kernel32.dll!ExitProcess                                                             00000000754979f8 6 bytes [68, E6, 5F, B3, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!GetDC                                                                     00000000762e72c4 6 bytes [68, FA, B0, B2, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!ReleaseDC                                                                 00000000762e7446 6 bytes [68, 78, B1, B2, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!TranslateMessage                                                          00000000762e7809 6 bytes [68, 2C, B8, B2, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!GetMessageW                                                               00000000762e78e2 6 bytes [68, 37, 5B, B3, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!GetMessageA                                                               00000000762e7bd3 6 bytes [68, 5F, 5B, B3, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!GetWindowDC                                                               00000000762e8048 6 bytes [68, 39, B1, B2, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!RegisterClassW                                                            00000000762e8a65 6 bytes [68, DA, FF, B2, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!RegisterClassExW                                                          00000000762eb17d 6 bytes [68, 74, 00, B3, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!RegisterClassExA                                                          00000000762edb98 6 bytes [68, C6, 00, B3, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!PeekMessageW                                                              00000000762f05ba 6 bytes [68, 87, 5B, B3, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!CallWindowProcW                                                           00000000762f0d32 6 bytes [68, 0C, FF, B2, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!GetCursorPos                                                              00000000762f1218 6 bytes [68, 6A, 59, B3, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!EndPaint                                                                  00000000762f1341 6 bytes [68, 5F, B0, B2, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!BeginPaint                                                                00000000762f1361 6 bytes [68, EF, AF, B2, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!GetMessagePos                                                             00000000762f2a8d 6 bytes [68, 38, 59, B3, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!GetCapture                                                                00000000762f2aac 6 bytes [68, 98, 5A, B3, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!GetDCEx                                                                   00000000762f3391 6 bytes [68, 9F, B0, B2, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!RegisterClassA                                                            00000000762f434b 6 bytes [68, 27, 00, B3, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!PeekMessageA                                                              00000000762f5f74 6 bytes [68, B2, 5B, B3, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!GetUpdateRgn                                                              00000000762f6222 6 bytes [68, 4B, B2, B2, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!CallWindowProcA                                                           00000000762f792f 6 bytes [68, 55, FF, B2, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!DefFrameProcA                                                             00000000762f7fbb 6 bytes [68, 37, FE, B2, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA                                                          00000000762f810c 6 bytes [68, C6, FE, B2, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!DefFrameProcW                                                             00000000762f85c1 6 bytes [68, EE, FD, B2, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW                                                          00000000762f86b4 6 bytes [68, 80, FE, B2, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!GetUpdateRect                                                             000000007630d41f 6 bytes [68, B8, B1, B2, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!ReleaseCapture                                                            000000007630ed49 6 bytes [68, 48, 5A, B3, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!SetCapture                                                                000000007630ed56 6 bytes [68, EE, 59, B3, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!SwitchDesktop                                                             0000000076329854 6 bytes [68, B8, FC, B2, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!SetCursorPos                                                              0000000076329cfd 6 bytes [68, B1, 59, B3, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                          0000000076329f1d 6 bytes [68, DB, B9, B2, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!OpenInputDesktop                                                          00000000763487cb 6 bytes [68, 68, FC, B2, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW                                                    000000007686c592 6 bytes [68, A4, 60, B3, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                                    00000000768a2538 6 bytes [68, 8D, 60, B3, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\WS2_32.dll!closesocket                                                               0000000075443918 6 bytes [68, D4, 06, B3, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\WS2_32.dll!getaddrinfo                                                               0000000075444296 6 bytes [68, E5, 02, B3, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\WS2_32.dll!WSASend                                                                   0000000075444406 6 bytes [68, 2D, 07, B3, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\WS2_32.dll!send                                                                      0000000075446f01 6 bytes [68, 0C, 07, B3, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                                             0000000075457673 6 bytes [68, 75, 02, B3, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore                                                       0000000076bb1224 6 bytes [68, 51, 5C, B2, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA                                                           00000000763ea336 6 bytes [68, 16, 74, B2, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\WININET.dll!InternetCloseHandle                                                      00000000763eab41 6 bytes [68, 76, 72, B2, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\WININET.dll!InternetReadFile                                                         00000000763eb3fe 6 bytes [68, E3, 72, B2, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW                                                         00000000763f4a42 6 bytes [68, 74, 6F, B2, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA                                                         00000000763f4c7d 6 bytes [68, B8, 6F, B2, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable                                               00000000763f5e5d 6 bytes [68, EA, 73, B2, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\WININET.dll!HttpSendRequestW                                                         00000000763fba12 6 bytes [68, FC, 6F, B2, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\WININET.dll!HttpEndRequestA                                                          00000000764045e2 6 bytes [68, E0, 71, B2, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW                                                       0000000076404a35 6 bytes [68, A6, 70, B2, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\WININET.dll!InternetReadFileExA                                                      000000007641ae56 6 bytes [68, 11, 73, B2, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer                                                   000000007644b04e 6 bytes [68, 90, 73, B2, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA                                                       0000000076461962 6 bytes [68, 43, 71, B2, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\WININET.dll!HttpEndRequestW                                                          00000000764619e5 6 bytes [68, 2B, 72, B2, 02, C3]
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\WININET.dll!HttpSendRequestA                                                         0000000076461a48 6 bytes [68, 51, 70, B2, 02, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess           00000000775008fc 4 bytes [68, 93, 5C, 73]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5       0000000077500901 1 byte [C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W          00000000775125fd 6 bytes [68, D6, FC, 72, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                    000000007751c45a 6 bytes [68, BE, 5D, 73, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A          0000000077522a63 6 bytes [68, 1C, FD, 72, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W          0000000077544128 6 bytes [68, 62, FD, 72, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A          000000007754e659 6 bytes [68, A8, FD, 72, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW       000000007549455c 6 bytes [68, 27, 60, 73, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\kernel32.dll!ExitProcess                00000000754979f8 6 bytes [68, E6, 5F, 73, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!GetDC                        00000000762e72c4 4 bytes [68, FA, B0, 72]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!GetDC + 5                    00000000762e72c9 1 byte [C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!ReleaseDC                    00000000762e7446 6 bytes [68, 78, B1, 72, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!TranslateMessage             00000000762e7809 6 bytes [68, 2C, B8, 72, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!GetMessageW                  00000000762e78e2 6 bytes [68, 37, 5B, 73, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!GetMessageA                  00000000762e7bd3 6 bytes [68, 5F, 5B, 73, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!GetWindowDC                  00000000762e8048 4 bytes [68, 39, B1, 72]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5              00000000762e804d 1 byte [C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!RegisterClassW               00000000762e8a65 6 bytes [68, DA, FF, 72, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!RegisterClassExW             00000000762eb17d 6 bytes [68, 74, 00, 73, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!RegisterClassExA             00000000762edb98 6 bytes [68, C6, 00, 73, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!PeekMessageW                 00000000762f05ba 6 bytes [68, 87, 5B, 73, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!CallWindowProcW              00000000762f0d32 6 bytes [68, 0C, FF, 72, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!GetCursorPos                 00000000762f1218 6 bytes [68, 6A, 59, 73, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!EndPaint                     00000000762f1341 4 bytes [68, 5F, B0, 72]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!EndPaint + 5                 00000000762f1346 1 byte [C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!BeginPaint                   00000000762f1361 4 bytes [68, EF, AF, 72]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!BeginPaint + 5               00000000762f1366 1 byte [C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!GetMessagePos                00000000762f2a8d 6 bytes [68, 38, 59, 73, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!GetCapture                   00000000762f2aac 6 bytes [68, 98, 5A, 73, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!GetDCEx                      00000000762f3391 4 bytes [68, 9F, B0, 72]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!GetDCEx + 5                  00000000762f3396 1 byte [C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!RegisterClassA               00000000762f434b 6 bytes [68, 27, 00, 73, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!PeekMessageA                 00000000762f5f74 6 bytes [68, B2, 5B, 73, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!GetUpdateRgn                 00000000762f6222 6 bytes [68, 4B, B2, 72, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!CallWindowProcA              00000000762f792f 6 bytes [68, 55, FF, 72, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!DefFrameProcA                00000000762f7fbb 6 bytes [68, 37, FE, 72, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA             00000000762f810c 6 bytes [68, C6, FE, 72, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!DefFrameProcW                00000000762f85c1 6 bytes [68, EE, FD, 72, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW             00000000762f86b4 6 bytes [68, 80, FE, 72, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!GetUpdateRect                000000007630d41f 6 bytes [68, B8, B1, 72, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!ReleaseCapture               000000007630ed49 6 bytes [68, 48, 5A, 73, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!SetCapture                   000000007630ed56 4 bytes [68, EE, 59, 73]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!SetCapture + 5               000000007630ed5b 1 byte [C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!SwitchDesktop                0000000076329854 6 bytes [68, B8, FC, 72, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!SetCursorPos                 0000000076329cfd 6 bytes [68, B1, 59, 73, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!GetClipboardData             0000000076329f1d 6 bytes [68, DB, B9, 72, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!OpenInputDesktop             00000000763487cb 4 bytes [68, 68, FC, 72]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5         00000000763487d0 1 byte [C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW       000000007686c592 6 bytes [68, A4, 60, 73, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA       00000000768a2538 6 bytes [68, 8D, 60, 73, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore          0000000076bb1224 6 bytes [68, 51, 5C, 72, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\WS2_32.dll!closesocket                  0000000075443918 6 bytes [68, D4, 06, 73, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\WS2_32.dll!getaddrinfo                  0000000075444296 6 bytes [68, E5, 02, 73, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\WS2_32.dll!WSASend                      0000000075444406 6 bytes [68, 2D, 07, 73, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\WS2_32.dll!send                         0000000075446f01 6 bytes [68, 0C, 07, 73, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\WS2_32.dll!gethostbyname                0000000075457673 6 bytes [68, 75, 02, 73, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA              00000000763ea336 6 bytes [68, 16, 74, 72, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\WININET.dll!InternetCloseHandle         00000000763eab41 6 bytes [68, 76, 72, 72, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\WININET.dll!InternetReadFile            00000000763eb3fe 6 bytes [68, E3, 72, 72, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW            00000000763f4a42 6 bytes [68, 74, 6F, 72, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA            00000000763f4c7d 6 bytes [68, B8, 6F, 72, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable  00000000763f5e5d 6 bytes [68, EA, 73, 72, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\WININET.dll!HttpSendRequestW            00000000763fba12 6 bytes [68, FC, 6F, 72, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\WININET.dll!HttpEndRequestA             00000000764045e2 6 bytes [68, E0, 71, 72, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW          0000000076404a35 6 bytes [68, A6, 70, 72, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\WININET.dll!InternetReadFileExA         000000007641ae56 6 bytes [68, 11, 73, 72, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer      000000007644b04e 6 bytes [68, 90, 73, 72, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA          0000000076461962 6 bytes [68, 43, 71, 72, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\WININET.dll!HttpEndRequestW             00000000764619e5 6 bytes [68, 2B, 72, 72, 00, C3]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\WININET.dll!HttpSendRequestA            0000000076461a48 6 bytes [68, 51, 70, 72, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess                                                   00000000775008fc 4 bytes [68, 93, 5C, 43]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5                                               0000000077500901 1 byte [C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W                                                  00000000775125fd 6 bytes [68, D6, FC, 42, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                            000000007751c45a 6 bytes [68, BE, 5D, 43, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A                                                  0000000077522a63 6 bytes [68, 1C, FD, 42, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W                                                  0000000077544128 6 bytes [68, 62, FD, 42, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A                                                  000000007754e659 6 bytes [68, A8, FD, 42, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW                                               000000007549455c 6 bytes [68, 27, 60, 43, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\kernel32.dll!ExitProcess                                                        00000000754979f8 6 bytes [68, E6, 5F, 43, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!GetDC                                                                00000000762e72c4 4 bytes [68, FA, B0, 42]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!GetDC + 5                                                            00000000762e72c9 1 byte [C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!ReleaseDC                                                            00000000762e7446 6 bytes [68, 78, B1, 42, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!TranslateMessage                                                     00000000762e7809 6 bytes [68, 2C, B8, 42, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!GetMessageW                                                          00000000762e78e2 6 bytes [68, 37, 5B, 43, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!GetMessageA                                                          00000000762e7bd3 6 bytes [68, 5F, 5B, 43, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!GetWindowDC                                                          00000000762e8048 4 bytes [68, 39, B1, 42]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5                                                      00000000762e804d 1 byte [C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!RegisterClassW                                                       00000000762e8a65 6 bytes [68, DA, FF, 42, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!RegisterClassExW                                                     00000000762eb17d 6 bytes [68, 74, 00, 43, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!RegisterClassExA                                                     00000000762edb98 6 bytes [68, C6, 00, 43, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!PeekMessageW                                                         00000000762f05ba 6 bytes [68, 87, 5B, 43, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!CallWindowProcW                                                      00000000762f0d32 6 bytes [68, 0C, FF, 42, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!GetCursorPos                                                         00000000762f1218 6 bytes [68, 6A, 59, 43, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!EndPaint                                                             00000000762f1341 4 bytes [68, 5F, B0, 42]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!EndPaint + 5                                                         00000000762f1346 1 byte [C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!BeginPaint                                                           00000000762f1361 4 bytes [68, EF, AF, 42]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!BeginPaint + 5                                                       00000000762f1366 1 byte [C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!GetMessagePos                                                        00000000762f2a8d 6 bytes [68, 38, 59, 43, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!GetCapture                                                           00000000762f2aac 6 bytes [68, 98, 5A, 43, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!GetDCEx                                                              00000000762f3391 4 bytes [68, 9F, B0, 42]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!GetDCEx + 5                                                          00000000762f3396 1 byte [C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!RegisterClassA                                                       00000000762f434b 6 bytes [68, 27, 00, 43, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!PeekMessageA                                                         00000000762f5f74 6 bytes [68, B2, 5B, 43, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!GetUpdateRgn                                                         00000000762f6222 6 bytes [68, 4B, B2, 42, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!CallWindowProcA                                                      00000000762f792f 6 bytes [68, 55, FF, 42, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!DefFrameProcA                                                        00000000762f7fbb 6 bytes [68, 37, FE, 42, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA                                                     00000000762f810c 6 bytes [68, C6, FE, 42, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!DefFrameProcW                                                        00000000762f85c1 6 bytes [68, EE, FD, 42, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW                                                     00000000762f86b4 6 bytes [68, 80, FE, 42, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!GetUpdateRect                                                        000000007630d41f 6 bytes [68, B8, B1, 42, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!ReleaseCapture                                                       000000007630ed49 6 bytes [68, 48, 5A, 43, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!SetCapture                                                           000000007630ed56 4 bytes [68, EE, 59, 43]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!SetCapture + 5                                                       000000007630ed5b 1 byte [C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!SwitchDesktop                                                        0000000076329854 6 bytes [68, B8, FC, 42, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!SetCursorPos                                                         0000000076329cfd 6 bytes [68, B1, 59, 43, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                     0000000076329f1d 6 bytes [68, DB, B9, 42, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!OpenInputDesktop                                                     00000000763487cb 4 bytes [68, 68, FC, 42]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5                                                 00000000763487d0 1 byte [C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW                                               000000007686c592 6 bytes [68, A4, 60, 43, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                               00000000768a2538 6 bytes [68, 8D, 60, 43, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\WS2_32.dll!closesocket                                                          0000000075443918 6 bytes [68, D4, 06, 43, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\WS2_32.dll!getaddrinfo                                                          0000000075444296 6 bytes [68, E5, 02, 43, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\WS2_32.dll!WSASend                                                              0000000075444406 6 bytes [68, 2D, 07, 43, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\WS2_32.dll!send                                                                 0000000075446f01 6 bytes [68, 0C, 07, 43, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                                        0000000075457673 6 bytes [68, 75, 02, 43, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore                                                  0000000076bb1224 6 bytes [68, 51, 5C, 42, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA                                                      00000000763ea336 6 bytes [68, 16, 74, 42, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\WININET.dll!InternetCloseHandle                                                 00000000763eab41 6 bytes [68, 76, 72, 42, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\WININET.dll!InternetReadFile                                                    00000000763eb3fe 6 bytes [68, E3, 72, 42, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW                                                    00000000763f4a42 6 bytes [68, 74, 6F, 42, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA                                                    00000000763f4c7d 6 bytes [68, B8, 6F, 42, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable                                          00000000763f5e5d 6 bytes [68, EA, 73, 42, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\WININET.dll!HttpSendRequestW                                                    00000000763fba12 6 bytes [68, FC, 6F, 42, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\WININET.dll!HttpEndRequestA                                                     00000000764045e2 6 bytes [68, E0, 71, 42, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW                                                  0000000076404a35 6 bytes [68, A6, 70, 42, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\WININET.dll!InternetReadFileExA                                                 000000007641ae56 6 bytes [68, 11, 73, 42, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer                                              000000007644b04e 6 bytes [68, 90, 73, 42, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA                                                  0000000076461962 6 bytes [68, 43, 71, 42, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\WININET.dll!HttpEndRequestW                                                     00000000764619e5 6 bytes [68, 2B, 72, 42, 00, C3]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\WININET.dll!HttpSendRequestA                                                    0000000076461a48 6 bytes [68, 51, 70, 42, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess                                                               00000000775008fc 4 bytes [68, 93, 5C, 21]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5                                                           0000000077500901 1 byte [C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W                                                              00000000775125fd 6 bytes [68, D6, FC, 20, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                        000000007751c45a 6 bytes [68, BE, 5D, 21, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A                                                              0000000077522a63 6 bytes [68, 1C, FD, 20, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W                                                              0000000077544128 6 bytes [68, 62, FD, 20, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A                                                              000000007754e659 6 bytes [68, A8, FD, 20, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW                                                           000000007549455c 6 bytes [68, 27, 60, 21, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\kernel32.dll!ExitProcess                                                                    00000000754979f8 6 bytes [68, E6, 5F, 21, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW                                                           000000007686c592 6 bytes [68, A4, 60, 21, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                                           00000000768a2538 6 bytes [68, 8D, 60, 21, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!GetDC                                                                            00000000762e72c4 4 bytes [68, FA, B0, 20]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!GetDC + 5                                                                        00000000762e72c9 1 byte [C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!ReleaseDC                                                                        00000000762e7446 6 bytes [68, 78, B1, 20, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!TranslateMessage                                                                 00000000762e7809 6 bytes [68, 2C, B8, 20, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!GetMessageW                                                                      00000000762e78e2 6 bytes [68, 37, 5B, 21, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!GetMessageA                                                                      00000000762e7bd3 6 bytes [68, 5F, 5B, 21, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!GetWindowDC                                                                      00000000762e8048 4 bytes [68, 39, B1, 20]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5                                                                  00000000762e804d 1 byte [C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!RegisterClassW                                                                   00000000762e8a65 6 bytes [68, DA, FF, 20, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!RegisterClassExW                                                                 00000000762eb17d 6 bytes [68, 74, 00, 21, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!RegisterClassExA                                                                 00000000762edb98 6 bytes [68, C6, 00, 21, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!PeekMessageW                                                                     00000000762f05ba 6 bytes [68, 87, 5B, 21, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!CallWindowProcW                                                                  00000000762f0d32 6 bytes [68, 0C, FF, 20, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!GetCursorPos                                                                     00000000762f1218 6 bytes [68, 6A, 59, 21, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!EndPaint                                                                         00000000762f1341 4 bytes [68, 5F, B0, 20]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!EndPaint + 5                                                                     00000000762f1346 1 byte [C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!BeginPaint                                                                       00000000762f1361 4 bytes [68, EF, AF, 20]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!BeginPaint + 5                                                                   00000000762f1366 1 byte [C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!GetMessagePos                                                                    00000000762f2a8d 6 bytes [68, 38, 59, 21, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!GetCapture                                                                       00000000762f2aac 6 bytes [68, 98, 5A, 21, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!GetDCEx                                                                          00000000762f3391 4 bytes [68, 9F, B0, 20]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!GetDCEx + 5                                                                      00000000762f3396 1 byte [C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!RegisterClassA                                                                   00000000762f434b 6 bytes [68, 27, 00, 21, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!PeekMessageA                                                                     00000000762f5f74 6 bytes [68, B2, 5B, 21, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!GetUpdateRgn                                                                     00000000762f6222 6 bytes [68, 4B, B2, 20, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!CallWindowProcA                                                                  00000000762f792f 6 bytes [68, 55, FF, 20, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!DefFrameProcA                                                                    00000000762f7fbb 6 bytes [68, 37, FE, 20, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA                                                                 00000000762f810c 6 bytes [68, C6, FE, 20, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!DefFrameProcW                                                                    00000000762f85c1 6 bytes [68, EE, FD, 20, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW                                                                 00000000762f86b4 6 bytes [68, 80, FE, 20, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!GetUpdateRect                                                                    000000007630d41f 6 bytes [68, B8, B1, 20, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!ReleaseCapture                                                                   000000007630ed49 6 bytes [68, 48, 5A, 21, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!SetCapture                                                                       000000007630ed56 4 bytes [68, EE, 59, 21]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!SetCapture + 5                                                                   000000007630ed5b 1 byte [C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!SwitchDesktop                                                                    0000000076329854 6 bytes [68, B8, FC, 20, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!SetCursorPos                                                                     0000000076329cfd 6 bytes [68, B1, 59, 21, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                                 0000000076329f1d 6 bytes [68, DB, B9, 20, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!OpenInputDesktop                                                                 00000000763487cb 4 bytes [68, 68, FC, 20]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5                                                             00000000763487d0 1 byte [C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\WS2_32.dll!closesocket                                                                      0000000075443918 6 bytes [68, D4, 06, 21, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\WS2_32.dll!getaddrinfo                                                                      0000000075444296 6 bytes [68, E5, 02, 21, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\WS2_32.dll!WSASend                                                                          0000000075444406 6 bytes [68, 2D, 07, 21, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\WS2_32.dll!send                                                                             0000000075446f01 6 bytes [68, 0C, 07, 21, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                                                    0000000075457673 6 bytes [68, 75, 02, 21, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore                                                              0000000076bb1224 6 bytes [68, 51, 5C, 20, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA                                                                  00000000763ea336 6 bytes [68, 16, 74, 20, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\WININET.dll!InternetCloseHandle                                                             00000000763eab41 6 bytes [68, 76, 72, 20, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\WININET.dll!InternetReadFile                                                                00000000763eb3fe 6 bytes [68, E3, 72, 20, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW                                                                00000000763f4a42 6 bytes [68, 74, 6F, 20, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA                                                                00000000763f4c7d 6 bytes [68, B8, 6F, 20, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable                                                      00000000763f5e5d 6 bytes [68, EA, 73, 20, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\WININET.dll!HttpSendRequestW                                                                00000000763fba12 6 bytes [68, FC, 6F, 20, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\WININET.dll!HttpEndRequestA                                                                 00000000764045e2 6 bytes [68, E0, 71, 20, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW                                                              0000000076404a35 6 bytes [68, A6, 70, 20, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\WININET.dll!InternetReadFileExA                                                             000000007641ae56 6 bytes [68, 11, 73, 20, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer                                                          000000007644b04e 6 bytes [68, 90, 73, 20, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA                                                              0000000076461962 6 bytes [68, 43, 71, 20, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\WININET.dll!HttpEndRequestW                                                                 00000000764619e5 6 bytes [68, 2B, 72, 20, 00, C3]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\WININET.dll!HttpSendRequestA                                                                0000000076461a48 6 bytes [68, 51, 70, 20, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess                                              00000000775008fc 4 bytes [68, 93, 5C, 2B]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5                                          0000000077500901 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W                                             00000000775125fd 6 bytes [68, D6, FC, 2A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                       000000007751c45a 6 bytes [68, BE, 5D, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A                                             0000000077522a63 6 bytes [68, 1C, FD, 2A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W                                             0000000077544128 6 bytes [68, 62, FD, 2A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A                                             000000007754e659 6 bytes [68, A8, FD, 2A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW                                          000000007549455c 6 bytes [68, 27, 60, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\kernel32.dll!ExitProcess                                                   00000000754979f8 6 bytes [68, E6, 5F, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW                                          000000007686c592 6 bytes [68, A4, 60, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                          00000000768a2538 6 bytes [68, 8D, 60, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!GetDC                                                           00000000762e72c4 4 bytes [68, FA, B0, 2A]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!GetDC + 5                                                       00000000762e72c9 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!ReleaseDC                                                       00000000762e7446 6 bytes [68, 78, B1, 2A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!TranslateMessage                                                00000000762e7809 6 bytes [68, 2C, B8, 2A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!GetMessageW                                                     00000000762e78e2 6 bytes [68, 37, 5B, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!GetMessageA                                                     00000000762e7bd3 6 bytes [68, 5F, 5B, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!GetWindowDC                                                     00000000762e8048 4 bytes [68, 39, B1, 2A]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5                                                 00000000762e804d 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!RegisterClassW                                                  00000000762e8a65 6 bytes [68, DA, FF, 2A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!RegisterClassExW                                                00000000762eb17d 6 bytes [68, 74, 00, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!RegisterClassExA                                                00000000762edb98 6 bytes [68, C6, 00, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!PeekMessageW                                                    00000000762f05ba 6 bytes [68, 87, 5B, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!CallWindowProcW                                                 00000000762f0d32 6 bytes [68, 0C, FF, 2A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!GetCursorPos                                                    00000000762f1218 6 bytes [68, 6A, 59, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!EndPaint                                                        00000000762f1341 4 bytes [68, 5F, B0, 2A]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!EndPaint + 5                                                    00000000762f1346 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!BeginPaint                                                      00000000762f1361 4 bytes [68, EF, AF, 2A]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!BeginPaint + 5                                                  00000000762f1366 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!GetMessagePos                                                   00000000762f2a8d 6 bytes [68, 38, 59, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!GetCapture                                                      00000000762f2aac 6 bytes [68, 98, 5A, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!GetDCEx                                                         00000000762f3391 4 bytes [68, 9F, B0, 2A]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!GetDCEx + 5                                                     00000000762f3396 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!RegisterClassA                                                  00000000762f434b 6 bytes [68, 27, 00, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!PeekMessageA                                                    00000000762f5f74 6 bytes [68, B2, 5B, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!GetUpdateRgn                                                    00000000762f6222 6 bytes [68, 4B, B2, 2A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!CallWindowProcA                                                 00000000762f792f 6 bytes [68, 55, FF, 2A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!DefFrameProcA                                                   00000000762f7fbb 6 bytes [68, 37, FE, 2A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA                                                00000000762f810c 6 bytes [68, C6, FE, 2A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!DefFrameProcW                                                   00000000762f85c1 6 bytes [68, EE, FD, 2A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW                                                00000000762f86b4 6 bytes [68, 80, FE, 2A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!GetUpdateRect                                                   000000007630d41f 6 bytes [68, B8, B1, 2A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!ReleaseCapture                                                  000000007630ed49 6 bytes [68, 48, 5A, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!SetCapture                                                      000000007630ed56 4 bytes [68, EE, 59, 2B]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!SetCapture + 5                                                  000000007630ed5b 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!SwitchDesktop                                                   0000000076329854 6 bytes [68, B8, FC, 2A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!SetCursorPos                                                    0000000076329cfd 6 bytes [68, B1, 59, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                0000000076329f1d 6 bytes [68, DB, B9, 2A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!OpenInputDesktop                                                00000000763487cb 4 bytes [68, 68, FC, 2A]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5                                            00000000763487d0 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA                                                 00000000763ea336 6 bytes [68, 16, 74, 2A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\WININET.dll!InternetCloseHandle                                            00000000763eab41 6 bytes [68, 76, 72, 2A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\WININET.dll!InternetReadFile                                               00000000763eb3fe 6 bytes [68, E3, 72, 2A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW                                               00000000763f4a42 6 bytes [68, 74, 6F, 2A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA                                               00000000763f4c7d 6 bytes [68, B8, 6F, 2A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable                                     00000000763f5e5d 6 bytes [68, EA, 73, 2A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\WININET.dll!HttpSendRequestW                                               00000000763fba12 6 bytes [68, FC, 6F, 2A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\WININET.dll!HttpEndRequestA                                                00000000764045e2 6 bytes [68, E0, 71, 2A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW                                             0000000076404a35 6 bytes [68, A6, 70, 2A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\WININET.dll!InternetReadFileExA                                            000000007641ae56 6 bytes [68, 11, 73, 2A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer                                         000000007644b04e 6 bytes [68, 90, 73, 2A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA                                             0000000076461962 6 bytes [68, 43, 71, 2A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\WININET.dll!HttpEndRequestW                                                00000000764619e5 6 bytes [68, 2B, 72, 2A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\WININET.dll!HttpSendRequestA                                               0000000076461a48 6 bytes [68, 51, 70, 2A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore                                             0000000076bb1224 6 bytes [68, 51, 5C, 2A, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\WS2_32.dll!closesocket                                                     0000000075443918 6 bytes [68, D4, 06, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\WS2_32.dll!getaddrinfo                                                     0000000075444296 6 bytes [68, E5, 02, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\WS2_32.dll!WSASend                                                         0000000075444406 6 bytes [68, 2D, 07, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\WS2_32.dll!send                                                            0000000075446f01 6 bytes [68, 0C, 07, 2B, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                                   0000000075457673 6 bytes [68, 75, 02, 2B, 00, C3]
.text   C:\Users\Muccy3001\AppData\Roaming\Urobz\taqeh.exe[3096] C:\Windows\syswow64\WS2_32.dll!getaddrinfo                                                                  0000000075444296 6 bytes [68, E5, 02, 42, 00, C3]
.text   C:\Users\Muccy3001\AppData\Roaming\Urobz\taqeh.exe[3096] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                                                0000000075457673 6 bytes [68, 75, 02, 42, 00, C3]
.text   C:\Users\Muccy3001\AppData\Roaming\Urobz\taqeh.exe[3096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                     00000000753a1465 2 bytes [3A, 75]
.text   C:\Users\Muccy3001\AppData\Roaming\Urobz\taqeh.exe[3096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                    00000000753a14bb 2 bytes [3A, 75]
.text   ...
         


