Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Virtumonde.dll/sci/sdn und Spybot

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 21.06.2013, 18:02   #1
Victarion
 
Virtumonde.dll/sci/sdn und Spybot - Standard

Virtumonde.dll/sci/sdn und Spybot



Hallo liebes Helferteam.
Das ist mein erster Beitrag hier, daher hoffe ich mal, dass ich alles richtig gemacht habe.
Zu meinem Problem: Mir ist neulich aufgefallen, dass bei meinem Spybot S&D ziemlich lange nach oder in virtumonde.dll/sci/sdn sucht. Das hab ich dann gleich mal in Internet gesucht und rausgefunden, dass es ein Trojaner ist.
Jedoch hat bei mir eben weder Spybot noch avast! noch Malwarebytes Anti-Malware etwas gefunden. Nun habe ich hier bereits im Forum gelesen, dass Spybot lediglich anzeigt, wonach es gerade sucht, und nich was es gerade durchsucht und das virtumonde eigentich mittlerweile von vielen Antivirusprogrammen gefunden werden müsste.
Bin jedoch die Anleitung durchgegangen und habe die folgenden Logdaten.


Code:
ATTFilter
OTL logfile created on: 21.06.2013 15:52:54 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\EGAL\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 56,77% Memory free
4,00 Gb Paging File | 3,06 Gb Available in Paging File | 76,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 213,15 Gb Total Space | 51,05 Gb Free Space | 23,95% Space Free | Partition Type: NTFS
Drive D: | 19,63 Gb Total Space | 7,57 Gb Free Space | 38,57% Space Free | Partition Type: NTFS
 
Computer Name: SPIELSERVER | User Name: EGAL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.21 15:44:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\EGAL\Desktop\OTL.exe
PRC - [2013.06.06 20:33:44 | 000,040,960 | ---- | M] () -- C:\Users\EGAL\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
PRC - [2013.05.16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013.05.16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013.05.15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013.01.18 16:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013.01.18 16:21:00 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.05.22 08:38:56 | 000,160,872 | ---- | M] (Geek Software GmbH) -- C:\Program Files\pdf24\pdf24.exe
PRC - [2011.12.05 18:59:13 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.04.18 19:25:12 | 003,460,784 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011.04.18 19:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.02.01 14:02:26 | 000,713,544 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2010.02.01 14:00:40 | 001,043,784 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009.10.12 19:13:20 | 000,226,816 | ---- | M] () -- C:\Program Files\Razer\Diamondback 3G\razerhid.exe
PRC - [2009.10.12 12:13:06 | 000,131,072 | ---- | M] () -- C:\Program Files\Razer\Diamondback 3G\razertra.exe
PRC - [2009.04.14 08:43:42 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE
PRC - [2008.11.18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2007.05.07 10:52:12 | 000,159,744 | ---- | M] (Razer USA Ltd.) -- C:\Program Files\Razer\Tarantula\razerhid.exe
PRC - [2007.03.05 18:17:56 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\Tarantula\razertra.exe
PRC - [2007.02.14 12:11:18 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Diamondback 3G\razerofa.exe
PRC - [2003.05.21 18:37:08 | 000,229,437 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013.05.16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.01.21 02:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010.01.09 21:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009.10.12 19:13:20 | 000,226,816 | ---- | M] () -- C:\Program Files\Razer\Diamondback 3G\razerhid.exe
MOD - [2009.10.12 12:13:06 | 000,131,072 | ---- | M] () -- C:\Program Files\Razer\Diamondback 3G\razertra.exe
MOD - [2009.03.26 14:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\System32\APOMngr.DLL
MOD - [2009.02.06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\System32\CmdRtr.DLL
MOD - [2007.09.20 19:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2007.03.05 18:17:56 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\Tarantula\razertra.exe
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mcmispupdmgr.dll -- (oracledbconsoleorcl)
SRV - [2013.06.12 17:03:40 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.06.06 20:33:44 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\EGAL\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2013.05.19 09:47:51 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.06 18:04:38 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013.02.26 00:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.21 02:39:20 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.04.18 19:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.02.08 18:01:47 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.02.08 17:55:13 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010.02.08 17:36:40 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010.02.01 14:00:40 | 001,043,784 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.02.01 13:57:16 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.01.21 18:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.11.18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\EGAL\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013.02.26 00:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.11.09 16:21:40 | 000,147,776 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011.10.27 00:21:08 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AFS.SYS -- (AFS)
DRV - [2011.08.30 01:54:22 | 000,097,552 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV - [2011.05.17 17:40:37 | 000,278,984 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.04.18 19:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.04.18 19:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.04.18 19:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.04.18 19:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.04.18 19:13:09 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011.04.18 19:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.06.21 22:46:13 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.01.27 04:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2009.10.14 08:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.08.03 12:10:24 | 001,148,416 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\P17.sys -- (P17)
DRV - [2009.07.14 00:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009.06.18 20:45:02 | 004,172,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM)
DRV - [2007.04.11 16:23:48 | 000,045,440 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UsbFltr.sys -- (TarFltr)
DRV - [2005.09.06 12:13:52 | 000,004,505 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tihid.sys -- (Tihid)
DRV - [2005.04.24 23:43:58 | 000,013,225 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DB3G.sys -- (Razerlow)
DRV - [2004.08.31 20:07:08 | 000,026,240 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2004.08.13 10:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C6 6B 05 BE 19 B0 CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=754f46bf-ec0f-442a-9524-e6dface7ba68&pid=proxtubede&k=0
IE - HKCU\..\SearchScopes\{136D0C38-F6BE-4FF0-B1C1-E82465C425CB}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=754f46bf-ec0f-442a-9524-e6dface7ba68&pid=proxtubede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{1732850D-AFC1-4A1A-AA97-5674574E121C}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=754f46bf-ec0f-442a-9524-e6dface7ba68&pid=proxtubede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{187F50A8-52B2-48C5-B20C-D96449C26E2D}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=754f46bf-ec0f-442a-9524-e6dface7ba68&pid=proxtubede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{26CA4FA5-9B46-4A72-8E9E-EBF0DE82AC21}: "URL" = hxxp://de.search.yahoo.com.anonymize-me.de/?anonymto=687474703A2F2F64652E7365617263682E7961686F6F2E636F6D2F7365617263683F66723D6368722D677265656E747265655F69652665693D7574662D3826747970653D33303233393826703D7B7365617263685465726D737D&st={searchTerms}&clid=754f46bf-ec0f-442a-9524-e6dface7ba68&pid=proxtubede&k=0
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E6963712E636F6D2F7365617263682F726573756C74732E7068703F713D7B7365617263685465726D737D2663685F69643D6F7364&st={searchTerms}&clid=754f46bf-ec0f-442a-9524-e6dface7ba68&pid=proxtubede&k=0
IE - HKCU\..\SearchScopes\{864C26B3-A135-4318-8D9A-7F881D218950}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=754f46bf-ec0f-442a-9524-e6dface7ba68&pid=proxtubede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{923E93C6-EADA-4EE7-BAEF-97C79C156F3A}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=754f46bf-ec0f-442a-9524-e6dface7ba68&pid=proxtubede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{D5153510-4B3E-46AE-A888-5CA9B4B46747}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=754f46bf-ec0f-442a-9524-e6dface7ba68&pid=proxtubede&mode=bounce&k=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:20110101
FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.1
FF - prefs.js..extensions.enabledAddons: %7Bbee6eb20-01e0-ebd1-da83-080329fb9a3a%7D:1.33
FF - prefs.js..extensions.enabledAddons: %7B2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7%7D:1.5.1
FF - prefs.js..extensions.enabledAddons: firejump%40firejump.net:1.0.2.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "95.181.33.22"
FF - prefs.js..network.proxy.http: "95.181.33.22"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "95.181.33.22"
FF - prefs.js..network.proxy.ssl: "95.181.33.22"
FF - prefs.js..network.proxy.type: 2
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\EGAL\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.08.03 17:58:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.10.02 18:34:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.19 09:47:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.19 09:47:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\EGAL\AppData\Roaming\Mozilla\Firefox\Profiles\viz3tusi.default\extensions\firejump@firejump.net [2013.06.06 20:33:53 | 000,000,000 | ---D | M]
 
[2010.02.08 17:46:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\EGAL\AppData\Roaming\mozilla\Extensions
[2013.06.14 16:30:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\EGAL\AppData\Roaming\mozilla\Firefox\Profiles\viz3tusi.default\extensions
[2013.06.14 16:30:29 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\EGAL\AppData\Roaming\mozilla\Firefox\Profiles\viz3tusi.default\extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}
[2013.03.14 21:00:24 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\EGAL\AppData\Roaming\mozilla\Firefox\Profiles\viz3tusi.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2013.05.21 05:48:08 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\EGAL\AppData\Roaming\mozilla\Firefox\Profiles\viz3tusi.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2013.06.06 20:33:53 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\EGAL\AppData\Roaming\mozilla\Firefox\Profiles\viz3tusi.default\extensions\firejump@firejump.net
[2012.12.11 22:51:38 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\EGAL\AppData\Roaming\mozilla\firefox\profiles\viz3tusi.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.05.09 02:14:48 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\EGAL\AppData\Roaming\mozilla\firefox\profiles\viz3tusi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.06.06 20:34:17 | 000,001,091 | ---- | M] () -- C:\Users\EGAL\AppData\Roaming\mozilla\firefox\profiles\viz3tusi.default\searchplugins\icqplugin.xml
[2013.06.06 20:34:17 | 000,002,077 | ---- | M] () -- C:\Users\EGAL\AppData\Roaming\mozilla\firefox\profiles\viz3tusi.default\searchplugins\{0CFE86B6-23D7-4F01-BBFC-A46BE9EC10A1}.xml
[2013.06.06 20:34:17 | 000,002,188 | ---- | M] () -- C:\Users\EGAL\AppData\Roaming\mozilla\firefox\profiles\viz3tusi.default\searchplugins\{74DAFE1B-4B1A-4E66-B6EC-2994A55B1279}.xml
[2013.06.06 20:34:17 | 000,001,870 | ---- | M] () -- C:\Users\EGAL\AppData\Roaming\mozilla\firefox\profiles\viz3tusi.default\searchplugins\{C174170F-389A-4524-A2B4-9FD3D4EE1F79}.xml
[2013.06.06 20:34:17 | 000,024,039 | ---- | M] () -- C:\Users\EGAL\AppData\Roaming\mozilla\firefox\profiles\viz3tusi.default\searchplugins\{D291A85D-C059-466E-A436-B5E4FE74A1EF}.xml
[2013.06.06 20:34:17 | 000,002,522 | ---- | M] () -- C:\Users\EGAL\AppData\Roaming\mozilla\firefox\profiles\viz3tusi.default\searchplugins\{D69ECB5D-1209-4E85-8431-B3F78AD83B88}.xml
[2013.06.06 20:34:17 | 000,001,094 | ---- | M] () -- C:\Users\EGAL\AppData\Roaming\mozilla\firefox\profiles\viz3tusi.default\searchplugins\{DD8A5BCC-E71D-425C-81BE-ACDA3B810959}.xml
[2013.05.19 09:47:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.05.19 09:47:30 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2013.05.19 09:47:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013.05.19 09:47:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.10.02 18:34:00 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2010.09.03 11:24:30 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.07.03 00:34:44 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
 
O1 HOSTS File: ([2013.06.20 22:20:46 | 000,447,019 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 15377 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Diamondback] C:\Program Files\Razer\Diamondback 3G\razerhid.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Ocs_SM] C:\Users\EGAL\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [P17RunE] C:\Windows\System32\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Tarantula] C:\Program Files\Razer\Tarantula\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\EGAL\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\EGAL\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\EGAL\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4182D7EA-72D4-44A0-B9AD-4FC1AF9453F5}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.21 15:44:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\EGAL\Desktop\OTL.exe
[2013.06.21 01:15:23 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\EGAL\Desktop\HiJackThis204.exe
[2013.06.20 22:32:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.06.20 22:32:10 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2013.06.20 22:32:02 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013.06.20 22:13:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.20 20:55:25 | 000,000,000 | ---D | C] -- C:\Users\EGAL\AppData\Local\temp
[2013.06.20 05:56:10 | 000,393,040 | ---- | C] (Softonic                                        ) -- C:\Users\EGAL\Desktop\SoftonicDownloader_fuer_combofix.exe
[2013.06.20 05:07:24 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.20 04:57:55 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.06.20 04:47:19 | 000,617,312 | ---- | C] (www.download-sponsor.de) -- C:\Users\EGAL\Desktop\CCleaner 4.01.4093.exe
[2013.06.20 04:45:23 | 000,096,978 | ---- | C] (Business Information Solutions) -- C:\Users\EGAL\Desktop\VirtumundoBeGone.exe
[2013.06.20 04:14:33 | 000,000,000 | ---D | C] -- C:\Users\EGAL\AppData\Roaming\Malwarebytes
[2013.06.20 04:13:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.20 04:13:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.20 04:13:29 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.06.20 04:13:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.06.20 03:38:20 | 036,271,144 | ---- | C] (Safer-Networking Ltd.                                       ) -- C:\Users\EGAL\Desktop\spybot-2.1.exe
[2013.06.20 03:37:56 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\EGAL\Desktop\mbam-setup-1.75.0.1300.exe
[2013.06.06 20:35:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.06.06 20:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.06.06 20:34:17 | 000,000,000 | ---D | C] -- C:\Users\EGAL\AppData\Roaming\Opera
[2013.06.06 20:33:54 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\System32\dhRichClient3.dll
[2013.06.06 20:33:52 | 000,000,000 | ---D | C] -- C:\Users\EGAL\AppData\Roaming\DesktopIconForAmazon
[2013.06.06 20:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FoxyDeal
[2013.06.06 20:33:48 | 000,000,000 | ---D | C] -- C:\Program Files\FoxyDeal
[2013.06.06 20:33:44 | 000,000,000 | ---D | C] -- C:\Users\EGAL\AppData\Roaming\OCS
[2013.06.01 02:32:05 | 000,000,000 | ---D | C] -- C:\Users\EGAL\Desktop\Dartols Rute der Transformation - Gegenstände - World of Warcraft Datenbank von buffed.de-Dateien
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.21 15:49:45 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.21 15:49:45 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.21 15:48:31 | 000,377,856 | ---- | M] () -- C:\Users\EGAL\Desktop\gmer_2.1.19163.exe
[2013.06.21 15:44:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\EGAL\Desktop\OTL.exe
[2013.06.21 15:42:46 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_EGAL.job
[2013.06.21 15:41:29 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.21 15:41:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.21 15:41:11 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.21 15:39:50 | 000,000,020 | ---- | M] () -- C:\Users\EGAL\defogger_reenable
[2013.06.21 15:38:05 | 000,050,477 | ---- | M] () -- C:\Users\EGAL\Desktop\Defogger.exe
[2013.06.21 07:20:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.21 07:03:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.21 05:15:39 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_EGAL.job
[2013.06.21 04:07:08 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_EGAL.job
[2013.06.21 01:15:27 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\EGAL\Desktop\HiJackThis204.exe
[2013.06.21 01:05:31 | 000,000,142 | ---- | M] () -- C:\Windows\wininit.ini
[2013.06.20 22:32:15 | 000,002,087 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.06.20 22:20:46 | 000,447,019 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.06.20 22:15:29 | 392,870,537 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.06.20 20:56:54 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130620-222046.backup
[2013.06.20 05:56:17 | 000,393,040 | ---- | M] (Softonic                                        ) -- C:\Users\EGAL\Desktop\SoftonicDownloader_fuer_combofix.exe
[2013.06.20 04:57:58 | 000,000,933 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.06.20 04:56:08 | 000,002,131 | ---- | M] () -- C:\Users\EGAL\Desktop\CCleaner 4.01.4093 Setup.lnk
[2013.06.20 04:47:20 | 000,617,312 | ---- | M] (www.download-sponsor.de) -- C:\Users\EGAL\Desktop\CCleaner 4.01.4093.exe
[2013.06.20 04:45:26 | 000,096,978 | ---- | M] (Business Information Solutions) -- C:\Users\EGAL\Desktop\VirtumundoBeGone.exe
[2013.06.20 04:13:32 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.20 03:39:15 | 036,271,144 | ---- | M] (Safer-Networking Ltd.                                       ) -- C:\Users\EGAL\Desktop\spybot-2.1.exe
[2013.06.20 03:38:16 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\EGAL\Desktop\mbam-setup-1.75.0.1300.exe
[2013.06.06 20:33:57 | 000,001,450 | ---- | M] () -- C:\Users\EGAL\Desktop\Amazon.lnk
[2013.06.01 02:32:31 | 000,244,266 | ---- | M] () -- C:\Users\EGAL\Desktop\Dartols Rute der Transformation - Gegenstände - World of Warcraft Datenbank von buffed.de.htm
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.21 15:48:29 | 000,377,856 | ---- | C] () -- C:\Users\EGAL\Desktop\gmer_2.1.19163.exe
[2013.06.21 15:39:30 | 000,000,020 | ---- | C] () -- C:\Users\EGAL\defogger_reenable
[2013.06.21 15:38:01 | 000,050,477 | ---- | C] () -- C:\Users\EGAL\Desktop\Defogger.exe
[2013.06.21 04:07:03 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_EGAL.job
[2013.06.20 22:32:15 | 000,002,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.06.20 22:32:15 | 000,002,087 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.06.20 22:24:21 | 000,000,142 | ---- | C] () -- C:\Windows\wininit.ini
[2013.06.20 22:15:29 | 392,870,537 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.06.20 04:57:58 | 000,000,933 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.06.20 04:56:05 | 000,002,131 | ---- | C] () -- C:\Users\EGAL\Desktop\CCleaner 4.01.4093 Setup.lnk
[2013.06.20 04:13:32 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.20 01:56:27 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_EGAL.job
[2013.06.20 01:56:25 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_EGAL.job
[2013.06.13 17:44:51 | 000,006,904 | ---- | C] () -- C:\Users\EGAL\Desktop\Classical Gas.gp3
[2013.06.06 20:34:00 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2013.06.06 20:33:57 | 000,001,450 | ---- | C] () -- C:\Users\EGAL\Desktop\Amazon.lnk
[2013.06.01 02:32:15 | 000,244,266 | ---- | C] () -- C:\Users\EGAL\Desktop\Dartols Rute der Transformation - Gegenstände - World of Warcraft Datenbank von buffed.de.htm
[2013.05.09 16:58:14 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2013.05.09 16:58:14 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2013.03.23 20:16:28 | 000,004,505 | ---- | C] () -- C:\Windows\System32\drivers\tihid.sys
[2013.03.23 20:13:33 | 000,143,360 | ---- | C] () -- C:\Windows\System32\Tipage.dll
[2012.06.12 01:45:50 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll
[2012.03.28 19:40:44 | 000,000,112 | ---- | C] () -- C:\ProgramData\54X64LKy.dat
[2011.10.27 00:06:17 | 000,010,443 | ---- | C] () -- C:\Windows\hpdj3600.ini
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.07.10 00:34:29 | 000,036,892 | ---- | C] () -- C:\Windows\System32\bassmod.dll
[2011.07.06 20:08:13 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010.11.05 13:41:07 | 000,000,092 | ---- | C] () -- C:\Users\EGAL\AppData\Local\fusioncache.dat
[2010.07.10 19:44:43 | 000,000,000 | ---- | C] () -- C:\Users\EGAL\.gtk-bookmarks
[2010.05.01 20:54:05 | 000,007,608 | ---- | C] () -- C:\Users\EGAL\AppData\Local\Resmon.ResmonCfg
[2010.03.21 19:20:31 | 000,138,056 | ---- | C] () -- C:\Users\EGAL\AppData\Roaming\PnkBstrK.sys
[2010.02.16 20:40:55 | 000,001,355 | ---- | C] () -- C:\Users\EGAL\AppData\Roaming\SAS7_000.DAT
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.12.08 02:28:59 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\.minecraft
[2013.02.28 20:43:50 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\AnvSoft
[2010.02.08 17:54:29 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\Ashampoo
[2010.03.26 14:42:26 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\Ashampoo Cover Studio 2
[2013.06.20 05:05:50 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\Azureus
[2010.03.02 12:41:26 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\Bioshock2
[2013.03.14 19:25:33 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\CDisplayEx
[2013.06.20 05:05:51 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\DAEMON Tools Lite
[2013.06.20 05:05:51 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\DAEMON Tools Pro
[2011.06.27 23:41:43 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\Day 1 Studios
[2013.06.06 20:33:58 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\DesktopIconForAmazon
[2012.11.07 23:14:40 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\DVDVideoSoft
[2012.11.03 00:37:15 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.26 23:44:08 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\FreeDoko
[2010.11.08 16:04:27 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\ICQ
[2010.03.19 11:13:22 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\IrfanView
[2011.11.26 03:20:50 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\Juniper Networks
[2010.10.14 12:49:18 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\Line 6
[2011.11.07 17:26:21 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\MotioninJoy
[2011.08.23 00:13:36 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\Mumble
[2010.07.17 14:42:13 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\Neoretix
[2013.06.06 20:33:44 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\OCS
[2010.02.15 21:35:19 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\OpenOffice.org
[2013.06.06 20:34:17 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\Opera
[2011.03.18 22:08:23 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\PunkBuster
[2012.01.05 05:46:25 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\Recorder
[2012.08.12 13:50:04 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\six-updater
[2012.08.12 13:44:09 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\six-zsync
[2013.06.20 05:05:50 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\TS3Client
[2010.02.08 18:00:30 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\TuneUp Software
[2011.12.02 13:14:38 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\Ubisoft
[2010.12.27 13:39:23 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\Uniblue
[2013.06.20 05:05:50 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\uTorrent
[2012.03.28 23:16:31 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\Wise Registry Cleaner
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:F35A93AD

