Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Win 8 diverse Funde PUP (Babylon) Win32/installcore

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 17.09.2013, 21:09   #1
2ndSkin
 
Win 8 diverse Funde PUP (Babylon) Win32/installcore - Standard

Win 8 diverse Funde PUP (Babylon) Win32/installcore



Hallo,

seit ein paar Tagen erlebe ich merkwürdige Website-Öffnungen auf meinem PC. AVAST verhindert zwar, dass sich die Seiten öffnen, aber ich will da auf Nummer sicher gehen.

darum habe ich einige Scans vorgenommen und dabei bis zu 30 Funde gehabt.

Es wäre sehr nett, wenn mir jemand bei der Säuberung helfen könnte.

Gruß

Andreas

[CODE]
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-09-2013 03
Ran by Lib! (administrator) on LIB-PC on 17-09-2013 16:21:13
Running from C:\Users\Lib!\Downloads
Microsoft Windows 8 Pro with Media Center (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
( ) C:\WINDOWS\system32\lxeecoms.exe
(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe
(IObit) C:\Program Files\IObit\Start Menu 8\StartMenuServices.exe
(IObit) C:\Program Files\IObit\Start Menu 8\StartMenu8.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(IObit) C:\Program Files\IObit\Start Menu 8\StartMenu_Hook.exe
(IObit) C:\Program Files\IObit\Start Menu 8\InstallServices32.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x86__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
() C:\Program Files\Lexmark Pro700 Series\lxeemon.exe
() C:\Program Files\Lexmark Pro700 Series\ezprint.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Secomba GmbH) C:\Program Files\Boxcryptor Classic\BoxcryptorClassic.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(ESET) C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [518040 2013-02-07] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [lxeemon.exe] - C:\Program Files\Lexmark Pro700 Series\lxeemon.exe [770728 2011-01-23] ()
HKLM\...\Run: [EzPrint] - C:\Program Files\Lexmark Pro700 Series\ezprint.exe [148280 2011-01-23] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM\...\Run: [IObit Malware Fighter] - C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [1549120 2013-08-16] (IObit)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files\Google\Drive\googledrivesync.exe [20097696 2013-06-27] (Google)
HKCU\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1509232 2013-02-13] (Samsung)
HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)
HKCU\...\Run: [Sony PC Companion] - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
HKCU\...\Run: [googletalk] - C:\Program Files\Google\Google Talk\googletalk.exe [3293184 2007-11-21] (Google)
HKCU\...\Run: [Google Update] - C:\Users\Lib!\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-01-08] (Google Inc.)
HKCU\...\Run: [5D23D3981F5707EB30B576205889E4373F205214._service_run] - C:\Program Files\Google\Chrome\Application\chrome.exe [829392 2013-09-02] (Google Inc.)
HKCU\...\Run: [SansaDispatch] - C:\Users\Lib!\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [79872 2013-03-15] (SanDisk Corporation)
HKCU\...\Run: [SkyDrive] - C:\Users\Lib!\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-07-02] (Microsoft Corporation)
HKCU\...\Run: [icq] - C:\Users\Lib!\AppData\Roaming\ICQM\icq.exe [27598184 2013-06-10] (ICQ)
HKCU\...\Run: [BoxcryptorClassic.exe] - C:\Program Files\Boxcryptor Classic\BoxcryptorClassic.exe [2239744 2013-07-23] (Secomba GmbH)
HKCU\...\Run: [KSS] - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
HKU\Administrator\...\RunOnce: [DPAPIKeyMig] - C:\Windows\system32\dpapimig.exe [ 2012-07-26] (Microsoft Corporation)
HKU\Administrator\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [ 2012-07-26] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\Acer\Acer Bio Protection\PwdFilter
SSODL: EldosMountNotificator-cbfs4 - {C7A85558-0B63-40C8-A822-E19E8756C8C3} - C:\WINDOWS\system32\cbfsMntNtf4.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0510&m=travelmate_5730
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=240E0016EA6BD209&affID=119357&tsp=5004
SearchScopes: HKCU - {45129142-D920-4F60-94BA-D19C4B6EA99A} URL = hxxp://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKCU - {7B115865-B80C-4EDF-9CF9-3DDFFC1F5263} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\ADVANC~1\BROWER~1\ASCPlugin_Protection.dll (IObit)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Lib!\AppData\Roaming\Mozilla\Firefox\Profiles\538iy8y7.default
FF user.js: detected! => C:\Users\Lib!\AppData\Roaming\Mozilla\Firefox\Profiles\538iy8y7.default\user.js
FF NewTab: hxxp://www.google.com/firefox
FF DefaultSearchEngine: Startpage HTTPS - Deutsch
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Startpage HTTPS - Deutsch
FF Homepage: https://startpage.com/do/mypage.pl?prf=611834e20e5f38f93efe8a7ce2df79e4
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Lib!\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Lib!\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Lib!\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Lib!\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Lib!\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Lib!\AppData\Roaming\Mozilla\Firefox\Profiles\538iy8y7.default\searchplugins\ixquick-https---deutsch.xml
FF SearchPlugin: C:\Users\Lib!\AppData\Roaming\Mozilla\Firefox\Profiles\538iy8y7.default\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Lib!\AppData\Roaming\Mozilla\Firefox\Profiles\538iy8y7.default\Extensions\ascsurfingprotection@iobit.com
FF Extension: goParentFolder - C:\Users\Lib!\AppData\Roaming\Mozilla\Firefox\Profiles\538iy8y7.default\Extensions\goParentFolder@alice.xpi
FF Extension: showParentFolder - C:\Users\Lib!\AppData\Roaming\Mozilla\Firefox\Profiles\538iy8y7.default\Extensions\showParentFolder@alice.xpi
FF Extension: No Name - C:\Users\Lib!\AppData\Roaming\Mozilla\Firefox\Profiles\538iy8y7.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome: 
=======
CHR HomePage: hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=240E0016EA6BD209&affID=119357&tsp=5004
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U10) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.100.18) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Dr.Web Anti-Virus Link Checker) - C:\Users\Lib!\AppData\Local\Google\Chrome\User Data\Default\Extensions\aleggpabliehgbeagmfhnodcijcmbonb\3.2.1_0
CHR Extension: (Google Drive) - C:\Users\Lib!\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Lib!\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Lib!\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (avast! Online Security) - C:\Users\Lib!\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Lib!\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_1
CHR Extension: (Chrome In-App Payments service) - C:\Users\Lib!\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\Lib!\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.0.crx
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\errorassistant_1.1.crx
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx
CHR HKLM\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePlugin.crx
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 AdvancedSystemCareService6; C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe [574272 2013-04-18] (IObit)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft)
R2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [335168 2013-04-25] (IObit)
R2 KSS; C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
S2 lxeeCATSCustConnectService; C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\\lxeeserv.exe [193192 2010-04-14] (Lexmark International, Inc.)
R2 lxee_device; C:\WINDOWS\system32\lxeecoms.exe [598696 2010-04-14] ( )
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
S2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 StartMenuService; C:\Program Files\IObit\Start Menu 8\StartMenuServices.exe [75584 2013-05-02] (IObit)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14480 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R1 cbfs4; C:\WINDOWS\system32\drivers\cbfs4.sys [322112 2013-07-03] (EldoS Corporation)
S3 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [21480 2013-03-23] (IObit)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 NETwNs32; C:\Windows\system32\DRIVERS\NETwNs32.sys [7518208 2012-06-02] (Intel Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-07-03] (Secunia)
S3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [31752 2013-03-26] (IObit.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [15672 2013-05-22] ()
S3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [20944 2013-03-26] (IObit.com)
R3 vpnpbus; C:\Windows\System32\drivers\vpnpbus.sys [15936 2013-07-03] (EldoS Corporation)
R3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-17 16:21 - 2013-09-17 16:21 - 00000000 ____D C:\FRST
2013-09-17 16:20 - 2013-09-17 16:20 - 01083437 _____ (Farbar) C:\Users\Lib!\Downloads\FRST.exe
2013-09-17 16:17 - 2013-09-17 16:17 - 02347384 _____ (ESET) C:\Users\Lib!\Downloads\esetsmartinstaller_deu.exe
2013-09-17 16:17 - 2013-09-17 16:17 - 00000000 ____D C:\Program Files\ESET
2013-09-17 15:55 - 2013-09-17 15:56 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-17 15:55 - 2013-09-17 15:55 - 00001093 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-17 15:55 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-09-17 15:14 - 2013-09-17 15:17 - 11678208 _____ C:\Users\Lib!\Downloads\Eroot 1.3.4.exe
2013-09-17 13:54 - 2013-09-17 13:55 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Lib!\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-09-17 13:53 - 2013-09-17 13:53 - 00001298 _____ C:\Users\Lib!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan.lnk
2013-09-17 13:52 - 2013-09-17 13:52 - 00001071 _____ C:\Users\Lib!\Desktop\Kaspersky Security Scan.lnk
2013-09-17 13:51 - 2013-09-17 13:51 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-17 13:51 - 2013-09-17 13:51 - 00000000 ____D C:\Program Files\Kaspersky Lab
2013-09-17 13:49 - 2013-09-17 13:49 - 00179984 _____ (Kaspersky Lab) C:\Users\Lib!\Downloads\kss12.0.1.117mlg_en-de_ru-de_fr-de_de-de.exe
2013-09-17 13:30 - 2013-09-17 13:30 - 43220992 _____ C:\WINDOWS\system32\config\SOFTWARE.iobit
2013-09-17 13:30 - 2013-09-17 13:30 - 00442368 _____ C:\WINDOWS\system32\config\DEFAULT.iobit
2013-09-17 13:30 - 2013-09-17 13:30 - 00065536 _____ C:\WINDOWS\system32\config\SAM.iobit
2013-09-17 13:30 - 2013-09-17 13:30 - 00028672 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2013-09-17 13:25 - 2013-09-17 13:25 - 23398360 _____ (IObit                                                       ) C:\Users\Lib!\Downloads\asc-setup.exe
2013-09-17 13:24 - 2013-09-17 13:24 - 00001168 _____ C:\Users\Public\Desktop\Uninstaller.lnk
2013-09-17 13:24 - 2013-09-17 13:24 - 00001156 _____ C:\Users\Lib!\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2013-09-17 13:24 - 2013-09-17 13:24 - 00001111 _____ C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
2013-09-17 12:31 - 2013-09-17 13:22 - 00000000 ____D C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ
2013-09-17 12:25 - 2013-09-17 12:29 - 00001764 _____ C:\WINDOWS\setupact.log
2013-09-17 12:25 - 2013-09-17 12:25 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-09-13 13:36 - 2013-09-16 13:42 - 00016864 _____ C:\Users\Lib!\Documents\Vodafone.odt
2013-09-13 13:09 - 2013-09-17 13:09 - 00000093 _____ C:\Users\Lib!\AppData\Roaming\WB.CFG
2013-09-13 13:09 - 2013-09-17 13:09 - 00000005 _____ C:\Users\Lib!\AppData\Roaming\WBPU-TTL.DAT
2013-09-13 13:01 - 2013-09-17 16:14 - 00009634 _____ C:\WINDOWS\PFRO.log
2013-09-13 12:06 - 2013-09-17 15:09 - 00000304 _____ C:\WINDOWS\Tasks\DSite.job
2013-09-13 12:06 - 2013-09-13 12:06 - 00000000 ____D C:\Users\Lib!\AppData\Roaming\DSite
2013-09-13 12:06 - 2013-09-13 12:06 - 00000000 ____D C:\Users\Lib!\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2013-09-13 12:06 - 2013-09-13 12:06 - 00000000 ____D C:\Users\Lib!\AppData\Local\avgchrome
2013-09-13 12:06 - 2013-09-13 12:06 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-13 12:06 - 2013-09-13 12:06 - 00000000 ____D C:\ProgramData\Babylon
2013-09-13 12:01 - 2013-09-13 12:01 - 00001117 _____ C:\Users\Lib!\Desktop\Nexus Root Toolkit.lnk
2013-09-13 12:01 - 2013-09-13 12:01 - 00000000 ____D C:\Users\Lib!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wugs Nexus Root Tookit
2013-09-13 12:01 - 2013-09-13 12:01 - 00000000 ____D C:\Users\Lib!\.android
2013-09-13 12:01 - 2013-09-13 12:01 - 00000000 ____D C:\Program Files\WugFresh Development
2013-09-13 11:57 - 2013-09-13 11:58 - 67797630 _____ C:\Users\Lib!\Downloads\NRT_v1.7.2.sfx(1).exe
2013-09-13 11:35 - 2013-09-13 11:35 - 00310032 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-09-12 16:36 - 2013-09-17 12:39 - 00124187 _____ C:\WINDOWS\WindowsUpdate.log
2013-09-12 14:39 - 2013-09-12 14:39 - 00001839 _____ C:\Users\Public\Desktop\PrivaZer.lnk
2013-09-12 14:38 - 2013-09-12 16:58 - 00000000 ____D C:\Users\Lib!\AppData\Local\PrivaZer
2013-09-12 14:38 - 2013-09-12 14:39 - 00000000 ____D C:\Program Files\PrivaZer
2013-09-12 14:38 - 2013-09-12 14:38 - 00001869 _____ C:\Users\Lib!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivaZer.lnk
2013-09-12 14:38 - 2013-09-12 14:38 - 00000000 ____D C:\Users\Lib!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivaZer
2013-09-12 14:36 - 2013-09-12 14:36 - 05085320 _____ (Goversoft LLC) C:\Users\Lib!\Downloads\privazer_free_2.2.exe
2013-09-12 14:35 - 2013-09-12 14:35 - 00001890 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2013-09-12 14:18 - 2013-09-12 14:18 - 00000000 ____D C:\Users\Lib!\AppData\Local\Secunia PSI
2013-09-12 14:18 - 2013-09-12 14:18 - 00000000 ____D C:\Program Files\Secunia
2013-09-12 14:17 - 2013-09-12 14:17 - 03272136 _____ (Secunia) C:\Users\Lib!\Downloads\PSISetup711.exe