Alt 08.03.2013, 17:45   #6
muccy
 
Groupon Trojaner - Standard

Groupon Trojaner



GMER Teil 2:

Code:
ATTFilter
                                             * 2
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess                            00000000775008fc 4 bytes [68, 93, 5C, 41]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5                        0000000077500901 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W                           00000000775125fd 6 bytes [68, D6, FC, 40, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                     000000007751c45a 6 bytes [68, BE, 5D, 41, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A                           0000000077522a63 6 bytes [68, 1C, FD, 40, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W                           0000000077544128 6 bytes [68, 62, FD, 40, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A                           000000007754e659 6 bytes [68, A8, FD, 40, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW                        000000007549455c 6 bytes [68, 27, 60, 41, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\kernel32.dll!ExitProcess                                 00000000754979f8 6 bytes [68, E6, 5F, 41, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW                        000000007686c592 6 bytes [68, A4, 60, 41, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                        00000000768a2538 6 bytes [68, 8D, 60, 41, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!GetDC                                         00000000762e72c4 4 bytes [68, FA, B0, 40]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!GetDC + 5                                     00000000762e72c9 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!ReleaseDC                                     00000000762e7446 6 bytes [68, 78, B1, 40, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!TranslateMessage                              00000000762e7809 6 bytes [68, 2C, B8, 40, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!GetMessageW                                   00000000762e78e2 6 bytes [68, 37, 5B, 41, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!GetMessageA                                   00000000762e7bd3 6 bytes [68, 5F, 5B, 41, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!GetWindowDC                                   00000000762e8048 4 bytes [68, 39, B1, 40]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5                               00000000762e804d 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!RegisterClassW                                00000000762e8a65 6 bytes [68, DA, FF, 40, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!RegisterClassExW                              00000000762eb17d 6 bytes [68, 74, 00, 41, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!RegisterClassExA                              00000000762edb98 6 bytes [68, C6, 00, 41, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!PeekMessageW                                  00000000762f05ba 6 bytes [68, 87, 5B, 41, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!CallWindowProcW                               00000000762f0d32 6 bytes [68, 0C, FF, 40, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!GetCursorPos                                  00000000762f1218 6 bytes [68, 6A, 59, 41, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!EndPaint                                      00000000762f1341 4 bytes [68, 5F, B0, 40]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!EndPaint + 5                                  00000000762f1346 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!BeginPaint                                    00000000762f1361 4 bytes [68, EF, AF, 40]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!BeginPaint + 5                                00000000762f1366 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!GetMessagePos                                 00000000762f2a8d 6 bytes [68, 38, 59, 41, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!GetCapture                                    00000000762f2aac 6 bytes [68, 98, 5A, 41, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!GetDCEx                                       00000000762f3391 4 bytes [68, 9F, B0, 40]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!GetDCEx + 5                                   00000000762f3396 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!RegisterClassA                                00000000762f434b 6 bytes [68, 27, 00, 41, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!PeekMessageA                                  00000000762f5f74 6 bytes [68, B2, 5B, 41, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!GetUpdateRgn                                  00000000762f6222 6 bytes [68, 4B, B2, 40, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!CallWindowProcA                               00000000762f792f 6 bytes [68, 55, FF, 40, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!DefFrameProcA                                 00000000762f7fbb 6 bytes [68, 37, FE, 40, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA                              00000000762f810c 6 bytes [68, C6, FE, 40, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!DefFrameProcW                                 00000000762f85c1 6 bytes [68, EE, FD, 40, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW                              00000000762f86b4 6 bytes [68, 80, FE, 40, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!GetUpdateRect                                 000000007630d41f 6 bytes [68, B8, B1, 40, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!ReleaseCapture                                000000007630ed49 6 bytes [68, 48, 5A, 41, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!SetCapture                                    000000007630ed56 4 bytes [68, EE, 59, 41]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!SetCapture + 5                                000000007630ed5b 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!SwitchDesktop                                 0000000076329854 6 bytes [68, B8, FC, 40, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!SetCursorPos                                  0000000076329cfd 6 bytes [68, B1, 59, 41, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!GetClipboardData                              0000000076329f1d 6 bytes [68, DB, B9, 40, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!OpenInputDesktop                              00000000763487cb 4 bytes [68, 68, FC, 40]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5                          00000000763487d0 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\WS2_32.dll!closesocket                                   0000000075443918 6 bytes [68, D4, 06, 41, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\WS2_32.dll!getaddrinfo                                   0000000075444296 6 bytes [68, E5, 02, 41, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\WS2_32.dll!WSASend                                       0000000075444406 6 bytes [68, 2D, 07, 41, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\WS2_32.dll!send                                          0000000075446f01 6 bytes [68, 0C, 07, 41, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                 0000000075457673 6 bytes [68, 75, 02, 41, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore                           0000000076bb1224 6 bytes [68, 51, 5C, 40, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA                               00000000763ea336 6 bytes [68, 16, 74, 40, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\WININET.dll!InternetCloseHandle                          00000000763eab41 6 bytes [68, 76, 72, 40, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\WININET.dll!InternetReadFile                             00000000763eb3fe 6 bytes [68, E3, 72, 40, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW                             00000000763f4a42 6 bytes [68, 74, 6F, 40, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA                             00000000763f4c7d 6 bytes [68, B8, 6F, 40, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable                   00000000763f5e5d 6 bytes [68, EA, 73, 40, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\WININET.dll!HttpSendRequestW                             00000000763fba12 6 bytes [68, FC, 6F, 40, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\WININET.dll!HttpEndRequestA                              00000000764045e2 6 bytes [68, E0, 71, 40, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW                           0000000076404a35 6 bytes [68, A6, 70, 40, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\WININET.dll!InternetReadFileExA                          000000007641ae56 6 bytes [68, 11, 73, 40, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer                       000000007644b04e 6 bytes [68, 90, 73, 40, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA                           0000000076461962 6 bytes [68, 43, 71, 40, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\WININET.dll!HttpEndRequestW                              00000000764619e5 6 bytes [68, 2B, 72, 40, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\WININET.dll!HttpSendRequestA                             0000000076461a48 6 bytes [68, 51, 70, 40, 00, C3]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      00000000753a1465 2 bytes [3A, 75]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                     00000000753a14bb 2 bytes [3A, 75]
.text   ...                                                                                                                                                                  * 2

---- Threads - GMER 2.1 ----

Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4292:4576]                                                                                                       000007fefb762a7c
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4292:4556]                                                                                                       000007feed9dd618
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4292:4596]                                                                                                       000007fef8f55124

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272b0b9d0                                                                                          
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272b0b9d0@78ca394aa704                                                                             0x1C 0x5D 0xA6 0x4A ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272b0b9d0 (not active ControlSet)                                                                      
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272b0b9d0@78ca394aa704                                                                                 0x1C 0x5D 0xA6 0x4A ...

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                                                                unknown MBR code

---- EOF - GMER 2.1 ----
         
Hier der erste Mbar:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.08.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Muccy3001 :: MUCCY3001-PC [administrator]

08.03.2013 17:54:34
mbar-log-2013-03-08 (17-54-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30676
Time elapsed: 9 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|JAVA (Backdoor.Bot) -> Data: C:\Windows\java.vbs -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Windows\java.vbs (Backdoor.Bot) -> Delete on reboot.

(end)
         
und hier der 2. ohne Fund:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.08.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Muccy3001 :: MUCCY3001-PC [administrator]

08.03.2013 18:19:32
mbar-log-2013-03-08 (18-19-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30642
Time elapsed: 12 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
Vielen lieben Dank für die Hilfe schonmal bis hierhin!
Das ist wirklich keine Selbstverständlichkeit...

Alt 08.03.2013, 18:24   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Groupon Trojaner - Standard

Groupon Trojaner



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.03.2013, 19:34   #8
muccy
 
Groupon Trojaner - Standard

Groupon Trojaner



Ich habe deine Anweisung befolgt und nur gescant und die logfiles kopiert:

aswMBR:
Code:
ATTFilter
Run date: 2013-03-08 19:49:28
-----------------------------
19:49:28.719    OS Version: Windows x64 6.1.7601 Service Pack 1
19:49:28.719    Number of processors: 4 586 0x503
19:49:28.719    ComputerName: MUCCY3001-PC  UserName: Muccy3001
19:49:32.011    Initialize success
19:49:42.244    AVAST engine defs: 13030800
19:50:32.570    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055
19:50:32.570    Disk 0 Vendor: ST315005 CC34 Size: 1430799MB BusType: 11
19:50:32.585    Disk 0 MBR read successfully
19:50:32.585    Disk 0 MBR scan
19:50:32.617    Disk 0 unknown MBR code
19:50:32.632    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
19:50:32.648    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS      1398953 MB offset 206848
19:50:32.679    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        30720 MB offset 2865262592
19:50:32.695    Disk 0 Partition 4 00     12  Compaq diag NTFS         1024 MB offset 2928177152
19:50:32.757    Disk 0 scanning C:\Windows\system32\drivers
19:50:44.395    Service scanning
19:51:02.304    Modules scanning
19:51:02.319    Disk 0 trace - called modules:
19:51:02.350    ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys 
19:51:02.366    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004620790]
19:51:02.366    3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa80044b7b80]
19:51:02.382    5 amd_xata.sys[fffff880011497a8] -> nt!IofCallDriver -> \Device\00000055[0xfffffa80044b49c0]
19:51:06.453    AVAST engine scan C:\Windows
19:51:11.742    AVAST engine scan C:\Windows\system32
19:54:16.243    AVAST engine scan C:\Windows\system32\drivers
19:54:33.606    AVAST engine scan C:\Users\Muccy3001
20:16:23.214    AVAST engine scan C:\ProgramData
20:17:42.165    Scan finished successfully
20:21:30.129    Disk 0 MBR has been saved successfully to "C:\Users\Muccy3001\Desktop\MBR.dat"
20:21:30.129    The log file has been saved successfully to "C:\Users\Muccy3001\Desktop\aswMBR.txt"
         