< End of report >
         

Code:
ATTFilter
OTL Extras logfile created on: 21.06.2013 15:52:54 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\EGAL\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 56,77% Memory free
4,00 Gb Paging File | 3,06 Gb Available in Paging File | 76,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 213,15 Gb Total Space | 51,05 Gb Free Space | 23,95% Space Free | Partition Type: NTFS
Drive D: | 19,63 Gb Total Space | 7,57 Gb Free Space | 38,57% Space Free | Partition Type: NTFS
 
Computer Name: SPIELSERVER | User Name: EGAL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{0740DAD8-64B6-44F7-ABEC-545070AE15FC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{1446CA5B-2133-4736-BDE1-15517B8DD949}" = rport=138 | protocol=17 | dir=out | app=system | 
"{14CAFD08-2FEE-41EC-B237-864C8A027B9E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{22239061-8C53-45E8-BECE-22EF3A6BB859}" = rport=139 | protocol=6 | dir=out | app=system | 
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{33660F9E-6BC4-4FEF-8EB4-C776B5489A01}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{345F005B-F011-48F0-A258-A4DE5DC5C9D5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3906EE9A-8D75-45B4-BD32-759488EE6E9C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{51B75FE8-15D4-4BC6-8C07-52E708BF63D3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{52C2794A-E070-40DD-BB7E-8DF260EEF0C2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{547DD7D4-576E-4030-958A-D2854EC49549}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5A8C7D3D-A84C-403A-B994-1A0C953870EF}" = lport=137 | protocol=17 | dir=in | app=system | 
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{63772124-54F6-4208-A196-EEF4E7A3762F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{75527BF8-CFE9-4FBD-9431-5957B9EBFC5D}" = lport=56614 | protocol=17 | dir=in | name=pando media booster | 
"{7BB94CAE-F4AF-4DA8-8999-C61C97E9A123}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{917E65D2-7187-4CB0-9CA4-25B2A5769959}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{92CABD09-1316-4FD7-90B8-599E6B05C4A9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9D556B3B-DFD6-4555-A30B-FDD2E39BAB79}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{A5BDE3E5-1DB4-420C-9E7D-0B3AC7279840}" = lport=6881 | protocol=6 | dir=in | name=blizzard downloader: 6881 | 
"{A740BBEC-99FD-43FD-BECF-C5193B067692}" = lport=56614 | protocol=6 | dir=in | name=pando media booster | 
"{AAE7A9F1-3E59-4ECF-A89A-49498882DCEA}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B2A8956E-CE17-4EF6-BD68-140E1735E771}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B98CBFC9-1DCF-414D-9361-52D2FFD93562}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{BA12B3C7-C995-47C3-8E8C-BC14B5BA4190}" = lport=56614 | protocol=6 | dir=in | name=pando media booster | 
"{BB8BC263-A5B2-4EE9-AFB8-35B94F5FB6BD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{BCD97DAB-CAEB-4918-85BF-C651D08A6ED4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DBEAB78F-8980-4AF4-AC1F-F7446477B365}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E6A51490-2C38-4B77-8DEC-23FD0DF04504}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E6F3979D-1334-4244-A6C8-415F7670715A}" = lport=56614 | protocol=17 | dir=in | name=pando media booster | 
"{E824982D-64C9-4EFB-891D-B06549F43B62}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E940027B-AB35-4604-AE03-C934DB291ABD}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F2FD89DE-F2A8-4DA9-8EBA-458F96F070A3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{F34160D7-E2CF-4E09-ACF3-6F29CC4C89A9}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00096877-6A0D-4487-BEEE-6C6FF67848BD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{00120F96-9A77-4337-AE37-9E949F29AACE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{003DC054-A6D1-4BB0-A3B5-019D78FADFE8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\almost_the_mutt\counter-strike source\hl2.exe | 
"{01322CA2-4D18-43E4-B26E-A54E955FB397}" = protocol=17 | dir=in | app=c:\program files\blastshark\hellgate\blastshark.exe | 
"{029C1E8F-903D-4A77-8F52-479EBFB099EE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{056784B6-EE69-4AEC-914B-9DDD2C3CAB1D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0586E16E-52E7-440A-9A48-4F03104944D4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0AA018BF-5612-4A3B-AB61-08699FA0BCB8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0AA29FA0-C912-4B27-B511-69F500963955}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0B317D27-6C54-472B-94EA-AACA67B5EE71}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0B557308-C8E7-42D2-9C0A-13FB27199E23}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0BFFFDCB-BE3F-4F90-85EA-11FF576A9CDC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0D38B054-8327-42AA-B959-5603AEE4C105}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{0EDF80B2-57C3-4AB6-819C-EEAA8FB49157}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0EECE20B-255B-4187-A698-5960EA28F43A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0F417795-03DD-4D03-BD06-1EB7EF3FE498}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{10DBA15B-8EFC-4E34-9F45-232F9A84CCDD}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{142808BB-C2AE-4881-9D2F-E26D2B726785}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{14FD272F-D349-4217-8F13-330FC673A204}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1704C018-BC41-4D6D-9CA2-485DC3DD8A2F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1779E8CB-20CB-43F5-B9D2-246952D4FEF9}" = protocol=6 | dir=in | app=c:\program files\blastshark\hellgate\blastshark.exe | 
"{1866CB93-7BCF-4CB7-91C1-983F89597090}" = protocol=17 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{198EADA3-1D8D-4905-ABA6-5DDBC7F5A458}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1B16C7CD-30FA-4675-8847-AD3F220BBC87}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{1BB19AC0-C0AC-40AD-8F2D-702A29BF44B5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1D04C51C-71C3-4DC7-9208-09F7E34170F0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1D50D517-6FB2-4A9A-B5E9-C491BF8C39DA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1E1751F9-D1C3-4914-B3F9-CAB57364A637}" = protocol=6 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"{1ED880B9-BAA6-4D81-BC07-D53CD97F8234}" = protocol=6 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{200E10A2-8339-4E15-B079-C795011662B9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{217FEE28-CF09-4809-9D8B-7DF99D603385}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{224C6577-EE90-4301-AD5A-A64E1A2EA1BB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{242F9A7D-05B8-4C78-9CE7-2D921CAF45A2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{252200F4-1A00-42BA-B34E-F1017EBE9B72}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{257D37D9-8EC3-449A-A6BE-ED5EF6B826CB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{25D393DE-8BF4-4876-AC5F-7A3CCD1D23F8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{27F164B7-AAA8-4BA2-807A-4C2918887BE0}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{2858E023-1C9B-4F19-859A-BC4FC20E6137}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{294A9FA2-E345-4E05-9753-78B4C520514B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2984469D-B89A-42EB-BD9F-28EB5998AFA9}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{2A1E9601-AF2C-47CD-BB53-77C24842C5DF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{2AC8171F-2811-43C9-A20D-CF66008F56B9}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{2F44CE71-D6A1-4DDA-939D-53D1D6927D26}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{2F4637E7-CE9C-419B-8FB3-93BC28766AFD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3028F204-AF71-4002-883D-03398E2417D0}" = protocol=17 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"{313AACC6-2DB3-4701-81AF-56B57A41C5BF}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{31E47D90-58B2-4F58-97CC-22F13036631C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{333D7872-69EA-4B11-9BDF-0A20105177AD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{33DCE12F-E9BE-4589-BC88-C54803FBA233}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3998152E-A3C2-4FE1-AA33-E81534905223}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3C1B0B88-7B78-4C3D-BFFA-7EBBBDCD24B0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3C7912B6-53BC-4042-A935-30009254DDE6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3E72B5E5-1CE3-4841-95A6-DBA3ED3355F0}" = protocol=17 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{408C4F33-9398-498D-AE95-B39907A5E08A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{41D4B73A-DED9-4FCD-828F-622583BCF2E2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{42FFA410-21D8-4EF3-AAAD-4EBC4504CB6D}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 
"{437F9FC8-F661-45C2-91E0-63125460A7D0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4507016F-0D3A-4E21-BA21-792085A29B4D}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{478711A4-E80E-44B7-8374-0D790349E557}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4BD8C133-E060-4221-AE20-1AF3E68F2431}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4BF0DEF4-3AF1-4AD1-99F2-0E8648B7F628}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4DD2F6C7-37EF-4131-8B7E-D2A77FCA7F0C}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{4EBB7B2E-30C2-4199-B2EF-CAE9E59C404E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{4F1B1B11-9FB9-4965-88F1-C9B17AF4D3DA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{50094F62-3614-46F3-B834-357B26368FB2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5153BB3E-3DD8-4EE0-8926-C6A88B198B89}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{51578448-660D-46B6-901B-9586477F1B7A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{52A3DB51-8969-454F-B489-4E2541E3482B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{539556B1-4D40-4272-B5EE-76294388703B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{54AEFB97-4916-4D9E-8929-921A6031D849}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{54C2F2EC-A1B8-4DE2-907F-E8E64EDF8ECE}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 
"{557F7308-768C-4A73-8F6F-8F877CFA21AC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{57A1E577-1C9E-487F-9215-6D18A29E8BFB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{57DCA230-938F-4F68-9D37-F27C39F1E5F0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{58D4D03A-6CE8-48B1-946B-0782B18FBC28}" = protocol=17 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"{58DCBFCC-B979-48E1-929A-235D74D97469}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{58E8645B-EEF4-41A2-A66A-48693A25A0DA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{59862BE0-54B7-41DB-A674-72D9FDDCA39C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5A6C6EEB-2DA4-459A-8CD6-81DB2190F8B6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5AB4FE92-9EFC-4D0F-85FC-7414BF4E6264}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5BCBDCB9-A8D9-49D1-9A47-78EE609F731F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5C30BCEE-E3C4-41D4-9008-BB7080959712}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5D559C7B-47F0-4751-BF84-3CB07E28C0C4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5EE87469-5FFC-41C0-AC0A-DD800B7B28D5}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{5FDE96AE-CB5B-402E-B024-D0EDBC1CABDA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5FFD7F29-AC6E-4050-9E1A-2824653A2374}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{62C2AEA0-A369-41C0-A3B3-CC6900757708}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6449C2EA-AF12-4B0C-8F4B-2A1119FE84BC}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{654D0639-7EE8-42BB-9BBF-BC586F135890}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{662D92B8-65F9-4538-B02C-3742706F2F8A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6B1174A1-B68B-4B4C-AEB7-DD5669C7075A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{6C274576-C1EC-43EF-8A3C-0FABD406D1BB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6D00F551-FC03-4E99-84B9-CBA946373A5A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6DA08782-E68A-4707-A0D0-6357C83F47D5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6ECDEAC0-C7C2-4BEC-951E-D547941C227E}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{708539CC-F12E-4E91-97BC-ACE7468F6A8B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{73A7A4BA-B1A3-4E6F-87AB-9C5A0A2F3F27}" = protocol=6 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"{767FB016-7D73-492C-AA5C-C1439B28C2F8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{7962B62D-2672-453A-ACF7-91573C4F62AB}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{7A3F65B5-EC93-4C74-A03E-366279674216}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7BBC8CA1-2988-466C-B5B7-7C8DD712B846}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{7F49548F-BDF6-4F7A-B603-3A559BD12AAB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{81044E59-72B8-4A87-B9FA-DD60F44ABDA4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{82C8C9BF-E309-4DAA-A6CF-12918FA95FC2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8402F61E-43D4-4254-B978-9D8772058BFE}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{85BF30D7-D564-4708-926E-0E9175EDC0E0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{865D10FA-CCDB-4DA2-959F-01C530E5131F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{872E48D8-442A-40E2-8F4B-272A5DB2BCEE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8856EEAB-3923-4914-9B0D-A15D50646113}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8E2CB9B5-17A2-4FEC-BC12-B6D14C702A86}" = protocol=6 | dir=in | app=c:\t3fun\hellgate\hgllauncher.exe | 
"{91AFCDEB-97A2-4CE6-92DB-31E6A41C3004}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{92B5A539-6F6C-4CEF-A527-3332F2175CA8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{92D09FFB-3B0F-4AA6-9340-3AB7E4E8BA0D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{93EF06AF-AD22-47C0-96FD-451E0FF47FAA}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{9455CBAE-0E88-4026-AE6F-6A1735864EF2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9472BCDB-E515-4E4D-8E00-5CF9966BF1AB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{96AE3DA3-0BD7-4160-8A87-AF761EE4E355}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{97F6206C-D634-4CC6-9684-BE85FD60C723}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{98FA8F20-26F1-467B-8C61-DD0C49B6AE37}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9DA7A531-F015-4A60-8713-89D306AD416C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9E912DA2-73CD-48AF-BF44-A3EEC567778D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9FF063E3-EBB4-4D42-B11E-3DED1A2E079B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A15701B7-663D-422D-A05F-EEAA09E0967D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A19F3430-79E3-41A2-BC86-807EE0FF1DF1}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{A2E51B2F-8758-473F-84EB-B8566EEE0D47}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\almost_the_mutt\counter-strike\hl.exe | 
"{A47CD175-A964-474B-96D9-22251EF074EE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A5D144BA-9E3B-427F-AB9C-7C3649547051}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{A5DE696F-8BD3-4BDB-93D6-89294DC0CF28}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A6B7E4F5-0FB8-45FC-9F62-F1F8BB4EE695}" = protocol=6 | dir=in | app=c:\program files\rockstar games\eflc\launcheflc.exe | 
"{A6F6C1BA-6137-40F9-8322-C5CB1228056F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A91F9871-4564-4B5A-876C-2482C89AE6F8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A9737DE3-C845-404B-A69E-116333D13F70}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AA3860DB-1568-4817-B01E-2C423219407E}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AC6FA85D-4E05-4DC7-BBD6-4BD948160230}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ACE6452F-12B9-448A-AA81-168C05CAB8BD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AD6B04FC-8E3C-4AAF-8217-0010497F2AE8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AE25F7B8-EC56-460D-9579-FA4C5F37C345}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AED31E5C-BB2D-4C2F-984B-A626A4ED9FAF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B005C459-BAB5-4B59-B9B6-81FD7D1E61A8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B0454CF7-8F63-4BAE-877C-1691C13B688C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B0A46380-6BE9-451E-B9D9-2036342B975C}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{B2668007-0DCC-4EFC-B70B-0431FA18C763}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B498A567-BA59-423A-B499-09D3363790A1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B56FD1CE-6ED7-47E9-9AAF-A12430EF205E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B9064BCE-7B56-43C4-BE29-FA4778BA6EC8}" = protocol=17 | dir=in | app=c:\program files\rockstar games\eflc\launcheflc.exe | 
"{B95A6556-8345-4C4A-9F7B-AA722F246C28}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BC4F0A67-C0C2-4038-91D0-AAF7CB59AF1F}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | 
"{BDF7184C-21A3-4BA0-89B0-E937147256E2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BE02D1C8-7D94-4A20-84C2-AC6D4EE2EEB9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C094E025-8E4F-42C2-84F3-807955324CE0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C222F8F2-7005-4F4B-93F5-528A13622764}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{C2B8DE4D-14DB-46F6-80F9-9BE892F82F7C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C2D780E1-F376-45B6-9B42-B35BDD44C005}" = protocol=17 | dir=in | app=f:\games\gta san andreas\gta_sa.exe | 
"{C46807FA-2A4D-4FE0-8820-C2F6EAD66700}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{C5053161-80F5-4F5B-B37E-27F0F58B4AA2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C50FA813-3DEA-436C-A7EB-1F5EFD253E52}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C7228A52-29BB-48CC-B63A-031DAA17D126}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CC020E0B-7D98-4E51-9377-4D879061ED56}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CDDC8B23-12A3-46B5-9D21-F64B2A5FCA0E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CDF5601D-433E-4ADF-B45D-37BE89D32CF6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\almost_the_mutt\counter-strike source\hl2.exe | 
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D068B334-5BA2-4027-9F39-23E24AF500B0}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{D0FE7FE6-18EE-46F9-B236-76A65F42C81F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D2977B69-8F87-4D26-B8BF-85830F86C5BD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D2A961D1-D4E2-4B36-8978-56B1E4FF1DCE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D3C65D60-0204-4844-BF7E-5140CFD2ECF2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D47DEB30-273D-4BA7-A420-EDF907BE601A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D8F57ECF-0D2A-446B-A72D-32CB8D11A4D4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D952FCB9-1680-4DB8-AF67-7409BAF91C1E}" = protocol=17 | dir=in | app=c:\t3fun\hellgate\hgllauncher.exe | 
"{D9650797-E1F2-4074-8DCE-DD3F84091E8B}" = protocol=6 | dir=in | app=f:\games\gta san andreas\gta_sa.exe | 
"{DA98F40E-1382-406F-929F-94A61507C55A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DA9D0854-4C15-4C8F-B193-FB2A11849BB5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DAA85E28-3F32-4AF1-9B0E-45AE6B4ECE01}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DC56AA43-7FA2-4236-9E3E-4F1FF9BDBF22}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DCAC0B98-A933-42AC-ADC4-BABD4C63D5A9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DD7981D9-7A8D-4F8F-8511-5D43FEE1CD55}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DF229671-117A-41D5-A025-40D9289F1B7F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E13AAF2E-5E13-4825-91EF-C880D01C42FF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E1895170-7A89-4FA6-9B82-51C990FE2371}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{E2FB78D7-6BA7-4B5E-A3CD-6B209BD9F297}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E640F205-2145-4FD1-9A3B-0C673DF6889A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E77A1041-A1DF-4196-81F3-F47B1153CA33}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E92A6088-45B8-4486-B3EC-F45179618AD1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E94B9422-8922-41B1-9916-3668B19E149E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E96A1A82-C751-4F3A-928E-858AA2D7DFEE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EA7EEC74-A774-4656-B233-535F6428C7C1}" = protocol=17 | dir=in | app=f:\games\gta san andreas\samp.exe | 
"{ECE67149-25AF-421D-B37C-FAB9976710D1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ED2AB94F-9FA3-418D-BD78-5755E0069B80}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ED2C3B36-6CDF-49A3-BE5B-8B1BD71D5282}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EFC5FF15-CCA5-4CC3-B587-7FFF2A036CBE}" = protocol=6 | dir=out | app=system | 
"{F00C5618-5F23-4F78-AE56-1E8823E5D27C}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{F09FF140-63B3-4550-9C0B-5ED5450938D8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F0EC4E7B-DCD1-43D0-A1B5-B9EADCB6F0A2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F16366C8-9E16-4539-9FCB-E9D2E2FAB4D0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F2C2483E-5BFA-42C4-BC18-325D4FD9E40F}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{F3259D21-4C95-437C-BF03-48F29AC13331}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F52761BE-4A64-4A64-9F33-B271C8F676AD}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F56887B8-1BFE-4064-8DAC-279738CF30C3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F5A7BDB8-C8AB-4B45-A9C2-66309F8AC662}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F69FC020-7A22-4570-A7D5-C97289216D0C}" = protocol=6 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F8BB526C-61D7-44FB-A6FD-7418AB478CBA}" = protocol=6 | dir=in | app=f:\games\gta san andreas\samp.exe | 
"{F8BC3494-18F9-4B58-BB7C-DD8FF43830A4}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{F8BDC19B-C5B8-488B-B26B-7962E40A0357}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\almost_the_mutt\counter-strike\hl.exe | 
"{F9A7A4BD-53A6-40E5-AAFE-654BBAD4ACD6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FACFF2E9-08FA-4316-82E3-04A696750F1C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FC8FB7A7-C800-4934-AD1A-9993257BD55A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{01C41422-AD52-436F-9B35-D3424CB3A679}C:\users\egal\downloads\tinyumbrella-4.30.05.exe" = protocol=6 | dir=in | app=c:\users\egal\downloads\tinyumbrella-4.30.05.exe | 
"TCP Query User{1BC07C08-818D-4109-AF58-0DF05F2DBBE9}C:\program files\age of empire 2\empires2.exe" = protocol=6 | dir=in | app=c:\program files\age of empire 2\empires2.exe | 
"TCP Query User{31492AEE-8015-4863-AE26-FCDEE3277D59}F:\games\trackmania nations forever\tmforever.exe" = protocol=6 | dir=in | app=f:\games\trackmania nations forever\tmforever.exe | 
"TCP Query User{4542A32A-95ED-48A8-9428-310309AD4296}C:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"TCP Query User{4D72CF10-E890-43D4-B75E-A0B307CCB62F}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{55450C15-D8FB-4C9E-AD46-6BCF3D8461C4}C:\program files\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"TCP Query User{5D8086F9-5379-4EE2-B5C9-F636EC73EC80}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{5F863460-E4D8-4024-B930-B51461C200A1}C:\program files\steam\steamapps\almost_the_mutt\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\almost_the_mutt\team fortress 2\hl2.exe | 
"TCP Query User{859C2388-3C41-4326-A846-03048C58937D}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{AD033D0F-A052-45EF-8A0E-E96424F2BB71}C:\program files\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\repair.exe | 
"TCP Query User{B952DB70-84E8-4326-BC83-200C329A11F7}C:\program files\rockstar games\eflc\eflc.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\eflc\eflc.exe | 
"TCP Query User{C0661F5A-200D-4A90-8306-D23964CDFFA9}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 
"TCP Query User{C0CAF677-4A28-4DA2-8F82-40622F6FDA54}C:\program files\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\program files\diablo ii\game.exe | 
"TCP Query User{D14EE8B6-E2B9-440E-ABA4-4A3F8175F1AF}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{E1DD28BD-0AE5-43D6-AAC8-1600F1C31978}F:\games\portal 2\portal2.exe" = protocol=6 | dir=in | app=f:\games\portal 2\portal2.exe | 
"TCP Query User{ECFA7697-DFFC-4AD6-9844-6F22E75CB763}C:\program files\steam\steamapps\almost_the_mutt\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\almost_the_mutt\half-life 2 deathmatch\hl2.exe | 
"TCP Query User{F1F7CBB0-B17A-427F-BA13-CD6FB4C375D0}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{F403AE55-DA39-46AE-8AF6-25C549ED5D10}C:\program files\steam\steamapps\the_denyo\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\the_denyo\team fortress 2\hl2.exe | 
"UDP Query User{11EFD968-5EDC-4215-BE23-61AB2B659094}F:\games\trackmania nations forever\tmforever.exe" = protocol=17 | dir=in | app=f:\games\trackmania nations forever\tmforever.exe | 
"UDP Query User{1A30FA10-33D9-4210-AA41-FB1D14A76EAF}C:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"UDP Query User{40242A23-AA8F-43BA-993D-08F3D58CFFA5}C:\program files\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\program files\diablo ii\game.exe | 
"UDP Query User{4F2B956D-B957-4AD1-A651-EDFC5D95EC05}C:\program files\steam\steamapps\almost_the_mutt\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\almost_the_mutt\half-life 2 deathmatch\hl2.exe | 
"UDP Query User{581E1C67-6BCC-4D76-9C88-F829900F680D}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{58348552-7B6B-4ABE-AB9D-CD86759BACA5}C:\program files\steam\steamapps\almost_the_mutt\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\almost_the_mutt\team fortress 2\hl2.exe | 
"UDP Query User{62F33D5A-C7E9-42B0-9934-7A6D03B897C2}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{6A428D45-8DF5-4559-80E0-045E8B8A256C}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{804C63DF-8CFC-4984-80D0-387BA791E2FD}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 
"UDP Query User{8737B4DB-1224-4D93-A943-1F38EA4AA304}C:\program files\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\repair.exe | 
"UDP Query User{AF17773E-C3E9-4366-8BCA-D058D140C350}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{B205A933-1B13-4D1B-B12B-DBB8B0DF84DA}C:\users\egal\downloads\tinyumbrella-4.30.05.exe" = protocol=17 | dir=in | app=c:\users\egal\downloads\tinyumbrella-4.30.05.exe | 
"UDP Query User{BCEEB310-0F21-44D8-A8F6-4E01340775C7}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{C1ECF60A-3856-4027-A5A7-7B78A980F9DB}F:\games\portal 2\portal2.exe" = protocol=17 | dir=in | app=f:\games\portal 2\portal2.exe | 
"UDP Query User{C7D7CE6A-624C-43DE-97D1-55434FD6F7D2}C:\program files\steam\steamapps\the_denyo\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\the_denyo\team fortress 2\hl2.exe | 
"UDP Query User{D6ED58F3-CCE6-4A4A-B526-BC09FC2ECD30}C:\program files\rockstar games\eflc\eflc.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\eflc\eflc.exe | 
"UDP Query User{DE6176F6-1D71-49E7-8D22-ACF6DE21FDE5}C:\program files\age of empire 2\empires2.exe" = protocol=17 | dir=in | app=c:\program files\age of empire 2\empires2.exe | 
"UDP Query User{FE0D545D-8223-4950-9191-2F744AE2FCC7}C:\program files\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0E26E09B-6687-4A99-BD08-A9E705373029}_is1" = Vyzex Pocket POD 1.17
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0004
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{655B9514-3963-490B-9EE1-431E80444889}" = Razer Tarantula
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E659C5C-4DF1-499B-B802-77BAE9ABE4D4}" = Razer Diamondback 3G
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.6.0
"{821018E8-68D9-42F0-84FF-C571876B5D33}" = DayZ Commander
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91A5B6C0-EF4E-4830-AC7D-6761C0A9B292}" = hp deskjet 3600
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 290.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.1107
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Speicher-Disc
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2012.build.51 (April 7, 2012) Version v2012.build.51
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump
"{E0828692-FD9D-459F-9312-C645C3CA6650}" = HP Photo and Imaging 2.0 - Deskjet Series
"{EDAAC216-AC73-4152-9654-E12FE5A69F5D}_is1" = CBR Reader
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"8461-7759-5462-8226" = Vuze
"ABC Amber Audio Converter" = ABC Amber Audio Converter
"AC3Filter" = AC3Filter (remove only)
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ALchemy" = Creative ALchemy
"Any Video Converter 5_is1" = Any Video Converter 5 5.0.3
"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.21
"ASIO4ALL" = ASIO4ALL
"AudioCS" = Creative Audio-Systemsteuerung
"avast" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"CDisplayEx_is1" = CDisplayEx 1.8
"Cheat Engine 6.0_is1" = Cheat Engine 6.0
"CloneCD" = CloneCD
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Eigenschaften von Creative Sound Blaster
"DesktopIconAmazon" = Desktop Icon für Amazon
"DivX Setup" = DivX-Setup
"FL Studio 9" = FL Studio 9
"FoxyDeal_is1" = FoxyDeal version 1.0.0
"Free Video Dub_is1" = Free Video Dub version 2.0.14.1015
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031
"FreeDoko" = FreeDoko 0.7.8
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Hardcore" = Hardcore
"hp print screen utility" = hp print screen utility
"IL Download Manager" = IL Download Manager
"IrfanView" = IrfanView (remove only)
"Juniper_Setup_Client Activex Control" = Juniper Networks, Inc. Setup Client Activex Control
"Line 6 Uninstaller" = Line 6 Uninstaller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mouse Joypad V1.0" = Mouse Joypad V1.0
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PoiZone" = PoiZone
"PQ DVD to iPod Converter" = PQ DVD to iPod Converter (remove only)
"PunkBusterSvc" = PunkBuster Services
"QWdlIG9mIEVtcGlyZXMgSUkgSEQgKGMpIE1pY3Jvc29mdCBTdHVkaW9z_is1" = Age of Empires II HD (c) Microsoft Studios version 1
"RealPlayer 12.0" = RealPlayer
"Recuva" = Recuva
"Sawer" = Sawer
"SearchAnonymizer" = SearchAnonymizer
"Steam App 218" = Source SDK Base 2007
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"The Elder Scrolls V Skyrim Dragonborn (c) Bethes~300CD4A2_is1" = The Elder Scrolls V Skyrim Dragonborn (c) Bethesda Softworks version 1
"Titan Poker" = Titan Poker
"Toxic Biohazard" = Toxic Biohazard
"TuneUp Utilities" = TuneUp Utilities
"TuxGuitar_0" = TuxGuitar 1.2
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.4
"WaveStudio 7" = Creative WaveStudio 7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 6.14
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.06.2013 21:55:56 | Computer Name = Spielserver | Source = Application Hang | ID = 1002
Description = Programm SDFiles.exe, Version 2.1.18.135 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: b34    Startzeit: 
01ce6d592b99c5a2    Endzeit: 0    Anwendungspfad: C:\Program Files\Spybot - Search & Destroy
 2\SDFiles.exe    Berichts-ID: 8a41e98c-d94c-11e2-9f1a-001bfc3778b9  
 