2013-09-12 14:14 - 2013-09-12 14:14 - 00001032 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-09-12 14:11 - 2013-09-12 14:12 - 23003252 _____ C:\Users\Lib!\Downloads\vlc-2.0.8-win32.exe
2013-09-12 14:11 - 2013-09-12 14:12 - 00000000 ____D C:\ProgramData\Oracle
2013-09-12 14:11 - 2013-09-12 14:11 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-09-12 14:11 - 2013-09-12 14:11 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-09-12 14:11 - 2013-09-12 14:11 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-09-12 14:11 - 2013-09-12 14:11 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-09-12 14:11 - 2013-09-12 14:11 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-12 14:09 - 2013-09-12 14:09 - 00913832 _____ (Oracle Corporation) C:\Users\Lib!\Downloads\jre-7u40-windows-i586-iftw.exe
2013-09-11 12:44 - 2013-09-05 22:09 - 00694232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-11 12:44 - 2013-09-05 22:09 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-09-11 12:15 - 2013-08-16 01:59 - 02156392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2013-09-11 12:15 - 2013-08-16 01:59 - 00052656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2013-09-11 12:15 - 2013-08-16 01:21 - 00051544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2013-09-11 12:15 - 2013-08-16 01:08 - 00199872 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationUI.exe
2013-09-11 12:15 - 2013-08-16 00:43 - 03831808 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2013-09-11 12:15 - 2013-08-16 00:43 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2013-09-11 12:15 - 2013-08-16 00:43 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2013-09-11 12:15 - 2013-08-16 00:43 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2013-09-11 12:15 - 2013-08-16 00:43 - 00562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-09-11 12:15 - 2013-08-16 00:43 - 00216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2013-09-11 12:15 - 2013-08-16 00:43 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2013-09-11 12:15 - 2013-08-16 00:43 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
2013-09-11 12:15 - 2013-08-16 00:43 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2013-09-11 12:15 - 2013-08-16 00:43 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2013-09-11 12:15 - 2013-08-16 00:43 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-11 12:15 - 2013-08-16 00:43 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2013-09-11 12:15 - 2013-08-16 00:43 - 00083968 _____ C:\WINDOWS\system32\OEMLicense.dll
2013-09-11 12:15 - 2013-08-16 00:43 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2013-09-11 12:15 - 2013-08-16 00:43 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2013-09-11 12:15 - 2013-08-16 00:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2013-09-11 12:15 - 2013-08-16 00:42 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2013-09-11 12:15 - 2013-08-16 00:42 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2013-09-11 12:15 - 2013-08-16 00:42 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2013-09-11 12:15 - 2013-08-16 00:42 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2013-09-11 12:15 - 2013-08-16 00:42 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2013-09-11 12:15 - 2013-08-16 00:42 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupcln.dll
2013-09-11 12:15 - 2013-08-10 05:58 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2013-09-11 12:15 - 2013-08-02 07:08 - 17561088 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2013-09-11 12:15 - 2013-08-02 07:08 - 08858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-09-11 12:15 - 2013-08-02 07:08 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2013-09-11 12:15 - 2013-08-02 07:06 - 02035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2013-09-11 12:15 - 2013-08-01 10:45 - 01800536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2013-09-11 12:15 - 2013-07-31 01:29 - 00386923 _____ C:\WINDOWS\system32\ApnDatabase.xml
2013-09-11 12:15 - 2013-07-25 01:10 - 00158208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2013-09-11 12:15 - 2013-07-13 06:23 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgr.dll
2013-09-11 12:15 - 2013-04-10 00:29 - 00893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2013-09-11 12:14 - 2013-08-03 07:14 - 00399360 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmon.ocx
2013-09-11 12:14 - 2013-08-03 07:13 - 01245696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2013-09-11 12:14 - 2013-08-03 07:13 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wvc.dll
2013-09-11 12:13 - 2013-08-03 06:17 - 03390464 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-09-11 12:12 - 2013-08-21 04:06 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-09-11 12:12 - 2013-08-21 04:06 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-09-11 12:12 - 2013-08-21 04:06 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2013-09-11 12:12 - 2013-08-21 04:06 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2013-09-11 12:12 - 2013-08-21 04:06 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-09-11 12:12 - 2013-08-21 04:05 - 14332928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-09-11 12:12 - 2013-08-21 04:05 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-09-11 12:12 - 2013-08-21 04:05 - 02876928 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-09-11 12:12 - 2013-08-21 04:05 - 02048000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-09-11 12:12 - 2013-08-21 04:05 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2013-09-11 12:12 - 2013-08-21 04:05 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-09-11 12:12 - 2013-08-21 04:05 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2013-09-11 12:12 - 2013-08-21 04:05 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2013-09-11 12:12 - 2013-08-21 04:05 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2013-09-11 12:12 - 2013-08-21 04:05 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2013-09-11 12:12 - 2013-08-21 03:43 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2013-09-10 15:09 - 2013-09-10 15:09 - 00000000 ____D C:\Program Files\Classic Shell
2013-09-10 14:59 - 2013-09-10 15:00 - 08437760 _____ (IvoSoft) C:\Users\Lib!\Downloads\ClassicShellSetup_3_6_8.exe
2013-09-05 15:33 - 2013-09-05 15:33 - 00002089 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-05 15:33 - 2013-08-30 09:48 - 00369584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-09-05 15:33 - 2013-08-30 09:48 - 00061680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2013-09-05 15:33 - 2013-08-30 09:48 - 00056080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2013-09-05 15:33 - 2013-08-30 09:48 - 00029816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys
2013-09-05 15:32 - 2013-09-05 15:32 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-05 15:32 - 2013-08-30 09:48 - 00770344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-09-05 15:32 - 2013-08-30 09:48 - 00177864 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-09-05 15:32 - 2013-08-30 09:48 - 00066336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-09-05 15:32 - 2013-08-30 09:48 - 00049376 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2013-09-05 15:32 - 2013-08-30 09:47 - 00229648 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-09-05 15:32 - 2013-08-30 09:47 - 00041664 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-09-05 15:31 - 2013-09-05 15:32 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-05 15:28 - 2013-09-05 15:31 - 131918888 _____ C:\Users\Lib!\Downloads\avast_free_antivirus_setup_8.0.1497.376.exe
2013-09-05 15:21 - 2013-09-05 15:21 - 00226356 _____ C:\ProgramData\1378387265.bdinstall.bin
2013-09-05 14:27 - 2013-09-05 15:08 - 00094659 _____ C:\ProgramData\1378384050.5552.bin
2013-09-05 14:27 - 2013-09-05 14:28 - 00022481 _____ C:\ProgramData\1378384050.6928.bin
2013-09-05 14:27 - 2013-09-05 14:28 - 00003004 _____ C:\ProgramData\1378384050.5668.bin
2013-09-05 14:27 - 2013-09-05 14:27 - 00000670 _____ C:\ProgramData\1378384050.7800.bin
2013-09-04 16:19 - 2013-09-04 16:19 - 00526188 _____ C:\ProgramData\1378303864.bdinstall.bin
2013-09-04 15:18 - 2013-09-04 15:37 - 00023337 _____ C:\ProgramData\1378300613.4908.bin
2013-09-04 15:17 - 2013-09-04 15:19 - 00002935 _____ C:\ProgramData\1378300613.7616.bin
2013-09-04 15:17 - 2013-09-04 15:18 - 00000670 _____ C:\ProgramData\1378300613.7944.bin
2013-09-04 15:16 - 2013-09-04 15:36 - 00093654 _____ C:\ProgramData\1378300613.7636.bin
2013-09-03 15:55 - 2013-09-03 15:56 - 38828680 _____ (Intel Corporation) C:\Users\Lib!\Downloads\Win7Vista_151719.exe
2013-09-03 11:44 - 2013-09-03 11:45 - 67797630 _____ C:\Users\Lib!\Downloads\NRT_v1.7.2.sfx.exe
2013-08-26 12:36 - 2013-08-26 12:45 - 00000000 ____D C:\ProgramData\Dumps
2013-08-22 13:17 - 2013-08-22 13:18 - 00000000 ____D C:\Users\Lib!\Downloads\nettool
2013-08-22 13:17 - 2013-08-22 13:17 - 00987741 _____ (A.I.SOFT,INC.) C:\Users\Lib!\Downloads\nettool_1260.EXE
2013-08-22 13:10 - 2013-08-22 13:10 - 00000000 ___RD C:\Users\Lib!\AppData\Roaming\Brother
2013-08-22 13:07 - 2013-08-22 13:13 - 00000432 _____ C:\WINDOWS\BRWMARK.INI
2013-08-22 13:07 - 2013-08-22 13:07 - 00000034 _____ C:\WINDOWS\system32\BD2030.DAT
2013-08-22 11:05 - 2013-07-09 06:25 - 00385768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2013-08-22 11:05 - 2013-07-09 06:16 - 00097112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2013-08-22 11:05 - 2013-07-09 05:58 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2013-08-22 11:05 - 2013-07-09 05:58 - 00317952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanadvui.dll
2013-08-22 11:05 - 2013-07-09 05:57 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll
2013-08-22 11:05 - 2013-07-04 04:14 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2013-08-22 11:05 - 2013-07-03 02:11 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2013-08-22 11:05 - 2013-07-03 02:11 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2013-08-22 11:05 - 2013-07-03 02:10 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2013-08-22 11:05 - 2013-07-03 02:10 - 01075200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2013-08-22 11:05 - 2013-07-01 00:30 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\openfiles.exe
2013-08-22 11:05 - 2013-06-29 06:45 - 00296280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2013-08-22 11:05 - 2013-06-29 06:29 - 00159576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2013-08-22 11:05 - 2013-06-29 06:29 - 00105304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2013-08-22 11:05 - 2013-06-26 04:29 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2013-08-22 11:05 - 2013-06-26 04:27 - 00277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\HdAudio.sys
2013-08-22 11:05 - 2013-06-25 01:10 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2013-08-22 11:05 - 2013-06-25 01:09 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2013-08-22 11:05 - 2013-06-25 01:09 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2013-08-22 11:05 - 2013-06-19 00:38 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmmbase.dll
2013-08-22 11:05 - 2013-06-19 00:38 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmm.dll
2013-08-22 11:05 - 2013-06-12 01:43 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2013-08-22 11:05 - 2013-06-10 21:52 - 00038656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2013-08-22 11:05 - 2013-06-10 21:10 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2013-08-22 11:05 - 2013-06-10 21:10 - 00679936 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2013-08-22 11:05 - 2013-06-10 21:10 - 00473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2013-08-22 11:05 - 2013-06-10 21:10 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2013-08-22 11:05 - 2013-06-06 08:03 - 00097024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2013-08-21 15:43 - 2013-08-21 15:43 - 11174373 _____ C:\Users\Lib!\Downloads\ncid.Net_2.7.17.zip
2013-08-21 15:41 - 2013-08-21 15:41 - 00247043 _____ C:\Users\Lib!\Downloads\config_A803.bin
2013-08-21 11:37 - 2013-08-21 11:37 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-08-21 11:22 - 2013-08-21 11:22 - 00001937 _____ C:\Users\Public\Desktop\Start Menu 8.lnk
2013-08-21 11:01 - 2013-08-21 11:01 - 00001139 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2013-08-21 10:44 - 2013-08-21 10:44 - 21824552 _____ (IObit                                                       ) C:\Users\Lib!\Downloads\imf-setup(1).exe
2013-08-20 13:59 - 2013-08-20 13:59 - 00000633 _____ C:\Users\Lib!\Desktop\JRT.txt
2013-08-20 13:52 - 2013-08-20 13:52 - 00000000 ____D C:\WINDOWS\ERUNT
2013-08-20 13:27 - 2013-08-20 13:27 - 00002684 _____ C:\AdwCleaner[S1].txt
2013-08-20 13:26 - 2013-08-20 13:26 - 00002812 _____ C:\AdwCleaner[R2].txt
2013-08-20 13:26 - 2013-08-20 13:26 - 00000103 ____H C:\.~lock.AdwCleaner[R2].txt#
2013-08-20 13:25 - 2013-08-20 13:25 - 00002752 _____ C:\AdwCleaner[R1].txt
2013-08-20 13:12 - 2013-08-20 13:12 - 01018949 _____ (Thisisu) C:\Users\Lib!\Downloads\JRT.exe
2013-08-20 13:11 - 2013-08-20 13:11 - 00666633 _____ C:\Users\Lib!\Downloads\adwcleaner.exe
2013-08-20 13:06 - 2013-08-20 13:06 - 02347384 _____ (ESET) C:\Users\Lib!\Downloads\esetsmartinstaller_enu.exe
2013-08-20 11:34 - 2013-09-13 12:06 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-20 07:02 - 2013-08-20 07:02 - 00084248 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2013-08-19 11:03 - 2013-08-19 11:03 - 00000830 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2013-08-19 10:54 - 2013-08-19 10:54 - 00001757 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-19 10:53 - 2013-08-19 10:54 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-19 10:53 - 2013-08-19 10:54 - 00000000 ____D C:\Program Files\iTunes
2013-08-19 10:53 - 2013-08-19 10:53 - 00000000 ____D C:\Program Files\iPod