TDSS-Killer:
Code:
ATTFilter
20:25:52.0385 6012  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:25:52.0634 6012  ============================================================
20:25:52.0634 6012  Current date / time: 2013/03/08 20:25:52.0634
20:25:52.0634 6012  SystemInfo:
20:25:52.0634 6012  
20:25:52.0634 6012  OS Version: 6.1.7601 ServicePack: 1.0
20:25:52.0634 6012  Product type: Workstation
20:25:52.0634 6012  ComputerName: MUCCY3001-PC
20:25:52.0634 6012  UserName: Muccy3001
20:25:52.0634 6012  Windows directory: C:\Windows
20:25:52.0634 6012  System windows directory: C:\Windows
20:25:52.0634 6012  Running under WOW64
20:25:52.0634 6012  Processor architecture: Intel x64
20:25:52.0634 6012  Number of processors: 4
20:25:52.0634 6012  Page size: 0x1000
20:25:52.0634 6012  Boot type: Normal boot
20:25:52.0634 6012  ============================================================
20:25:53.0617 6012  Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:25:53.0648 6012  ============================================================
20:25:53.0648 6012  \Device\Harddisk0\DR0:
20:25:53.0648 6012  MBR partitions:
20:25:53.0648 6012  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:25:53.0648 6012  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAAC54800
20:25:53.0648 6012  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xAAC87000, BlocksNum 0x3C00000
20:25:53.0648 6012  ============================================================
20:25:53.0679 6012  C: <-> \Device\Harddisk0\DR0\Partition2
20:25:53.0757 6012  D: <-> \Device\Harddisk0\DR0\Partition3
20:25:53.0757 6012  ============================================================
20:25:53.0757 6012  Initialize success
20:25:53.0757 6012  ============================================================
20:26:36.0143 5068  ============================================================
20:26:36.0143 5068  Scan started
20:26:36.0143 5068  Mode: Manual; SigCheck; TDLFS; 
20:26:36.0143 5068  ============================================================
20:26:36.0564 5068  ================ Scan system memory ========================
20:26:36.0564 5068  System memory - ok
20:26:36.0564 5068  ================ Scan services =============================
20:26:36.0720 5068  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:26:36.0845 5068  1394ohci - ok
20:26:36.0876 5068  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:26:36.0891 5068  ACPI - ok
20:26:36.0907 5068  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:26:36.0985 5068  AcpiPmi - ok
20:26:37.0047 5068  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:26:37.0079 5068  AdobeARMservice - ok
20:26:37.0172 5068  [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:26:37.0219 5068  AdobeFlashPlayerUpdateSvc - ok
20:26:37.0266 5068  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
20:26:37.0297 5068  adp94xx - ok
20:26:37.0313 5068  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
20:26:37.0359 5068  adpahci - ok
20:26:37.0375 5068  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
20:26:37.0391 5068  adpu320 - ok
20:26:37.0422 5068  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:26:37.0531 5068  AeLookupSvc - ok
20:26:37.0562 5068  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
20:26:37.0609 5068  AFD - ok
20:26:37.0640 5068  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:26:37.0671 5068  agp440 - ok
20:26:37.0687 5068  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
20:26:37.0734 5068  ALG - ok
20:26:37.0749 5068  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:26:37.0765 5068  aliide - ok
20:26:37.0812 5068  [ 5EC60409BD50953BD4F892B18840039E ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:26:37.0905 5068  AMD External Events Utility - ok
20:26:37.0921 5068  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
20:26:37.0937 5068  amdide - ok
20:26:37.0952 5068  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
20:26:37.0999 5068  AmdK8 - ok
20:26:38.0186 5068  [ 322E5C178990F116F00E3D923F4E6B1C ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
20:26:38.0498 5068  amdkmdag - ok
20:26:38.0514 5068  [ 961A81A84FDD700E361E8294528A37BA ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
20:26:38.0561 5068  amdkmdap - ok
20:26:38.0576 5068  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:26:38.0623 5068  AmdPPM - ok
20:26:38.0639 5068  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:26:38.0654 5068  amdsata - ok
20:26:38.0701 5068  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
20:26:38.0748 5068  amdsbs - ok
20:26:38.0763 5068  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:26:38.0779 5068  amdxata - ok
20:26:38.0810 5068  [ 08E8A4172C57ABD7693A6915CF1E7A99 ] amd_sata        C:\Windows\system32\DRIVERS\amd_sata.sys
20:26:38.0841 5068  amd_sata - ok
20:26:38.0857 5068  [ 9866AF4E4AD7F16E810B6C0B8473F9CD ] amd_xata        C:\Windows\system32\DRIVERS\amd_xata.sys
20:26:38.0873 5068  amd_xata - ok
20:26:38.0919 5068  [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:26:38.0951 5068  AntiVirSchedulerService - ok
20:26:38.0982 5068  [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:26:39.0029 5068  AntiVirService - ok
20:26:39.0075 5068  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
20:26:39.0231 5068  AppID - ok
20:26:39.0263 5068  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:26:39.0325 5068  AppIDSvc - ok
20:26:39.0372 5068  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
20:26:39.0450 5068  Appinfo - ok
20:26:39.0512 5068  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:26:39.0543 5068  Apple Mobile Device - ok
20:26:39.0575 5068  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
20:26:39.0621 5068  arc - ok
20:26:39.0637 5068  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
20:26:39.0653 5068  arcsas - ok
20:26:39.0684 5068  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:26:39.0746 5068  AsyncMac - ok
20:26:39.0777 5068  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
20:26:39.0777 5068  atapi - ok
20:26:39.0809 5068  [ CBE61B4494165F458BD87E37181EE934 ] AthBTPort       C:\Windows\system32\DRIVERS\btath_flt.sys
20:26:39.0809 5068  AthBTPort - ok
20:26:39.0824 5068  [ 4119870B90E1B5E7797D6433D21F9216 ] ATHDFU          C:\Windows\system32\Drivers\AthDfu.sys
20:26:39.0824 5068  ATHDFU - ok
20:26:39.0855 5068  [ 205F8BFB37BD15F00EA22C4FBBE0FCFA ] AtherosSvc      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
20:26:39.0871 5068  AtherosSvc - ok
20:26:39.0902 5068  [ 230CF51113CD4B830B3BFD09B0D4C066 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
20:26:39.0902 5068  AtiHDAudioService - ok
20:26:39.0949 5068  [ E82E61F46D1336447F4DEFF8C074F13E ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie64.sys
20:26:39.0965 5068  AtiPcie - ok
20:26:39.0996 5068  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:26:40.0089 5068  AudioEndpointBuilder - ok
20:26:40.0105 5068  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:26:40.0136 5068  AudioSrv - ok
20:26:40.0152 5068  [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
20:26:40.0167 5068  avgntflt - ok
20:26:40.0199 5068  [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
20:26:40.0214 5068  avipbb - ok
20:26:40.0230 5068  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
20:26:40.0261 5068  avkmgr - ok
20:26:40.0277 5068  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:26:40.0339 5068  AxInstSV - ok
20:26:40.0370 5068  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
20:26:40.0417 5068  b06bdrv - ok
20:26:40.0448 5068  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:26:40.0495 5068  b57nd60a - ok
20:26:40.0573 5068  [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
20:26:40.0604 5068  BBSvc - ok
20:26:40.0651 5068  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:26:40.0682 5068  BDESVC - ok
20:26:40.0698 5068  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:26:40.0745 5068  Beep - ok
20:26:40.0776 5068  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
20:26:40.0838 5068  BFE - ok
20:26:40.0854 5068  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
20:26:40.0916 5068  BITS - ok
20:26:40.0947 5068  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:26:40.0994 5068  blbdrive - ok
20:26:41.0057 5068  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:26:41.0119 5068  Bonjour Service - ok
20:26:41.0135 5068  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:26:41.0181 5068  bowser - ok
20:26:41.0259 5068  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:26:41.0384 5068  BrFiltLo - ok
20:26:41.0384 5068  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:26:41.0415 5068  BrFiltUp - ok
20:26:41.0447 5068  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
20:26:41.0462 5068  Browser - ok
20:26:41.0478 5068  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:26:41.0509 5068  Brserid - ok
20:26:41.0525 5068  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:26:41.0571 5068  BrSerWdm - ok
20:26:41.0587 5068  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:26:41.0618 5068  BrUsbMdm - ok
20:26:41.0634 5068  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:26:41.0665 5068  BrUsbSer - ok
20:26:41.0696 5068  [ 227C8F308DE4AF4808E587465CEAB838 ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
20:26:41.0727 5068  BTATH_A2DP - ok
20:26:41.0743 5068  [ A83A91D07D1FE6BBE7A9DB46CA00434B ] BTATH_BUS       C:\Windows\system32\DRIVERS\btath_bus.sys
20:26:41.0759 5068  BTATH_BUS - ok
20:26:41.0774 5068  [ C864FF85EE16D61C2BDD5EF76824625F ] BTATH_HCRP      C:\Windows\system32\DRIVERS\btath_hcrp.sys
20:26:41.0805 5068  BTATH_HCRP - ok
20:26:41.0821 5068  [ 0DEA505EFB5D771826D177EF8B8A208F ] BTATH_LWFLT     C:\Windows\system32\DRIVERS\btath_lwflt.sys
20:26:41.0837 5068  BTATH_LWFLT - ok
20:26:41.0868 5068  [ 724C8088C96EFE7A3E63FEC21D4681C0 ] BTATH_RCP       C:\Windows\system32\DRIVERS\btath_rcp.sys
20:26:41.0899 5068  BTATH_RCP - ok
20:26:41.0915 5068  [ DA96B275806CFBBB09F3E2A7849C2931 ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
20:26:41.0930 5068  BtFilter - ok
20:26:41.0961 5068  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
20:26:42.0039 5068  BthEnum - ok
20:26:42.0071 5068  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
20:26:42.0117 5068  BTHMODEM - ok
20:26:42.0149 5068  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
20:26:42.0164 5068  BthPan - ok
20:26:42.0195 5068  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
20:26:42.0258 5068  BTHPORT - ok
20:26:42.0273 5068  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
20:26:42.0336 5068  bthserv - ok
20:26:42.0351 5068  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
20:26:42.0383 5068  BTHUSB - ok
20:26:42.0414 5068  [ 9887CA12F407D7FBC7F48F3678F5F0B6 ] BVRPMPR5a64     C:\Windows\system32\drivers\BVRPMPR5a64.SYS
20:26:42.0429 5068  BVRPMPR5a64 - ok
20:26:42.0461 5068  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:26:42.0539 5068  cdfs - ok
20:26:42.0554 5068  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom           C:\Windows\system32\drivers\cdrom.sys
20:26:42.0601 5068  cdrom - ok
20:26:42.0632 5068  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
20:26:42.0726 5068  CertPropSvc - ok
20:26:42.0757 5068  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:26:42.0788 5068  circlass - ok
20:26:42.0788 5068  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
20:26:42.0819 5068  CLFS - ok
20:26:42.0866 5068  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:26:42.0913 5068  clr_optimization_v2.0.50727_32 - ok
20:26:42.0944 5068  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:26:42.0960 5068  clr_optimization_v2.0.50727_64 - ok
20:26:43.0007 5068  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:26:43.0053 5068  clr_optimization_v4.0.30319_32 - ok
20:26:43.0069 5068  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:26:43.0085 5068  clr_optimization_v4.0.30319_64 - ok
20:26:43.0116 5068  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:26:43.0163 5068  CmBatt - ok
20:26:43.0194 5068  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:26:43.0209 5068  cmdide - ok
20:26:43.0225 5068  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
20:26:43.0272 5068  CNG - ok
20:26:43.0287 5068  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:26:43.0287 5068  Compbatt - ok
20:26:43.0319 5068  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
20:26:43.0350 5068  CompositeBus - ok
20:26:43.0365 5068  COMSysApp - ok
20:26:43.0365 5068  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
20:26:43.0381 5068  crcdisk - ok
20:26:43.0397 5068  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:26:43.0443 5068  CryptSvc - ok
20:26:43.0459 5068  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:26:43.0506 5068  DcomLaunch - ok
20:26:43.0537 5068  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
20:26:43.0599 5068  defragsvc - ok
20:26:43.0631 5068  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:26:43.0662 5068  DfsC - ok
20:26:43.0677 5068  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:26:43.0740 5068  Dhcp - ok
20:26:43.0755 5068  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
20:26:43.0787 5068  discache - ok
20:26:43.0833 5068  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
20:26:43.0880 5068  Disk - ok
20:26:43.0896 5068  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:26:43.0943 5068  Dnscache - ok
20:26:43.0974 5068  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:26:44.0021 5068  dot3svc - ok
20:26:44.0036 5068  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
20:26:44.0130 5068  DPS - ok
20:26:44.0161 5068  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:26:44.0223 5068  drmkaud - ok
20:26:44.0239 5068  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:26:44.0286 5068  DXGKrnl - ok
20:26:44.0301 5068  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
20:26:44.0333 5068  EapHost - ok
20:26:44.0426 5068  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
20:26:44.0520 5068  ebdrv - ok
20:26:44.0535 5068  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
20:26:44.0598 5068  EFS - ok
20:26:44.0629 5068  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:26:44.0691 5068  ehRecvr - ok
20:26:44.0707 5068  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
20:26:44.0754 5068  ehSched - ok
20:26:44.0801 5068  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
20:26:44.0863 5068  elxstor - ok
20:26:44.0879 5068  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:26:44.0910 5068  ErrDev - ok
20:26:44.0925 5068  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
20:26:44.0988 5068  EventSystem - ok
20:26:45.0019 5068  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
20:26:45.0050 5068  exfat - ok
20:26:45.0066 5068  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:26:45.0097 5068  fastfat - ok
20:26:45.0128 5068  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
20:26:45.0175 5068  Fax - ok
20:26:45.0206 5068  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:26:45.0253 5068  fdc - ok
20:26:45.0269 5068  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
20:26:45.0347 5068  fdPHost - ok
20:26:45.0362 5068  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:26:45.0440 5068  FDResPub - ok
20:26:45.0440 5068  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:26:45.0456 5068  FileInfo - ok
20:26:45.0471 5068  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:26:45.0503 5068  Filetrace - ok
20:26:45.0534 5068  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:26:45.0565 5068  flpydisk - ok
20:26:45.0596 5068  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:26:45.0627 5068  FltMgr - ok
20:26:45.0674 5068  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
20:26:45.0768 5068  FontCache - ok
20:26:45.0815 5068  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:26:45.0846 5068  FontCache3.0.0.0 - ok
20:26:45.0877 5068  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:26:45.0908 5068  FsDepends - ok
20:26:45.0939 5068  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:26:45.0971 5068  Fs_Rec - ok
20:26:46.0002 5068  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:26:46.0049 5068  fvevol - ok
20:26:46.0049 5068  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