Error - 19.06.2013 23:29:29 | Computer Name = Spielserver | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: swxcacls.3XE, Version: 1.0.1.1, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: swxcacls.3XE, Version: 1.0.1.1, Zeitstempel:
 0x2a425e19  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00004b2a  ID des fehlerhaften Prozesses:
 0x89c  Startzeit der fehlerhaften Anwendung: 0x01ce6d6428a83234  Pfad der fehlerhaften
 Anwendung: C:\ComboFix\swxcacls.3XE  Pfad des fehlerhaften Moduls: C:\ComboFix\swxcacls.3XE
Berichtskennung:
 9cf05eea-d959-11e2-9cba-001bfc3778b9
 
Error - 19.06.2013 23:47:28 | Computer Name = Spielserver | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: swxcacls.3XE, Version: 1.0.1.1, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: swxcacls.3XE, Version: 1.0.1.1, Zeitstempel:
 0x2a425e19  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00004b2a  ID des fehlerhaften Prozesses:
 0x1440  Startzeit der fehlerhaften Anwendung: 0x01ce6d66b4a30f40  Pfad der fehlerhaften
 Anwendung: C:\ComboFix\swxcacls.3XE  Pfad des fehlerhaften Moduls: C:\ComboFix\swxcacls.3XE
Berichtskennung:
 201ff77f-d95c-11e2-9cba-001bfc3778b9
 
Error - 20.06.2013 13:24:57 | Computer Name = Spielserver | Source = VSS | ID = 18
Description = 
 
Error - 20.06.2013 13:24:57 | Computer Name = Spielserver | Source = VSS | ID = 8193
Description = 
 
Error - 20.06.2013 13:24:57 | Computer Name = Spielserver | Source = System Restore | ID = 8193
Description = 
 
Error - 20.06.2013 15:09:42 | Computer Name = Spielserver | Source = VSS | ID = 18
Description = 
 
Error - 20.06.2013 15:09:42 | Computer Name = Spielserver | Source = VSS | ID = 8193
Description = 
 
Error - 20.06.2013 15:09:42 | Computer Name = Spielserver | Source = System Restore | ID = 8193
Description = 
 
Error - 21.06.2013 09:40:05 | Computer Name = Spielserver | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 21.0.0.4879,
 Zeitstempel: 0x518ec3cc  Name des fehlerhaften Moduls: xul.dll, Version: 21.0.0.4879,
 Zeitstempel: 0x518ec306  Ausnahmecode: 0xc0000005  Fehleroffset: 0x001c9789  ID des fehlerhaften
 Prozesses: 0x177c  Startzeit der fehlerhaften Anwendung: 0x01ce6e40df4b3c34  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Mozilla Firefox\xul.dll  Berichtskennung: 142b6534-da78-11e2-ae1f-001bfc3778b9
 
[ Media Center Events ]
Error - 06.05.2010 10:28:30 | Computer Name = Spielserver | Source = MCUpdate | ID = 0
Description = 16:28:27 - MCEClientUX konnte nicht abgerufen werden (Fehler: Fehler
 bei der Anforderung mit HTTP-Status 503: Service Unavailable.)  
 
[ System Events ]
Error - 20.06.2013 23:16:23 | Computer Name = Spielserver | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 20.06.2013 23:18:31 | Computer Name = Spielserver | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 20.06.2013 23:18:31 | Computer Name = Spielserver | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 21.06.2013 09:41:35 | Computer Name = Spielserver | Source = Application Popup | ID = 875
Description = Treiber atksgt.sys konnte nicht geladen werden.
 
Error - 21.06.2013 09:41:35 | Computer Name = Spielserver | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 21.06.2013 09:41:50 | Computer Name = Spielserver | Source = Service Control Manager | ID = 7023
Description = Der Dienst "SGHIDI" wurde mit folgendem Fehler beendet:   %%126
 
Error - 21.06.2013 09:42:08 | Computer Name = Spielserver | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Spybot-S&D 2 Scanner Service erreicht.
 
Error - 21.06.2013 09:42:08 | Computer Name = Spielserver | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 21.06.2013 09:44:42 | Computer Name = Spielserver | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 21.06.2013 09:44:42 | Computer Name = Spielserver | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
[ TuneUp Events ]
Error - 17.06.2013 17:30:42 | Computer Name = Spielserver | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 17.06.2013 17:30:52 | Computer Name = Spielserver | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 17.06.2013 17:30:52 | Computer Name = Spielserver | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 17.06.2013 17:30:57 | Computer Name = Spielserver | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 17.06.2013 17:30:57 | Computer Name = Spielserver | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 17.06.2013 17:31:12 | Computer Name = Spielserver | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 17.06.2013 17:31:12 | Computer Name = Spielserver | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 17.06.2013 17:31:12 | Computer Name = Spielserver | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 17.06.2013 17:31:18 | Computer Name = Spielserver | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 17.06.2013 17:31:52 | Computer Name = Spielserver | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
 
< End of report >
         

Vielen Dank schonmal
Ich hoffe ihr könnt mit diesen Daten etwas anfangen (ist das erste mal, dass ich sowas mache)

Alt 21.06.2013, 18:24   #2
Victarion
 
Virtumonde.dll/sci/sdn und Spybot - Standard

Virtumonde.dll/sci/sdn und Spybot



Entschuldigung wegen dem Eigenpost, aber hatte den GMER Log wegen dem Zeichelnlimit vergessen.
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-21 16:53:47
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4 SAMSUNG_SP2504C rev.VT100-33 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\EGAL\AppData\Local\Temp\pwrdiaow.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                        ZwAddBootEntry [0x8E228202]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS                                                                                         ZwAllocateVirtualMemory [0x8ED1CC48]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                        ZwCreateEvent [0x8E22A7F0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                        ZwCreateEventPair [0x8E22A848]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                        ZwCreateIoCompletion [0x8E22A95E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                        ZwCreateMutant [0x8E22A746]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                        ZwCreateSection [0x8E22A898]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                        ZwCreateSemaphore [0x8E22A79A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                        ZwCreateTimer [0x8E22A90C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                        ZwDeleteBootEntry [0x8E228226]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS                                                                                         ZwFreeVirtualMemory [0x8ED1CCF8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                        ZwLoadDriver [0x8E227FF0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                        ZwModifyBootEntry [0x8E22824A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                        ZwNotifyChangeKey [0x8E22AD56]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                        ZwNotifyChangeMultipleKeys [0x8E228CDA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                        ZwOpenEvent [0x8E22A820]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                        ZwOpenEventPair [0x8E22A870]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                        ZwOpenIoCompletion [0x8E22A988]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                        ZwOpenMutant [0x8E22A772]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                        ZwOpenSection [0x8E22A8D8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                        ZwOpenSemaphore [0x8E22A7C8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                        ZwOpenTimer [0x8E22A936]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS                                                                                         ZwProtectVirtualMemory [0x8ED1CD90]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                        ZwQueryObject [0x8E228BA0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                        ZwSetBootEntryOrder [0x8E22826E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                        ZwSetBootOptions [0x8E228292]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                        ZwSetSystemInformation [0x8E22804A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                        ZwSetSystemPowerState [0x8E228186]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                        ZwShutdownSystem [0x8E228162]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                        ZwSystemDebugControl [0x8E2281AA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                        ZwVdmControl [0x8E2282B6]