==================== One Month Modified Files and Folders =======

2013-09-17 16:21 - 2013-09-17 16:21 - 00000000 ____D C:\FRST
2013-09-17 16:20 - 2013-09-17 16:20 - 01083437 _____ (Farbar) C:\Users\Lib!\Downloads\FRST.exe
2013-09-17 16:17 - 2013-09-17 16:17 - 02347384 _____ (ESET) C:\Users\Lib!\Downloads\esetsmartinstaller_deu.exe
2013-09-17 16:17 - 2013-09-17 16:17 - 00000000 ____D C:\Program Files\ESET
2013-09-17 16:16 - 2013-01-08 15:28 - 00024106 _____ C:\ProgramData\lxeescan.log
2013-09-17 16:14 - 2013-09-13 13:01 - 00009634 _____ C:\WINDOWS\PFRO.log
2013-09-17 16:14 - 2013-01-08 13:35 - 00001104 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-17 16:14 - 2012-07-26 08:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-09-17 16:13 - 2012-07-26 06:17 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2013-09-17 16:03 - 2013-01-08 16:46 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-09-17 16:01 - 2013-01-08 13:35 - 00001108 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-17 16:00 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\sru
2013-09-17 15:56 - 2013-09-17 15:55 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-17 15:55 - 2013-09-17 15:55 - 00001093 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-17 15:27 - 2013-01-29 15:42 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1169222016-1261099759-1113318950-1003UA.job
2013-09-17 15:17 - 2013-09-17 15:14 - 11678208 _____ C:\Users\Lib!\Downloads\Eroot 1.3.4.exe
2013-09-17 15:09 - 2013-09-13 12:06 - 00000304 _____ C:\WINDOWS\Tasks\DSite.job
2013-09-17 13:55 - 2013-09-17 13:54 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Lib!\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-09-17 13:53 - 2013-09-17 13:53 - 00001298 _____ C:\Users\Lib!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan.lnk
2013-09-17 13:52 - 2013-09-17 13:52 - 00001071 _____ C:\Users\Lib!\Desktop\Kaspersky Security Scan.lnk
2013-09-17 13:51 - 2013-09-17 13:51 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-17 13:51 - 2013-09-17 13:51 - 00000000 ____D C:\Program Files\Kaspersky Lab
2013-09-17 13:49 - 2013-09-17 13:49 - 00179984 _____ (Kaspersky Lab) C:\Users\Lib!\Downloads\kss12.0.1.117mlg_en-de_ru-de_fr-de_de-de.exe
2013-09-17 13:30 - 2013-09-17 13:30 - 43220992 _____ C:\WINDOWS\system32\config\SOFTWARE.iobit
2013-09-17 13:30 - 2013-09-17 13:30 - 00442368 _____ C:\WINDOWS\system32\config\DEFAULT.iobit
2013-09-17 13:30 - 2013-09-17 13:30 - 00065536 _____ C:\WINDOWS\system32\config\SAM.iobit
2013-09-17 13:30 - 2013-09-17 13:30 - 00028672 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2013-09-17 13:30 - 2013-01-07 17:08 - 00000000 ____D C:\Users\Lib!
2013-09-17 13:27 - 2013-01-29 15:42 - 00001078 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1169222016-1261099759-1113318950-1003Core.job
2013-09-17 13:25 - 2013-09-17 13:25 - 23398360 _____ (IObit                                                       ) C:\Users\Lib!\Downloads\asc-setup.exe
2013-09-17 13:24 - 2013-09-17 13:24 - 00001168 _____ C:\Users\Public\Desktop\Uninstaller.lnk
2013-09-17 13:24 - 2013-09-17 13:24 - 00001156 _____ C:\Users\Lib!\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2013-09-17 13:24 - 2013-09-17 13:24 - 00001111 _____ C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
2013-09-17 13:22 - 2013-09-17 12:31 - 00000000 ____D C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ
2013-09-17 13:09 - 2013-09-13 13:09 - 00000093 _____ C:\Users\Lib!\AppData\Roaming\WB.CFG
2013-09-17 13:09 - 2013-09-13 13:09 - 00000005 _____ C:\Users\Lib!\AppData\Roaming\WBPU-TTL.DAT
2013-09-17 13:04 - 2013-01-09 13:15 - 00071012 _____ C:\ProgramData\lxeeJSW.log
2013-09-17 12:39 - 2013-09-12 16:36 - 00124187 _____ C:\WINDOWS\WindowsUpdate.log
2013-09-17 12:29 - 2013-09-17 12:25 - 00001764 _____ C:\WINDOWS\setupact.log
2013-09-17 12:25 - 2013-09-17 12:25 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-09-17 12:22 - 2013-01-07 17:16 - 01745416 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-09-17 11:46 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-09-16 14:00 - 2010-07-30 13:01 - 00000000 ____D C:\Users\Lib!\Documents\Jülich
2013-09-16 13:42 - 2013-09-13 13:36 - 00016864 _____ C:\Users\Lib!\Documents\Vodafone.odt
2013-09-13 13:13 - 2013-02-19 14:53 - 00000000 ____D C:\Users\Lib!\AppData\Local\Adobe
2013-09-13 12:06 - 2013-09-13 12:06 - 00000000 ____D C:\Users\Lib!\AppData\Roaming\DSite
2013-09-13 12:06 - 2013-09-13 12:06 - 00000000 ____D C:\Users\Lib!\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2013-09-13 12:06 - 2013-09-13 12:06 - 00000000 ____D C:\Users\Lib!\AppData\Local\avgchrome
2013-09-13 12:06 - 2013-09-13 12:06 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-13 12:06 - 2013-09-13 12:06 - 00000000 ____D C:\ProgramData\Babylon
2013-09-13 12:06 - 2013-08-20 11:34 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-13 12:01 - 2013-09-13 12:01 - 00001117 _____ C:\Users\Lib!\Desktop\Nexus Root Toolkit.lnk
2013-09-13 12:01 - 2013-09-13 12:01 - 00000000 ____D C:\Users\Lib!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wugs Nexus Root Tookit
2013-09-13 12:01 - 2013-09-13 12:01 - 00000000 ____D C:\Users\Lib!\.android
2013-09-13 12:01 - 2013-09-13 12:01 - 00000000 ____D C:\Program Files\WugFresh Development
2013-09-13 11:58 - 2013-09-13 11:57 - 67797630 _____ C:\Users\Lib!\Downloads\NRT_v1.7.2.sfx(1).exe
2013-09-13 11:35 - 2013-09-13 11:35 - 00310032 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-09-12 16:58 - 2013-09-12 14:38 - 00000000 ____D C:\Users\Lib!\AppData\Local\PrivaZer
2013-09-12 15:26 - 2013-01-16 16:45 - 00000000 ____D C:\Users\Lib!\AppData\Local\Paint.NET
2013-09-12 15:22 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2013-09-12 14:39 - 2013-09-12 14:39 - 00001839 _____ C:\Users\Public\Desktop\PrivaZer.lnk
2013-09-12 14:39 - 2013-09-12 14:38 - 00000000 ____D C:\Program Files\PrivaZer
2013-09-12 14:38 - 2013-09-12 14:38 - 00001869 _____ C:\Users\Lib!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivaZer.lnk
2013-09-12 14:38 - 2013-09-12 14:38 - 00000000 ____D C:\Users\Lib!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivaZer
2013-09-12 14:36 - 2013-09-12 14:36 - 05085320 _____ (Goversoft LLC) C:\Users\Lib!\Downloads\privazer_free_2.2.exe
2013-09-12 14:35 - 2013-09-12 14:35 - 00001890 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2013-09-12 14:32 - 2013-02-05 14:11 - 00000000 ____D C:\Program Files\Java
2013-09-12 14:18 - 2013-09-12 14:18 - 00000000 ____D C:\Users\Lib!\AppData\Local\Secunia PSI
2013-09-12 14:18 - 2013-09-12 14:18 - 00000000 ____D C:\Program Files\Secunia
2013-09-12 14:17 - 2013-09-12 14:17 - 03272136 _____ (Secunia) C:\Users\Lib!\Downloads\PSISetup711.exe
2013-09-12 14:14 - 2013-09-12 14:14 - 00001032 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-09-12 14:12 - 2013-09-12 14:11 - 23003252 _____ C:\Users\Lib!\Downloads\vlc-2.0.8-win32.exe
2013-09-12 14:12 - 2013-09-12 14:11 - 00000000 ____D C:\ProgramData\Oracle
2013-09-12 14:11 - 2013-09-12 14:11 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-09-12 14:11 - 2013-09-12 14:11 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-09-12 14:11 - 2013-09-12 14:11 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-09-12 14:11 - 2013-09-12 14:11 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-09-12 14:11 - 2013-09-12 14:11 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-12 14:11 - 2013-01-08 14:08 - 00868264 _____ (Oracle Corporation) C:\WINDOWS\system32\npDeployJava1.dll
2013-09-12 14:11 - 2013-01-08 14:08 - 00790440 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll
2013-09-12 14:09 - 2013-09-12 14:09 - 00913832 _____ (Oracle Corporation) C:\Users\Lib!\Downloads\jre-7u40-windows-i586-iftw.exe
2013-09-12 13:50 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-09-12 13:38 - 2013-07-02 13:01 - 00001294 _____ C:\Users\Public\Desktop\Paint.NET.lnk
2013-09-12 13:38 - 2013-01-16 16:47 - 00000000 ____D C:\Program Files\Paint.NET
2013-09-11 14:42 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\rescache
2013-09-11 12:44 - 2013-01-07 17:20 - 00000000 ___RD C:\Users\Lib!\AppData\Local\MicrosoftNT
2013-09-11 12:40 - 2012-07-26 08:53 - 00000000 ___RD C:\WINDOWS\ToastData
2013-09-11 12:40 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\WinStore
2013-09-11 12:40 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\de-DE
2013-09-11 12:21 - 2013-07-11 13:18 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-09-11 12:18 - 2013-01-07 17:44 - 76725432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-09-11 12:06 - 2013-01-08 15:34 - 00000000 ____D C:\ProgramData\lx_Cats
2013-09-10 15:09 - 2013-09-10 15:09 - 00000000 ____D C:\Program Files\Classic Shell
2013-09-10 15:00 - 2013-09-10 14:59 - 08437760 _____ (IvoSoft) C:\Users\Lib!\Downloads\ClassicShellSetup_3_6_8.exe
2013-09-05 22:09 - 2013-09-11 12:44 - 00694232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-05 22:09 - 2013-09-11 12:44 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-09-05 15:33 - 2013-09-05 15:33 - 00002089 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-05 15:32 - 2013-09-05 15:32 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-05 15:32 - 2013-09-05 15:31 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-05 15:32 - 2012-07-26 08:53 - 00002577 _____ C:\WINDOWS\system32\config.nt
2013-09-05 15:31 - 2013-09-05 15:28 - 131918888 _____ C:\Users\Lib!\Downloads\avast_free_antivirus_setup_8.0.1497.376.exe
2013-09-05 15:23 - 2012-07-26 08:53 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2013-09-05 15:21 - 2013-09-05 15:21 - 00226356 _____ C:\ProgramData\1378387265.bdinstall.bin
2013-09-05 15:21 - 2013-01-08 16:58 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-09-05 15:08 - 2013-09-05 14:27 - 00094659 _____ C:\ProgramData\1378384050.5552.bin
2013-09-05 14:28 - 2013-09-05 14:27 - 00022481 _____ C:\ProgramData\1378384050.6928.bin
2013-09-05 14:28 - 2013-09-05 14:27 - 00003004 _____ C:\ProgramData\1378384050.5668.bin
2013-09-05 14:27 - 2013-09-05 14:27 - 00000670 _____ C:\ProgramData\1378384050.7800.bin
2013-09-04 16:20 - 2012-07-26 06:17 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2013-09-04 16:19 - 2013-09-04 16:19 - 00526188 _____ C:\ProgramData\1378303864.bdinstall.bin
2013-09-04 15:37 - 2013-09-04 15:18 - 00023337 _____ C:\ProgramData\1378300613.4908.bin
2013-09-04 15:36 - 2013-09-04 15:16 - 00093654 _____ C:\ProgramData\1378300613.7636.bin
2013-09-04 15:19 - 2013-09-04 15:17 - 00002935 _____ C:\ProgramData\1378300613.7616.bin
2013-09-04 15:18 - 2013-09-04 15:17 - 00000670 _____ C:\ProgramData\1378300613.7944.bin
2013-09-03 15:56 - 2013-09-03 15:55 - 38828680 _____ (Intel Corporation) C:\Users\Lib!\Downloads\Win7Vista_151719.exe
2013-09-03 11:45 - 2013-09-03 11:44 - 67797630 _____ C:\Users\Lib!\Downloads\NRT_v1.7.2.sfx.exe
2013-09-02 12:27 - 2013-01-07 17:38 - 00000000 ____D C:\Users\Lib!\AppData\Roaming\Mozilla
2013-08-30 09:48 - 2013-09-05 15:33 - 00369584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-08-30 09:48 - 2013-09-05 15:33 - 00061680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2013-08-30 09:48 - 2013-09-05 15:33 - 00056080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2013-08-30 09:48 - 2013-09-05 15:33 - 00029816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys
2013-08-30 09:48 - 2013-09-05 15:32 - 00770344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-08-30 09:48 - 2013-09-05 15:32 - 00177864 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-08-30 09:48 - 2013-09-05 15:32 - 00066336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-08-30 09:48 - 2013-09-05 15:32 - 00049376 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2013-08-30 09:47 - 2013-09-05 15:32 - 00229648 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-08-30 09:47 - 2013-09-05 15:32 - 00041664 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-08-26 12:45 - 2013-08-26 12:36 - 00000000 ____D C:\ProgramData\Dumps
2013-08-26 12:38 - 2013-01-08 17:10 - 00000000 ____D C:\ProgramData\BDLogging
2013-08-22 16:12 - 2013-07-02 14:08 - 00000000 ____D C:\Users\Lib!\AppData\Roaming\vlc
2013-08-22 13:18 - 2013-08-22 13:17 - 00000000 ____D C:\Users\Lib!\Downloads\nettool
2013-08-22 13:17 - 2013-08-22 13:17 - 00987741 _____ (A.I.SOFT,INC.) C:\Users\Lib!\Downloads\nettool_1260.EXE
2013-08-22 13:13 - 2013-08-22 13:07 - 00000432 _____ C:\WINDOWS\BRWMARK.INI
2013-08-22 13:10 - 2013-08-22 13:10 - 00000000 ___RD C:\Users\Lib!\AppData\Roaming\Brother
2013-08-22 13:07 - 2013-08-22 13:07 - 00000034 _____ C:\WINDOWS\system32\BD2030.DAT
2013-08-21 15:43 - 2013-08-21 15:43 - 11174373 _____ C:\Users\Lib!\Downloads\ncid.Net_2.7.17.zip
2013-08-21 15:41 - 2013-08-21 15:41 - 00247043 _____ C:\Users\Lib!\Downloads\config_A803.bin
2013-08-21 11:37 - 2013-08-21 11:37 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-08-21 11:22 - 2013-08-21 11:22 - 00001937 _____ C:\Users\Public\Desktop\Start Menu 8.lnk
2013-08-21 11:01 - 2013-08-21 11:01 - 00001139 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2013-08-21 10:44 - 2013-08-21 10:44 - 21824552 _____ (IObit                                                       ) C:\Users\Lib!\Downloads\imf-setup(1).exe
2013-08-21 04:06 - 2013-09-11 12:12 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-08-21 04:06 - 2013-09-11 12:12 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-08-21 04:06 - 2013-09-11 12:12 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2013-08-21 04:06 - 2013-09-11 12:12 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2013-08-21 04:06 - 2013-09-11 12:12 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-08-21 04:05 - 2013-09-11 12:12 - 14332928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-08-21 04:05 - 2013-09-11 12:12 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-08-21 04:05 - 2013-09-11 12:12 - 02876928 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-08-21 04:05 - 2013-09-11 12:12 - 02048000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-08-21 04:05 - 2013-09-11 12:12 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2013-08-21 04:05 - 2013-09-11 12:12 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-08-21 04:05 - 2013-09-11 12:12 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2013-08-21 04:05 - 2013-09-11 12:12 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2013-08-21 04:05 - 2013-09-11 12:12 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2013-08-21 04:05 - 2013-09-11 12:12 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2013-08-21 03:43 - 2013-09-11 12:12 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2013-08-20 13:59 - 2013-08-20 13:59 - 00000633 _____ C:\Users\Lib!\Desktop\JRT.txt
2013-08-20 13:52 - 2013-08-20 13:52 - 00000000 ____D C:\WINDOWS\ERUNT
2013-08-20 13:27 - 2013-08-20 13:27 - 00002684 _____ C:\AdwCleaner[S1].txt
2013-08-20 13:26 - 2013-08-20 13:26 - 00002812 _____ C:\AdwCleaner[R2].txt
2013-08-20 13:26 - 2013-08-20 13:26 - 00000103 ____H C:\.~lock.AdwCleaner[R2].txt#
2013-08-20 13:25 - 2013-08-20 13:25 - 00002752 _____ C:\AdwCleaner[R1].txt
2013-08-20 13:17 - 2013-01-07 17:38 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-20 13:12 - 2013-08-20 13:12 - 01018949 _____ (Thisisu) C:\Users\Lib!\Downloads\JRT.exe
2013-08-20 13:11 - 2013-08-20 13:11 - 00666633 _____ C:\Users\Lib!\Downloads\adwcleaner.exe
2013-08-20 13:06 - 2013-08-20 13:06 - 02347384 _____ (ESET) C:\Users\Lib!\Downloads\esetsmartinstaller_enu.exe
2013-08-20 07:02 - 2013-08-20 07:02 - 00084248 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2013-08-19 11:03 - 2013-08-19 11:03 - 00000830 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2013-08-19 10:54 - 2013-08-19 10:54 - 00001757 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-19 10:54 - 2013-08-19 10:53 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-19 10:54 - 2013-08-19 10:53 - 00000000 ____D C:\Program Files\iTunes
2013-08-19 10:53 - 2013-08-19 10:53 - 00000000 ____D C:\Program Files\iPod
2013-08-19 10:53 - 2013-03-11 17:22 - 00000000 ____D C:\ProgramData\Apple Computer
2013-08-19 10:53 - 2013-03-11 17:19 - 00000000 ____D C:\Program Files\Common Files\Apple