20:26:46.0064 5068  gagp30kx - ok
20:26:46.0111 5068  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:26:46.0127 5068  GEARAspiWDM - ok
20:26:46.0158 5068  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
20:26:46.0205 5068  gpsvc - ok
20:26:46.0251 5068  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:26:46.0267 5068  gupdate - ok
20:26:46.0283 5068  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:26:46.0283 5068  gupdatem - ok
20:26:46.0329 5068  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:26:46.0361 5068  gusvc - ok
20:26:46.0407 5068  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:26:46.0517 5068  hcw85cir - ok
20:26:46.0595 5068  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:26:46.0673 5068  HdAudAddService - ok
20:26:46.0719 5068  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
20:26:46.0782 5068  HDAudBus - ok
20:26:46.0813 5068  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
20:26:46.0860 5068  HidBatt - ok
20:26:46.0875 5068  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
20:26:46.0907 5068  HidBth - ok
20:26:46.0938 5068  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
20:26:46.0969 5068  HidIr - ok
20:26:47.0000 5068  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
20:26:47.0047 5068  hidserv - ok
20:26:47.0078 5068  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:26:47.0109 5068  HidUsb - ok
20:26:47.0125 5068  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:26:47.0172 5068  hkmsvc - ok
20:26:47.0187 5068  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:26:47.0219 5068  HomeGroupListener - ok
20:26:47.0250 5068  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:26:47.0265 5068  HomeGroupProvider - ok
20:26:47.0281 5068  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:26:47.0297 5068  HpSAMD - ok
20:26:47.0328 5068  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:26:47.0437 5068  HTTP - ok
20:26:47.0437 5068  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:26:47.0453 5068  hwpolicy - ok
20:26:47.0468 5068  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:26:47.0484 5068  i8042prt - ok
20:26:47.0499 5068  iaStor - ok
20:26:47.0515 5068  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:26:47.0546 5068  iaStorV - ok
20:26:47.0577 5068  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:26:47.0671 5068  idsvc - ok
20:26:47.0702 5068  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
20:26:47.0718 5068  iirsp - ok
20:26:47.0733 5068  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
20:26:47.0811 5068  IKEEXT - ok
20:26:47.0889 5068  [ CDB772F707AC24B43A20C821852CA61F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:26:47.0999 5068  IntcAzAudAddService - ok
20:26:47.0999 5068  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
20:26:48.0014 5068  intelide - ok
20:26:48.0030 5068  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:26:48.0061 5068  intelppm - ok
20:26:48.0077 5068  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:26:48.0108 5068  IPBusEnum - ok
20:26:48.0139 5068  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:26:48.0233 5068  IpFilterDriver - ok
20:26:48.0264 5068  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:26:48.0295 5068  iphlpsvc - ok
20:26:48.0311 5068  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:26:48.0342 5068  IPMIDRV - ok
20:26:48.0373 5068  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:26:48.0467 5068  IPNAT - ok
20:26:48.0560 5068  [ 0F261EC4F514926177C70C1832374231 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:26:48.0607 5068  iPod Service - ok
20:26:48.0623 5068  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:26:48.0701 5068  IRENUM - ok
20:26:48.0716 5068  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:26:48.0747 5068  isapnp - ok
20:26:48.0763 5068  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:26:48.0794 5068  iScsiPrt - ok
20:26:48.0810 5068  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:26:48.0841 5068  kbdclass - ok
20:26:48.0857 5068  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:26:48.0872 5068  kbdhid - ok
20:26:48.0872 5068  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
20:26:48.0888 5068  KeyIso - ok
20:26:48.0919 5068  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:26:48.0935 5068  KSecDD - ok
20:26:48.0935 5068  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:26:48.0950 5068  KSecPkg - ok
20:26:48.0966 5068  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:26:49.0013 5068  ksthunk - ok
20:26:49.0028 5068  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:26:49.0091 5068  KtmRm - ok
20:26:49.0122 5068  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:26:49.0153 5068  LanmanServer - ok
20:26:49.0184 5068  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:26:49.0215 5068  LanmanWorkstation - ok
20:26:49.0247 5068  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:26:49.0293 5068  lltdio - ok
20:26:49.0309 5068  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:26:49.0356 5068  lltdsvc - ok
20:26:49.0371 5068  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:26:49.0403 5068  lmhosts - ok
20:26:49.0434 5068  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
20:26:49.0449 5068  LSI_FC - ok
20:26:49.0481 5068  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
20:26:49.0496 5068  LSI_SAS - ok
20:26:49.0496 5068  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:26:49.0512 5068  LSI_SAS2 - ok
20:26:49.0527 5068  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:26:49.0543 5068  LSI_SCSI - ok
20:26:49.0574 5068  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
20:26:49.0605 5068  luafv - ok
20:26:49.0637 5068  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:26:49.0683 5068  Mcx2Svc - ok
20:26:49.0715 5068  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
20:26:49.0746 5068  megasas - ok
20:26:49.0777 5068  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
20:26:49.0839 5068  MegaSR - ok
20:26:49.0855 5068  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
20:26:49.0902 5068  MMCSS - ok
20:26:49.0902 5068  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
20:26:49.0949 5068  Modem - ok
20:26:49.0964 5068  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:26:49.0980 5068  monitor - ok
20:26:50.0011 5068  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:26:50.0058 5068  mouclass - ok
20:26:50.0089 5068  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:26:50.0120 5068  mouhid - ok
20:26:50.0136 5068  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:26:50.0167 5068  mountmgr - ok
20:26:50.0198 5068  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:26:50.0214 5068  MozillaMaintenance - ok
20:26:50.0245 5068  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:26:50.0261 5068  mpio - ok
20:26:50.0292 5068  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:26:50.0323 5068  mpsdrv - ok
20:26:50.0354 5068  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:26:50.0417 5068  MpsSvc - ok
20:26:50.0448 5068  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:26:50.0463 5068  MRxDAV - ok
20:26:50.0495 5068  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:26:50.0557 5068  mrxsmb - ok
20:26:50.0588 5068  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:26:50.0651 5068  mrxsmb10 - ok
20:26:50.0666 5068  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:26:50.0729 5068  mrxsmb20 - ok
20:26:50.0744 5068  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:26:50.0760 5068  msahci - ok
20:26:50.0791 5068  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:26:50.0838 5068  msdsm - ok
20:26:50.0869 5068  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
20:26:50.0916 5068  MSDTC - ok
20:26:50.0931 5068  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:26:50.0978 5068  Msfs - ok
20:26:50.0994 5068  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:26:51.0025 5068  mshidkmdf - ok
20:26:51.0041 5068  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:26:51.0041 5068  msisadrv - ok
20:26:51.0072 5068  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:26:51.0103 5068  MSiSCSI - ok
20:26:51.0103 5068  msiserver - ok
20:26:51.0134 5068  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:26:51.0150 5068  MSKSSRV - ok
20:26:51.0165 5068  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:26:51.0212 5068  MSPCLOCK - ok
20:26:51.0212 5068  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:26:51.0243 5068  MSPQM - ok
20:26:51.0275 5068  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:26:51.0290 5068  MsRPC - ok
20:26:51.0306 5068  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
20:26:51.0321 5068  mssmbios - ok
20:26:51.0337 5068  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:26:51.0368 5068  MSTEE - ok
20:26:51.0384 5068  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
20:26:51.0415 5068  MTConfig - ok
20:26:51.0415 5068  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:26:51.0431 5068  Mup - ok
20:26:51.0446 5068  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
20:26:51.0477 5068  napagent - ok
20:26:51.0509 5068  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:26:51.0571 5068  NativeWifiP - ok
20:26:51.0602 5068  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:26:51.0696 5068  NDIS - ok
20:26:51.0727 5068  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:26:51.0758 5068  NdisCap - ok
20:26:51.0789 5068  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:26:51.0821 5068  NdisTapi - ok
20:26:51.0836 5068  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:26:51.0883 5068  Ndisuio - ok
20:26:51.0899 5068  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:26:51.0930 5068  NdisWan - ok
20:26:51.0945 5068  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:26:52.0023 5068  NDProxy - ok
20:26:52.0039 5068  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:26:52.0086 5068  NetBIOS - ok
20:26:52.0101 5068  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:26:52.0133 5068  NetBT - ok
20:26:52.0148 5068  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
20:26:52.0164 5068  Netlogon - ok
20:26:52.0195 5068  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
20:26:52.0226 5068  Netman - ok
20:26:52.0257 5068  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
20:26:52.0304 5068  netprofm - ok
20:26:52.0320 5068  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:26:52.0335 5068  NetTcpPortSharing - ok
20:26:52.0351 5068  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
20:26:52.0367 5068  nfrd960 - ok
20:26:52.0398 5068  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:26:52.0413 5068  NlaSvc - ok
20:26:52.0429 5068  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:26:52.0445 5068  Npfs - ok
20:26:52.0476 5068  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
20:26:52.0507 5068  nsi - ok
20:26:52.0523 5068  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:26:52.0554 5068  nsiproxy - ok
20:26:52.0585 5068  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:26:52.0647 5068  Ntfs - ok
20:26:52.0663 5068  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
20:26:52.0694 5068  Null - ok
20:26:52.0710 5068  [ A7127E86F9FFE2A53E271B56B2C4CEDF ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
20:26:52.0757 5068  nusb3hub - ok
20:26:52.0788 5068  [ 49BBEC6F48D5F9284B03ABF3A959B19B ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
20:26:52.0850 5068  nusb3xhc - ok
20:26:53.0084 5068  [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:26:53.0412 5068  nvlddmkm - ok
20:26:53.0443 5068  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:26:53.0459 5068  nvraid - ok
20:26:53.0474 5068  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:26:53.0490 5068  nvstor - ok
20:26:53.0505 5068  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:26:53.0521 5068  nv_agp - ok
20:26:53.0537 5068  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:26:53.0568 5068  ohci1394 - ok
20:26:53.0583 5068  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:26:53.0615 5068  p2pimsvc - ok
20:26:53.0630 5068  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:26:53.0646 5068  p2psvc - ok
20:26:53.0677 5068  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:26:53.0708 5068  Parport - ok
20:26:53.0724 5068  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:26:53.0771 5068  partmgr - ok
20:26:53.0771 5068  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:26:53.0817 5068  PcaSvc - ok
20:26:53.0833 5068  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
20:26:53.0864 5068  pci - ok
20:26:53.0880 5068  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
20:26:53.0895 5068  pciide - ok
20:26:53.0911 5068  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:26:53.0927 5068  pcmcia - ok
20:26:53.0958 5068  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:26:53.0989 5068  pcw - ok
20:26:54.0020 5068  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:26:54.0083 5068  PEAUTH - ok
20:26:54.0129 5068  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:26:54.0161 5068  PerfHost - ok
20:26:54.0207 5068  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
20:26:54.0285 5068  pla - ok
20:26:54.0301 5068  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:26:54.0332 5068  PlugPlay - ok
20:26:54.0348 5068  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:26:54.0363 5068  PNRPAutoReg - ok
20:26:54.0379 5068  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:26:54.0379 5068  PNRPsvc - ok
20:26:54.0410 5068  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:26:54.0457 5068  PolicyAgent - ok
20:26:54.0473 5068  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
20:26:54.0504 5068  Power - ok
20:26:54.0535 5068  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:26:54.0566 5068  PptpMiniport - ok
20:26:54.0582 5068  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
20:26:54.0629 5068  Processor - ok
20:26:54.0660 5068  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:26:54.0722 5068  ProfSvc - ok
20:26:54.0738 5068  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:26:54.0753 5068  ProtectedStorage - ok
20:26:54.0785 5068  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:26:54.0863 5068  Psched - ok
20:26:54.0894 5068  [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2       c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
20:26:54.0909 5068  PSI_SVC_2 - ok
20:26:54.0956 5068  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
20:26:55.0050 5068  ql2300 - ok
20:26:55.0065 5068  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
20:26:55.0112 5068  ql40xx - ok
20:26:55.0159 5068  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
20:26:55.0206 5068  QWAVE - ok
20:26:55.0221 5068  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:26:55.0253 5068  QWAVEdrv - ok
20:26:55.0284 5068  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:26:55.0346 5068  RasAcd - ok
20:26:55.0377 5068  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:26:55.0424 5068  RasAgileVpn - ok
20:26:55.0424 5068  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
20:26:55.0471 5068  RasAuto - ok
20:26:55.0487 5068  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:26:55.0533 5068  Rasl2tp - ok
20:26:55.0549 5068  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
20:26:55.0596 5068  RasMan - ok
20:26:55.0611 5068  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:26:55.0643 5068  RasPppoe - ok
20:26:55.0658 5068  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:26:55.0689 5068  RasSstp - ok
20:26:55.0705 5068  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:26:55.0752 5068  rdbss - ok
20:26:55.0752 5068  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:26:55.0783 5068  rdpbus - ok
20:26:55.0814 5068  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:26:55.0845 5068  RDPCDD - ok
20:26:55.0861 5068  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:26:55.0892 5068  RDPENCDD - ok
20:26:55.0908 5068  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:26:55.0939 5068  RDPREFMP - ok
20:26:55.0970 5068  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:26:56.0033 5068  RDPWD - ok
20:26:56.0064 5068  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:26:56.0079 5068  rdyboost - ok