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                       832829F5 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                         832BC1F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10CB                                                                                            832C3410 4 Bytes  [02, 82, 22, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10F3                                                                                            832C3438 4 Bytes  [48, CC, D1, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11A7                                                                                            832C34EC 8 Bytes  [F0, A7, 22, 8E, 48, A8, 22, ...] {CMPSD ; AND CL, [ESI-0x71dd57b8]}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11B3                                                                                            832C34F8 4 Bytes  [5E, A9, 22, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11CF                                                                                            832C3514 4 Bytes  [46, A7, 22, 8E]
.text           ...                                                                                                                            
.text           C:\Windows\system32\DRIVERS\lirsgt.sys                                                                                         section is writeable [0xA331B300, 0x1BCE, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text           C:\Windows\System32\rundll32.exe[428] ntdll.dll!LdrUnloadDll                                                                   7751C86E 5 Bytes  JMP 000703FC 
.text           C:\Windows\System32\rundll32.exe[428] ntdll.dll!LdrLoadDll                                                                     7752223E 5 Bytes  JMP 000701F8 
.text           C:\Windows\System32\rundll32.exe[428] kernel32.dll!GetBinaryTypeW + 70                                                         764969F4 1 Byte  [62]
.text           C:\Windows\System32\rundll32.exe[428] USER32.dll!UnhookWindowsHookEx                                                           7636ADF9 5 Bytes  JMP 00140A08 
.text           C:\Windows\System32\rundll32.exe[428] USER32.dll!UnhookWinEvent                                                                7636B750 5 Bytes  JMP 001403FC 
.text           C:\Windows\System32\rundll32.exe[428] USER32.dll!SetWindowsHookExW                                                             7636E30C 5 Bytes  JMP 00140804 
.text           C:\Windows\System32\rundll32.exe[428] USER32.dll!SetWinEventHook                                                               763724DC 5 Bytes  JMP 001401F8 
.text           C:\Windows\System32\rundll32.exe[428] USER32.dll!SetWindowsHookExA                                                             76396D0C 5 Bytes  JMP 00140600 
.text           C:\Windows\System32\spoolsv.exe[452] ntdll.dll!LdrUnloadDll                                                                    7751C86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\System32\spoolsv.exe[452] ntdll.dll!LdrLoadDll                                                                      7752223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\System32\spoolsv.exe[452] kernel32.dll!GetBinaryTypeW + 70                                                          764969F4 1 Byte  [62]
.text           C:\Windows\System32\spoolsv.exe[452] USER32.dll!UnhookWindowsHookEx                                                            7636ADF9 5 Bytes  JMP 00100A08 
.text           C:\Windows\System32\spoolsv.exe[452] USER32.dll!UnhookWinEvent                                                                 7636B750 5 Bytes  JMP 001003FC 
.text           C:\Windows\System32\spoolsv.exe[452] USER32.dll!SetWindowsHookExW                                                              7636E30C 5 Bytes  JMP 00100804 
.text           C:\Windows\System32\spoolsv.exe[452] USER32.dll!SetWinEventHook                                                                763724DC 5 Bytes  JMP 001001F8 
.text           C:\Windows\System32\spoolsv.exe[452] USER32.dll!SetWindowsHookExA                                                              76396D0C 5 Bytes  JMP 00100600 
.text           C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[476] ntdll.dll!LdrUnloadDll                                   7751C86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[476] ntdll.dll!LdrLoadDll                                     7752223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[476] kernel32.dll!GetBinaryTypeW + 70                         764969F4 1 Byte  [62]
.text           C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[476] USER32.dll!UnhookWindowsHookEx                           7636ADF9 5 Bytes  JMP 00310A08 
.text           C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[476] USER32.dll!UnhookWinEvent                                7636B750 5 Bytes  JMP 003103FC 
.text           C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[476] USER32.dll!SetWindowsHookExW                             7636E30C 5 Bytes  JMP 00310804 
.text           C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[476] USER32.dll!SetWinEventHook                               763724DC 5 Bytes  JMP 003101F8 
.text           C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[476] USER32.dll!SetWindowsHookExA                             76396D0C 5 Bytes  JMP 00310600 
.text           C:\Windows\system32\csrss.exe[484] kernel32.dll!GetBinaryTypeW + 70                                                            764969F4 1 Byte  [62]
.text           C:\Program Files\Razer\Diamondback 3G\razerhid.exe[500] ntdll.dll!LdrUnloadDll                                                 7751C86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Razer\Diamondback 3G\razerhid.exe[500] ntdll.dll!LdrLoadDll                                                   7752223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Razer\Diamondback 3G\razerhid.exe[500] kernel32.dll!GetBinaryTypeW + 70                                       764969F4 1 Byte  [62]
.text           C:\Program Files\Razer\Diamondback 3G\razerhid.exe[500] USER32.dll!UnhookWindowsHookEx                                         7636ADF9 5 Bytes  JMP 00180A08 
.text           C:\Program Files\Razer\Diamondback 3G\razerhid.exe[500] USER32.dll!UnhookWinEvent                                              7636B750 5 Bytes  JMP 001803FC 
.text           C:\Program Files\Razer\Diamondback 3G\razerhid.exe[500] USER32.dll!SetWindowsHookExW                                           7636E30C 5 Bytes  JMP 00180804 
.text           C:\Program Files\Razer\Diamondback 3G\razerhid.exe[500] USER32.dll!SetWinEventHook                                             763724DC 5 Bytes  JMP 001801F8 
.text           C:\Program Files\Razer\Diamondback 3G\razerhid.exe[500] USER32.dll!SetWindowsHookExA                                           76396D0C 5 Bytes  JMP 00180600 
.text           C:\Windows\system32\wininit.exe[544] ntdll.dll!LdrUnloadDll                                                                    7751C86E 5 Bytes  JMP 000303FC 
.text           C:\Windows\system32\wininit.exe[544] ntdll.dll!LdrLoadDll                                                                      7752223E 5 Bytes  JMP 000301F8 
.text           C:\Windows\system32\wininit.exe[544] kernel32.dll!GetBinaryTypeW + 70                                                          764969F4 1 Byte  [62]
.text           C:\Windows\system32\wininit.exe[544] USER32.dll!UnhookWindowsHookEx                                                            7636ADF9 5 Bytes  JMP 000C0A08 
.text           C:\Windows\system32\wininit.exe[544] USER32.dll!UnhookWinEvent                                                                 7636B750 5 Bytes  JMP 000C03FC 
.text           C:\Windows\system32\wininit.exe[544] USER32.dll!SetWindowsHookExW                                                              7636E30C 5 Bytes  JMP 000C0804 
.text           C:\Windows\system32\wininit.exe[544] USER32.dll!SetWinEventHook                                                                763724DC 5 Bytes  JMP 000C01F8 
.text           C:\Windows\system32\wininit.exe[544] USER32.dll!SetWindowsHookExA                                                              76396D0C 5 Bytes  JMP 000C0600 
.text           C:\Windows\system32\csrss.exe[556] kernel32.dll!GetBinaryTypeW + 70                                                            764969F4 1 Byte  [62]
.text           C:\Windows\system32\taskhost.exe[560] ntdll.dll!LdrUnloadDll                                                                   7751C86E 5 Bytes  JMP 000503FC 
.text           C:\Windows\system32\taskhost.exe[560] ntdll.dll!LdrLoadDll                                                                     7752223E 5 Bytes  JMP 000501F8 
.text           C:\Windows\system32\taskhost.exe[560] kernel32.dll!GetBinaryTypeW + 70                                                         764969F4 1 Byte  [62]
.text           C:\Windows\system32\taskhost.exe[560] USER32.dll!UnhookWindowsHookEx                                                           7636ADF9 5 Bytes  JMP 00070A08 
.text           C:\Windows\system32\taskhost.exe[560] USER32.dll!UnhookWinEvent                                                                7636B750 5 Bytes  JMP 000703FC 
.text           C:\Windows\system32\taskhost.exe[560] USER32.dll!SetWindowsHookExW                                                             7636E30C 5 Bytes  JMP 00070804 
.text           C:\Windows\system32\taskhost.exe[560] USER32.dll!SetWinEventHook                                                               763724DC 5 Bytes  JMP 000701F8 
.text           C:\Windows\system32\taskhost.exe[560] USER32.dll!SetWindowsHookExA                                                             76396D0C 5 Bytes  JMP 00070600 
.text           C:\Windows\system32\services.exe[604] ntdll.dll!LdrUnloadDll                                                                   7751C86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\services.exe[604] ntdll.dll!LdrLoadDll                                                                     7752223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\services.exe[604] kernel32.dll!GetBinaryTypeW + 70                                                         764969F4 1 Byte  [62]
.text           C:\Windows\system32\winlogon.exe[636] ntdll.dll!LdrUnloadDll                                                                   7751C86E 5 Bytes  JMP 000303FC 
.text           C:\Windows\system32\winlogon.exe[636] ntdll.dll!LdrLoadDll                                                                     7752223E 5 Bytes  JMP 000301F8 
.text           C:\Windows\system32\winlogon.exe[636] kernel32.dll!GetBinaryTypeW + 70                                                         764969F4 1 Byte  [62]
.text           C:\Windows\system32\winlogon.exe[636] USER32.dll!UnhookWindowsHookEx                                                           7636ADF9 5 Bytes  JMP 000C0A08 
.text           C:\Windows\system32\winlogon.exe[636] USER32.dll!UnhookWinEvent                                                                7636B750 5 Bytes  JMP 000C03FC 
.text           C:\Windows\system32\winlogon.exe[636] USER32.dll!SetWindowsHookExW                                                             7636E30C 5 Bytes  JMP 000C0804 
.text           C:\Windows\system32\winlogon.exe[636] USER32.dll!SetWinEventHook                                                               763724DC 5 Bytes  JMP 000C01F8 
.text           C:\Windows\system32\winlogon.exe[636] USER32.dll!SetWindowsHookExA                                                             76396D0C 5 Bytes  JMP 000C0600 
.text           C:\Windows\system32\lsass.exe[672] ntdll.dll!LdrUnloadDll                                                                      7751C86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\lsass.exe[672] ntdll.dll!LdrLoadDll                                                                        7752223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\lsass.exe[672] kernel32.dll!GetBinaryTypeW + 70                                                            764969F4 1 Byte  [62]
.text           C:\Windows\system32\lsm.exe[680] ntdll.dll!LdrUnloadDll                                                                        7751C86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\lsm.exe[680] ntdll.dll!LdrLoadDll                                                                          7752223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\lsm.exe[680] kernel32.dll!GetBinaryTypeW + 70                                                              764969F4 1 Byte  [62]
.text           C:\Program Files\Razer\Tarantula\razerhid.exe[760] ntdll.dll!LdrUnloadDll                                                      7751C86E 5 Bytes  JMP 001503FC 
.text           C:\Program Files\Razer\Tarantula\razerhid.exe[760] ntdll.dll!LdrLoadDll                                                        7752223E 5 Bytes  JMP 001501F8 
.text           C:\Program Files\Razer\Tarantula\razerhid.exe[760] kernel32.dll!GetBinaryTypeW + 70                                            764969F4 1 Byte  [62]
.text           C:\Program Files\Razer\Tarantula\razerhid.exe[760] USER32.dll!UnhookWindowsHookEx                                              7636ADF9 5 Bytes  JMP 001E0A08 
.text           C:\Program Files\Razer\Tarantula\razerhid.exe[760] USER32.dll!UnhookWinEvent                                                   7636B750 5 Bytes  JMP 001E03FC 
.text           C:\Program Files\Razer\Tarantula\razerhid.exe[760] USER32.dll!SetWindowsHookExW                                                7636E30C 5 Bytes  JMP 001E0804 
.text           C:\Program Files\Razer\Tarantula\razerhid.exe[760] USER32.dll!SetWinEventHook                                                  763724DC 5 Bytes  JMP 001E01F8 
.text           C:\Program Files\Razer\Tarantula\razerhid.exe[760] USER32.dll!SetWindowsHookExA                                                76396D0C 5 Bytes  JMP 001E0600 
.text           C:\Windows\system32\svchost.exe[780] ntdll.dll!LdrUnloadDll                                                                    7751C86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\svchost.exe[780] ntdll.dll!LdrLoadDll                                                                      7752223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\svchost.exe[780] kernel32.dll!GetBinaryTypeW + 70                                                          764969F4 1 Byte  [62]
.text           C:\Windows\system32\nvvsvc.exe[860] ntdll.dll!LdrUnloadDll                                                                     7751C86E 5 Bytes  JMP 000503FC 
.text           C:\Windows\system32\nvvsvc.exe[860] ntdll.dll!LdrLoadDll                                                                       7752223E 5 Bytes  JMP 000501F8 
.text           C:\Windows\system32\nvvsvc.exe[860] kernel32.dll!GetBinaryTypeW + 70                                                           764969F4 1 Byte  [62]
.text           C:\Windows\system32\nvvsvc.exe[860] USER32.dll!UnhookWindowsHookEx                                                             7636ADF9 5 Bytes  JMP 000E0A08 
.text           C:\Windows\system32\nvvsvc.exe[860] USER32.dll!UnhookWinEvent                                                                  7636B750 5 Bytes  JMP 000E03FC 
.text           C:\Windows\system32\nvvsvc.exe[860] USER32.dll!SetWindowsHookExW                                                               7636E30C 5 Bytes  JMP 000E0804 
.text           C:\Windows\system32\nvvsvc.exe[860] USER32.dll!SetWinEventHook                                                                 763724DC 5 Bytes  JMP 000E01F8 
.text           C:\Windows\system32\nvvsvc.exe[860] USER32.dll!SetWindowsHookExA                                                               76396D0C 5 Bytes  JMP 000E0600 
.text           C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[884] ntdll.dll!LdrUnloadDll                                      7751C86E 5 Bytes  JMP 001503FC 
.text           C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[884] ntdll.dll!LdrLoadDll                                        7752223E 5 Bytes  JMP 001501F8 
.text           C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[884] kernel32.dll!GetBinaryTypeW + 70                            764969F4 1 Byte  [62]
.text           C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[884] USER32.dll!UnhookWindowsHookEx                              7636ADF9 5 Bytes  JMP 001F0A08 
.text           C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[884] USER32.dll!UnhookWinEvent                                   7636B750 5 Bytes  JMP 001F03FC 
.text           C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[884] USER32.dll!SetWindowsHookExW                                7636E30C 5 Bytes  JMP 001F0804 
.text           C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[884] USER32.dll!SetWinEventHook                                  763724DC 5 Bytes  JMP 001F01F8 
.text           C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[884] USER32.dll!SetWindowsHookExA                                76396D0C 5 Bytes  JMP 001F0600 
.text           C:\Windows\system32\svchost.exe[920] ntdll.dll!LdrUnloadDll                                                                    7751C86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\svchost.exe[920] ntdll.dll!LdrLoadDll                                                                      7752223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\svchost.exe[920] kernel32.dll!GetBinaryTypeW + 70                                                          764969F4 1 Byte  [62]
.text           C:\Windows\System32\svchost.exe[992] ntdll.dll!LdrUnloadDll                                                                    7751C86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\System32\svchost.exe[992] ntdll.dll!LdrLoadDll                                                                      7752223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\System32\svchost.exe[992] kernel32.dll!GetBinaryTypeW + 70                                                          764969F4 1 Byte  [62]
.text           C:\Windows\System32\svchost.exe[992] USER32.dll!UnhookWindowsHookEx                                                            7636ADF9 5 Bytes  JMP 00180A08 
.text           C:\Windows\System32\svchost.exe[992] USER32.dll!UnhookWinEvent                                                                 7636B750 5 Bytes  JMP 001803FC 
.text           C:\Windows\System32\svchost.exe[992] USER32.dll!SetWindowsHookExW                                                              7636E30C 5 Bytes  JMP 00180804 
.text           C:\Windows\System32\svchost.exe[992] USER32.dll!SetWinEventHook                                                                763724DC 5 Bytes  JMP 001801F8 
.text           C:\Windows\System32\svchost.exe[992] USER32.dll!SetWindowsHookExA                                                              76396D0C 5 Bytes  JMP 00180600 
.text           C:\Windows\System32\svchost.exe[1064] ntdll.dll!LdrUnloadDll                                                                   7751C86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\System32\svchost.exe[1064] ntdll.dll!LdrLoadDll                                                                     7752223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\System32\svchost.exe[1064] kernel32.dll!GetBinaryTypeW + 70                                                         764969F4 1 Byte  [62]
.text           C:\Windows\System32\svchost.exe[1064] USER32.dll!UnhookWindowsHookEx                                                           7636ADF9 5 Bytes  JMP 00570A08 
.text           C:\Windows\System32\svchost.exe[1064] USER32.dll!UnhookWinEvent                                                                7636B750 5 Bytes  JMP 005703FC 
.text           C:\Windows\System32\svchost.exe[1064] USER32.dll!SetWindowsHookExW                                                             7636E30C 5 Bytes  JMP 00570804 
.text           C:\Windows\System32\svchost.exe[1064] USER32.dll!SetWinEventHook                                                               763724DC 5 Bytes  JMP 005701F8 
.text           C:\Windows\System32\svchost.exe[1064] USER32.dll!SetWindowsHookExA                                                             76396D0C 5 Bytes  JMP 00570600 
.text           C:\Windows\system32\svchost.exe[1112] ntdll.dll!LdrUnloadDll                                                                   7751C86E 5 Bytes  JMP 000A03FC 
.text           C:\Windows\system32\svchost.exe[1112] ntdll.dll!LdrLoadDll                                                                     7752223E 5 Bytes  JMP 000A01F8 
.text           C:\Windows\system32\svchost.exe[1112] kernel32.dll!GetBinaryTypeW + 70                                                         764969F4 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[1112] USER32.dll!UnhookWindowsHookEx                                                           7636ADF9 5 Bytes  JMP 00350A08 
.text           C:\Windows\system32\svchost.exe[1112] USER32.dll!UnhookWinEvent                                                                7636B750 5 Bytes  JMP 003503FC 
.text           C:\Windows\system32\svchost.exe[1112] USER32.dll!SetWindowsHookExW                                                             7636E30C 5 Bytes  JMP 00350804 
.text           C:\Windows\system32\svchost.exe[1112] USER32.dll!SetWinEventHook                                                               763724DC 5 Bytes  JMP 003501F8 
.text           C:\Windows\system32\svchost.exe[1112] USER32.dll!SetWindowsHookExA                                                             76396D0C 5 Bytes  JMP 00350600 
.text           C:\Windows\system32\svchost.exe[1140] ntdll.dll!LdrUnloadDll                                                                   7751C86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\svchost.exe[1140] ntdll.dll!LdrLoadDll                                                                     7752223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\svchost.exe[1140] kernel32.dll!GetBinaryTypeW + 70                                                         764969F4 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[1140] USER32.dll!UnhookWindowsHookEx                                                           7636ADF9 5 Bytes  JMP 00E50A08 
.text           C:\Windows\system32\svchost.exe[1140] USER32.dll!UnhookWinEvent                                                                7636B750 5 Bytes  JMP 00E503FC 
.text           C:\Windows\system32\svchost.exe[1140] USER32.dll!SetWindowsHookExW                                                             7636E30C 5 Bytes  JMP 00E50804 
.text           C:\Windows\system32\svchost.exe[1140] USER32.dll!SetWinEventHook                                                               763724DC 5 Bytes  JMP 00E501F8 
.text           C:\Windows\system32\svchost.exe[1140] USER32.dll!SetWindowsHookExA                                                             76396D0C 5 Bytes  JMP 00E50600 
.text           C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[1200] ntdll.dll!LdrUnloadDll                                 7751C86E 5 Bytes  JMP 001503FC 
.text           C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[1200] ntdll.dll!LdrLoadDll                                   7752223E 5 Bytes  JMP 001501F8 
.text           C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[1200] kernel32.dll!GetBinaryTypeW + 70                       764969F4 1 Byte  [62]
.text           C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[1200] USER32.dll!UnhookWindowsHookEx                         7636ADF9 5 Bytes  JMP 00390A08 
.text           C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[1200] USER32.dll!UnhookWinEvent                              7636B750 5 Bytes  JMP 003903FC 
.text           C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[1200] USER32.dll!SetWindowsHookExW                           7636E30C 5 Bytes  JMP 00390804 
.text           C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[1200] USER32.dll!SetWinEventHook                             763724DC 5 Bytes  JMP 003901F8 
.text           C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[1200] USER32.dll!SetWindowsHookExA                           76396D0C 5 Bytes  JMP 00390600 
.text           C:\Windows\system32\AUDIODG.EXE[1228] kernel32.dll!GetBinaryTypeW + 70                                                         764969F4 1 Byte  [62]
.text           C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1264] ntdll.dll!LdrUnloadDll                                               7751C86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1264] ntdll.dll!LdrLoadDll                                                 7752223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1264] kernel32.dll!GetBinaryTypeW + 70                                     764969F4 1 Byte  [62]
.text           C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1264] USER32.dll!UnhookWindowsHookEx                                       7636ADF9 5 Bytes  JMP 00180A08 
.text           C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1264] USER32.dll!UnhookWinEvent                                            7636B750 5 Bytes  JMP 001803FC 
.text           C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1264] USER32.dll!SetWindowsHookExW                                         7636E30C 5 Bytes  JMP 00180804 
.text           C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1264] USER32.dll!SetWinEventHook                                           763724DC 5 Bytes  JMP 001801F8 
.text           C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1264] USER32.dll!SetWindowsHookExA                                         76396D0C 5 Bytes  JMP 00180600 
.text           C:\Windows\system32\svchost.exe[1388] ntdll.dll!LdrUnloadDll                                                                   7751C86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\svchost.exe[1388] ntdll.dll!LdrLoadDll                                                                     7752223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\svchost.exe[1388] kernel32.dll!GetBinaryTypeW + 70                                                         764969F4 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[1388] USER32.dll!UnhookWindowsHookEx                                                           7636ADF9 5 Bytes  JMP 00220A08 