Some content of TEMP:
====================
C:\Users\Lib!\AppData\Local\Temp\Quarantine.exe
C:\Users\Lib!\AppData\Local\Temp\uninst1.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-09 12:39

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:28 on 17/09/2013 (Lib!)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-09-2013 03
Ran by Lib! at 2013-09-17 16:22:15
Running from C:\Users\Lib!\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

7-PDF Maker Version 1.2.0 (Build 119) (Version: 7-PDF Maker - Version 1.2.0 (Build 119))
7-PDF Split & Merge Version 2.0.4 (Build 112) (Version: 7-PDF Split & Merge - Version 2.0.4 (Build 112))
7-Zip 9.20
ActiveTrader 5.4.4_b3
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Reader XI (11.0.04) - Deutsch (Version: 11.0.04)
Adobe Shockwave Player 12.0 (Version: 12.0.4.144)
Advanced SystemCare 6 (Version: 6.3)
ALPS Touch Pad Driver (Version: 8.0.2020.112)
Amazon MP3-Downloader 1.0.17 (Version: 1.0.17)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
avast! Free Antivirus (Version: 8.0.1497.0)
Bonjour (Version: 3.0.0.10)
Boxcryptor Classic 1.6 (Version: 1.6.400.65)
CCleaner (Version: 4.03)
CDBurnerXP (Version: 4.5.2.4214)
Classic Shell (Version: 3.6.8)
D3DX10 (Version: 15.4.2368.0902)
ElsterFormular (Version: 14.1.11318)
ESET Online Scanner v3
FileZilla Client 3.7.3 (Version: 3.7.3)
Fotogalerie (Version: 16.4.3508.0205)
Google Chrome (Version: 29.0.1547.66)
Google Drive (Version: 1.11.4865.2530)
Google Talk (remove only)
Google Talk Plugin (Version: 4.5.3.14917)
Google Update Helper (Version: 1.3.21.153)
ICQ 8.0 (build 6019) (HKCU Version: 8.0.6019.0)
Inkscape 0.48.4 (Version: 0.48.4)
IObit Malware Fighter (Version: 2.1)
iTunes (Version: 11.0.5.5)
Java 7 Update 40 (Version: 7.0.400)
Java Auto Updater (Version: 2.1.9.8)
Java SE Development Kit 7 Update 25 (Version: 1.7.0.250)
Junk Mail filter update (Version: 16.4.3508.0205)
Kaspersky Security Scan (Version: 12.0.1.340)
Lexmark Pro700 Series
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SkyDrive (HKCU Version: 17.0.2011.0627)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Movie Maker (Version: 16.4.3508.0205)
MozBackup 1.5.1
Mozilla Firefox 23.0.1 (x86 de) (Version: 23.0.1)
Mozilla Maintenance Service (Version: 23.0.1)
Mp3tag v2.54 (Version: v2.54)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
Music Manager
MyFreeCodec
OpenOffice 4.0.0 (Version: 4.00.9702)
Paint.NET v3.5.11 (Version: 3.61.0)
PDF Split And Merge Basic (Version: 2.2.2)
PDF24 Creator 5.2.0
Photo Common (Version: 16.4.3508.0205)
Photo Gallery (Version: 16.4.3508.0205)
Picasa 3 (Version: 3.9)
PrivaZer (HKCU Version: 2.2.0.0)
QuickTime (Version: 7.74.80.86)
Samsung Kies (Version: 2.5.1.12123_2)
Sansa Updater (HKCU Version: 1.313)
Secunia PSI (3.0.0.7011) (Version: 3.0.0.7011)
Secure Banking Version 1.5.2 (Version: 1.5.2)
Smart Defrag 2 (Version: 2.8)
Sony Ericsson Update Engine (Version: 2.13.6.201305161305)
Sony PC Companion 2.10.165 (Version: 2.10.165)
Start Menu 8 (Version: 1.1.0.0)
swMSM (Version: 12.0.0.1)
System Requirements Lab for Intel (Version: 4.5.13.0)
VLC media player 2.0.8 (Version: 2.0.8)
Winamp (Version: 5.63 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Windows Live Communications Platform (Version: 16.4.3508.0205)
Windows Live Essentials (Version: 16.4.3508.0205)
Windows Live Installer (Version: 16.4.3508.0205)
Windows Live Mail (Version: 16.4.3508.0205)
Windows Live MIME IFilter (Version: 16.4.3508.0205)
Windows Live Photo Common (Version: 16.4.3508.0205)
Windows Live PIMT Platform (Version: 16.4.3508.0205)
Windows Live SOXE (Version: 16.4.3508.0205)
Windows Live SOXE Definitions (Version: 16.4.3508.0205)
Windows Live UX Platform (Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (Version: 16.4.3508.0205)
Windows Live Writer (Version: 16.4.3508.0205)
Windows Live Writer Resources (Version: 16.4.3508.0205)
Zip Opener Packages

==================== Restore Points  =========================

30-08-2013 09:19:03 Geplanter Prüfpunkt
05-09-2013 13:31:42 avast! Free Antivirus Setup
10-09-2013 13:07:57 Installed Classic Shell
12-09-2013 11:35:41 Paint.NET v3.5.11
16-09-2013 14:58:49 Windows Update