20:26:56.0095 5068  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:26:56.0142 5068  RemoteAccess - ok
20:26:56.0157 5068  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:26:56.0204 5068  RemoteRegistry - ok
20:26:56.0220 5068  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
20:26:56.0267 5068  RFCOMM - ok
20:26:56.0282 5068  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:26:56.0345 5068  RpcEptMapper - ok
20:26:56.0345 5068  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
20:26:56.0376 5068  RpcLocator - ok
20:26:56.0391 5068  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
20:26:56.0423 5068  RpcSs - ok
20:26:56.0454 5068  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:26:56.0516 5068  rspndr - ok
20:26:56.0532 5068  [ 20A466B9EA2BD828C0EC723F99B8CFE7 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
20:26:56.0563 5068  RTL8167 - ok
20:26:56.0594 5068  [ 4629C5C4772D223B0ECD1EA8BA7A2A33 ] RTL8192su       C:\Windows\system32\DRIVERS\RTL8192su.sys
20:26:56.0625 5068  RTL8192su - ok
20:26:56.0641 5068  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
20:26:56.0641 5068  SamSs - ok
20:26:56.0672 5068  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:26:56.0719 5068  sbp2port - ok
20:26:56.0750 5068  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:26:56.0844 5068  SCardSvr - ok
20:26:56.0875 5068  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:26:56.0922 5068  scfilter - ok
20:26:56.0953 5068  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
20:26:57.0000 5068  Schedule - ok
20:26:57.0015 5068  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:26:57.0047 5068  SCPolicySvc - ok
20:26:57.0062 5068  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:26:57.0093 5068  SDRSVC - ok
20:26:57.0140 5068  [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort         C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
20:26:57.0187 5068  SeaPort - ok
20:26:57.0203 5068  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:26:57.0249 5068  secdrv - ok
20:26:57.0265 5068  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
20:26:57.0296 5068  seclogon - ok
20:26:57.0312 5068  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
20:26:57.0343 5068  SENS - ok
20:26:57.0359 5068  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:26:57.0390 5068  SensrSvc - ok
20:26:57.0421 5068  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:26:57.0468 5068  Serenum - ok
20:26:57.0483 5068  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:26:57.0515 5068  Serial - ok
20:26:57.0546 5068  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
20:26:57.0593 5068  sermouse - ok
20:26:57.0624 5068  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:26:57.0671 5068  SessionEnv - ok
20:26:57.0686 5068  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:26:57.0717 5068  sffdisk - ok
20:26:57.0717 5068  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:26:57.0733 5068  sffp_mmc - ok
20:26:57.0733 5068  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:26:57.0749 5068  sffp_sd - ok
20:26:57.0780 5068  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
20:26:57.0780 5068  sfloppy - ok
20:26:57.0827 5068  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:26:57.0905 5068  SharedAccess - ok
20:26:57.0920 5068  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:26:57.0967 5068  ShellHWDetection - ok
20:26:57.0967 5068  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:26:57.0983 5068  SiSRaid2 - ok
20:26:57.0998 5068  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
20:26:58.0014 5068  SiSRaid4 - ok
20:26:58.0029 5068  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:26:58.0076 5068  Smb - ok
20:26:58.0107 5068  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:26:58.0154 5068  SNMPTRAP - ok
20:26:58.0154 5068  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:26:58.0170 5068  spldr - ok
20:26:58.0217 5068  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
20:26:58.0295 5068  Spooler - ok
20:26:58.0404 5068  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
20:26:58.0544 5068  sppsvc - ok
20:26:58.0560 5068  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:26:58.0591 5068  sppuinotify - ok
20:26:58.0622 5068  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:26:58.0669 5068  srv - ok
20:26:58.0685 5068  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:26:58.0700 5068  srv2 - ok
20:26:58.0716 5068  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:26:58.0747 5068  srvnet - ok
20:26:58.0747 5068  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:26:58.0794 5068  SSDPSRV - ok
20:26:58.0809 5068  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:26:58.0841 5068  SstpSvc - ok
20:26:58.0856 5068  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
20:26:58.0872 5068  stexstor - ok
20:26:58.0903 5068  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
20:26:58.0950 5068  StillCam - ok
20:26:58.0997 5068  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
20:26:59.0059 5068  stisvc - ok
20:26:59.0090 5068  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
20:26:59.0106 5068  swenum - ok
20:26:59.0121 5068  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
20:26:59.0199 5068  swprv - ok
20:26:59.0231 5068  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
20:26:59.0293 5068  SysMain - ok
20:26:59.0309 5068  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:26:59.0340 5068  TabletInputService - ok
20:26:59.0355 5068  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:26:59.0402 5068  TapiSrv - ok
20:26:59.0418 5068  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
20:26:59.0465 5068  TBS - ok
20:26:59.0511 5068  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:26:59.0589 5068  Tcpip - ok
20:26:59.0636 5068  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:26:59.0667 5068  TCPIP6 - ok
20:26:59.0699 5068  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:26:59.0730 5068  tcpipreg - ok
20:26:59.0761 5068  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:26:59.0808 5068  TDPIPE - ok
20:26:59.0823 5068  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:26:59.0870 5068  TDTCP - ok
20:26:59.0901 5068  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:26:59.0964 5068  tdx - ok
20:26:59.0995 5068  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
20:26:59.0995 5068  TermDD - ok
20:27:00.0026 5068  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
20:27:00.0089 5068  TermService - ok
20:27:00.0089 5068  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
20:27:00.0104 5068  Themes - ok
20:27:00.0104 5068  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
20:27:00.0135 5068  THREADORDER - ok
20:27:00.0151 5068  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
20:27:00.0229 5068  TrkWks - ok
20:27:00.0260 5068  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:27:00.0323 5068  TrustedInstaller - ok
20:27:00.0338 5068  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:27:00.0369 5068  tssecsrv - ok
20:27:00.0479 5068  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:27:00.0603 5068  TsUsbFlt - ok
20:27:00.0635 5068  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:27:00.0728 5068  tunnel - ok
20:27:00.0759 5068  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
20:27:00.0775 5068  uagp35 - ok
20:27:00.0791 5068  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:27:00.0837 5068  udfs - ok
20:27:00.0853 5068  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:27:00.0869 5068  UI0Detect - ok
20:27:00.0900 5068  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:27:00.0915 5068  uliagpkx - ok
20:27:00.0931 5068  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
20:27:00.0962 5068  umbus - ok
20:27:00.0978 5068  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:27:00.0993 5068  UmPass - ok
20:27:01.0009 5068  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
20:27:01.0040 5068  upnphost - ok
20:27:01.0056 5068  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
20:27:01.0071 5068  USBAAPL64 - ok
20:27:01.0103 5068  [ B26AFB54A534D634523C4FB66765B026 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:27:01.0134 5068  usbccgp - ok
20:27:01.0149 5068  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:27:01.0181 5068  usbcir - ok
20:27:01.0196 5068  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:27:01.0227 5068  usbehci - ok
20:27:01.0274 5068  [ DC2B306861F42EEEB92EF525F4119F08 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
20:27:01.0305 5068  usbfilter - ok
20:27:01.0337 5068  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:27:01.0383 5068  usbhub - ok
20:27:01.0383 5068  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
20:27:01.0415 5068  usbohci - ok
20:27:01.0430 5068  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:27:01.0446 5068  usbprint - ok
20:27:01.0477 5068  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
20:27:01.0524 5068  usbscan - ok
20:27:01.0539 5068  [ A60E7E0FA88FF067D049D525547CD5E9 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:27:01.0571 5068  USBSTOR - ok
20:27:01.0586 5068  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:27:01.0617 5068  usbuhci - ok
20:27:01.0633 5068  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
20:27:01.0695 5068  UxSms - ok
20:27:01.0711 5068  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
20:27:01.0727 5068  VaultSvc - ok
20:27:01.0758 5068  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:27:01.0758 5068  vdrvroot - ok
20:27:01.0789 5068  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
20:27:01.0820 5068  vds - ok
20:27:01.0836 5068  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:27:01.0851 5068  vga - ok
20:27:01.0898 5068  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:27:01.0992 5068  VgaSave - ok
20:27:02.0007 5068  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:27:02.0054 5068  vhdmp - ok
20:27:02.0070 5068  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:27:02.0085 5068  viaide - ok
20:27:02.0101 5068  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:27:02.0117 5068  volmgr - ok
20:27:02.0148 5068  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:27:02.0195 5068  volmgrx - ok
20:27:02.0210 5068  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:27:02.0241 5068  volsnap - ok
20:27:02.0273 5068  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
20:27:02.0288 5068  vsmraid - ok
20:27:02.0319 5068  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
20:27:02.0397 5068  VSS - ok
20:27:02.0413 5068  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
20:27:02.0429 5068  vwifibus - ok
20:27:02.0460 5068  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
20:27:02.0475 5068  vwififlt - ok
20:27:02.0507 5068  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
20:27:02.0553 5068  vwifimp - ok
20:27:02.0569 5068  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
20:27:02.0616 5068  W32Time - ok
20:27:02.0631 5068  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
20:27:02.0647 5068  WacomPen - ok
20:27:02.0678 5068  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:27:02.0709 5068  WANARP - ok
20:27:02.0709 5068  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:27:02.0741 5068  Wanarpv6 - ok
20:27:02.0787 5068  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
20:27:02.0834 5068  WatAdminSvc - ok
20:27:02.0881 5068  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
20:27:02.0928 5068  wbengine - ok
20:27:02.0959 5068  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:27:02.0990 5068  WbioSrvc - ok
20:27:03.0006 5068  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:27:03.0037 5068  wcncsvc - ok
20:27:03.0053 5068  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:27:03.0084 5068  WcsPlugInService - ok
20:27:03.0115 5068  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
20:27:03.0131 5068  Wd - ok
20:27:03.0162 5068  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:27:03.0240 5068  Wdf01000 - ok
20:27:03.0240 5068  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:27:03.0333 5068  WdiServiceHost - ok
20:27:03.0333 5068  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:27:03.0349 5068  WdiSystemHost - ok
20:27:03.0365 5068  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
20:27:03.0411 5068  WebClient - ok
20:27:03.0427 5068  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:27:03.0474 5068  Wecsvc - ok
20:27:03.0474 5068  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:27:03.0521 5068  wercplsupport - ok
20:27:03.0536 5068  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:27:03.0567 5068  WerSvc - ok
20:27:03.0583 5068  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:27:03.0614 5068  WfpLwf - ok
20:27:03.0630 5068  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:27:03.0645 5068  WIMMount - ok
20:27:03.0661 5068  WinDefend - ok
20:27:03.0661 5068  WinHttpAutoProxySvc - ok
20:27:03.0708 5068  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:27:03.0755 5068  Winmgmt - ok
20:27:03.0817 5068  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
20:27:03.0895 5068  WinRM - ok
20:27:03.0942 5068  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:27:03.0973 5068  WinUsb - ok
20:27:04.0004 5068  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:27:04.0051 5068  Wlansvc - ok
20:27:04.0113 5068  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:27:04.0145 5068  wlcrasvc - ok
20:27:04.0238 5068  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:27:04.0301 5068  wlidsvc - ok
20:27:04.0316 5068  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:27:04.0347 5068  WmiAcpi - ok
20:27:04.0363 5068  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:27:04.0394 5068  wmiApSrv - ok
20:27:04.0425 5068  WMPNetworkSvc - ok
20:27:04.0441 5068  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:27:04.0488 5068  WPCSvc - ok
20:27:04.0503 5068  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:27:04.0535 5068  WPDBusEnum - ok
20:27:04.0566 5068  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:27:04.0613 5068  ws2ifsl - ok
20:27:04.0644 5068  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
20:27:04.0659 5068  wscsvc - ok
20:27:04.0659 5068  WSearch - ok
20:27:04.0737 5068  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:27:04.0831 5068  wuauserv - ok
20:27:04.0862 5068  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:27:04.0878 5068  WudfPf - ok
20:27:04.0893 5068  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:27:04.0909 5068  WUDFRd - ok
20:27:04.0925 5068  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:27:04.0956 5068  wudfsvc - ok
20:27:04.0971 5068  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:27:05.0003 5068  WwanSvc - ok
20:27:05.0018 5068  ================ Scan global ===============================
20:27:05.0049 5068  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:27:05.0081 5068  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:27:05.0112 5068  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:27:05.0127 5068  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:27:05.0159 5068  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:27:05.0190 5068  [Global] - ok
20:27:05.0190 5068  ================ Scan MBR ==================================
20:27:05.0205 5068  [ 5D949EEA3BEEC2DF38A2D7900AD89A60 ] \Device\Harddisk0\DR0
20:27:07.0452 5068  \Device\Harddisk0\DR0 - ok
20:27:07.0452 5068  ================ Scan VBR ==================================
20:27:07.0452 5068  [ BB4EE181A3C3FB6FBA2D635B5D34CAE4 ] \Device\Harddisk0\DR0\Partition1
20:27:07.0467 5068  \Device\Harddisk0\DR0\Partition1 - ok
20:27:07.0499 5068  [ 4CB0A14ADB05C81F03E6366A728495D6 ] \Device\Harddisk0\DR0\Partition2
20:27:07.0499 5068  \Device\Harddisk0\DR0\Partition2 - ok
20:27:07.0530 5068  [ BB651F9BAC2C393879A04366C83F8A97 ] \Device\Harddisk0\DR0\Partition3
20:27:07.0530 5068  \Device\Harddisk0\DR0\Partition3 - ok
20:27:07.0530 5068  ============================================================
20:27:07.0530 5068  Scan finished
20:27:07.0530 5068  ============================================================
20:27:07.0545 2332  Detected object count: 0
20:27:07.0545 2332  Actual detected object count: 0
         