.text           C:\Windows\system32\svchost.exe[1388] USER32.dll!UnhookWinEvent                                                                7636B750 5 Bytes  JMP 002203FC 
.text           C:\Windows\system32\svchost.exe[1388] USER32.dll!SetWindowsHookExW                                                             7636E30C 5 Bytes  JMP 00220804 
.text           C:\Windows\system32\svchost.exe[1388] USER32.dll!SetWinEventHook                                                               763724DC 5 Bytes  JMP 002201F8 
.text           C:\Windows\system32\svchost.exe[1388] USER32.dll!SetWindowsHookExA                                                             76396D0C 5 Bytes  JMP 00220600 
.text           C:\Windows\system32\svchost.exe[1416] ntdll.dll!LdrUnloadDll                                                                   7751C86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\svchost.exe[1416] ntdll.dll!LdrLoadDll                                                                     7752223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\svchost.exe[1416] kernel32.dll!GetBinaryTypeW + 70                                                         764969F4 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[1416] USER32.dll!UnhookWindowsHookEx                                                           7636ADF9 5 Bytes  JMP 00650A08 
.text           C:\Windows\system32\svchost.exe[1416] USER32.dll!UnhookWinEvent                                                                7636B750 5 Bytes  JMP 006503FC 
.text           C:\Windows\system32\svchost.exe[1416] USER32.dll!SetWindowsHookExW                                                             7636E30C 5 Bytes  JMP 00650804 
.text           C:\Windows\system32\svchost.exe[1416] USER32.dll!SetWinEventHook                                                               763724DC 5 Bytes  JMP 006501F8 
.text           C:\Windows\system32\svchost.exe[1416] USER32.dll!SetWindowsHookExA                                                             76396D0C 5 Bytes  JMP 00650600 
.text           C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] ntdll.dll!LdrUnloadDll                                          7751C86E 5 Bytes  JMP 000603FC 
.text           C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] ntdll.dll!LdrLoadDll                                            7752223E 5 Bytes  JMP 000601F8 
.text           C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] kernel32.dll!GetBinaryTypeW + 70                                764969F4 1 Byte  [62]
.text           C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] USER32.dll!UnhookWindowsHookEx                                  7636ADF9 5 Bytes  JMP 000F0A08 
.text           C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] USER32.dll!UnhookWinEvent                                       7636B750 5 Bytes  JMP 000F03FC 
.text           C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] USER32.dll!SetWindowsHookExW                                    7636E30C 5 Bytes  JMP 000F0804 
.text           C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] USER32.dll!SetWinEventHook                                      763724DC 5 Bytes  JMP 000F01F8 
.text           C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] USER32.dll!SetWindowsHookExA                                    76396D0C 5 Bytes  JMP 000F0600 
.text           C:\Windows\system32\nvvsvc.exe[1484] ntdll.dll!LdrUnloadDll                                                                    7751C86E 5 Bytes  JMP 000503FC 
.text           C:\Windows\system32\nvvsvc.exe[1484] ntdll.dll!LdrLoadDll                                                                      7752223E 5 Bytes  JMP 000501F8 
.text           C:\Windows\system32\nvvsvc.exe[1484] kernel32.dll!GetBinaryTypeW + 70                                                          764969F4 1 Byte  [62]
.text           C:\Windows\system32\nvvsvc.exe[1484] USER32.dll!UnhookWindowsHookEx                                                            7636ADF9 5 Bytes  JMP 000E0A08 
.text           C:\Windows\system32\nvvsvc.exe[1484] USER32.dll!UnhookWinEvent                                                                 7636B750 5 Bytes  JMP 000E03FC 
.text           C:\Windows\system32\nvvsvc.exe[1484] USER32.dll!SetWindowsHookExW                                                              7636E30C 5 Bytes  JMP 000E0804 
.text           C:\Windows\system32\nvvsvc.exe[1484] USER32.dll!SetWinEventHook                                                                763724DC 5 Bytes  JMP 000E01F8 
.text           C:\Windows\system32\nvvsvc.exe[1484] USER32.dll!SetWindowsHookExA                                                              76396D0C 5 Bytes  JMP 000E0600 
.text           C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1536] kernel32.dll!SetUnhandledExceptionFilter                              7647F4FB 4 Bytes  [C2, 04, 00, 90] {RET 0x4; NOP }
.text           C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1536] kernel32.dll!GetBinaryTypeW + 70                                      764969F4 1 Byte  [62]
.text           C:\Windows\system32\taskeng.exe[1652] ntdll.dll!LdrUnloadDll                                                                   7751C86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\taskeng.exe[1652] ntdll.dll!LdrLoadDll                                                                     7752223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\taskeng.exe[1652] kernel32.dll!GetBinaryTypeW + 70                                                         764969F4 1 Byte  [62]
.text           C:\Windows\system32\taskeng.exe[1652] USER32.dll!UnhookWindowsHookEx                                                           7636ADF9 5 Bytes  JMP 00130A08 
.text           C:\Windows\system32\taskeng.exe[1652] USER32.dll!UnhookWinEvent                                                                7636B750 5 Bytes  JMP 001303FC 
.text           C:\Windows\system32\taskeng.exe[1652] USER32.dll!SetWindowsHookExW                                                             7636E30C 5 Bytes  JMP 00130804 
.text           C:\Windows\system32\taskeng.exe[1652] USER32.dll!SetWinEventHook                                                               763724DC 5 Bytes  JMP 001301F8 
.text           C:\Windows\system32\taskeng.exe[1652] USER32.dll!SetWindowsHookExA                                                             76396D0C 5 Bytes  JMP 00130600 
.text           C:\Program Files\AVAST Software\Avast\AvastUI.exe[1688] kernel32.dll!GetBinaryTypeW + 70                                       764969F4 1 Byte  [62]
.text           C:\Windows\SOUNDMAN.EXE[1716] ntdll.dll!LdrUnloadDll                                                                           7751C86E 5 Bytes  JMP 001503FC 
.text           C:\Windows\SOUNDMAN.EXE[1716] ntdll.dll!LdrLoadDll                                                                             7752223E 5 Bytes  JMP 001501F8 
.text           C:\Windows\SOUNDMAN.EXE[1716] kernel32.dll!GetBinaryTypeW + 70                                                                 764969F4 1 Byte  [62]
.text           C:\Windows\SOUNDMAN.EXE[1716] USER32.dll!UnhookWindowsHookEx                                                                   7636ADF9 5 Bytes  JMP 00180A08 
.text           C:\Windows\SOUNDMAN.EXE[1716] USER32.dll!UnhookWinEvent                                                                        7636B750 5 Bytes  JMP 001803FC 
.text           C:\Windows\SOUNDMAN.EXE[1716] USER32.dll!SetWindowsHookExW                                                                     7636E30C 5 Bytes  JMP 00180804 
.text           C:\Windows\SOUNDMAN.EXE[1716] USER32.dll!SetWinEventHook                                                                       763724DC 5 Bytes  JMP 001801F8 
.text           C:\Windows\SOUNDMAN.EXE[1716] USER32.dll!SetWindowsHookExA                                                                     76396D0C 5 Bytes  JMP 00180600 
.text           C:\Windows\system32\Dwm.exe[1748] ntdll.dll!LdrUnloadDll                                                                       7751C86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\Dwm.exe[1748] ntdll.dll!LdrLoadDll                                                                         7752223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\Dwm.exe[1748] kernel32.dll!GetBinaryTypeW + 70                                                             764969F4 1 Byte  [62]
.text           C:\Windows\system32\Dwm.exe[1748] USER32.dll!UnhookWindowsHookEx                                                               7636ADF9 5 Bytes  JMP 000F0A08 
.text           C:\Windows\system32\Dwm.exe[1748] USER32.dll!UnhookWinEvent                                                                    7636B750 5 Bytes  JMP 000F03FC 
.text           C:\Windows\system32\Dwm.exe[1748] USER32.dll!SetWindowsHookExW                                                                 7636E30C 5 Bytes  JMP 000F0804 
.text           C:\Windows\system32\Dwm.exe[1748] USER32.dll!SetWinEventHook                                                                   763724DC 5 Bytes  JMP 000F01F8 
.text           C:\Windows\system32\Dwm.exe[1748] USER32.dll!SetWindowsHookExA                                                                 76396D0C 5 Bytes  JMP 000F0600 
.text           C:\Windows\Explorer.EXE[1772] ntdll.dll!LdrUnloadDll                                                                           7751C86E 5 Bytes  JMP 002F03FC 
.text           C:\Windows\Explorer.EXE[1772] ntdll.dll!LdrLoadDll                                                                             7752223E 5 Bytes  JMP 002F01F8 
.text           C:\Windows\Explorer.EXE[1772] kernel32.dll!GetBinaryTypeW + 70                                                                 764969F4 1 Byte  [62]
.text           C:\Windows\Explorer.EXE[1772] USER32.dll!UnhookWindowsHookEx                                                                   7636ADF9 5 Bytes  JMP 003F0A08 
.text           C:\Windows\Explorer.EXE[1772] USER32.dll!UnhookWinEvent                                                                        7636B750 5 Bytes  JMP 003F03FC 
.text           C:\Windows\Explorer.EXE[1772] USER32.dll!SetWindowsHookExW                                                                     7636E30C 5 Bytes  JMP 003F0804 
.text           C:\Windows\Explorer.EXE[1772] USER32.dll!SetWinEventHook                                                                       763724DC 5 Bytes  JMP 003F01F8 
.text           C:\Windows\Explorer.EXE[1772] USER32.dll!SetWindowsHookExA                                                                     76396D0C 5 Bytes  JMP 003F0600 
.text           C:\Program Files\pdf24\pdf24.exe[1816] ntdll.dll!LdrUnloadDll                                                                  7751C86E 5 Bytes  JMP 001503FC 
.text           C:\Program Files\pdf24\pdf24.exe[1816] ntdll.dll!LdrLoadDll                                                                    7752223E 5 Bytes  JMP 001501F8 
.text           C:\Program Files\pdf24\pdf24.exe[1816] kernel32.dll!GetBinaryTypeW + 70                                                        764969F4 1 Byte  [62]
.text           C:\Program Files\pdf24\pdf24.exe[1816] USER32.dll!UnhookWindowsHookEx                                                          7636ADF9 5 Bytes  JMP 00220A08 
.text           C:\Program Files\pdf24\pdf24.exe[1816] USER32.dll!UnhookWinEvent                                                               7636B750 5 Bytes  JMP 002203FC 
.text           C:\Program Files\pdf24\pdf24.exe[1816] USER32.dll!SetWindowsHookExW                                                            7636E30C 5 Bytes  JMP 00220804 
.text           C:\Program Files\pdf24\pdf24.exe[1816] USER32.dll!SetWinEventHook                                                              763724DC 5 Bytes  JMP 002201F8 
.text           C:\Program Files\pdf24\pdf24.exe[1816] USER32.dll!SetWindowsHookExA                                                            76396D0C 5 Bytes  JMP 00220600 
.text           C:\Windows\WindowsMobile\wmdc.exe[1828] ntdll.dll!LdrUnloadDll                                                                 7751C86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\WindowsMobile\wmdc.exe[1828] ntdll.dll!LdrLoadDll                                                                   7752223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\WindowsMobile\wmdc.exe[1828] kernel32.dll!GetBinaryTypeW + 70                                                       764969F4 1 Byte  [62]
.text           C:\Windows\WindowsMobile\wmdc.exe[1828] USER32.dll!UnhookWindowsHookEx                                                         7636ADF9 5 Bytes  JMP 00140A08 
.text           C:\Windows\WindowsMobile\wmdc.exe[1828] USER32.dll!UnhookWinEvent                                                              7636B750 5 Bytes  JMP 001403FC 
.text           C:\Windows\WindowsMobile\wmdc.exe[1828] USER32.dll!SetWindowsHookExW                                                           7636E30C 5 Bytes  JMP 00140804 
.text           C:\Windows\WindowsMobile\wmdc.exe[1828] USER32.dll!SetWinEventHook                                                             763724DC 5 Bytes  JMP 001401F8 
.text           C:\Windows\WindowsMobile\wmdc.exe[1828] USER32.dll!SetWindowsHookExA                                                           76396D0C 5 Bytes  JMP 00140600 
.text           C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1880] ntdll.dll!LdrUnloadDll                                                  7751C86E 5 Bytes  JMP 001703FC 
.text           C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1880] ntdll.dll!LdrLoadDll                                                    7752223E 5 Bytes  JMP 001701F8 
.text           C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1880] kernel32.dll!GetBinaryTypeW + 70                                        764969F4 1 Byte  [62]
.text           C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1880] USER32.dll!UnhookWindowsHookEx                                          7636ADF9 5 Bytes  JMP 00200A08 
.text           C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1880] USER32.dll!UnhookWinEvent                                               7636B750 5 Bytes  JMP 002003FC 
.text           C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1880] USER32.dll!SetWindowsHookExW                                            7636E30C 5 Bytes  JMP 00200804 
.text           C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1880] USER32.dll!SetWinEventHook                                              763724DC 5 Bytes  JMP 002001F8 
.text           C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1880] USER32.dll!SetWindowsHookExA                                            76396D0C 5 Bytes  JMP 00200600 
.text           C:\Program Files\Real\RealPlayer\Update\realsched.exe[2156] ntdll.dll!LdrUnloadDll                                             7751C86E 5 Bytes  JMP 001503FC 
.text           C:\Program Files\Real\RealPlayer\Update\realsched.exe[2156] ntdll.dll!LdrLoadDll                                               7752223E 5 Bytes  JMP 001501F8 
.text           C:\Program Files\Real\RealPlayer\Update\realsched.exe[2156] kernel32.dll!SetUnhandledExceptionFilter                           7647F4FB 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text           C:\Program Files\Real\RealPlayer\Update\realsched.exe[2156] kernel32.dll!GetBinaryTypeW + 70                                   764969F4 1 Byte  [62]
.text           C:\Program Files\Real\RealPlayer\Update\realsched.exe[2156] USER32.dll!UnhookWindowsHookEx                                     7636ADF9 5 Bytes  JMP 002E0A08 
.text           C:\Program Files\Real\RealPlayer\Update\realsched.exe[2156] USER32.dll!UnhookWinEvent                                          7636B750 5 Bytes  JMP 002E03FC 
.text           C:\Program Files\Real\RealPlayer\Update\realsched.exe[2156] USER32.dll!SetWindowsHookExW                                       7636E30C 5 Bytes  JMP 002E0804 
.text           C:\Program Files\Real\RealPlayer\Update\realsched.exe[2156] USER32.dll!SetWinEventHook                                         763724DC 5 Bytes  JMP 002E01F8 
.text           C:\Program Files\Real\RealPlayer\Update\realsched.exe[2156] USER32.dll!SetWindowsHookExA                                       76396D0C 5 Bytes  JMP 002E0600 
.text           C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[2196] ntdll.dll!LdrUnloadDll                                           7751C86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[2196] ntdll.dll!LdrLoadDll                                             7752223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[2196] kernel32.dll!GetBinaryTypeW + 70                                 764969F4 1 Byte  [62]
.text           C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[2196] USER32.dll!UnhookWindowsHookEx                                   7636ADF9 5 Bytes  JMP 00390A08 
.text           C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[2196] USER32.dll!UnhookWinEvent                                        7636B750 5 Bytes  JMP 003903FC 
.text           C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[2196] USER32.dll!SetWindowsHookExW                                     7636E30C 5 Bytes  JMP 00390804 
.text           C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[2196] USER32.dll!SetWinEventHook                                       763724DC 5 Bytes  JMP 003901F8 
.text           C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[2196] USER32.dll!SetWindowsHookExA                                     76396D0C 5 Bytes  JMP 00390600 
.text           C:\Windows\system32\taskeng.exe[2256] ntdll.dll!LdrUnloadDll                                                                   7751C86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\taskeng.exe[2256] ntdll.dll!LdrLoadDll                                                                     7752223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\taskeng.exe[2256] kernel32.dll!GetBinaryTypeW + 70                                                         764969F4 1 Byte  [62]
.text           C:\Windows\system32\taskeng.exe[2256] USER32.dll!UnhookWindowsHookEx                                                           7636ADF9 5 Bytes  JMP 000C0A08 
.text           C:\Windows\system32\taskeng.exe[2256] USER32.dll!UnhookWinEvent                                                                7636B750 5 Bytes  JMP 000C03FC 
.text           C:\Windows\system32\taskeng.exe[2256] USER32.dll!SetWindowsHookExW                                                             7636E30C 5 Bytes  JMP 000C0804 
.text           C:\Windows\system32\taskeng.exe[2256] USER32.dll!SetWinEventHook                                                               763724DC 5 Bytes  JMP 000C01F8 
.text           C:\Windows\system32\taskeng.exe[2256] USER32.dll!SetWindowsHookExA                                                             76396D0C 5 Bytes  JMP 000C0600 
.text           C:\Program Files\Razer\Tarantula\razertra.exe[2516] ntdll.dll!LdrUnloadDll                                                     7751C86E 5 Bytes  JMP 001503FC 
.text           C:\Program Files\Razer\Tarantula\razertra.exe[2516] ntdll.dll!LdrLoadDll                                                       7752223E 5 Bytes  JMP 001501F8 
.text           C:\Program Files\Razer\Tarantula\razertra.exe[2516] kernel32.dll!GetBinaryTypeW + 70                                           764969F4 1 Byte  [62]
.text           C:\Program Files\Razer\Tarantula\razertra.exe[2516] USER32.dll!UnhookWindowsHookEx                                             7636ADF9 5 Bytes  JMP 001E0A08 
.text           C:\Program Files\Razer\Tarantula\razertra.exe[2516] USER32.dll!UnhookWinEvent                                                  7636B750 5 Bytes  JMP 001E03FC 
.text           C:\Program Files\Razer\Tarantula\razertra.exe[2516] USER32.dll!SetWindowsHookExW                                               7636E30C 5 Bytes  JMP 001E0804 
.text           C:\Program Files\Razer\Tarantula\razertra.exe[2516] USER32.dll!SetWinEventHook                                                 763724DC 5 Bytes  JMP 001E01F8 
.text           C:\Program Files\Razer\Tarantula\razertra.exe[2516] USER32.dll!SetWindowsHookExA                                               76396D0C 5 Bytes  JMP 001E0600 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2568] ntdll.dll!LdrUnloadDll                          7751C86E 5 Bytes  JMP 000903FC 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2568] ntdll.dll!LdrLoadDll                            7752223E 5 Bytes  JMP 000901F8 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2568] kernel32.dll!GetBinaryTypeW + 70                764969F4 1 Byte  [62]
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2568] USER32.dll!UnhookWindowsHookEx                  7636ADF9 5 Bytes  JMP 00140A08 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2568] USER32.dll!UnhookWinEvent                       7636B750 5 Bytes  JMP 001403FC 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2568] USER32.dll!SetWindowsHookExW                    7636E30C 5 Bytes  JMP 00140804 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2568] USER32.dll!SetWinEventHook                      763724DC 5 Bytes  JMP 001401F8 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2568] USER32.dll!SetWindowsHookExA                    76396D0C 5 Bytes  JMP 00140600 
.text           C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2648] ntdll.dll!LdrUnloadDll                                            7751C86E 5 Bytes  JMP 000603FC 
.text           C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2648] ntdll.dll!LdrLoadDll                                              7752223E 5 Bytes  JMP 000601F8 
.text           C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2648] kernel32.dll!GetBinaryTypeW + 70                                  764969F4 1 Byte  [62]
.text           C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2648] USER32.dll!UnhookWindowsHookEx                                    7636ADF9 5 Bytes  JMP 00110A08 
.text           C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2648] USER32.dll!UnhookWinEvent                                         7636B750 5 Bytes  JMP 001103FC 
.text           C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2648] USER32.dll!SetWindowsHookExW                                      7636E30C 5 Bytes  JMP 00110804 
.text           C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2648] USER32.dll!SetWinEventHook                                        763724DC 5 Bytes  JMP 001101F8 
.text           C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2648] USER32.dll!SetWindowsHookExA                                      76396D0C 5 Bytes  JMP 00110600 
.text           C:\Program Files\Razer\Diamondback 3G\razertra.exe[2668] ntdll.dll!LdrUnloadDll                                                7751C86E 5 Bytes  JMP 001503FC 
.text           C:\Program Files\Razer\Diamondback 3G\razertra.exe[2668] ntdll.dll!LdrLoadDll                                                  7752223E 5 Bytes  JMP 001501F8 
.text           C:\Program Files\Razer\Diamondback 3G\razertra.exe[2668] kernel32.dll!GetBinaryTypeW + 70                                      764969F4 1 Byte  [62]
.text           C:\Program Files\Razer\Diamondback 3G\razertra.exe[2668] USER32.dll!UnhookWindowsHookEx                                        7636ADF9 5 Bytes  JMP 001E0A08 
.text           C:\Program Files\Razer\Diamondback 3G\razertra.exe[2668] USER32.dll!UnhookWinEvent                                             7636B750 5 Bytes  JMP 001E03FC 
.text           C:\Program Files\Razer\Diamondback 3G\razertra.exe[2668] USER32.dll!SetWindowsHookExW                                          7636E30C 5 Bytes  JMP 001E0804 
.text           C:\Program Files\Razer\Diamondback 3G\razertra.exe[2668] USER32.dll!SetWinEventHook                                            763724DC 5 Bytes  JMP 001E01F8 
.text           C:\Program Files\Razer\Diamondback 3G\razertra.exe[2668] USER32.dll!SetWindowsHookExA                                          76396D0C 5 Bytes  JMP 001E0600 
.text           C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe[2884] ntdll.dll!LdrUnloadDll                                         7751C86E 5 Bytes  JMP 000603FC 
.text           C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe[2884] ntdll.dll!LdrLoadDll                                           7752223E 5 Bytes  JMP 000601F8 
.text           C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe[2884] kernel32.dll!GetBinaryTypeW + 70                               764969F4 1 Byte  [62]
.text           C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe[2884] USER32.dll!UnhookWindowsHookEx                                 7636ADF9 5 Bytes  JMP 001F0A08 
.text           C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe[2884] USER32.dll!UnhookWinEvent                                      7636B750 5 Bytes  JMP 001F03FC 
.text           C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe[2884] USER32.dll!SetWindowsHookExW                                   7636E30C 5 Bytes  JMP 001F0804 
.text           C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe[2884] USER32.dll!SetWinEventHook                                     763724DC 5 Bytes  JMP 001F01F8 
.text           C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe[2884] USER32.dll!SetWindowsHookExA                                   76396D0C 5 Bytes  JMP 001F0600 
.text           C:\Program Files\Razer\Diamondback 3G\razerofa.exe[3076] ntdll.dll!LdrUnloadDll                                                7751C86E 5 Bytes  JMP 001503FC 
.text           C:\Program Files\Razer\Diamondback 3G\razerofa.exe[3076] ntdll.dll!LdrLoadDll                                                  7752223E 5 Bytes  JMP 001501F8 
.text           C:\Program Files\Razer\Diamondback 3G\razerofa.exe[3076] kernel32.dll!GetBinaryTypeW + 70                                      764969F4 1 Byte  [62]
.text           C:\Program Files\Razer\Diamondback 3G\razerofa.exe[3076] USER32.dll!UnhookWindowsHookEx                                        7636ADF9 5 Bytes  JMP 001E0A08 
.text           C:\Program Files\Razer\Diamondback 3G\razerofa.exe[3076] USER32.dll!UnhookWinEvent                                             7636B750 5 Bytes  JMP 001E03FC 