==================== Hosts content: ==========================

2012-07-26 06:17 - 2012-07-26 06:17 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {035F06C9-5A2B-4A80-B68C-F5CEA299D636} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {05948387-3636-4D29-89FD-1BEC9E55C476} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {0E78FEE0-C387-4530-AC36-4D46887FBFD5} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {0FB9F3EA-4F42-41A0-B8CE-06CDEF09B849} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation)
Task: {159DA30B-9B91-4267-A71F-5B7ACC15230D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {174644D4-4E5F-4B13-893F-DC718163E165} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation)
Task: {1E84DCB8-8C84-4436-A108-209A65086823} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\WSClient.dll [2013-08-16] (Microsoft Corporation)
Task: {21EBABC3-315E-4262-91EA-833D48E9208B} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {24AE116F-2111-45A1-8708-E65A49C2C2DF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-08] (Google Inc.)
Task: {2C11D542-9CEF-4544-AD4E-C8B55A0A985F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {307D6D3E-9D87-4CFD-B668-C60E8C86B0E3} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {311C4CC9-7320-42AB-B437-C1D02EEB6587} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {320F7DAC-020D-43A0-AF9F-1971D6400354} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1169222016-1261099759-1113318950-1003
Task: {342D8E10-501F-4B38-A4C0-F2DE193B46E9} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {363B18FF-B363-4665-B1C4-DD7823139C45} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation)
Task: {3799C698-B9E2-4D51-86FC-B9B20E8DEF91} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {3979CF68-CD08-46D3-A340-CB769AE09013} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {3B292858-FAAA-4B61-9C76-6902AEB7607B} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {3EC42D4C-09B0-49D9-A6A8-F2E1A94C0A74} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {4294B8A6-13BD-4733-8559-C8D558B6F597} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {44E19131-88E9-4238-9DCD-22306E438BB1} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: {452D606E-BBA0-4C29-9605-F0CAD6917B27} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4E6A710F-F81F-4C39-9783-95C2948DA2FD} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {4F2DA3E8-0B43-47C0-8811-45ECA435391F} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {545C008C-4471-44F8-AD15-96CB8BB2BB0C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\System32\Windows.Storage.ApplicationData.dll [2012-07-26] (Microsoft Corporation)
Task: {56F59500-C4D1-4720-859F-13B4998AA792} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\System32\Startupscan.dll [2012-07-26] (Microsoft Corporation)
Task: {5865587F-1441-4F27-A898-E109FEF1E758} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {5B88CA1D-EEEA-4BAC-9E36-D94BA7D5CC37} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {60DB8D48-6129-4799-AD9C-E574ADC887B9} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-11] (Adobe Systems Incorporated)
Task: {6495D7D8-52C0-4309-9097-247A7B9574CC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {67FF304D-1A11-4CB0-909A-A92DCFD95294} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {68070BBC-F2DE-4476-95C6-C2ED1ECE3D0F} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {74748E76-21FC-465C-ABE1-5E465834A900} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {753C8596-7415-46D3-AF5E-9EEC299E7D90} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {7EBC5A66-ABD2-4B81-872F-BC7CA4AD5D55} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {803996A9-E4D6-400E-BA40-E85BC6D57C96} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
Task: {80832904-43BB-4FD1-B3B8-2C472CC8A199} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software)
Task: {83AEE679-7B1B-469B-96BF-9311D74A85C8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-08] (Google Inc.)
Task: {8E694376-21AC-46FA-8E80-C453341417E4} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {973628F1-FAD0-487A-B3EC-A318007483E8} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {99768757-32DC-4E02-BE1E-2FE4783695EE} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\WSClient.dll [2013-08-16] (Microsoft Corporation)
Task: {9C3ADA14-4FAF-445F-B971-A69F60A7C497} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)
Task: {9D175E12-DB50-4682-9F62-F923B154AA57} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {A014EC55-F9EB-479D-9F4C-ACBE30C9E949} - System32\Tasks\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync
Task: {AC6BEABC-3804-417C-8851-4FB542D44337} - System32\Tasks\DSite => C:\Users\Lib!\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe
Task: {AFE9EACD-AC61-4642-A077-BB06D1147FC5} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {BB4910D3-79D9-461E-AC1B-915B8E8672A3} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {BC858B0C-7D0F-436F-B08B-50D51DF74306} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {C465A656-3917-43C0-B40A-4EBBE8708BB9} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {C66B8D31-A32F-4AF7-800E-475B2C2BE27D} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {C7B00221-71A0-4FB5-84F5-F1A8A2CA1B2A} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {C886C105-68E9-408F-80BB-83FB720EE225} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => Sc.exe start wuauserv
Task: {D1CDD09C-5F29-4A7F-8FB4-897B439CC9A9} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {D3D72742-ECBD-4DAC-A07D-DC73526F2605} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1169222016-1261099759-1113318950-1003Core => C:\Users\Lib!\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-08] (Google Inc.)
Task: {D3E765DC-2357-4127-8B05-A151869A0CA1} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {D7F931D9-952D-4793-943C-1123FBF87916} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2012-07-26] (Microsoft Corporation)
Task: {DC9F7781-5596-4A94-ABA6-44B52266D795} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {DD811BF8-769E-4B0C-B8F9-D6CB982E6941} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1169222016-1261099759-1113318950-1003UA => C:\Users\Lib!\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-08] (Google Inc.)
Task: {E3F2C42C-4547-49CD-A14F-FDDA37794A75} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {E3FC5136-FFFE-42DA-BB1D-6C62CAEB4585} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {E579AC60-D52F-45CB-8C3D-806F54A0E6AB} - System32\Tasks\User_Feed_Synchronization-{518D8814-7F9F-40AD-AAE3-802D9D56B8CC} => C:\WINDOWS\system32\msfeedssync.exe [2012-07-26] (Microsoft Corporation)
Task: {E60C98D3-B41B-482A-AC61-DD19EDF2841D} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {EF9592CE-7796-47A6-9CD5-8630640D45BB} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\System32\sysmain.dll [2013-05-04] (Microsoft Corporation)
Task: {F273F7E8-98FA-47D0-BFE3-8B71C8C3E9A8} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {F2C227C6-41E7-4A0E-9AB7-05080A0469AA} - System32\Tasks\StartMenuAutoupdate => C:\Program Files\IObit\Start Menu 8\AutoUpdate.exe [2013-05-13] (IObit)
Task: {F413C755-E3DC-4075-BB1E-AC60C1CA9AEA} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)
Task: {F69E710E-D481-4685-9A82-C1B0C2369EB5} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {F6E06073-27B2-48BB-8FA1-AAA8B50066D0} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {FABCCAC1-567F-4511-AEA8-C292A7A86D84} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DSite.job => C:\Users\Lib!\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1169222016-1261099759-1113318950-1003Core.job => C:\Users\Lib!\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1169222016-1261099759-1113318950-1003UA.job => C:\Users\Lib!\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-06-29 10:49 - 2013-06-29 10:49 - 01514496 _____ (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
2012-07-26 03:28 - 2012-07-26 05:18 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\System32\IME\SHARED\IMEROAMING.DLL
2013-07-02 12:09 - 2013-07-02 12:09 - 00222832 _____ (Microsoft Corporation) C:\Users\Lib!\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll
2013-07-02 12:09 - 2013-07-02 12:09 - 00534480 _____ (Microsoft Corporation) C:\Users\Lib!\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\MSVCP110.dll
2013-07-02 12:09 - 2013-07-02 12:09 - 00862664 _____ (Microsoft Corporation) C:\Users\Lib!\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\MSVCR110.dll
2013-07-02 12:09 - 2013-07-02 12:09 - 00543856 _____ (Microsoft Corporation) C:\Users\Lib!\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\Telemetry.dll
2013-07-02 12:09 - 2013-07-02 12:09 - 00039536 _____ (Microsoft Corporation) C:\Users\Lib!\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\logging.dll
2013-08-02 13:20 - 2013-07-03 12:21 - 00156520 _____ (EldoS Corporation) C:\WINDOWS\system32\cbfsMntNtf4.dll
2013-08-21 11:22 - 2013-01-19 17:03 - 00348992 _____ () C:\Program Files\IObit\Start Menu 8\madExcept_.bpl
2013-08-21 11:22 - 2013-01-19 17:02 - 00183616 _____ () C:\Program Files\IObit\Start Menu 8\madBasic_.bpl
2013-08-21 11:22 - 2013-01-19 17:02 - 00051008 _____ () C:\Program Files\IObit\Start Menu 8\madDisAsm_.bpl
2013-01-07 17:48 - 2013-01-07 17:49 - 00146336 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x86__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-05-17 19:38 - 2013-02-07 14:41 - 00121392 _____ (Alps Electric Co., Ltd.) C:\WINDOWS\system32\VXDIF.DLL
2013-02-19 15:07 - 2009-11-26 04:53 - 00086183 _____ (Lexmark International) C:\Program Files\Lexmark Pro700 Series\lxeecfg.dll
2013-02-19 15:07 - 2010-04-01 13:23 - 00389120 _____ () C:\Program Files\Lexmark Pro700 Series\lxeescw.dll
2009-05-27 13:16 - 2009-05-27 13:16 - 00192512 _____ () C:\WINDOWS\system32\spool\drivers\w32x86\3\lxeedatr.dll
2013-02-19 15:07 - 2010-04-01 13:24 - 01159168 _____ () C:\Program Files\Lexmark Pro700 Series\lxeeDRS.dll
2013-02-19 15:07 - 2009-03-10 01:43 - 00155648 _____ () C:\Program Files\Lexmark Pro700 Series\lxeecaps.dll
2013-02-19 15:07 - 2009-03-05 13:55 - 00059904 _____ (Lexmark International Inc.) C:\Program Files\Lexmark Pro700 Series\lxeecnv4.dll
2013-02-19 15:07 - 2009-03-10 01:41 - 00966656 _____ (Corp.) C:\Program Files\Lexmark Pro700 Series\lxeemonr.dll
2013-02-19 15:07 - 2009-12-09 15:35 - 00802816 _____ ( ) C:\Program Files\Lexmark Pro700 Series\lxeecomc.dll
2009-02-20 09:48 - 2009-02-20 09:48 - 00299008 _____ () C:\WINDOWS\SYSTEM32\lxeesm.dll
2009-04-28 08:56 - 2009-04-28 08:56 - 00024064 _____ () C:\WINDOWS\system32\lxeesmr.dll
2013-02-19 15:07 - 2010-04-05 06:56 - 00716954 _____ () C:\Program Files\Lexmark Pro700 Series\Epwizard.DLL
2013-02-19 15:07 - 2010-04-05 06:55 - 00159890 _____ () C:\Program Files\Lexmark Pro700 Series\customui.dll
2013-02-19 15:07 - 2010-04-05 06:54 - 00123033 _____ () C:\Program Files\Lexmark Pro700 Series\Eputil.DLL
2013-02-19 15:07 - 2010-04-05 06:55 - 00061604 _____ () C:\Program Files\Lexmark Pro700 Series\Epfunct.DLL
2013-02-19 15:07 - 2010-04-05 06:54 - 00143502 _____ () C:\Program Files\Lexmark Pro700 Series\Imagutil.DLL
2013-02-19 15:07 - 2009-06-23 07:09 - 02203648 _____ () C:\Program Files\Lexmark Pro700 Series\EPWizRes.dll
2013-02-19 15:07 - 2009-06-23 07:10 - 00045056 _____ () C:\Program Files\Lexmark Pro700 Series\epstring.dll
2013-02-19 15:07 - 2009-06-23 07:11 - 00102400 _____ () C:\Program Files\Lexmark Pro700 Series\EPOEMDll.dll
2013-02-19 15:07 - 2009-04-07 15:25 - 00409600 _____ () C:\Program Files\Lexmark Pro700 Series\iptk.dll
2013-02-19 15:07 - 2010-04-01 13:18 - 00548864 _____ (PDFlib GmbH) C:\Program Files\Lexmark Pro700 Series\PdfLib.dll
2013-02-19 15:07 - 2009-03-02 10:25 - 00151552 _____ () C:\Program Files\Lexmark Pro700 Series\lxeeptp.dll
2013-07-23 13:40 - 2013-07-23 13:40 - 00208896 _____ (EldoS Corporation) C:\Program Files\Boxcryptor Classic\CBFS4Net.dll
2012-12-07 15:15 - 2012-12-07 15:15 - 00102840 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\ushata.dll
2012-12-07 15:14 - 2012-12-07 15:14 - 00012728 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\avpinit.dll
2013-05-28 12:30 - 2013-05-28 12:30 - 00430520 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\avpmain.dll
2012-12-07 15:15 - 2012-12-07 15:15 - 00160184 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\prremote.dll
2012-12-07 15:14 - 2012-12-07 15:14 - 00123320 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\DumpWriter.dll
2012-12-07 15:15 - 2012-12-07 15:15 - 00262584 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\prloader.dll
2012-12-07 15:15 - 2012-12-07 15:15 - 00115128 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\nfio.ppl
2012-12-07 15:15 - 2012-12-07 15:15 - 00021432 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\fsdrvplg.ppl
2012-12-07 15:15 - 2012-12-07 15:15 - 00098744 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\fssync.dll
2012-12-07 15:15 - 2012-12-07 15:15 - 00038328 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\winreg.ppl
2012-12-07 15:15 - 2012-12-07 15:15 - 00377272 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\service.dll
2012-12-07 15:14 - 2012-12-07 15:14 - 01053112 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\eka_meta.dll
2012-12-07 15:15 - 2012-12-07 15:15 - 00324024 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\esmgr.dll
2012-12-07 15:15 - 2012-12-07 15:15 - 00046520 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\pxstub.ppl
2013-05-28 12:30 - 2013-05-28 12:30 - 01135032 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\params.ppl
2013-05-28 12:30 - 2013-05-28 12:30 - 02765240 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\avpgui.ppl
2012-12-07 15:15 - 2012-12-07 15:15 - 02126264 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\QtCore4.dll
2012-12-07 15:15 - 2012-12-07 15:15 - 07422392 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\QtGui4.dll
2012-12-07 15:15 - 2012-12-07 15:15 - 02453944 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\QtDeclarative4.dll
2012-12-07 15:15 - 2012-12-07 15:15 - 01270200 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\QtScript4.dll
2012-12-07 15:15 - 2012-12-07 15:15 - 00192952 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\QtSql4.dll
2012-12-07 15:15 - 2012-12-07 15:15 - 00795064 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\QtNetwork4.dll
2012-12-07 15:15 - 2012-12-07 15:15 - 00213432 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\metainfo.dll
2013-05-28 12:30 - 2013-05-28 12:30 - 02478520 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\basegui.ppl
2012-12-07 15:15 - 2012-12-07 15:15 - 00041912 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\thpimpl.ppl
2012-12-07 15:15 - 2012-12-07 15:15 - 00074168 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\memmon.dll
2012-12-07 15:15 - 2012-12-07 15:15 - 00594360 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\localization_manager.dll
2013-05-28 12:30 - 2013-05-28 12:30 - 00091648 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\W8Toaster.dll
2013-08-20 11:35 - 2013-08-20 11:35 - 03551640 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-09-17 16:17 - 2013-02-07 12:35 - 03101344 _____ (ESET) C:\Program Files\ESET\ESET Online Scanner\OnlineScanner.ocx