Alt 08.03.2013, 20:08   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Groupon Trojaner - Standard

Groupon Trojaner



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.03.2013, 20:48   #10
muccy
 
Groupon Trojaner - Standard

Groupon Trojaner



Hallo cosinus, auch diesen Auftrag habe ich ausgeführt, allerdings kam keine der fehlermeldungen von denen du geschrieben hast und ich habe manuell neugestartet, da kam nichts automatisch...

hier der logfile:
[code]
Combofix Logfile:
Code:
ATTFilter
ComboFix 13-03-07.03 - Muccy3001 08.03.2013  21:30:41.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4095.2052 [GMT 1:00]
ausgeführt von:: c:\users\Muccy3001\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Muccy3001\AppData\Roaming\.#
c:\users\Muccy3001\AppData\Roaming\.#\MBX@1208@2112740.###
c:\users\Muccy3001\AppData\Roaming\.#\MBX@1208@2112770.###
c:\users\Muccy3001\AppData\Roaming\.#\MBX@12B0@6B2740.###
c:\users\Muccy3001\AppData\Roaming\.#\MBX@12B0@6B2770.###
c:\users\Muccy3001\AppData\Roaming\.#\MBX@838@1E72740.###
c:\users\Muccy3001\AppData\Roaming\.#\MBX@838@1E72770.###
c:\users\Muccy3001\AppData\Roaming\.#\MBX@99C@2F2740.###
c:\users\Muccy3001\AppData\Roaming\.#\MBX@99C@2F2770.###
c:\users\Muccy3001\AppData\Roaming\Anakab
c:\users\Muccy3001\AppData\Roaming\Anakab\atide.vov
c:\users\Muccy3001\AppData\Roaming\Urobz
c:\users\Muccy3001\AppData\Roaming\Urobz\taqeh.exe
c:\users\Muccy3001\AppData\Roaming\Zoas
c:\users\Muccy3001\AppData\Roaming\Zoas\ridub.xoa
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-08 bis 2013-03-08  ))))))))))))))))))))))))))))))
.
.
2013-03-08 20:35 . 2013-03-08 20:35	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-08 13:49 . 2013-03-08 14:06	--------	d-----w-	c:\users\Muccy3001\AppData\Roaming\Zesua
2013-03-08 13:37 . 2013-03-08 14:06	--------	d-----w-	c:\users\Muccy3001\Dtvmr
2013-03-08 12:37 . 2013-03-08 12:37	--------	d--h--w-	c:\users\Muccy3001\AppData\Roaming\E8BEE989
2013-03-08 11:14 . 2013-03-08 16:09	--------	d-----w-	c:\users\Muccy3001\AppData\Roaming\Zuluud
2013-03-08 11:14 . 2013-03-08 11:14	--------	d-----w-	c:\users\Muccy3001\AppData\Roaming\Wucyhy
2013-03-07 22:14 . 2013-03-07 22:14	--------	d-----w-	c:\users\Muccy3001\AppData\Roaming\Malwarebytes
2013-03-07 22:13 . 2013-03-07 22:13	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-07 22:13 . 2013-03-07 22:13	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-07 22:13 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-03-07 22:13 . 2013-03-07 22:13	--------	d-----w-	c:\users\Muccy3001\AppData\Local\Programs
2013-03-07 20:41 . 2013-03-08 04:21	--------	d-----w-	c:\users\Muccy3001\AppData\Roaming\Tyvifo
2013-03-07 20:41 . 2013-03-07 20:45	--------	d-----w-	c:\users\Muccy3001\AppData\Roaming\Ahyld
2013-03-07 20:41 . 2013-03-07 20:41	--------	d-----w-	c:\users\Muccy3001\AppData\Roaming\Myhu
2013-03-06 20:08 . 2013-03-06 20:08	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-05 21:33 . 2013-02-08 00:28	9162192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9E62D425-114C-4955-ACD7-27A5395EFB55}\mpengine.dll
2013-02-15 22:04 . 2013-02-15 22:04	208448	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-13 17:33 . 2013-01-04 05:46	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-02-13 17:33 . 2013-01-04 02:47	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-02-13 17:33 . 2013-01-04 04:51	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-02-13 17:33 . 2013-01-04 02:47	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-02-13 17:33 . 2013-01-04 02:47	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-02-13 17:33 . 2013-01-04 02:47	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-02-13 17:33 . 2013-01-03 06:00	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-13 17:33 . 2013-01-03 06:00	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 17:33 . 2012-12-26 05:47	1111040	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 17:33 . 2012-12-26 04:49	760320	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-06 20:08 . 2012-06-19 17:39	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-03-06 20:08 . 2010-07-07 16:34	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-02-28 18:15 . 2012-04-24 13:19	691568	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-28 18:15 . 2011-05-23 19:29	71024	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-13 18:53 . 2010-07-07 15:49	70004024	----a-w-	c:\windows\system32\MRT.exe
2013-01-17 00:28 . 2010-07-07 15:48	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-13 17:33	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2013-01-08 16:22	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2013-01-08 16:22	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2013-01-08 16:22	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2013-01-08 16:22	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2012-01-19 00:09	194848	----a-w-	c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-02 39408]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-11-28 59280]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-11-28 59280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-14 98304]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-02-13 385248]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\users\Muccy3001\Desktop\mbar-1.01.0.1021\mbar\mbar.exe" [2013-03-08 1363016]
.
c:\users\Muccy3001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-14 51872]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-02-10 35840]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-10 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-05-14 73856]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-05-14 28800]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-11-16 27800]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 204288]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-02-13 86752]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-14 52896]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-14 36000]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-14 298144]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-14 28832]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-14 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-14 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-14 154272]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-14 275104]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-31 333928]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-02-06 690208]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-06-14 38528]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 16386526
*NewlyCreated* - ASWMBR
*Deregistered* - 16386526
*Deregistered* - aswMBR
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 18:15]
.
2013-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-02 17:03]
.
2013-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-02 17:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-22 11490408]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-14 613536]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-14 379040]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=ca8fa289000000000000000272b0b9d0
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\Muccy3001\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Muccy3001\AppData\Roaming\Mozilla\Firefox\Profiles\ikvvofgf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=ca8fa289000000000000000272b0b9d0
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110819&babsrc=KW_ss&mntrId=ca8fa289000000000000000272b0b9d0&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKCU-Run-Wyadsym - c:\users\Muccy3001\AppData\Roaming\Tyvifo\kifea.exe
Wow6432Node-HKCU-Run-Oxycenpyi - c:\users\Muccy3001\AppData\Roaming\Urobz\taqeh.exe
Wow6432Node-HKCU-Run-monag - c:\users\Muccy3001\AppData\Roaming\monag.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-BsScanner
AddRemove-ALDI SÜD Mah Jong - c:\windows\system32\Uninstall ALDI SÜD Mah Jong.exe
AddRemove-PDF Reader - c:\program files (x86)\PDFReader\Uninstall\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-08  21:37:21
ComboFix-quarantined-files.txt  2013-03-08 20:37
.
Vor Suchlauf: 8 Verzeichnis(se), 1.231.136.473.088 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 1.231.405.850.624 Bytes frei
.
- - End Of File - - D76DA552119D0364C7D21B61C1E60374
         
--- --- ---


hoffe bisher läuft alles nach plan...?

Was muss ich als nächstes tun?

Alt 10.03.2013, 14:14   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Groupon Trojaner - Standard

Groupon Trojaner



Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
    Code:
    ATTFilter
    Dirlook::
    c:\users\Muccy3001\AppData\Roaming\Zesua
    c:\users\Muccy3001\Dtvmr
    c:\users\Muccy3001\AppData\Roaming\E8BEE989
    c:\users\Muccy3001\AppData\Roaming\Zuluud
    c:\users\Muccy3001\AppData\Roaming\Wucyhy
    c:\users\Muccy3001\AppData\Local\Programs
    c:\users\Muccy3001\AppData\Roaming\Tyvifo
    c:\users\Muccy3001\AppData\Roaming\Ahyld
    c:\users\Muccy3001\AppData\Roaming\Myhu
    
    Filelook::
    c:\windows\SysWow64\WindowsAccessBridge-32.dll
             
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.03.2013, 10:54   #12
muccy
 
Groupon Trojaner - Standard

Groupon Trojaner



Ich melde mich hier nochmal nicht, dass du denkst ich bräuchte keine Hilfe mehr

Alt 11.03.2013, 11:06   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Groupon Trojaner - Standard

Groupon Trojaner



Was soll dieser Zwischenruf??
lass solche Zwischenrufe, poste nur wenn es Probleme gibt oder wenn du die Logs hast (diese dann auch posten in CODE-Tags)
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.03.2013, 11:33   #14
muccy
 
Groupon Trojaner - Standard

Groupon Trojaner



Bei mir kam kein SUspect oder Collect und auch kein fenster zum upload von iwas, habe daher 2mal gemacht, aber auch beim 2ten kam nichts....

Hier ist der Log File vom 2. Versuch:
Code:
ATTFilter
ComboFix 13-03-11.01 - Muccy3001 11.03.2013  12:20:42.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4095.2440 [GMT 1:00]
ausgeführt von:: c:\users\Muccy3001\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Muccy3001\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-11 bis 2013-03-11  ))))))))))))))))))))))))))))))
.
.
2013-03-11 11:24 . 2013-03-11 11:24	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-11 11:01 . 2013-02-08 00:28	9162192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{955BA4F4-A30B-4360-8847-B6E23C9BE3C5}\mpengine.dll
2013-03-08 13:49 . 2013-03-08 14:06	--------	d-----w-	c:\users\Muccy3001\AppData\Roaming\Zesua
2013-03-08 13:37 . 2013-03-08 14:06	--------	d-----w-	c:\users\Muccy3001\Dtvmr
2013-03-08 12:37 . 2013-03-08 12:37	--------	d--h--w-	c:\users\Muccy3001\AppData\Roaming\E8BEE989
2013-03-08 11:14 . 2013-03-08 16:09	--------	d-----w-	c:\users\Muccy3001\AppData\Roaming\Zuluud
2013-03-08 11:14 . 2013-03-08 11:14	--------	d-----w-	c:\users\Muccy3001\AppData\Roaming\Wucyhy
2013-03-07 22:14 . 2013-03-07 22:14	--------	d-----w-	c:\users\Muccy3001\AppData\Roaming\Malwarebytes
2013-03-07 22:13 . 2013-03-07 22:13	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-07 22:13 . 2013-03-07 22:13	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-07 22:13 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-03-07 22:13 . 2013-03-07 22:13	--------	d-----w-	c:\users\Muccy3001\AppData\Local\Programs
2013-03-07 20:41 . 2013-03-08 04:21	--------	d-----w-	c:\users\Muccy3001\AppData\Roaming\Tyvifo
2013-03-07 20:41 . 2013-03-07 20:45	--------	d-----w-	c:\users\Muccy3001\AppData\Roaming\Ahyld
2013-03-07 20:41 . 2013-03-07 20:41	--------	d-----w-	c:\users\Muccy3001\AppData\Roaming\Myhu
2013-03-06 20:08 . 2013-03-06 20:08	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-15 22:04 . 2013-02-15 22:04	208448	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-13 17:33 . 2013-01-04 05:46	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-02-13 17:33 . 2013-01-04 02:47	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-02-13 17:33 . 2013-01-04 04:51	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-02-13 17:33 . 2013-01-04 02:47	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-02-13 17:33 . 2013-01-04 02:47	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-02-13 17:33 . 2013-01-04 02:47	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-02-13 17:33 . 2013-01-03 06:00	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-13 17:33 . 2013-01-03 06:00	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 17:33 . 2012-12-26 05:47	1111040	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 17:33 . 2012-12-26 04:49	760320	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-06 20:08 . 2012-06-19 17:39	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-03-06 20:08 . 2010-07-07 16:34	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-02-28 18:15 . 2012-04-24 13:19	691568	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-28 18:15 . 2011-05-23 19:29	71024	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-13 18:53 . 2010-07-07 15:49	70004024	----a-w-	c:\windows\system32\MRT.exe
2013-01-17 00:28 . 2010-07-07 15:48	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-13 17:33	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2013-01-08 16:22	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2013-01-08 16:22	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2013-01-08 16:22	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2013-01-08 16:22	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\SysWow64\WindowsAccessBridge-32.dll ---
Company: Oracle Corporation
File Description: 
File Version: 2, 0, 7, 0
Product Name: Java Access Bridge for Windows
Copyright: Copyright © 2013
Original Filename: 
File size: 95648
Created time: 2013-03-06 20:08
Modified time: 2013-03-06 20:08
MD5: F003B6C8BFD5F675A4DD398D2A8AEB63
SHA1: 289F1D8D4825EBDBAABF7D061CE1D93BE9D1443B
.
---- Directory of c:\users\Muccy3001\AppData\Local\Programs ----
.
.
---- Directory of c:\users\Muccy3001\AppData\Roaming\Ahyld ----
.
2012-06-08 16:48 . 2013-03-07 20:41	11877	----a-w-	c:\users\Muccy3001\AppData\Roaming\Ahyld\yxyr.tmp
.
---- Directory of c:\users\Muccy3001\AppData\Roaming\E8BEE989 ----
.
.
---- Directory of c:\users\Muccy3001\AppData\Roaming\Myhu ----
.
2012-01-05 18:44 . 2013-03-07 20:41	399066	----a-w-	c:\users\Muccy3001\AppData\Roaming\Myhu\movyh.yxd
.
---- Directory of c:\users\Muccy3001\AppData\Roaming\Tyvifo ----
.
.
---- Directory of c:\users\Muccy3001\AppData\Roaming\Wucyhy ----
.
2011-10-05 15:11 . 2013-03-08 12:28	399066	----a-w-	c:\users\Muccy3001\AppData\Roaming\Wucyhy\nuyz.evs
.
---- Directory of c:\users\Muccy3001\AppData\Roaming\Zesua ----
.
.
---- Directory of c:\users\Muccy3001\AppData\Roaming\Zuluud ----
.
.
---- Directory of c:\users\Muccy3001\Dtvmr ----
.
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2012-01-19 00:09	194848	----a-w-	c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-02 39408]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-11-28 59280]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-11-28 59280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-14 98304]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-02-13 385248]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Muccy3001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-14 51872]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-02-10 35840]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-10 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-05-14 73856]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-05-14 28800]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-11-16 27800]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 204288]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-02-13 86752]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-14 52896]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-14 36000]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-14 298144]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-14 28832]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-14 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-14 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-14 154272]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-14 275104]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-31 333928]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-02-06 690208]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-06-14 38528]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 18:15]
.
2013-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-02 17:03]
.
2013-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-02 17:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-22 11490408]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-14 613536]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-14 379040]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=ca8fa289000000000000000272b0b9d0
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\Muccy3001\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Muccy3001\AppData\Roaming\Mozilla\Firefox\Profiles\ikvvofgf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=ca8fa289000000000000000272b0b9d0
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110819&babsrc=KW_ss&mntrId=ca8fa289000000000000000272b0b9d0&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-ALDI SÜD Mah Jong - c:\windows\system32\Uninstall ALDI SÜD Mah Jong.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-11  12:26:15
ComboFix-quarantined-files.txt  2013-03-11 11:26
ComboFix2.txt  2013-03-11 11:15
ComboFix3.txt  2013-03-08 20:37
.
Vor Suchlauf: 10 Verzeichnis(se), 1.231.243.931.648 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 1.230.946.537.472 Bytes frei
.
- - End Of File - - D1E020108C139CFB19752FE2A03FE4FB
         