.text           C:\Program Files\Razer\Diamondback 3G\razerofa.exe[3076] USER32.dll!SetWindowsHookExW                                          7636E30C 5 Bytes  JMP 001E0804 
.text           C:\Program Files\Razer\Diamondback 3G\razerofa.exe[3076] USER32.dll!SetWinEventHook                                            763724DC 5 Bytes  JMP 001E01F8 
.text           C:\Program Files\Razer\Diamondback 3G\razerofa.exe[3076] USER32.dll!SetWindowsHookExA                                          76396D0C 5 Bytes  JMP 001E0600 
.text           C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3160] ntdll.dll!LdrUnloadDll            7751C86E 5 Bytes  JMP 000603FC 
.text           C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3160] ntdll.dll!LdrLoadDll              7752223E 5 Bytes  JMP 000601F8 
.text           C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3160] kernel32.dll!GetBinaryTypeW + 70  764969F4 1 Byte  [62]
.text           C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3160] USER32.dll!UnhookWindowsHookEx    7636ADF9 5 Bytes  JMP 00200A08 
.text           C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3160] USER32.dll!UnhookWinEvent         7636B750 5 Bytes  JMP 002003FC 
.text           C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3160] USER32.dll!SetWindowsHookExW      7636E30C 5 Bytes  JMP 00200804 
.text           C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3160] USER32.dll!SetWinEventHook        763724DC 5 Bytes  JMP 002001F8 
.text           C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3160] USER32.dll!SetWindowsHookExA      76396D0C 5 Bytes  JMP 00200600 
.text           C:\Windows\system32\taskhost.exe[3188] ntdll.dll!LdrUnloadDll                                                                  7751C86E 5 Bytes  JMP 000503FC 
.text           C:\Windows\system32\taskhost.exe[3188] ntdll.dll!LdrLoadDll                                                                    7752223E 5 Bytes  JMP 000501F8 
.text           C:\Windows\system32\taskhost.exe[3188] kernel32.dll!GetBinaryTypeW + 70                                                        764969F4 1 Byte  [62]
.text           C:\Windows\system32\taskhost.exe[3188] USER32.dll!UnhookWindowsHookEx                                                          7636ADF9 5 Bytes  JMP 000E0A08 
.text           C:\Windows\system32\taskhost.exe[3188] USER32.dll!UnhookWinEvent                                                               7636B750 5 Bytes  JMP 000E03FC 
.text           C:\Windows\system32\taskhost.exe[3188] USER32.dll!SetWindowsHookExW                                                            7636E30C 5 Bytes  JMP 000E0804 
.text           C:\Windows\system32\taskhost.exe[3188] USER32.dll!SetWinEventHook                                                              763724DC 5 Bytes  JMP 000E01F8 
.text           C:\Windows\system32\taskhost.exe[3188] USER32.dll!SetWindowsHookExA                                                            76396D0C 5 Bytes  JMP 000E0600 
.text           C:\Program Files\Bonjour\mDNSResponder.exe[3224] ntdll.dll!LdrUnloadDll                                                        7751C86E 5 Bytes  JMP 000603FC 
.text           C:\Program Files\Bonjour\mDNSResponder.exe[3224] ntdll.dll!LdrLoadDll                                                          7752223E 5 Bytes  JMP 000601F8 
.text           C:\Program Files\Bonjour\mDNSResponder.exe[3224] kernel32.dll!GetBinaryTypeW + 70                                              764969F4 1 Byte  [62]
.text           C:\Program Files\Bonjour\mDNSResponder.exe[3224] USER32.dll!UnhookWindowsHookEx                                                7636ADF9 5 Bytes  JMP 00100A08 
.text           C:\Program Files\Bonjour\mDNSResponder.exe[3224] USER32.dll!UnhookWinEvent                                                     7636B750 5 Bytes  JMP 001003FC 
.text           C:\Program Files\Bonjour\mDNSResponder.exe[3224] USER32.dll!SetWindowsHookExW                                                  7636E30C 5 Bytes  JMP 00100804 
.text           C:\Program Files\Bonjour\mDNSResponder.exe[3224] USER32.dll!SetWinEventHook                                                    763724DC 5 Bytes  JMP 001001F8 
.text           C:\Program Files\Bonjour\mDNSResponder.exe[3224] USER32.dll!SetWindowsHookExA                                                  76396D0C 5 Bytes  JMP 00100600 
.text           C:\Windows\system32\PnkBstrA.exe[3292] ntdll.dll!LdrUnloadDll                                                                  7751C86E 5 Bytes  JMP 001503FC 
.text           C:\Windows\system32\PnkBstrA.exe[3292] ntdll.dll!LdrLoadDll                                                                    7752223E 5 Bytes  JMP 001501F8 
.text           C:\Windows\system32\PnkBstrA.exe[3292] kernel32.dll!GetBinaryTypeW + 70                                                        764969F4 1 Byte  [62]
.text           C:\Windows\system32\PnkBstrA.exe[3292] USER32.dll!UnhookWindowsHookEx                                                          7636ADF9 5 Bytes  JMP 001E0A08 
.text           C:\Windows\system32\PnkBstrA.exe[3292] USER32.dll!UnhookWinEvent                                                               7636B750 5 Bytes  JMP 001E03FC 
.text           C:\Windows\system32\PnkBstrA.exe[3292] USER32.dll!SetWindowsHookExW                                                            7636E30C 5 Bytes  JMP 001E0804 
.text           C:\Windows\system32\PnkBstrA.exe[3292] USER32.dll!SetWinEventHook                                                              763724DC 5 Bytes  JMP 001E01F8 
.text           C:\Windows\system32\PnkBstrA.exe[3292] USER32.dll!SetWindowsHookExA                                                            76396D0C 5 Bytes  JMP 001E0600 
.text           C:\Windows\system32\PnkBstrB.exe[3328] ntdll.dll!LdrUnloadDll                                                                  7751C86E 5 Bytes  JMP 001503FC 
.text           C:\Windows\system32\PnkBstrB.exe[3328] ntdll.dll!LdrLoadDll                                                                    7752223E 5 Bytes  JMP 001501F8 
.text           C:\Windows\system32\PnkBstrB.exe[3328] kernel32.dll!GetBinaryTypeW + 70                                                        764969F4 1 Byte  [62]
.text           C:\Windows\system32\PnkBstrB.exe[3328] USER32.dll!UnhookWindowsHookEx                                                          7636ADF9 5 Bytes  JMP 001F0A08 
.text           C:\Windows\system32\PnkBstrB.exe[3328] USER32.dll!UnhookWinEvent                                                               7636B750 5 Bytes  JMP 001F03FC 
.text           C:\Windows\system32\PnkBstrB.exe[3328] USER32.dll!SetWindowsHookExW                                                            7636E30C 5 Bytes  JMP 001F0804 
.text           C:\Windows\system32\PnkBstrB.exe[3328] USER32.dll!SetWinEventHook                                                              763724DC 5 Bytes  JMP 001F01F8 
.text           C:\Windows\system32\PnkBstrB.exe[3328] USER32.dll!SetWindowsHookExA                                                            76396D0C 5 Bytes  JMP 001F0600 
.text           C:\Windows\system32\svchost.exe[3364] ntdll.dll!LdrUnloadDll                                                                   7751C86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\svchost.exe[3364] ntdll.dll!LdrLoadDll                                                                     7752223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\svchost.exe[3364] kernel32.dll!GetBinaryTypeW + 70                                                         764969F4 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[3384] ntdll.dll!LdrUnloadDll                                                                   7751C86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\svchost.exe[3384] ntdll.dll!LdrLoadDll                                                                     7752223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\svchost.exe[3384] kernel32.dll!GetBinaryTypeW + 70                                                         764969F4 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[3384] USER32.dll!UnhookWindowsHookEx                                                           7636ADF9 5 Bytes  JMP 00310A08 
.text           C:\Windows\system32\svchost.exe[3384] USER32.dll!UnhookWinEvent                                                                7636B750 5 Bytes  JMP 003103FC 
.text           C:\Windows\system32\svchost.exe[3384] USER32.dll!SetWindowsHookExW                                                             7636E30C 5 Bytes  JMP 00310804 
.text           C:\Windows\system32\svchost.exe[3384] USER32.dll!SetWinEventHook                                                               763724DC 5 Bytes  JMP 003101F8 
.text           C:\Windows\system32\svchost.exe[3384] USER32.dll!SetWindowsHookExA                                                             76396D0C 5 Bytes  JMP 00310600 
.text           C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[3440] ntdll.dll!LdrUnloadDll                                          7751C86E 5 Bytes  JMP 001503FC 
.text           C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[3440] ntdll.dll!LdrLoadDll                                            7752223E 5 Bytes  JMP 001501F8 
.text           C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[3440] kernel32.dll!GetBinaryTypeW + 70                                764969F4 1 Byte  [62]
.text           C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[3440] USER32.dll!UnhookWindowsHookEx                                  7636ADF9 5 Bytes  JMP 00490A08 
.text           C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[3440] USER32.dll!UnhookWinEvent                                       7636B750 5 Bytes  JMP 004903FC 
.text           C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[3440] USER32.dll!SetWindowsHookExW                                    7636E30C 5 Bytes  JMP 00490804 
.text           C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[3440] USER32.dll!SetWinEventHook                                      763724DC 5 Bytes  JMP 004901F8 
.text           C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[3440] USER32.dll!SetWindowsHookExA                                    76396D0C 5 Bytes  JMP 00490600 
.text           C:\Program Files\Steam\Steam.exe[3488] ntdll.dll!LdrUnloadDll                                                                  7751C86E 5 Bytes  JMP 000603FC 
.text           C:\Program Files\Steam\Steam.exe[3488] ntdll.dll!LdrLoadDll                                                                    7752223E 5 Bytes  JMP 000601F8 
.text           C:\Program Files\Steam\Steam.exe[3488] kernel32.dll!GetBinaryTypeW + 70                                                        764969F4 1 Byte  [62]
.text           C:\Program Files\Steam\Steam.exe[3488] USER32.dll!UnhookWindowsHookEx                                                          7636ADF9 5 Bytes  JMP 000F0A08 
.text           C:\Program Files\Steam\Steam.exe[3488] USER32.dll!UnhookWinEvent                                                               7636B750 5 Bytes  JMP 000F03FC 
.text           C:\Program Files\Steam\Steam.exe[3488] USER32.dll!SetWindowsHookExW                                                            7636E30C 5 Bytes  JMP 000F0804 
.text           C:\Program Files\Steam\Steam.exe[3488] USER32.dll!SetWinEventHook                                                              763724DC 5 Bytes  JMP 000F01F8 
.text           C:\Program Files\Steam\Steam.exe[3488] USER32.dll!SetWindowsHookExA                                                            76396D0C 5 Bytes  JMP 000F0600 
.text           C:\Users\EGAL\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe[3652] KERNEL32.dll!GetBinaryTypeW + 70                         764969F4 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[3724] ntdll.dll!LdrUnloadDll                                                                   7751C86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\svchost.exe[3724] ntdll.dll!LdrLoadDll                                                                     7752223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\svchost.exe[3724] kernel32.dll!GetBinaryTypeW + 70                                                         764969F4 1 Byte  [62]
.text           C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[3784] ntdll.dll!LdrUnloadDll                               7751C86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[3784] ntdll.dll!LdrLoadDll                                 7752223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[3784] kernel32.dll!GetBinaryTypeW + 70                     764969F4 1 Byte  [62]
.text           C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[3784] USER32.dll!UnhookWindowsHookEx                       7636ADF9 5 Bytes  JMP 001F0A08 
.text           C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[3784] USER32.dll!UnhookWinEvent                            7636B750 5 Bytes  JMP 001F03FC 
.text           C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[3784] USER32.dll!SetWindowsHookExW                         7636E30C 5 Bytes  JMP 001F0804 
.text           C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[3784] USER32.dll!SetWinEventHook                           763724DC 5 Bytes  JMP 001F01F8 
.text           C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[3784] USER32.dll!SetWindowsHookExA                         76396D0C 5 Bytes  JMP 001F0600 
.text           C:\Windows\System32\svchost.exe[3860] ntdll.dll!LdrUnloadDll                                                                   7751C86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\System32\svchost.exe[3860] ntdll.dll!LdrLoadDll                                                                     7752223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\System32\svchost.exe[3860] kernel32.dll!GetBinaryTypeW + 70                                                         764969F4 1 Byte  [62]
.text           C:\Windows\System32\svchost.exe[3860] USER32.dll!UnhookWindowsHookEx                                                           7636ADF9 5 Bytes  JMP 00360A08 
.text           C:\Windows\System32\svchost.exe[3860] USER32.dll!UnhookWinEvent                                                                7636B750 5 Bytes  JMP 003603FC 
.text           C:\Windows\System32\svchost.exe[3860] USER32.dll!SetWindowsHookExW                                                             7636E30C 5 Bytes  JMP 00360804 
.text           C:\Windows\System32\svchost.exe[3860] USER32.dll!SetWinEventHook                                                               763724DC 5 Bytes  JMP 003601F8 
.text           C:\Windows\System32\svchost.exe[3860] USER32.dll!SetWindowsHookExA                                                             76396D0C 5 Bytes  JMP 00360600 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3896] ntdll.dll!LdrUnloadDll                           7751C86E 5 Bytes  JMP 000503FC 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3896] ntdll.dll!LdrLoadDll                             7752223E 5 Bytes  JMP 000501F8 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3896] kernel32.dll!GetBinaryTypeW + 70                 764969F4 1 Byte  [62]
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3896] USER32.dll!UnhookWindowsHookEx                   7636ADF9 5 Bytes  JMP 00080A08 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3896] USER32.dll!UnhookWinEvent                        7636B750 5 Bytes  JMP 000803FC 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3896] USER32.dll!SetWindowsHookExW                     7636E30C 5 Bytes  JMP 00080804 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3896] USER32.dll!SetWinEventHook                       763724DC 5 Bytes  JMP 000801F8 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3896] USER32.dll!SetWindowsHookExA                     76396D0C 5 Bytes  JMP 00080600 
.text           C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[3912] ntdll.dll!LdrUnloadDll                                   7751C86E 5 Bytes  JMP 000603FC 
.text           C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[3912] ntdll.dll!LdrLoadDll                                     7752223E 5 Bytes  JMP 000601F8 
.text           C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[3912] kernel32.dll!GetBinaryTypeW + 70                         764969F4 1 Byte  [62]
.text           C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[3912] USER32.dll!UnhookWindowsHookEx                           7636ADF9 5 Bytes  JMP 001F0A08 
.text           C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[3912] USER32.dll!UnhookWinEvent                                7636B750 5 Bytes  JMP 001F03FC 
.text           C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[3912] USER32.dll!SetWindowsHookExW                             7636E30C 5 Bytes  JMP 001F0804 
.text           C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[3912] USER32.dll!SetWinEventHook                               763724DC 5 Bytes  JMP 001F01F8 
.text           C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[3912] USER32.dll!SetWindowsHookExA                             76396D0C 5 Bytes  JMP 001F0600 
.text           C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[4008] ntdll.dll!LdrUnloadDll                                         7751C86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[4008] ntdll.dll!LdrLoadDll                                           7752223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[4008] kernel32.dll!GetBinaryTypeW + 70                               764969F4 1 Byte  [62]
.text           C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[4008] USER32.dll!UnhookWindowsHookEx                                 7636ADF9 5 Bytes  JMP 00300A08 
.text           C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[4008] USER32.dll!UnhookWinEvent                                      7636B750 5 Bytes  JMP 003003FC 
.text           C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[4008] USER32.dll!SetWindowsHookExW                                   7636E30C 5 Bytes  JMP 00300804 
.text           C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[4008] USER32.dll!SetWinEventHook                                     763724DC 5 Bytes  JMP 003001F8 
.text           C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[4008] USER32.dll!SetWindowsHookExA                                   76396D0C 5 Bytes  JMP 00300600 
.text           C:\Users\EGAL\Desktop\gmer_2.1.19163.exe[4400] ntdll.dll!LdrUnloadDll                                                          7751C86E 5 Bytes  JMP 001603FC 
.text           C:\Users\EGAL\Desktop\gmer_2.1.19163.exe[4400] ntdll.dll!LdrLoadDll                                                            7752223E 5 Bytes  JMP 001601F8 
.text           C:\Users\EGAL\Desktop\gmer_2.1.19163.exe[4400] kernel32.dll!GetBinaryTypeW + 70                                                764969F4 1 Byte  [62]
.text           C:\Users\EGAL\Desktop\gmer_2.1.19163.exe[4400] USER32.dll!UnhookWindowsHookEx                                                  7636ADF9 5 Bytes  JMP 00210A08 
.text           C:\Users\EGAL\Desktop\gmer_2.1.19163.exe[4400] USER32.dll!UnhookWinEvent                                                       7636B750 5 Bytes  JMP 002103FC 
.text           C:\Users\EGAL\Desktop\gmer_2.1.19163.exe[4400] USER32.dll!SetWindowsHookExW                                                    7636E30C 5 Bytes  JMP 00210804 
.text           C:\Users\EGAL\Desktop\gmer_2.1.19163.exe[4400] USER32.dll!SetWinEventHook                                                      763724DC 5 Bytes  JMP 002101F8 
.text           C:\Users\EGAL\Desktop\gmer_2.1.19163.exe[4400] USER32.dll!SetWindowsHookExA                                                    76396D0C 5 Bytes  JMP 00210600 
.text           C:\Windows\system32\wbem\wmiprvse.exe[4596] ntdll.dll!LdrUnloadDll                                                             7751C86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\wbem\wmiprvse.exe[4596] ntdll.dll!LdrLoadDll                                                               7752223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\wbem\wmiprvse.exe[4596] kernel32.dll!GetBinaryTypeW + 70                                                   764969F4 1 Byte  [62]
.text           C:\Windows\system32\wbem\wmiprvse.exe[4596] USER32.dll!UnhookWindowsHookEx                                                     7636ADF9 5 Bytes  JMP 00100A08 
.text           C:\Windows\system32\wbem\wmiprvse.exe[4596] USER32.dll!UnhookWinEvent                                                          7636B750 5 Bytes  JMP 001003FC 
.text           C:\Windows\system32\wbem\wmiprvse.exe[4596] USER32.dll!SetWindowsHookExW                                                       7636E30C 5 Bytes  JMP 00100804 
.text           C:\Windows\system32\wbem\wmiprvse.exe[4596] USER32.dll!SetWinEventHook                                                         763724DC 5 Bytes  JMP 001001F8 
.text           C:\Windows\system32\wbem\wmiprvse.exe[4596] USER32.dll!SetWindowsHookExA                                                       76396D0C 5 Bytes  JMP 00100600 
.text           C:\Windows\system32\wbem\wmiprvse.exe[4908] ntdll.dll!LdrUnloadDll                                                             7751C86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\wbem\wmiprvse.exe[4908] ntdll.dll!LdrLoadDll                                                               7752223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\wbem\wmiprvse.exe[4908] kernel32.dll!GetBinaryTypeW + 70                                                   764969F4 1 Byte  [62]
.text           C:\Windows\system32\wbem\wmiprvse.exe[4908] USER32.dll!UnhookWindowsHookEx                                                     7636ADF9 5 Bytes  JMP 00100A08 
.text           C:\Windows\system32\wbem\wmiprvse.exe[4908] USER32.dll!UnhookWinEvent                                                          7636B750 5 Bytes  JMP 001003FC 
.text           C:\Windows\system32\wbem\wmiprvse.exe[4908] USER32.dll!SetWindowsHookExW                                                       7636E30C 5 Bytes  JMP 00100804 
.text           C:\Windows\system32\wbem\wmiprvse.exe[4908] USER32.dll!SetWinEventHook                                                         763724DC 5 Bytes  JMP 001001F8 
.text           C:\Windows\system32\wbem\wmiprvse.exe[4908] USER32.dll!SetWindowsHookExA                                                       76396D0C 5 Bytes  JMP 00100600 
.text           C:\Windows\system32\sppsvc.exe[5116] ntdll.dll!LdrUnloadDll                                                                    7751C86E 5 Bytes  JMP 000703FC 
.text           C:\Windows\system32\sppsvc.exe[5116] ntdll.dll!LdrLoadDll                                                                      7752223E 5 Bytes  JMP 000701F8 
.text           C:\Windows\system32\sppsvc.exe[5116] kernel32.dll!GetBinaryTypeW + 70                                                          764969F4 1 Byte  [62]
.text           C:\Windows\system32\sppsvc.exe[5116] USER32.dll!UnhookWindowsHookEx                                                            7636ADF9 5 Bytes  JMP 00150A08 
.text           C:\Windows\system32\sppsvc.exe[5116] USER32.dll!UnhookWinEvent                                                                 7636B750 5 Bytes  JMP 001503FC 
.text           C:\Windows\system32\sppsvc.exe[5116] USER32.dll!SetWindowsHookExW                                                              7636E30C 5 Bytes  JMP 00150804 
.text           C:\Windows\system32\sppsvc.exe[5116] USER32.dll!SetWinEventHook                                                                763724DC 5 Bytes  JMP 001501F8 
.text           C:\Windows\system32\sppsvc.exe[5116] USER32.dll!SetWindowsHookExA                                                              76396D0C 5 Bytes  JMP 00150600 
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[5160] ntdll.dll!LdrUnloadDll                                                7751C86E 5 Bytes  JMP 000603FC 
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[5160] ntdll.dll!LdrLoadDll                                                  7752223E 5 Bytes  JMP 000601F8 
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[5160] kernel32.dll!GetBinaryTypeW + 70                                      764969F4 1 Byte  [62]
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[5160] USER32.dll!UnhookWindowsHookEx                                        7636ADF9 5 Bytes  JMP 00200A08 
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[5160] USER32.dll!UnhookWinEvent                                             7636B750 5 Bytes  JMP 002003FC 
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[5160] USER32.dll!SetWindowsHookExW                                          7636E30C 5 Bytes  JMP 00200804 
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[5160] USER32.dll!SetWinEventHook                                            763724DC 5 Bytes  JMP 002001F8 
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[5160] USER32.dll!SetWindowsHookExA                                          76396D0C 5 Bytes  JMP 00200600 
.text           C:\Windows\system32\svchost.exe[5212] ntdll.dll!LdrUnloadDll                                                                   7751C86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\svchost.exe[5212] ntdll.dll!LdrLoadDll                                                                     7752223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\svchost.exe[5212] kernel32.dll!GetBinaryTypeW + 70                                                         764969F4 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[5212] USER32.dll!UnhookWindowsHookEx                                                           7636ADF9 5 Bytes  JMP 00590A08 
.text           C:\Windows\system32\svchost.exe[5212] USER32.dll!UnhookWinEvent                                                                7636B750 5 Bytes  JMP 005903FC 
.text           C:\Windows\system32\svchost.exe[5212] USER32.dll!SetWindowsHookExW                                                             7636E30C 5 Bytes  JMP 00590804 
.text           C:\Windows\system32\svchost.exe[5212] USER32.dll!SetWinEventHook                                                               763724DC 5 Bytes  JMP 005901F8 
.text           C:\Windows\system32\svchost.exe[5212] USER32.dll!SetWindowsHookExA                                                             76396D0C 5 Bytes  JMP 00590600 