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\Users\Lib!\Downloads\7z920.exe:BDU
AlternateDataStreams: C:\Users\Lib!\Downloads\adwcleaner.exe:BDU
AlternateDataStreams: C:\Users\Lib!\Downloads\Apache_OpenOffice_4.0.0_Win_x86_install_de.exe:BDU
AlternateDataStreams: C:\Users\Lib!\Downloads\ccsetup403_slim.exe:BDU
AlternateDataStreams: C:\Users\Lib!\Downloads\ClassicShellSetup_3_6_5.exe:BDU
AlternateDataStreams: C:\Users\Lib!\Downloads\ElsterFormular-14.2.20130517p.exe:BDU
AlternateDataStreams: C:\Users\Lib!\Downloads\ElsterFormular-14.2.20130517u.exe:BDU
AlternateDataStreams: C:\Users\Lib!\Downloads\esetsmartinstaller_enu.exe:BDU
AlternateDataStreams: C:\Users\Lib!\Downloads\F-S3000-V12W.exe:BDU
AlternateDataStreams: C:\Users\Lib!\Downloads\FileZilla_3.7.0.2_win32-setup.exe:BDU
AlternateDataStreams: C:\Users\Lib!\Downloads\icq8_setup_8.0b6019 - CHIP-Downloader.exe:BDU
AlternateDataStreams: C:\Users\Lib!\Downloads\imf-setup(1).exe:BDU
AlternateDataStreams: C:\Users\Lib!\Downloads\imf-setup.exe:BDU
AlternateDataStreams: C:\Users\Lib!\Downloads\infinst_autol.exe:BDU
AlternateDataStreams: C:\Users\Lib!\Downloads\inkscape-0.48.4-1-win32.exe:BDU
AlternateDataStreams: C:\Users\Lib!\Downloads\jre-7u21-windows-i586-iftw.exe:BDU
AlternateDataStreams: C:\Users\Lib!\Downloads\JRT.exe:BDU
AlternateDataStreams: C:\Users\Lib!\Downloads\jxpiinstall(1).exe:BDU
AlternateDataStreams: C:\Users\Lib!\Downloads\jxpiinstall.exe:BDU
AlternateDataStreams: C:\Users\Lib!\Downloads\mbam-setup-1.75.0.1300.exe:BDU
AlternateDataStreams: C:\Users\Lib!\Downloads\musicmanagerinstaller.exe:BDU
AlternateDataStreams: C:\Users\Lib!\Downloads\nettool_1260.EXE:BDU
AlternateDataStreams: C:\Users\Lib!\Downloads\NRT_v1.7.2.sfx.exe:BDU
AlternateDataStreams: C:\Users\Lib!\Downloads\picasa39.136.19-setup.exe:BDU
AlternateDataStreams: C:\Users\Lib!\Downloads\setup152.exe:BDU
AlternateDataStreams: C:\Users\Lib!\Downloads\Shockwave_Installer_Slim(1).exe:BDU
AlternateDataStreams: C:\Users\Lib!\Downloads\Shockwave_Installer_Slim(2).exe:BDU
AlternateDataStreams: C:\Users\Lib!\Downloads\tagscan5.1.637setup.exe:BDU
AlternateDataStreams: C:\Users\Lib!\Downloads\vlc-2.0.7-win32.exe:BDU
AlternateDataStreams: C:\Users\Lib!\Downloads\Win7Vista_151719.exe:BDU
AlternateDataStreams: C:\Users\Lib!\Downloads\wlsetup-web(1).exe:BDU

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/17/2013 01:25:59 PM) (Source: Application Hang) (User: )
Description: Programm CCleaner.exe, Version 4.3.0.4151 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1518

Startzeit: 01ceb390febfe267

Endzeit: 1232

Anwendungspfad: C:\Program Files\CCleaner\CCleaner.exe

Berichts-ID: e2600a01-1f8b-11e3-afe5-0016ea6bd208

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/16/2013 01:43:08 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: senddoc.exe, Version: 0.0.0.0, Zeitstempel: 0x51dd6ab2
Name des fehlerhaften Moduls: smapi.dll, Version: 16.4.3508.205, Zeitstempel: 0x5111fa6e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000886f
ID des fehlerhaften Prozesses: 0xa0c
Startzeit der fehlerhaften Anwendung: 0xsenddoc.exe0
Pfad der fehlerhaften Anwendung: senddoc.exe1
Pfad des fehlerhaften Moduls: senddoc.exe2
Berichtskennung: senddoc.exe3
Vollständiger Name des fehlerhaften Pakets: senddoc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: senddoc.exe5

Error: (09/16/2013 01:16:23 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (09/16/2013 01:16:19 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (09/16/2013 01:16:18 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/16/2013 01:14:47 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/13/2013 01:07:21 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Adobe Reader XI (11.0.04) - Deutsch - Update "Adobe Reader XI (11.0.03)" konnte nicht installiert werden. Fehlercode 1638. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (09/13/2013 01:07:21 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Adobe Reader XI (11.0.04) - Deutsch - Update "Adobe Reader XI (11.0.01)" konnte nicht installiert werden. Fehlercode 1638. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (09/13/2013 01:07:21 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Adobe Reader XI (11.0.04) - Deutsch - Update "Adobe Reader XI (11.0.02)" konnte nicht installiert werden. Fehlercode 1638. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (09/13/2013 01:07:21 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Adobe Reader XI (11.0.04) - Deutsch - Update "Adobe Reader XI (11.0.04)" konnte nicht installiert werden. Fehlercode 1638. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127


System errors:
=============
Error: (09/17/2013 04:14:47 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxeeCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (09/17/2013 04:14:47 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxeeCATSCustConnectService erreicht.

Error: (09/17/2013 04:14:30 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (User: NT-AUTORITÄT)
Description: Fehler "126" beim Laden der Kennwortbenachrichtigungs-DLL "C:\Program Files\Acer\Acer Bio Protection\PwdFilter". Stellen Sie sicher, dass der in der Registrierung definierte DLL-Pfad "HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages" sich auf einen korrekten und absoluten Pfad (<Laufwerk>:\<Pfad>\<Dateiname>.<Erw.>) bezieht und nicht auf einen relativen oder ungültigen Pfad. Wenn der DLL-Pfad falsch ist, stellen Sie sicher, dass sich alle Hilfsdateien im gleichen Verzeichnis befinden und dass das Systemkonto sowohl auf den DLL-Pfad als auch die Hilfsdateien Lesezugriff hat.  Wenden Sie sich an den Anbieter der Benachrichtigungs-DLL, um weitere Unterstützung zu erhalten. Weitere Informationen finden Sie im Internet unter "hxxp://go.microsoft.com/fwlink/?LinkId=245898".

Error: (09/17/2013 04:14:20 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (09/17/2013 01:24:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Advanced SystemCare Service 6" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (09/17/2013 11:24:00 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxeeCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (09/17/2013 11:24:00 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxeeCATSCustConnectService erreicht.

Error: (09/17/2013 11:23:29 AM) (Source: Microsoft-Windows-Directory-Services-SAM) (User: NT-AUTORITÄT)
Description: Fehler "126" beim Laden der Kennwortbenachrichtigungs-DLL "C:\Program Files\Acer\Acer Bio Protection\PwdFilter". Stellen Sie sicher, dass der in der Registrierung definierte DLL-Pfad "HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages" sich auf einen korrekten und absoluten Pfad (<Laufwerk>:\<Pfad>\<Dateiname>.<Erw.>) bezieht und nicht auf einen relativen oder ungültigen Pfad. Wenn der DLL-Pfad falsch ist, stellen Sie sicher, dass sich alle Hilfsdateien im gleichen Verzeichnis befinden und dass das Systemkonto sowohl auf den DLL-Pfad als auch die Hilfsdateien Lesezugriff hat.  Wenden Sie sich an den Anbieter der Benachrichtigungs-DLL, um weitere Unterstützung zu erhalten. Weitere Informationen finden Sie im Internet unter "hxxp://go.microsoft.com/fwlink/?LinkId=245898".

Error: (09/17/2013 11:23:17 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (09/16/2013 00:43:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxeeCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053


Microsoft Office Sessions:
=========================
Error: (09/17/2013 01:25:59 PM) (Source: Application Hang)(User: )
Description: CCleaner.exe4.3.0.4151151801ceb390febfe2671232C:\Program Files\CCleaner\CCleaner.exee2600a01-1f8b-11e3-afe5-0016ea6bd208

Error: (09/16/2013 01:43:08 PM) (Source: Application Error)(User: )
Description: senddoc.exe0.0.0.051dd6ab2smapi.dll16.4.3508.2055111fa6ec00000050000886fa0c01ceb2d1e8ba1cc9C:\Program Files\OpenOffice 4\program\senddoc.exeC:\Program Files\Windows Live\Mail\smapi.dll27acc45e-1ec5-11e3-afe4-001d72cf60c1

Error: (09/16/2013 01:16:23 PM) (Source: SideBySide)(User: )
Description: C:\Program Files\Lexmark Pro700 Series\Drivers\I386\lxeesm.dllC:\Program Files\Lexmark Pro700 Series\Drivers\I386\lxeesm.dll9

Error: (09/16/2013 01:16:19 PM) (Source: SideBySide)(User: )
Description: C:\Lexmark\drivers\Pro700\drivers\win_xp2k\i386\LXEEsm.dllC:\Lexmark\drivers\Pro700\drivers\win_xp2k\i386\LXEEsm.dll9

Error: (09/16/2013 01:16:18 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Lexmark\drivers\Pro700\Apps\HRS\LXEEHiResScan.exe

Error: (09/16/2013 01:14:47 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Sony\sony pc companion\Drivers\DPInst64.exe

Error: (09/13/2013 01:07:21 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Adobe Reader XI (11.0.04) - DeutschAdobe Reader XI (11.0.03)1638(NULL)(NULL)(NULL)

Error: (09/13/2013 01:07:21 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Adobe Reader XI (11.0.04) - DeutschAdobe Reader XI (11.0.01)1638(NULL)(NULL)(NULL)

Error: (09/13/2013 01:07:21 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Adobe Reader XI (11.0.04) - DeutschAdobe Reader XI (11.0.02)1638(NULL)(NULL)(NULL)

Error: (09/13/2013 01:07:21 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Adobe Reader XI (11.0.04) - DeutschAdobe Reader XI (11.0.04)1638(NULL)(NULL)(NULL)


==================== Memory info =========================== 

Percentage of memory in use: 42%
Total physical RAM: 1976.86 MB
Available physical RAM: 1140.07 MB
Total Pagefile: 3320.86 MB
Available Pagefile: 2051.62 MB
Total Virtual: 2047.88 MB
Available Virtual: 1851.15 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:111.57 GB) (Free:56.5 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Privat) (Fixed) (Total:111.55 GB) (Free:93.57 GB) NTFS
Drive z: (Boxcryptor Classic) (Fixed) (Total:111.55 GB) (Free:93.57 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: BE0D6B2E)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=112 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=112 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 17.09.2013, 21:12   #2
2ndSkin
 
Win 8 diverse Funde PUP (Babylon) Win32/installcore - Standard

Win 8 diverse Funde PUP (Babylon) Win32/installcore



Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-17 21:58:31
Windows 6.2.9200  \Device\Harddisk0\DR0 -> \Device\00000034 ST9250827AS rev.3.AAA 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Lib!\AppData\Local\Temp\kxtdapog.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                 ZwWriteVirtualMemory [0x8E19776E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwVdmControl [0x8C02E80E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                 ZwUnloadDriver [0x8E195C42]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwTerminateThread [0x8C02FCF6]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                 ZwTerminateProcess [0x8E1978EA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwSystemDebugControl [0x8C02E556]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwSuspendThread [0x8C0301C8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwSuspendProcess [0x8C030066]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwShutdownSystem [0x8C02E45C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwSetSystemPowerState [0x8C02E4CE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwSetSystemInformation [0x8C02E2F8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwSetContextThread [0x8C02FD16]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwSetBootOptions [0x8C02E7A8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwSetBootEntryOrder [0x8C02E742]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwReplyWaitReceivePortEx [0x8C03122A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwReplyWaitReceivePort [0x8C0358B4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwQueueApcThreadEx [0x8C030506]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwQueryObject [0x8C0307F8]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                 ZwProtectVirtualMemory [0x8E197822]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwOpenTimer [0x8C03B0DC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwOpenThread [0x8C03326E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwOpenSemaphore [0x8C03AEF6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwOpenSection [0x8C03B036]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwOpenProcess [0x8C032E78]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwOpenMutant [0x8C03AEAC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwOpenIoCompletion [0x8C03B122]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwOpenEventPair [0x8C03AF86]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwOpenEvent [0x8C03AF42]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwNotifyChangeMultipleKeys [0x8C03092C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwNotifyChangeKey [0x8C03398C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwModifyBootEntry [0x8C02E6DC]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                 ZwLoadDriver [0x8E195C12]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                 ZwFreeVirtualMemory [0x8E1976C2]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwDuplicateObject [0x8C033596]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwDeleteBootEntry [0x8C02E676]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwDebugActiveProcess [0x8C02FE9C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwCreateTimer [0x8C03B0B8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwCreateThreadEx [0x8C02F800]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwCreateThread [0x8C02F5E4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwCreateSemaphore [0x8C03AECE]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                 ZwCreateSection [0x8E197992]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwCreateMutant [0x8C03AE86]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwCreateIoCompletion [0x8C03B0FE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwCreateEventPair [0x8C03AF64]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwCreateEvent [0x8C03AF18]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwAssignProcessToJobObject [0x8C02F0E6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwAlpcSendWaitReceivePort [0x8C031256]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                 ZwAllocateVirtualMemory [0x8E1975FA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwAddBootEntry [0x8C02E610]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                 ZwCreateProcessEx [0x8E1B0E00]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                 ObMakeTemporaryObject