sry wegen des Zwischenrufs, hatte nicht gesehen , dass du schon auf der 2. Seite geantwortet hattest gestern.

Hier ist noch der vom 1. Versuch, falls er wichtig ist:
Code:
ATTFilter
ComboFix 13-03-11.01 - Muccy3001 11.03.2013  12:08:18.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4095.2584 [GMT 1:00]
ausgeführt von:: c:\users\Muccy3001\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Muccy3001\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-11 bis 2013-03-11  ))))))))))))))))))))))))))))))
.
.
2013-03-11 11:13 . 2013-03-11 11:13	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-11 11:01 . 2013-02-08 00:28	9162192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{955BA4F4-A30B-4360-8847-B6E23C9BE3C5}\mpengine.dll
2013-03-08 13:49 . 2013-03-08 14:06	--------	d-----w-	c:\users\Muccy3001\AppData\Roaming\Zesua
2013-03-08 13:37 . 2013-03-08 14:06	--------	d-----w-	c:\users\Muccy3001\Dtvmr
2013-03-08 12:37 . 2013-03-08 12:37	--------	d--h--w-	c:\users\Muccy3001\AppData\Roaming\E8BEE989
2013-03-08 11:14 . 2013-03-08 16:09	--------	d-----w-	c:\users\Muccy3001\AppData\Roaming\Zuluud
2013-03-08 11:14 . 2013-03-08 11:14	--------	d-----w-	c:\users\Muccy3001\AppData\Roaming\Wucyhy
2013-03-07 22:14 . 2013-03-07 22:14	--------	d-----w-	c:\users\Muccy3001\AppData\Roaming\Malwarebytes
2013-03-07 22:13 . 2013-03-07 22:13	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-07 22:13 . 2013-03-07 22:13	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-07 22:13 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-03-07 22:13 . 2013-03-07 22:13	--------	d-----w-	c:\users\Muccy3001\AppData\Local\Programs
2013-03-07 20:41 . 2013-03-08 04:21	--------	d-----w-	c:\users\Muccy3001\AppData\Roaming\Tyvifo
2013-03-07 20:41 . 2013-03-07 20:45	--------	d-----w-	c:\users\Muccy3001\AppData\Roaming\Ahyld
2013-03-07 20:41 . 2013-03-07 20:41	--------	d-----w-	c:\users\Muccy3001\AppData\Roaming\Myhu
2013-03-06 20:08 . 2013-03-06 20:08	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-15 22:04 . 2013-02-15 22:04	208448	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-13 17:33 . 2013-01-04 05:46	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-02-13 17:33 . 2013-01-04 02:47	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-02-13 17:33 . 2013-01-04 04:51	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-02-13 17:33 . 2013-01-04 02:47	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-02-13 17:33 . 2013-01-04 02:47	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-02-13 17:33 . 2013-01-04 02:47	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-02-13 17:33 . 2013-01-03 06:00	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-13 17:33 . 2013-01-03 06:00	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 17:33 . 2012-12-26 05:47	1111040	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 17:33 . 2012-12-26 04:49	760320	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-06 20:08 . 2012-06-19 17:39	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-03-06 20:08 . 2010-07-07 16:34	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-02-28 18:15 . 2012-04-24 13:19	691568	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-28 18:15 . 2011-05-23 19:29	71024	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-13 18:53 . 2010-07-07 15:49	70004024	----a-w-	c:\windows\system32\MRT.exe
2013-01-17 00:28 . 2010-07-07 15:48	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-13 17:33	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2013-01-08 16:22	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2013-01-08 16:22	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2013-01-08 16:22	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2013-01-08 16:22	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\SysWow64\WindowsAccessBridge-32.dll ---
Company: Oracle Corporation
File Description: 
File Version: 2, 0, 7, 0
Product Name: Java Access Bridge for Windows
Copyright: Copyright © 2013
Original Filename: 
File size: 95648
Created time: 2013-03-06 20:08
Modified time: 2013-03-06 20:08
MD5: F003B6C8BFD5F675A4DD398D2A8AEB63
SHA1: 289F1D8D4825EBDBAABF7D061CE1D93BE9D1443B
.
---- Directory of c:\users\Muccy3001\AppData\Local\Programs ----
.
.
---- Directory of c:\users\Muccy3001\AppData\Roaming\Ahyld ----
.
2012-06-08 16:48 . 2013-03-07 20:41	11877	----a-w-	c:\users\Muccy3001\AppData\Roaming\Ahyld\yxyr.tmp
.
---- Directory of c:\users\Muccy3001\AppData\Roaming\E8BEE989 ----
.
.
---- Directory of c:\users\Muccy3001\AppData\Roaming\Myhu ----
.
2012-01-05 18:44 . 2013-03-07 20:41	399066	----a-w-	c:\users\Muccy3001\AppData\Roaming\Myhu\movyh.yxd
.
---- Directory of c:\users\Muccy3001\AppData\Roaming\Tyvifo ----
.
.
---- Directory of c:\users\Muccy3001\AppData\Roaming\Wucyhy ----
.
2011-10-05 15:11 . 2013-03-08 12:28	399066	----a-w-	c:\users\Muccy3001\AppData\Roaming\Wucyhy\nuyz.evs
.
---- Directory of c:\users\Muccy3001\AppData\Roaming\Zesua ----
.
.
---- Directory of c:\users\Muccy3001\AppData\Roaming\Zuluud ----
.
.
---- Directory of c:\users\Muccy3001\Dtvmr ----
.
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2012-01-19 00:09	194848	----a-w-	c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-02 39408]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-11-28 59280]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-11-28 59280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-14 98304]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-02-13 385248]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Muccy3001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-14 51872]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-02-10 35840]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-10 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-05-14 73856]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-05-14 28800]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-11-16 27800]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 204288]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-02-13 86752]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-14 52896]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-14 36000]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-14 298144]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-14 28832]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-14 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-14 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-14 154272]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-14 275104]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-31 333928]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-02-06 690208]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-06-14 38528]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 18:15]
.
2013-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-02 17:03]
.
2013-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-02 17:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-22 11490408]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-14 613536]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-14 379040]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=ca8fa289000000000000000272b0b9d0
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\Muccy3001\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Muccy3001\AppData\Roaming\Mozilla\Firefox\Profiles\ikvvofgf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=ca8fa289000000000000000272b0b9d0
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110819&babsrc=KW_ss&mntrId=ca8fa289000000000000000272b0b9d0&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-ALDI SÜD Mah Jong - c:\windows\system32\Uninstall ALDI SÜD Mah Jong.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-11  12:15:17
ComboFix-quarantined-files.txt  2013-03-11 11:15
ComboFix2.txt  2013-03-08 20:37
.
Vor Suchlauf: 10 Verzeichnis(se), 1.231.254.237.184 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 1.231.060.852.736 Bytes frei
.
- - End Of File - - 2A2A7E82D8B577BBCB1D497E43D72179
         

Alt 11.03.2013, 11:39   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Groupon Trojaner - Standard

Groupon Trojaner



Zitat:
Bei mir kam kein SUspect oder Collect und auch kein fenster zum upload von iwas, habe daher 2mal gemacht, aber auch beim 2ten kam nichts...
Da steht doch nur als Hinweis da, falls suspect oder collect verwendet wurde, in meinem Script wurde das aber nicht benutzt!


Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
    Code:
    ATTFilter
    Folder::
    c:\users\Muccy3001\AppData\Roaming\Zesua
    c:\users\Muccy3001\Dtvmr
    c:\users\Muccy3001\AppData\Roaming\E8BEE989
    c:\users\Muccy3001\AppData\Roaming\Zuluud
    c:\users\Muccy3001\AppData\Roaming\Wucyhy
    c:\users\Muccy3001\AppData\Local\Programs
    c:\users\Muccy3001\AppData\Roaming\Tyvifo
    c:\users\Muccy3001\AppData\Roaming\Ahyld
    c:\users\Muccy3001\AppData\Roaming\Myhu
             
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Groupon Trojaner
alles blockiert, avira, blockiert, bräuchte, datei, dateien, eingefangen, gen, gestern, gesuch, gesucht, groupon, hören, interne, internet, malwarebytes, meinung, nachricht, neue, neuen, probleme, software, sämtliche, thema, trojaner, würde, zugriff



Ähnliche Themen: Groupon Trojaner


  1. Groupon Virus/Trojaner
    Log-Analyse und Auswertung - 29.05.2013 (74)
  2. Von Trojaner in Groupon Mail erwischt!
    Plagegeister aller Art und deren Bekämpfung - 01.04.2013 (19)
  3. Groupon Trojaner
    Log-Analyse und Auswertung - 30.03.2013 (28)
  4. Groupon Trojaner
    Log-Analyse und Auswertung - 26.03.2013 (9)
  5. Groupon Trojaner.
    Plagegeister aller Art und deren Bekämpfung - 25.03.2013 (29)
  6. Groupon Trojaner
    Plagegeister aller Art und deren Bekämpfung - 25.03.2013 (11)
  7. Groupon Trojaner, die Hundertste...
    Plagegeister aller Art und deren Bekämpfung - 24.03.2013 (23)
  8. Groupon-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 18.03.2013 (10)
  9. Groupon Trojaner
    Plagegeister aller Art und deren Bekämpfung - 15.03.2013 (16)
  10. Groupon Rechnung - versteckte Trojaner
    Log-Analyse und Auswertung - 15.03.2013 (16)
  11. Groupon AG Abrechnung - Trojaner
    Plagegeister aller Art und deren Bekämpfung - 14.03.2013 (2)
  12. Groupon Trojaner-Bereinigung
    Log-Analyse und Auswertung - 14.03.2013 (72)
  13. Nochmal Groupon-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 13.03.2013 (1)
  14. 2x | Groupon Trojaner
    Mülltonne - 13.03.2013 (5)
  15. Groupon Nachricht mit Trojaner
    Plagegeister aller Art und deren Bekämpfung - 12.03.2013 (5)
  16. Groupon Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.03.2013 (13)
  17. Groupon Trojaner
    Plagegeister aller Art und deren Bekämpfung - 08.03.2013 (5)

Zum Thema Groupon Trojaner - Hallo liebe Trojaner Zerstörer, Ich habe mir gestern auch den Trojaner über eine Nachricht von Groupon eingefangen und bräuchte eure Hilfe. Habe die Zip. Datei geöffnet aber alles blockiert was - Groupon Trojaner...
Archiv
Du betrachtest: Groupon Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.