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                        aswTdi.SYS
AttachedDevice  \Driver\tdx \Device\Udp                                                                                                        aswTdi.SYS

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                               
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                            0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                            0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                         0x75 0x1D 0x2C 0xE6 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                           
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                             0x75 0x1D 0x2C 0xE6 ...

---- Files - GMER 2.1 ----

File            C:\Users\EGAL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KK9D5O9Y\clients[1].txt                     1 bytes

---- EOF - GMER 2.1 ----
         
__________________


Alt 22.06.2013, 15:48   #3
aharonov
/// TB-Ausbilder
 
Virtumonde.dll/sci/sdn und Spybot - Standard

Virtumonde.dll/sci/sdn und Spybot



Hi,

Zitat:
und das virtumonde eigentich mittlerweile von vielen Antivirusprogrammen gefunden werden müsste.
Ja, das ist eine alte Infektion, die du auch nicht hast..


Schritt 1
  • Gehe zu Start --> Systemsteuerung und öffne Programme und Funktionen.
  • Suche und deinstalliere dort der Reihe nach folgende Einträge:
    • Desktop Icon für Amazon
    • SearchAnonymizer
  • Schliesse das Fenster wieder und führe einen Neustart durch, wenn das gefordert wurde.



Schritt 2

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 3

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von AdwCleaner
  • Log von OTL
__________________
__________________

Alt 22.06.2013, 22:32   #4
Victarion
 
Virtumonde.dll/sci/sdn und Spybot - Standard

Virtumonde.dll/sci/sdn und Spybot



Hey,
Vielen Dank schonmal dann bin ich ja beruhight.
Hier die Logs
Code:
ATTFilter
# AdwCleaner v2.303 - Datei am 22/06/2013 um 21:49:35 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzer : EGAL - SPIELSERVER
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\EGAL\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\EGAL\AppData\Roaming\Mozilla\Firefox\Profiles\viz3tusi.default\foxydeal.sqlite

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\EGAL\AppData\Roaming\Mozilla\Firefox\Profiles\viz3tusi.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [825 octets] - [22/06/2013 21:49:35]

########## EOF - C:\AdwCleaner[S1].txt - [884 octets] ##########
         
Code:
ATTFilter
OTL logfile created on: 22.06.2013 22:12:48 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\EGAL\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 45,41% Memory free
4,00 Gb Paging File | 2,86 Gb Available in Paging File | 71,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 213,15 Gb Total Space | 48,72 Gb Free Space | 22,86% Space Free | Partition Type: NTFS
Drive D: | 19,63 Gb Total Space | 7,57 Gb Free Space | 38,57% Space Free | Partition Type: NTFS
 
Computer Name: SPIELSERVER | User Name: EGAL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.21 15:44:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\EGAL\Desktop\OTL.exe
PRC - [2013.05.16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013.05.16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013.05.15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.01.18 16:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013.01.18 16:21:00 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Updater\Updater.exe
PRC - [2012.05.22 08:38:56 | 000,160,872 | ---- | M] (Geek Software GmbH) -- C:\Program Files\pdf24\pdf24.exe
PRC - [2011.12.05 18:59:13 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.02.01 14:02:26 | 000,713,544 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2010.02.01 14:00:40 | 001,043,784 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009.10.12 19:13:20 | 000,226,816 | ---- | M] () -- C:\Program Files\Razer\Diamondback 3G\razerhid.exe
PRC - [2009.10.12 12:13:06 | 000,131,072 | ---- | M] () -- C:\Program Files\Razer\Diamondback 3G\razertra.exe
PRC - [2009.04.14 08:43:42 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE
PRC - [2008.11.18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2007.05.07 10:52:12 | 000,159,744 | ---- | M] (Razer USA Ltd.) -- C:\Program Files\Razer\Tarantula\razerhid.exe
PRC - [2007.03.05 18:17:56 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\Tarantula\razertra.exe
PRC - [2007.02.14 12:11:18 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Diamondback 3G\razerofa.exe
PRC - [2003.05.21 18:37:08 | 000,229,437 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013.05.16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.01.21 02:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010.01.09 21:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009.10.12 19:13:20 | 000,226,816 | ---- | M] () -- C:\Program Files\Razer\Diamondback 3G\razerhid.exe
MOD - [2009.10.12 12:13:06 | 000,131,072 | ---- | M] () -- C:\Program Files\Razer\Diamondback 3G\razertra.exe
MOD - [2009.03.26 14:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\System32\APOMngr.DLL
MOD - [2009.02.06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\System32\CmdRtr.DLL
MOD - [2007.09.20 19:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2007.03.05 18:17:56 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\Tarantula\razertra.exe
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mcmispupdmgr.dll -- (oracledbconsoleorcl)
SRV - [2013.06.12 17:03:40 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.19 09:47:51 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013.05.06 18:04:38 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013.02.26 00:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Running] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.21 02:39:20 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.02.08 18:01:47 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.02.08 17:55:13 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010.02.08 17:36:40 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010.02.01 14:00:40 | 001,043,784 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.02.01 13:57:16 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.01.21 18:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.11.18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\EGAL\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013.05.09 10:59:10 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013.05.09 10:59:10 | 000,368,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013.05.09 10:59:10 | 000,174,664 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013.05.09 10:59:10 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013.05.09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013.05.09 10:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013.05.09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013.05.09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013.02.26 00:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.11.09 16:21:40 | 000,147,776 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011.10.27 00:21:08 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AFS.SYS -- (AFS)
DRV - [2011.08.30 01:54:22 | 000,097,552 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV - [2011.05.17 17:40:37 | 000,278,984 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.06.21 22:46:13 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.01.27 04:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2009.10.14 08:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.08.03 12:10:24 | 001,148,416 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\P17.sys -- (P17)
DRV - [2009.07.14 00:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009.06.18 20:45:02 | 004,172,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM)
DRV - [2007.04.11 16:23:48 | 000,045,440 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UsbFltr.sys -- (TarFltr)
DRV - [2005.09.06 12:13:52 | 000,004,505 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tihid.sys -- (Tihid)
DRV - [2005.04.24 23:43:58 | 000,013,225 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DB3G.sys -- (Razerlow)
DRV - [2004.08.31 20:07:08 | 000,026,240 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2004.08.13 10:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-4146297843-2475112070-2277350915-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-4146297843-2475112070-2277350915-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-4146297843-2475112070-2277350915-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C6 6B 05 BE 19 B0 CA 01  [binary data]
IE - HKU\S-1-5-21-4146297843-2475112070-2277350915-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-4146297843-2475112070-2277350915-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-4146297843-2475112070-2277350915-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=754f46bf-ec0f-442a-9524-e6dface7ba68&pid=proxtubede&k=0
IE - HKU\S-1-5-21-4146297843-2475112070-2277350915-1000\..\SearchScopes\{136D0C38-F6BE-4FF0-B1C1-E82465C425CB}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=754f46bf-ec0f-442a-9524-e6dface7ba68&pid=proxtubede&mode=bounce&k=0
IE - HKU\S-1-5-21-4146297843-2475112070-2277350915-1000\..\SearchScopes\{1732850D-AFC1-4A1A-AA97-5674574E121C}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=754f46bf-ec0f-442a-9524-e6dface7ba68&pid=proxtubede&mode=bounce&k=0
IE - HKU\S-1-5-21-4146297843-2475112070-2277350915-1000\..\SearchScopes\{187F50A8-52B2-48C5-B20C-D96449C26E2D}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=754f46bf-ec0f-442a-9524-e6dface7ba68&pid=proxtubede&mode=bounce&k=0
IE - HKU\S-1-5-21-4146297843-2475112070-2277350915-1000\..\SearchScopes\{26CA4FA5-9B46-4A72-8E9E-EBF0DE82AC21}: "URL" = hxxp://de.search.yahoo.com.anonymize-me.de/?anonymto=687474703A2F2F64652E7365617263682E7961686F6F2E636F6D2F7365617263683F66723D6368722D677265656E747265655F69652665693D7574662D3826747970653D33303233393826703D7B7365617263685465726D737D&st={searchTerms}&clid=754f46bf-ec0f-442a-9524-e6dface7ba68&pid=proxtubede&k=0
IE - HKU\S-1-5-21-4146297843-2475112070-2277350915-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-4146297843-2475112070-2277350915-1000\..\SearchScopes\{864C26B3-A135-4318-8D9A-7F881D218950}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=754f46bf-ec0f-442a-9524-e6dface7ba68&pid=proxtubede&mode=bounce&k=0
IE - HKU\S-1-5-21-4146297843-2475112070-2277350915-1000\..\SearchScopes\{923E93C6-EADA-4EE7-BAEF-97C79C156F3A}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=754f46bf-ec0f-442a-9524-e6dface7ba68&pid=proxtubede&mode=bounce&k=0
IE - HKU\S-1-5-21-4146297843-2475112070-2277350915-1000\..\SearchScopes\{D5153510-4B3E-46AE-A888-5CA9B4B46747}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=754f46bf-ec0f-442a-9524-e6dface7ba68&pid=proxtubede&mode=bounce&k=0
IE - HKU\S-1-5-21-4146297843-2475112070-2277350915-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4146297843-2475112070-2277350915-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-4146297843-2475112070-2277350915-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.1
FF - prefs.js..extensions.enabledAddons: %7Bbee6eb20-01e0-ebd1-da83-080329fb9a3a%7D:1.33
FF - prefs.js..extensions.enabledAddons: %7B2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7%7D:1.5.1
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "95.181.33.22"
FF - prefs.js..network.proxy.http: "95.181.33.22"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "95.181.33.22"
FF - prefs.js..network.proxy.ssl: "95.181.33.22"
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\EGAL\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.08.03 17:58:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.06.21 18:02:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.19 09:47:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.19 09:47:39 | 000,000,000 | ---D | M]
 
[2010.02.08 17:46:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\EGAL\AppData\Roaming\mozilla\Extensions
[2013.06.22 01:21:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\EGAL\AppData\Roaming\mozilla\Firefox\Profiles\viz3tusi.default\extensions
[2013.06.14 16:30:29 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\EGAL\AppData\Roaming\mozilla\Firefox\Profiles\viz3tusi.default\extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}
[2013.03.14 21:00:24 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\EGAL\AppData\Roaming\mozilla\Firefox\Profiles\viz3tusi.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2013.05.21 05:48:08 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\EGAL\AppData\Roaming\mozilla\Firefox\Profiles\viz3tusi.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2012.12.11 22:51:38 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\EGAL\AppData\Roaming\mozilla\firefox\profiles\viz3tusi.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.05.09 02:14:48 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\EGAL\AppData\Roaming\mozilla\firefox\profiles\viz3tusi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.06.06 20:34:17 | 000,002,077 | ---- | M] () -- C:\Users\EGAL\AppData\Roaming\mozilla\firefox\profiles\viz3tusi.default\searchplugins\{0CFE86B6-23D7-4F01-BBFC-A46BE9EC10A1}.xml
[2013.06.06 20:34:17 | 000,002,188 | ---- | M] () -- C:\Users\EGAL\AppData\Roaming\mozilla\firefox\profiles\viz3tusi.default\searchplugins\{74DAFE1B-4B1A-4E66-B6EC-2994A55B1279}.xml
[2013.06.06 20:34:17 | 000,001,870 | ---- | M] () -- C:\Users\EGAL\AppData\Roaming\mozilla\firefox\profiles\viz3tusi.default\searchplugins\{C174170F-389A-4524-A2B4-9FD3D4EE1F79}.xml
[2013.06.06 20:34:17 | 000,024,039 | ---- | M] () -- C:\Users\EGAL\AppData\Roaming\mozilla\firefox\profiles\viz3tusi.default\searchplugins\{D291A85D-C059-466E-A436-B5E4FE74A1EF}.xml
[2013.06.06 20:34:17 | 000,002,522 | ---- | M] () -- C:\Users\EGAL\AppData\Roaming\mozilla\firefox\profiles\viz3tusi.default\searchplugins\{D69ECB5D-1209-4E85-8431-B3F78AD83B88}.xml
[2013.06.06 20:34:17 | 000,001,094 | ---- | M] () -- C:\Users\EGAL\AppData\Roaming\mozilla\firefox\profiles\viz3tusi.default\searchplugins\{DD8A5BCC-E71D-425C-81BE-ACDA3B810959}.xml
[2013.05.19 09:47:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.05.19 09:47:30 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2013.05.19 09:47:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013.05.19 09:47:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.06.21 18:02:19 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2010.09.03 11:24:30 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.07.03 00:34:44 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
 
O1 HOSTS File: ([2013.06.20 22:20:46 | 000,447,019 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 15377 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Diamondback] C:\Program Files\Razer\Diamondback 3G\razerhid.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [P17RunE] C:\Windows\System32\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Tarantula] C:\Program Files\Razer\Tarantula\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-4146297843-2475112070-2277350915-1000..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4146297843-2475112070-2277350915-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4146297843-2475112070-2277350915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177
O7 - HKU\S-1-5-21-4146297843-2475112070-2277350915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\EGAL\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\EGAL\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\EGAL\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4182D7EA-72D4-44A0-B9AD-4FC1AF9453F5}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.22 01:14:57 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.06.21 18:02:21 | 000,061,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013.06.21 15:44:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\EGAL\Desktop\OTL.exe
[2013.06.21 01:15:23 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\EGAL\Desktop\HiJackThis204.exe
[2013.06.20 22:32:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.06.20 22:32:10 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2013.06.20 22:32:02 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013.06.20 22:13:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.20 20:55:25 | 000,000,000 | ---D | C] -- C:\Users\EGAL\AppData\Local\temp
[2013.06.20 05:56:10 | 000,393,040 | ---- | C] (Softonic                                        ) -- C:\Users\EGAL\Desktop\SoftonicDownloader_fuer_combofix.exe
[2013.06.20 05:07:24 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.20 04:57:55 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.06.20 04:47:19 | 000,617,312 | ---- | C] (www.download-sponsor.de) -- C:\Users\EGAL\Desktop\CCleaner 4.01.4093.exe
[2013.06.20 04:45:23 | 000,096,978 | ---- | C] (Business Information Solutions) -- C:\Users\EGAL\Desktop\VirtumundoBeGone.exe
[2013.06.20 04:14:33 | 000,000,000 | ---D | C] -- C:\Users\EGAL\AppData\Roaming\Malwarebytes
[2013.06.20 04:13:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.20 04:13:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.20 04:13:29 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.06.20 04:13:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.06.20 03:38:20 | 036,271,144 | ---- | C] (Safer-Networking Ltd.                                       ) -- C:\Users\EGAL\Desktop\spybot-2.1.exe
[2013.06.20 03:37:56 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\EGAL\Desktop\mbam-setup-1.75.0.1300.exe
[2013.06.06 20:35:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.06.06 20:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.06.06 20:34:17 | 000,000,000 | ---D | C] -- C:\Users\EGAL\AppData\Roaming\Opera
[2013.06.06 20:33:54 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\System32\dhRichClient3.dll
[2013.06.01 02:32:05 | 000,000,000 | ---D | C] -- C:\Users\EGAL\Desktop\Dartols Rute der Transformation - Gegenstände - World of Warcraft Datenbank von buffed.de-Dateien
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.22 22:11:14 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_EGAL.job
[2013.06.22 22:11:09 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.22 22:10:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.22 22:10:49 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.22 22:03:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.22 21:59:58 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.22 21:59:58 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.22 21:48:20 | 000,648,201 | ---- | M] () -- C:\Users\EGAL\Desktop\adwcleaner.exe
[2013.06.22 10:20:10 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.22 08:37:41 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_EGAL.job
[2013.06.22 01:17:34 | 000,001,948 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013.06.21 18:02:20 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013.06.21 15:48:31 | 000,377,856 | ---- | M] () -- C:\Users\EGAL\Desktop\gmer_2.1.19163.exe
[2013.06.21 15:44:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\EGAL\Desktop\OTL.exe
[2013.06.21 15:39:50 | 000,000,020 | ---- | M] () -- C:\Users\EGAL\defogger_reenable
[2013.06.21 15:38:05 | 000,050,477 | ---- | M] () -- C:\Users\EGAL\Desktop\Defogger.exe
[2013.06.21 05:15:39 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_EGAL.job
[2013.06.21 01:15:27 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\EGAL\Desktop\HiJackThis204.exe
[2013.06.21 01:05:31 | 000,000,142 | ---- | M] () -- C:\Windows\wininit.ini
[2013.06.20 22:32:15 | 000,002,087 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.06.20 22:20:46 | 000,447,019 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.06.20 20:56:54 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130620-222046.backup
[2013.06.20 05:56:17 | 000,393,040 | ---- | M] (Softonic                                        ) -- C:\Users\EGAL\Desktop\SoftonicDownloader_fuer_combofix.exe
[2013.06.20 04:57:58 | 000,000,933 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.06.20 04:56:08 | 000,002,131 | ---- | M] () -- C:\Users\EGAL\Desktop\CCleaner 4.01.4093 Setup.lnk
[2013.06.20 04:47:20 | 000,617,312 | ---- | M] (www.download-sponsor.de) -- C:\Users\EGAL\Desktop\CCleaner 4.01.4093.exe
[2013.06.20 04:45:26 | 000,096,978 | ---- | M] (Business Information Solutions) -- C:\Users\EGAL\Desktop\VirtumundoBeGone.exe
[2013.06.20 04:13:32 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.20 03:39:15 | 036,271,144 | ---- | M] (Safer-Networking Ltd.                                       ) -- C:\Users\EGAL\Desktop\spybot-2.1.exe
[2013.06.20 03:38:16 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\EGAL\Desktop\mbam-setup-1.75.0.1300.exe
[2013.06.01 02:32:31 | 000,244,266 | ---- | M] () -- C:\Users\EGAL\Desktop\Dartols Rute der Transformation - Gegenstände - World of Warcraft Datenbank von buffed.de.htm
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.22 21:48:08 | 000,648,201 | ---- | C] () -- C:\Users\EGAL\Desktop\adwcleaner.exe
[2013.06.22 01:17:34 | 000,001,948 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013.06.21 18:02:20 | 000,174,664 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.06.21 18:02:20 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.06.21 15:48:29 | 000,377,856 | ---- | C] () -- C:\Users\EGAL\Desktop\gmer_2.1.19163.exe
[2013.06.21 15:39:30 | 000,000,020 | ---- | C] () -- C:\Users\EGAL\defogger_reenable
[2013.06.21 15:38:01 | 000,050,477 | ---- | C] () -- C:\Users\EGAL\Desktop\Defogger.exe
[2013.06.21 04:07:03 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_EGAL.job
[2013.06.20 22:32:15 | 000,002,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.06.20 22:32:15 | 000,002,087 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.06.20 22:24:21 | 000,000,142 | ---- | C] () -- C:\Windows\wininit.ini
[2013.06.20 04:57:58 | 000,000,933 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.06.20 04:56:05 | 000,002,131 | ---- | C] () -- C:\Users\EGAL\Desktop\CCleaner 4.01.4093 Setup.lnk
[2013.06.20 04:13:32 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.20 01:56:27 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_EGAL.job
[2013.06.20 01:56:25 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_EGAL.job
[2013.06.13 17:44:51 | 000,006,904 | ---- | C] () -- C:\Users\EGAL\Desktop\Classical Gas.gp3
[2013.06.06 20:34:00 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2013.06.01 02:32:15 | 000,244,266 | ---- | C] () -- C:\Users\EGAL\Desktop\Dartols Rute der Transformation - Gegenstände - World of Warcraft Datenbank von buffed.de.htm
[2013.05.09 16:58:14 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2013.05.09 16:58:14 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2013.03.23 20:16:28 | 000,004,505 | ---- | C] () -- C:\Windows\System32\drivers\tihid.sys
[2013.03.23 20:13:33 | 000,143,360 | ---- | C] () -- C:\Windows\System32\Tipage.dll
[2012.06.12 01:45:50 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll
[2012.03.28 19:40:44 | 000,000,112 | ---- | C] () -- C:\ProgramData\54X64LKy.dat
[2011.10.27 00:06:17 | 000,010,443 | ---- | C] () -- C:\Windows\hpdj3600.ini
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.07.10 00:34:29 | 000,036,892 | ---- | C] () -- C:\Windows\System32\bassmod.dll
[2011.07.06 20:08:13 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010.11.05 13:41:07 | 000,000,092 | ---- | C] () -- C:\Users\EGAL\AppData\Local\fusioncache.dat
[2010.07.10 19:44:43 | 000,000,000 | ---- | C] () -- C:\Users\EGAL\.gtk-bookmarks
[2010.05.01 20:54:05 | 000,007,608 | ---- | C] () -- C:\Users\EGAL\AppData\Local\Resmon.ResmonCfg
[2010.03.21 19:20:31 | 000,138,056 | ---- | C] () -- C:\Users\EGAL\AppData\Roaming\PnkBstrK.sys
[2010.02.16 20:40:55 | 000,001,355 | ---- | C] () -- C:\Users\EGAL\AppData\Roaming\SAS7_000.DAT
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.12.08 02:28:59 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\.minecraft
[2013.02.28 20:43:50 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\AnvSoft
[2010.02.08 17:54:29 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\Ashampoo
[2010.03.26 14:42:26 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\Ashampoo Cover Studio 2
[2013.06.20 05:05:50 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\Azureus
[2010.03.02 12:41:26 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\Bioshock2
[2013.03.14 19:25:33 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\CDisplayEx
[2013.06.20 05:05:51 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\DAEMON Tools Lite
[2013.06.20 05:05:51 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\DAEMON Tools Pro
[2011.06.27 23:41:43 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\Day 1 Studios
[2012.11.07 23:14:40 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\DVDVideoSoft
[2012.04.26 23:44:08 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\FreeDoko
[2010.11.08 16:04:27 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\ICQ
[2010.03.19 11:13:22 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\IrfanView
[2011.11.26 03:20:50 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\Juniper Networks
[2010.10.14 12:49:18 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\Line 6
[2011.11.07 17:26:21 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\MotioninJoy
[2011.08.23 00:13:36 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\Mumble
[2010.07.17 14:42:13 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\Neoretix
[2010.02.15 21:35:19 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\OpenOffice.org
[2013.06.06 20:34:17 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\Opera
[2011.03.18 22:08:23 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\PunkBuster
[2012.01.05 05:46:25 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\Recorder
[2012.08.12 13:50:04 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\six-updater
[2012.08.12 13:44:09 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\six-zsync
[2013.06.20 05:05:50 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\TS3Client
[2010.02.08 18:00:30 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\TuneUp Software
[2011.12.02 13:14:38 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\Ubisoft
[2010.12.27 13:39:23 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\Uniblue
[2013.06.20 05:05:50 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\uTorrent
[2012.03.28 23:16:31 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\Wise Registry Cleaner
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:F35A93AD