---- Kernel code sections - GMER 2.1 ----

.text           ntoskrnl.exe!ZwCallbackReturn + 118                                                                                                                   81AD7E24 4 Bytes  CALL E4800A2B 
.text           ntoskrnl.exe!ZwCallbackReturn + 16C                                                                                                                   81AD7E78 12 Bytes  [56, E5, 02, 8C, C8, 01, 03, ...]
.text           ntoskrnl.exe!ZwCallbackReturn + 604                                                                                                                   81AD8310 12 Bytes  [B8, B0, 03, 8C, 00, F8, 02, ...]
.text           ntoskrnl.exe!ZwReplacePartitionUnit + 26B1                                                                                                            81B4DAB5 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 66A                                                                                                                81B5239A 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User code sections - GMER 2.1 ----

.text           C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[272] KERNEL32.DLL!GetBinaryTypeW + 6F                          76A1DDE0 1 Byte  [62]
.text           C:\WINDOWS\system32\csrss.exe[432] kernel32.dll!GetBinaryTypeW + 6F                                                                                   76A1DDE0 1 Byte  [62]
.text           C:\WINDOWS\system32\wininit.exe[496] KERNEL32.DLL!GetBinaryTypeW + 6F                                                                                 76A1DDE0 1 Byte  [62]
.text           C:\WINDOWS\system32\csrss.exe[524] kernel32.dll!GetBinaryTypeW + 6F                                                                                   76A1DDE0 1 Byte  [62]
.text           C:\WINDOWS\system32\winlogon.exe[564] KERNEL32.DLL!GetBinaryTypeW + 6F                                                                                76A1DDE0 1 Byte  [62]
.text           ...                                                                                                                                                   
?               C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll                                                 time/date stamp mismatch; 
.text           C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[944] ntdll.dll!NtProtectVirtualMemory                                              76F55940 5 Bytes  JMP 698F1986 C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\ushata.dll (Ushata module/Kaspersky Lab ZAO)
?               C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[944] C:\WINDOWS\system32\KERNEL32.DLL                                              time/date stamp mismatch; unknown module: 0.dllunknown module: cryptnet.dllunknown module: 0.dllunknown module: KERNELBASE.dll
.text           C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[944] KERNEL32.DLL!GetBinaryTypeW + 6F                                              76A1DDE0 1 Byte  [62]
.text           C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[944] user32.dll!UserClientDllInitialize + 311                                      74DBC3EC 4 Bytes  [F0, 28, 8F, 69]
.text           C:\WINDOWS\system32\dwm.exe[968] KERNEL32.DLL!GetBinaryTypeW + 6F                                                                                     76A1DDE0 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[980] KERNEL32.DLL!GetBinaryTypeW + 6F                                                                                 76A1DDE0 1 Byte  [62]
.text           C:\WINDOWS\System32\svchost.exe[1084] KERNEL32.DLL!GetBinaryTypeW + 6F                                                                                76A1DDE0 1 Byte  [62]
.text           C:\Program Files\Classic Shell\ClassicShellService.exe[1220] KERNEL32.DLL!GetBinaryTypeW + 6F                                                         76A1DDE0 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1264] KERNEL32.DLL!GetBinaryTypeW + 6F                                                                                76A1DDE0 1 Byte  [62]
.text           ...                                                                                                                                                   
.text           C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x86__8wekyb3d8bbwe\LiveComm.exe[1372] ntdll.dll!LdrUnloadDll          76F62029 5 Bytes  JMP 006103FC 
.text           C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x86__8wekyb3d8bbwe\LiveComm.exe[1372] ntdll.dll!LdrLoadDll            76F75D29 5 Bytes  JMP 006101F8 
.text           C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x86__8wekyb3d8bbwe\LiveComm.exe[1372] USER32.dll!UnhookWindowsHookEx  74DBA37A 5 Bytes  JMP 006D0A08 
.text           C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x86__8wekyb3d8bbwe\LiveComm.exe[1372] USER32.dll!SetWindowsHookExW    74DBF223 5 Bytes  JMP 006D0804 
.text           C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x86__8wekyb3d8bbwe\LiveComm.exe[1372] USER32.dll!UnhookWinEvent       74DBFE7F 5 Bytes  JMP 006D03FC 
.text           C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x86__8wekyb3d8bbwe\LiveComm.exe[1372] USER32.dll!SetWinEventHook      74DC938E 5 Bytes  JMP 006D01F8 
.text           C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x86__8wekyb3d8bbwe\LiveComm.exe[1372] USER32.dll!SetWindowsHookExA    74DD6F76 5 Bytes  JMP 006D0600 
.text           C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1384] KERNEL32.DLL!GetBinaryTypeW + 6F                                                             76A1DDE0 1 Byte  [62]
.text           C:\WINDOWS\system32\lxeecoms.exe[1524] KERNEL32.DLL!GetBinaryTypeW + 6F                                                                               76A1DDE0 1 Byte  [62]
.text           C:\WINDOWS\System32\spoolsv.exe[1620] KERNEL32.DLL!GetBinaryTypeW + 6F                                                                                76A1DDE0 1 Byte  [62]
.text           C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[1672] KERNEL32.DLL!GetBinaryTypeW + 6F                                                        76A1DDE0 1 Byte  [62]
.text           C:\Program Files\Classic Shell\ClassicStartMenu.exe[1764] KERNEL32.DLL!GetBinaryTypeW + 6F                                                            76A1DDE0 1 Byte  [62]
.text           ...                                                                                                                                                   
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2444] ntdll.dll!LdrUnloadDll                                                              76F62029 5 Bytes  JMP 015803FC 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2444] ntdll.dll!LdrLoadDll                                                                76F75D29 5 Bytes  JMP 015801F8 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2444] KERNEL32.dll!GetBinaryTypeW + 6F                                                    76A1DDE0 1 Byte  [62]
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2444] USER32.dll!UnhookWindowsHookEx                                                      74DBA37A 5 Bytes  JMP 015D0A08 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2444] USER32.dll!SetWindowsHookExW                                                        74DBF223 5 Bytes  JMP 015D0804 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2444] USER32.dll!UnhookWinEvent                                                           74DBFE7F 5 Bytes  JMP 015D03FC 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2444] USER32.dll!SetWinEventHook                                                          74DC938E 5 Bytes  JMP 015D01F8 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2444] USER32.dll!SetWindowsHookExA                                                        74DD6F76 5 Bytes  JMP 015D0600 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2576] ntdll.dll!LdrUnloadDll                                                            76F62029 5 Bytes  JMP 00D603FC 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2576] ntdll.dll!LdrLoadDll                                                              76F75D29 5 Bytes  JMP 00D601F8 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2576] KERNEL32.dll!GetBinaryTypeW + 6F                                                  76A1DDE0 1 Byte  [62]
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2576] USER32.dll!UnhookWindowsHookEx                                                    74DBA37A 5 Bytes  JMP 00DA0A08 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2576] USER32.dll!SetWindowsHookExW                                                      74DBF223 5 Bytes  JMP 00DA0804 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2576] USER32.dll!UnhookWinEvent                                                         74DBFE7F 5 Bytes  JMP 00DA03FC 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2576] USER32.dll!SetWinEventHook                                                        74DC938E 5 Bytes  JMP 00DA01F8 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2576] USER32.dll!SetWindowsHookExA                                                      74DD6F76 5 Bytes  JMP 00DA0600 
.text           C:\Program Files\Secunia\PSI\PSIA.exe[2672] ntdll.dll!LdrUnloadDll                                                                                    76F62029 5 Bytes  JMP 007F03FC 
.text           C:\Program Files\Secunia\PSI\PSIA.exe[2672] ntdll.dll!LdrLoadDll                                                                                      76F75D29 5 Bytes  JMP 007F01F8 
.text           C:\Program Files\Secunia\PSI\PSIA.exe[2672] KERNEL32.dll!GetBinaryTypeW + 6F                                                                          76A1DDE0 1 Byte  [62]
.text           C:\Program Files\Secunia\PSI\PSIA.exe[2672] USER32.dll!UnhookWindowsHookEx                                                                            74DBA37A 5 Bytes  JMP 00820A08 
.text           C:\Program Files\Secunia\PSI\PSIA.exe[2672] USER32.dll!SetWindowsHookExW                                                                              74DBF223 5 Bytes  JMP 00820804 
.text           C:\Program Files\Secunia\PSI\PSIA.exe[2672] USER32.dll!UnhookWinEvent                                                                                 74DBFE7F 5 Bytes  JMP 008203FC 
.text           C:\Program Files\Secunia\PSI\PSIA.exe[2672] USER32.dll!SetWinEventHook                                                                                74DC938E 5 Bytes  JMP 008201F8 
.text           C:\Program Files\Secunia\PSI\PSIA.exe[2672] USER32.dll!SetWindowsHookExA                                                                              74DD6F76 5 Bytes  JMP 00820600 
.text           C:\Program Files\IObit\Start Menu 8\StartMenuServices.exe[2764] ntdll.dll!LdrUnloadDll                                                                76F62029 5 Bytes  JMP 001F03FC 
.text           C:\Program Files\IObit\Start Menu 8\StartMenuServices.exe[2764] ntdll.dll!LdrLoadDll                                                                  76F75D29 5 Bytes  JMP 001F01F8 
.text           C:\Program Files\IObit\Start Menu 8\StartMenuServices.exe[2764] user32.dll!UnhookWindowsHookEx                                                        74DBA37A 5 Bytes  JMP 00230A08 
.text           C:\Program Files\IObit\Start Menu 8\StartMenuServices.exe[2764] user32.dll!SetWindowsHookExW                                                          74DBF223 5 Bytes  JMP 00230804 
.text           C:\Program Files\IObit\Start Menu 8\StartMenuServices.exe[2764] user32.dll!UnhookWinEvent                                                             74DBFE7F 5 Bytes  JMP 002303FC 
.text           C:\Program Files\IObit\Start Menu 8\StartMenuServices.exe[2764] user32.dll!SetWinEventHook                                                            74DC938E 5 Bytes  JMP 002301F8 
.text           C:\Program Files\IObit\Start Menu 8\StartMenuServices.exe[2764] user32.dll!SetWindowsHookExA                                                          74DD6F76 5 Bytes  JMP 00230600 
.text           C:\WINDOWS\system32\svchost.exe[2828] ntdll.dll!LdrUnloadDll                                                                                          76F62029 5 Bytes  JMP 00AE03FC 
.text           C:\WINDOWS\system32\svchost.exe[2828] ntdll.dll!LdrLoadDll                                                                                            76F75D29 5 Bytes  JMP 00AE01F8 
.text           C:\WINDOWS\system32\svchost.exe[2828] USER32.dll!UnhookWindowsHookEx                                                                                  74DBA37A 5 Bytes  JMP 00BE0A08 
.text           C:\WINDOWS\system32\svchost.exe[2828] USER32.dll!SetWindowsHookExW                                                                                    74DBF223 5 Bytes  JMP 00BE0804 
.text           C:\WINDOWS\system32\svchost.exe[2828] USER32.dll!UnhookWinEvent                                                                                       74DBFE7F 5 Bytes  JMP 00BE03FC 
.text           C:\WINDOWS\system32\svchost.exe[2828] USER32.dll!SetWinEventHook                                                                                      74DC938E 5 Bytes  JMP 00BE01F8 
.text           C:\WINDOWS\system32\svchost.exe[2828] USER32.dll!SetWindowsHookExA                                                                                    74DD6F76 5 Bytes  JMP 00BE0600 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2864] ntdll.dll!LdrUnloadDll                                                                  76F62029 5 Bytes  JMP 00BC03FC 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2864] ntdll.dll!LdrLoadDll                                                                    76F75D29 5 Bytes  JMP 00BC01F8 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2864] KERNEL32.dll!GetBinaryTypeW + 6F                                                        76A1DDE0 1 Byte  [62]
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2864] USER32.dll!UnhookWindowsHookEx                                                          74DBA37A 5 Bytes  JMP 00C00A08 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2864] USER32.dll!SetWindowsHookExW                                                            74DBF223 5 Bytes  JMP 00C00804 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2864] USER32.dll!UnhookWinEvent                                                               74DBFE7F 5 Bytes  JMP 00C003FC 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2864] USER32.dll!SetWinEventHook                                                              74DC938E 5 Bytes  JMP 00C001F8 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2864] USER32.dll!SetWindowsHookExA                                                            74DD6F76 5 Bytes  JMP 00C00600 