< End of report >
         

Alt 22.06.2013, 22:38   #5
aharonov
/// TB-Ausbilder
 
Virtumonde.dll/sci/sdn und Spybot - Standard

Virtumonde.dll/sci/sdn und Spybot



Gut, dann noch eine Kontrolle:


Schritt 1

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:F35A93AD
[2013.06.20 04:45:26 | 000,096,978 | ---- | M] (Business Information Solutions) -- C:\Users\EGAL\Desktop\VirtumundoBeGone.exe
[2013.06.20 05:56:17 | 000,393,040 | ---- | M] (Softonic                                        ) -- C:\Users\EGAL\Desktop\SoftonicDownloader_fuer_combofix.exe
IE - HKU\S-1-5-21-4146297843-2475112070-2277350915-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320
IE - HKU\S-1-5-21-4146297843-2475112070-2277350915-1000\..\SearchScopes\{864C26B3-A135-4318-8D9A-7F881D218950}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=754f46bf-ec0f-442a-9524-e6dface7ba68&pid=proxtubede&mode=bounce&k=0
IE - HKU\S-1-5-21-4146297843-2475112070-2277350915-1000\..\SearchScopes\{923E93C6-EADA-4EE7-BAEF-97C79C156F3A}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=754f46bf-ec0f-442a-9524-e6dface7ba68&pid=proxtubede&mode=bounce&k=0
IE - HKU\S-1-5-21-4146297843-2475112070-2277350915-1000\..\SearchScopes\{D5153510-4B3E-46AE-A888-5CA9B4B46747}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=754f46bf-ec0f-442a-9524-e6dface7ba68&pid=proxtubede&mode=bounce&k=0
IE - HKU\S-1-5-21-4146297843-2475112070-2277350915-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=754f46bf-ec0f-442a-9524-e6dface7ba68&pid=proxtubede&k=0
IE - HKU\S-1-5-21-4146297843-2475112070-2277350915-1000\..\SearchScopes\{136D0C38-F6BE-4FF0-B1C1-E82465C425CB}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=754f46bf-ec0f-442a-9524-e6dface7ba68&pid=proxtubede&mode=bounce&k=0
IE - HKU\S-1-5-21-4146297843-2475112070-2277350915-1000\..\SearchScopes\{1732850D-AFC1-4A1A-AA97-5674574E121C}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=754f46bf-ec0f-442a-9524-e6dface7ba68&pid=proxtubede&mode=bounce&k=0
IE - HKU\S-1-5-21-4146297843-2475112070-2277350915-1000\..\SearchScopes\{187F50A8-52B2-48C5-B20C-D96449C26E2D}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=754f46bf-ec0f-442a-9524-e6dface7ba68&pid=proxtubede&mode=bounce&k=0
IE - HKU\S-1-5-21-4146297843-2475112070-2277350915-1000\..\SearchScopes\{26CA4FA5-9B46-4A72-8E9E-EBF0DE82AC21}: "URL" = hxxp://de.search.yahoo.com.anonymize-me.de/?anonymto=687474703A2F2F64652E7365617263682E7961686F6F2E636F6D2F7365617263683F66723D6368722D677265656E747265655F69652665693D7574662D3826747970653D33303233393826703D7B7365617263685465726D737D&st={searchTerms}&clid=754f46bf-ec0f-442a-9524-e6dface7ba68&pid=proxtubede&k=0

:commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread



Schritt 2


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Schritt 3

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.



Bitte poste in deiner nächsten Antwort:
  • Fixlog von OTL
  • Log von ESET
  • Log von SecurityCheck

__________________
cheers,
Leo

Alt 23.06.2013, 04:30   #6
Victarion
 
Virtumonde.dll/sci/sdn und Spybot - Standard

Virtumonde.dll/sci/sdn und Spybot



Hi,
Hier meine Logs
Code:
ATTFilter
All processes killed
========== OTL ==========
ADS C:\ProgramData\TEMP:F35A93AD deleted successfully.
C:\Users\EGAL\Desktop\VirtumundoBeGone.exe moved successfully.
C:\Users\EGAL\Desktop\SoftonicDownloader_fuer_combofix.exe moved successfully.
HKU\S-1-5-21-4146297843-2475112070-2277350915-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4146297843-2475112070-2277350915-1000\Software\Microsoft\Internet Explorer\SearchScopes\{864C26B3-A135-4318-8D9A-7F881D218950}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{864C26B3-A135-4318-8D9A-7F881D218950}\ not found.
Registry key HKEY_USERS\S-1-5-21-4146297843-2475112070-2277350915-1000\Software\Microsoft\Internet Explorer\SearchScopes\{923E93C6-EADA-4EE7-BAEF-97C79C156F3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{923E93C6-EADA-4EE7-BAEF-97C79C156F3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-4146297843-2475112070-2277350915-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D5153510-4B3E-46AE-A888-5CA9B4B46747}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5153510-4B3E-46AE-A888-5CA9B4B46747}\ not found.
Registry key HKEY_USERS\S-1-5-21-4146297843-2475112070-2277350915-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-4146297843-2475112070-2277350915-1000\Software\Microsoft\Internet Explorer\SearchScopes\{136D0C38-F6BE-4FF0-B1C1-E82465C425CB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{136D0C38-F6BE-4FF0-B1C1-E82465C425CB}\ not found.
Registry key HKEY_USERS\S-1-5-21-4146297843-2475112070-2277350915-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1732850D-AFC1-4A1A-AA97-5674574E121C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1732850D-AFC1-4A1A-AA97-5674574E121C}\ not found.
Registry key HKEY_USERS\S-1-5-21-4146297843-2475112070-2277350915-1000\Software\Microsoft\Internet Explorer\SearchScopes\{187F50A8-52B2-48C5-B20C-D96449C26E2D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{187F50A8-52B2-48C5-B20C-D96449C26E2D}\ not found.
Registry key HKEY_USERS\S-1-5-21-4146297843-2475112070-2277350915-1000\Software\Microsoft\Internet Explorer\SearchScopes\{26CA4FA5-9B46-4A72-8E9E-EBF0DE82AC21}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26CA4FA5-9B46-4A72-8E9E-EBF0DE82AC21}\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: EGAL
->Temp folder emptied: 3644370 bytes
->Temporary Internet Files folder emptied: 102429 bytes
->Java cache emptied: 15783317 bytes
->FireFox cache emptied: 79221708 bytes
->Flash cache emptied: 536 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 557056 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 134760052 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 223,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06222013_230311

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d5385495f4c508409222175784c54a67
# engine=14135
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-23 12:29:54
# local_time=2013-06-23 02:29:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 115238 148657266 0 0
# compatibility_mode=5893 16776573 100 94 0 123578585 0 0
# scanned=252069
# found=0
# cleaned=0
# scan_time=11104
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.64  
 Windows 7 Service Pack 1 x86 (UAC is disabled!)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 TuneUp Utilities    
 TuneUp Utilities Language Pack (de-DE) 
 TuneUp Utilities    
 CCleaner     
 Wise Registry Cleaner 6.14  
 Java 7 Update 25  
 Java version out of Date! 
 Adobe Flash Player 	11.7.700.224  
 Adobe Reader 9  
 Adobe Reader XI  
 Mozilla Firefox (21.0) 
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled! 
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

Alt 23.06.2013, 15:08   #7
aharonov
/// TB-Ausbilder
 
Virtumonde.dll/sci/sdn und Spybot - Standard

Virtumonde.dll/sci/sdn und Spybot



Hi,

das sieht alles gut aus.
Wir räumen auf.


Cleanup

Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.
  1. Starte defogger und drücke den Button Re-enable.
  2. Den ESET Online Scanner kannst du behalten, um ab und zu (monatlich) für eine Zweitmeinung dein System damit zu scannen. Falls du ESET deinstallieren möchtest, dann kannst du das ebenfalls über die Systemsteuerung tun.
  3. Downloade dir bitte auf jeden Fall DelFix auf deinen Desktop.
    • Schliesse alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • DelFix entfernt u.a. alle von uns verwendeten Programme und löscht sich anschliessend selbst.
  4. Wenn jetzt noch etwas übriggeblieben ist, dann kannst du es einfach manuell löschen.




>> OK <<
Wir sind durch, deine Logs sehen für mich im Moment sauber aus.

Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst.

Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann.




Epilog: Tipps, Dos & Don'ts

Aktualität von System und Software

Das Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
  • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
  • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren

Auch die installierte Software sollte immer in der aktuellsten Version vorliegen.
Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
  • Mit diesem kleinen Plugin-Check kannst du regelmässig diese Komponenten auf deren Aktualität überprüfen.
  • Achte auch darauf, dass alte, nicht mehr verwendete Versionen deinstalliert sind.
  • Optional: Das Programm Secunia Personal Software Inspector kann dich dabei unterstützen, stets die aktuellen Versionen sämtlicher installierter Software zu nutzen.

Sicherheits-Software

Eine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt).
Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
  • Nutze einen Virenscanner mit Hintergrundwächter mit stets aktueller Datenbank. Welches Produkt gewählt wird, spielt keine so entscheidende Rolle. Es gibt kommerzielle Versionen, aber ein kostenloser Scanner mit den Grundfunktionen wie beispielsweise Avast! Free Antivirus sollte ausreichen. Betreibe aber keinesfalls zwei Wächter parallel, die würden sich gegenseitig behindern.
  • Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.
  • Zusätzlich zum Virenscanner kannst du dein System regelmässig mit einem On-Demand Antimalwareprogramm scannen. Empfehlenswert ist die Free-Version von Malwarebytes Anti-Malware. Vor jedem Scan die Datenbank updaten.
  • Optional: Das Programm Sandboxie führt Anwendungen in einer isolierten Umgebung ("Sandkasten") aus, so dass keine Änderungen am System vorgenommen werden können. Wenn du deinen Browser darin startest, vermindert sich die Chance, dass beim Surfen eingefangene Malware sich dauerhaft im System festsetzen kann.
  • Optional: Das Addon WOT (web of trust) warnt dich vor einer als schädlich gemeldeten Website, bevor sie geladen wird. Für verschiedene Browser erhältlich.

Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt.
Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
  • NoScript verhindert standardmässig das Ausführen von aktiven Inhalten (Java, JavaScript, Flash, ..) für sämtliche Websites. Du kannst selber nach dem Prinzip einer Whitelist festlegen, welchen Seiten du vertrauen und Scripts erlauben willst, auch temporär.
  • Adblock Plus blockt die meisten Werbebanner weg. Solche Banner können nebst ihrer störenden Erscheinung auch als Infektionsherde fungieren.

(Un-)Sicheres Verhalten im Internet

Nebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert.

Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
  • Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher (und ein beliebter) Weg, um Malware zu verbreiten.
  • Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kannst du dir nie sicher sein, ob auch wirklich drin ist, was drauf steht.

Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
  • Surfe mit Vorsicht und lass dich nicht von irgendwie interessant erscheinenden Elementen zu einem vorschnellen Klick verleiten. Lass dich nicht von Popups täuschen, die aussehen wie System- oder Virenmeldungen.
  • Sei skeptisch bei unerwarteten E-Mails, insbesondere wenn sie Anhänge enthalten. Auch wenn sie auf den ersten Blick authentisch wirken, persönliche Daten von dir enthalten oder vermeintlich von einem bekannten Absender stammen: Lieber nochmals in Ruhe überdenken oder nachfragen, anstatt einfach mal Links oder ausführbare Anhänge öffnen oder irgendwo deine Daten eingeben.
  • Auch in sozialen Netzwerken oder über Instant Messaging Systeme können schädliche Links oder Dateien die Runde machen. Erhältst du von einem deiner Freunde eine Nachricht, die merkwürdig ist oder so sensationell interessant oder skandalös tönt, dass man einfach draufklicken muss, dann hat bei ihm/ihr wahrscheinlich Neugier über Verstand gesiegt und du solltest nicht denselben Fehler machen.
  • Lass die Dateiendungen anzeigen, so dass du dich nicht täuschen lässt, wenn eine ausführbare Datei über ein doppelte Dateiendung kaschiert wird, z.B. Nacktfoto.jpg.exe.

Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
  • Lade Software in erster Priorität immer direkt vom Hersteller herunter. Viele Softwareportale (z.B. Softonic) packen noch unnützes Zeug mit in die Installation. Alternativ dazu wähle ein sauberes Portal wie Filepony oder heise.
  • Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen fürs Programm irrelevanten Ergänzungen.

Allgemeine Hinweise

Abschliessend noch ein paar grundsätzliche Bemerkungen:
  • Dein Benutzerkonto für den alltäglichen Gebrauch sollte nicht über Administratorenrechte verfügen. Nutze ein Konto mit eingeschränkten Rechten (Windows XP) bzw. aktiviere die Benutzerkontensteuerung (UAC) auf der höchsten Stufe (Windows Vista / 7).
  • Erstelle regelmässig Backups deiner Daten und Dokumente auf externen Datenträgern, bei wichtigen Dateien mindestens zweifach. Nicht nur ein Malwarebefall kann schmerzhaften Datenverlust nach sich ziehen sondern auch ein gewöhnlicher Festplattendefekt.
  • Die Autorun/Autoplay-Funktion stellt ein Risiko dar, denn sie ermöglicht es, dass beispielsweise beim Einstecken eines entsprechend infizierten USB-Sticks der Befall auf den Rechner überspringt. Überlege dir, ob du diese Funktion nicht besser deaktivieren möchtest.
  • Wähle deine Passwörter gemäss den gängigen Regeln, um besser gegen Brute-Force- und Wörterbuchattacken gewappnet zu sein. Benutze jedes deiner Passwörter nur einmal und ändere sie regelmässig.
  • Der Nutzen von Registry-Cleanern zur Performancesteigerung ist umstritten. Auf jeden Fall lässt sich damit grosser Schaden anrichten, wenn man nicht weiss, was man tut. Wir empfehlen deshalb, die Finger von der Registry zu lassen. Um von Zeit zu Zeit die temporären Dateien zu löschen, genügt TFC.

Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen.
Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.
__________________
cheers,
Leo

Alt 23.06.2013, 19:06   #8
Victarion
 
Virtumonde.dll/sci/sdn und Spybot - Standard

Virtumonde.dll/sci/sdn und Spybot



Hey,

Vielen Dank für die nette und vor allem schnelle Hilfe. TOP!
Ich habe nun keinerlei Probleme mehr und dank dir weitere Vorsichtsmaßnahmen
getroffen.

Großes Lob auch an das ganze Team für die viele Arbeit.

Alt 23.06.2013, 19:18   #9
aharonov
/// TB-Ausbilder
 
Virtumonde.dll/sci/sdn und Spybot - Standard

Virtumonde.dll/sci/sdn und Spybot



Danke für die Rückmeldung.


Freut mich, dass wir helfen konnten.

Falls du dem Forum noch Verbesserungsvorschläge, Kritik oder ein Lob mitgeben möchtest, kannst du das hier tun.

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________
cheers,
Leo

Antwort

Themen zu Virtumonde.dll/sci/sdn und Spybot
bho, bonjour, converter, error, excel, firefox, flash player, google, grand theft auto, hijack, hijackthis, install.exe, logfile, mp3, nexus, nodrives, object, popup, problem, realtek, recuva, registry, safer networking, scan, security, shark, software, spybot, super, svchost.exe, teamspeak, trojaner, virtumonde, windows



Ähnliche Themen: Virtumonde.dll/sci/sdn und Spybot


  1. Spybot scannt cnnt.searchbar, win32.eyeon.ie, virtumonde, tdss,... entfernt aber nichts
    Log-Analyse und Auswertung - 03.02.2015 (17)
  2. [doppelt] Scan mit Spybot und malewarebytes.Spybot...
    Mülltonne - 21.10.2011 (1)
  3. Virtumonde.atr von Spybot S&D gefunden und kann es nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 09.06.2011 (23)
  4. Virtumonde.dll - Spybot löscht nicht - Einsatz von ComboFix, VundoFix, VirtumondoBeGone hilft nicht
    Plagegeister aller Art und deren Bekämpfung - 05.12.2010 (19)
  5. Spybot.. PC-Absturz..Spybot im abgesicherter Modus nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 11.01.2010 (1)
  6. Virtumonde.sdn von Spybot gemeldet und nicht entfernbar
    Plagegeister aller Art und deren Bekämpfung - 24.11.2009 (2)
  7. Spybot Search & Destroy meldet Virtumonde.dll
    Plagegeister aller Art und deren Bekämpfung - 28.07.2009 (15)
  8. Virtumonde/Virtumonde.prx nicht entfernbar !!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2009 (29)
  9. Smitfraud C, virtumonde, virtumonde generic
    Plagegeister aller Art und deren Bekämpfung - 09.01.2009 (11)
  10. spybot meldet virtumonde
    Plagegeister aller Art und deren Bekämpfung - 04.01.2009 (2)
  11. Virtumonde, Virtumonde.generic und Smitfraud-C. lassen sich nicht entfernen
    Log-Analyse und Auswertung - 22.12.2008 (1)
  12. Infiziert mit Virtumonde generic,Virtumonde ,Smitfraud-C und virtumonde.prx
    Plagegeister aller Art und deren Bekämpfung - 17.12.2008 (0)
  13. Spybot meldet Smitfraud-C. Virtumonde & Virtumonde.generic Hilfe!
    Plagegeister aller Art und deren Bekämpfung - 15.12.2008 (1)
  14. Smitfraud-C. & Virtumonde & Virtumonde.generic
    Log-Analyse und Auswertung - 01.12.2008 (7)
  15. Smitfraud-C./Virtumonde/Virtumonde.prx
    Plagegeister aller Art und deren Bekämpfung - 25.11.2008 (22)
  16. Virtumonde bei Spybot
    Plagegeister aller Art und deren Bekämpfung - 17.09.2008 (1)
  17. Virtumonde -- HJT, Spybot und Ad-Aware versagen.
    Log-Analyse und Auswertung - 11.08.2008 (19)

Zum Thema Virtumonde.dll/sci/sdn und Spybot - Hallo liebes Helferteam. Das ist mein erster Beitrag hier, daher hoffe ich mal, dass ich alles richtig gemacht habe. Zu meinem Problem: Mir ist neulich aufgefallen, dass bei meinem Spybot - Virtumonde.dll/sci/sdn und Spybot...
Archiv
Du betrachtest: Virtumonde.dll/sci/sdn und Spybot auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.