.text           C:\Program Files\IObit\Start Menu 8\StartMenu8.exe[2972] ntdll.dll!LdrUnloadDll                                                                       76F62029 5 Bytes  JMP 002003FC 
.text           C:\Program Files\IObit\Start Menu 8\StartMenu8.exe[2972] ntdll.dll!LdrLoadDll                                                                         76F75D29 5 Bytes  JMP 002001F8 
.text           C:\Program Files\IObit\Start Menu 8\StartMenu8.exe[2972] user32.dll!UnhookWindowsHookEx                                                               74DBA37A 5 Bytes  JMP 00240A08 
.text           C:\Program Files\IObit\Start Menu 8\StartMenu8.exe[2972] user32.dll!SetWindowsHookExW                                                                 74DBF223 5 Bytes  JMP 00240804 
.text           C:\Program Files\IObit\Start Menu 8\StartMenu8.exe[2972] user32.dll!UnhookWinEvent                                                                    74DBFE7F 5 Bytes  JMP 002403FC 
.text           C:\Program Files\IObit\Start Menu 8\StartMenu8.exe[2972] user32.dll!SetWinEventHook                                                                   74DC938E 5 Bytes  JMP 002401F8 
.text           C:\Program Files\IObit\Start Menu 8\StartMenu8.exe[2972] user32.dll!SetWindowsHookExA                                                                 74DD6F76 5 Bytes  JMP 00240600 
.text           C:\WINDOWS\system32\svchost.exe[3340] ntdll.dll!LdrUnloadDll                                                                                          76F62029 5 Bytes  JMP 011003FC 
.text           C:\WINDOWS\system32\svchost.exe[3340] ntdll.dll!LdrLoadDll                                                                                            76F75D29 5 Bytes  JMP 011001F8 
.text           C:\WINDOWS\system32\svchost.exe[3340] KERNEL32.dll!GetBinaryTypeW + 6F                                                                                76A1DDE0 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[3412] ntdll.dll!LdrUnloadDll                                                                                          76F62029 5 Bytes  JMP 00B103FC 
.text           C:\WINDOWS\system32\svchost.exe[3412] ntdll.dll!LdrLoadDll                                                                                            76F75D29 5 Bytes  JMP 00B101F8 
.text           C:\WINDOWS\system32\svchost.exe[3412] KERNEL32.dll!GetBinaryTypeW + 6F                                                                                76A1DDE0 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[3412] user32.dll!UnhookWindowsHookEx                                                                                  74DBA37A 5 Bytes  JMP 00B30A08 
.text           C:\WINDOWS\system32\svchost.exe[3412] user32.dll!SetWindowsHookExW                                                                                    74DBF223 5 Bytes  JMP 00B30804 
.text           C:\WINDOWS\system32\svchost.exe[3412] user32.dll!UnhookWinEvent                                                                                       74DBFE7F 5 Bytes  JMP 00B303FC 
.text           C:\WINDOWS\system32\svchost.exe[3412] user32.dll!SetWinEventHook                                                                                      74DC938E 5 Bytes  JMP 00B301F8 
.text           C:\WINDOWS\system32\svchost.exe[3412] user32.dll!SetWindowsHookExA                                                                                    74DD6F76 5 Bytes  JMP 00B30600 
.text           C:\Windows\System32\WUDFHost.exe[3492] ntdll.dll!LdrUnloadDll                                                                                         76F62029 5 Bytes  JMP 001503FC 
.text           C:\Windows\System32\WUDFHost.exe[3492] ntdll.dll!LdrLoadDll                                                                                           76F75D29 5 Bytes  JMP 001501F8 
.text           C:\Windows\System32\WUDFHost.exe[3492] KERNEL32.dll!GetBinaryTypeW + 6F                                                                               76A1DDE0 1 Byte  [62]
.text           C:\Windows\System32\WUDFHost.exe[3492] USER32.dll!UnhookWindowsHookEx                                                                                 74DBA37A 5 Bytes  JMP 00190A08 
.text           C:\Windows\System32\WUDFHost.exe[3492] USER32.dll!SetWindowsHookExW                                                                                   74DBF223 5 Bytes  JMP 00190804 
.text           C:\Windows\System32\WUDFHost.exe[3492] USER32.dll!UnhookWinEvent                                                                                      74DBFE7F 5 Bytes  JMP 001903FC 
.text           C:\Windows\System32\WUDFHost.exe[3492] USER32.dll!SetWinEventHook                                                                                     74DC938E 5 Bytes  JMP 001901F8 
.text           C:\Windows\System32\WUDFHost.exe[3492] USER32.dll!SetWindowsHookExA                                                                                   74DD6F76 5 Bytes  JMP 00190600 
.text           C:\Program Files\IObit\Start Menu 8\StartMenu_Hook.exe[3512] ntdll.dll!LdrUnloadDll                                                                   76F62029 5 Bytes  JMP 002003FC 
.text           C:\Program Files\IObit\Start Menu 8\StartMenu_Hook.exe[3512] ntdll.dll!LdrLoadDll                                                                     76F75D29 5 Bytes  JMP 002001F8 
.text           C:\Program Files\IObit\Start Menu 8\StartMenu_Hook.exe[3512] KERNEL32.dll!GetBinaryTypeW + 6F                                                         76A1DDE0 1 Byte  [62]
.text           C:\Program Files\IObit\Start Menu 8\StartMenu_Hook.exe[3512] user32.dll!UnhookWindowsHookEx                                                           74DBA37A 5 Bytes  JMP 00240A08 
.text           C:\Program Files\IObit\Start Menu 8\StartMenu_Hook.exe[3512] user32.dll!SetWindowsHookExW                                                             74DBF223 5 Bytes  JMP 00240804 
.text           C:\Program Files\IObit\Start Menu 8\StartMenu_Hook.exe[3512] user32.dll!UnhookWinEvent                                                                74DBFE7F 5 Bytes  JMP 002403FC 
.text           C:\Program Files\IObit\Start Menu 8\StartMenu_Hook.exe[3512] user32.dll!SetWinEventHook                                                               74DC938E 5 Bytes  JMP 002401F8 
.text           C:\Program Files\IObit\Start Menu 8\StartMenu_Hook.exe[3512] user32.dll!SetWindowsHookExA                                                             74DD6F76 5 Bytes  JMP 00240600 
.text           C:\WINDOWS\system32\SearchIndexer.exe[3608] ntdll.dll!LdrUnloadDll                                                                                    76F62029 5 Bytes  JMP 004703FC 
.text           C:\WINDOWS\system32\SearchIndexer.exe[3608] ntdll.dll!LdrLoadDll                                                                                      76F75D29 5 Bytes  JMP 004701F8 
.text           C:\WINDOWS\system32\SearchIndexer.exe[3608] USER32.dll!UnhookWindowsHookEx                                                                            74DBA37A 5 Bytes  JMP 004A0A08 
.text           C:\WINDOWS\system32\SearchIndexer.exe[3608] USER32.dll!SetWindowsHookExW                                                                              74DBF223 5 Bytes  JMP 004A0804 
.text           C:\WINDOWS\system32\SearchIndexer.exe[3608] USER32.dll!UnhookWinEvent                                                                                 74DBFE7F 5 Bytes  JMP 004A03FC 
.text           C:\WINDOWS\system32\SearchIndexer.exe[3608] USER32.dll!SetWinEventHook                                                                                74DC938E 5 Bytes  JMP 004A01F8 
.text           C:\WINDOWS\system32\SearchIndexer.exe[3608] USER32.dll!SetWindowsHookExA                                                                              74DD6F76 5 Bytes  JMP 004A0600 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3860] ntdll.dll!LdrUnloadDll                                                                             76F62029 5 Bytes  JMP 00C003FC 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3860] ntdll.dll!LdrLoadDll                                                                               76F75D29 5 Bytes  JMP 5BF6F140 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3860] KERNEL32.dll!InterlockedExchange + 11                                                              76A0153B 7 Bytes  JMP 5C58FDF5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3860] KERNEL32.dll!GetStdHandle + C                                                                      76A01B37 7 Bytes  JMP 5C58FDD2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3860] KERNEL32.dll!CreateProcessW + 69                                                                   76A04798 7 Bytes  JMP 5BF72942 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3860] KERNEL32.dll!GetBinaryTypeW + 6F                                                                   76A1DDE0 1 Byte  [62]
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3860] USER32.dll!UnhookWindowsHookEx                                                                     74DBA37A 5 Bytes  JMP 00C10A08 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3860] USER32.dll!SetWindowsHookExW                                                                       74DBF223 5 Bytes  JMP 00C10804 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3860] USER32.dll!UnhookWinEvent                                                                          74DBFE7F 5 Bytes  JMP 00C103FC 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3860] USER32.dll!SetWinEventHook                                                                         74DC938E 5 Bytes  JMP 00C101F8 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3860] USER32.dll!SetWindowsHookExA                                                                       74DD6F76 5 Bytes  JMP 00C10600 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3860] GDI32.dll!SetWindowOrgEx + 3C7                                                                     74A68C9D 7 Bytes  JMP 5C58FD53 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\IObit\Start Menu 8\InstallServices32.exe[3988] ntdll.dll!LdrUnloadDll                                                                76F62029 5 Bytes  JMP 002003FC 
.text           C:\Program Files\IObit\Start Menu 8\InstallServices32.exe[3988] ntdll.dll!LdrLoadDll                                                                  76F75D29 5 Bytes  JMP 002001F8 
.text           C:\Program Files\IObit\Start Menu 8\InstallServices32.exe[3988] KERNEL32.dll!GetBinaryTypeW + 6F                                                      76A1DDE0 1 Byte  [62]
.text           C:\Program Files\IObit\Start Menu 8\InstallServices32.exe[3988] user32.dll!UnhookWindowsHookEx                                                        74DBA37A 5 Bytes  JMP 00330A08 
.text           C:\Program Files\IObit\Start Menu 8\InstallServices32.exe[3988] user32.dll!SetWindowsHookExW                                                          74DBF223 5 Bytes  JMP 00330804 
.text           C:\Program Files\IObit\Start Menu 8\InstallServices32.exe[3988] user32.dll!UnhookWinEvent                                                             74DBFE7F 5 Bytes  JMP 003303FC 
.text           C:\Program Files\IObit\Start Menu 8\InstallServices32.exe[3988] user32.dll!SetWinEventHook                                                            74DC938E 5 Bytes  JMP 003301F8 
.text           C:\Program Files\IObit\Start Menu 8\InstallServices32.exe[3988] user32.dll!SetWindowsHookExA                                                          74DD6F76 5 Bytes  JMP 00330600 
.text           C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4240] ntdll.dll!LdrUnloadDll                                                                       76F62029 5 Bytes  JMP 006B03FC 
.text           C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4240] ntdll.dll!LdrLoadDll                                                                         76F75D29 5 Bytes  JMP 006B01F8 
.text           C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4240] USER32.dll!UnhookWindowsHookEx                                                               74DBA37A 5 Bytes  JMP 006F0A08 
.text           C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4240] USER32.dll!SetWindowsHookExW                                                                 74DBF223 5 Bytes  JMP 006F0804 
.text           C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4240] USER32.dll!UnhookWinEvent                                                                    74DBFE7F 5 Bytes  JMP 006F03FC 
.text           C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4240] USER32.dll!SetWinEventHook                                                                   74DC938E 5 Bytes  JMP 006F01F8 
.text           C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4240] USER32.dll!SetWindowsHookExA                                                                 74DD6F76 5 Bytes  JMP 006F0600 
.text           C:\Program Files\Apoint2K\Apoint.exe[4252] ntdll.dll!LdrUnloadDll                                                                                     76F62029 5 Bytes  JMP 003003FC 
.text           C:\Program Files\Apoint2K\Apoint.exe[4252] ntdll.dll!LdrLoadDll                                                                                       76F75D29 5 Bytes  JMP 003001F8 
.text           C:\Program Files\Apoint2K\Apoint.exe[4252] USER32.dll!UnhookWindowsHookEx                                                                             74DBA37A 5 Bytes  JMP 00320A08 
.text           C:\Program Files\Apoint2K\Apoint.exe[4252] USER32.dll!SetWindowsHookExW                                                                               74DBF223 5 Bytes  JMP 00320804 
.text           C:\Program Files\Apoint2K\Apoint.exe[4252] USER32.dll!UnhookWinEvent                                                                                  74DBFE7F 5 Bytes  JMP 003203FC 
.text           C:\Program Files\Apoint2K\Apoint.exe[4252] USER32.dll!SetWinEventHook                                                                                 74DC938E 5 Bytes  JMP 003201F8 
.text           C:\Program Files\Apoint2K\Apoint.exe[4252] USER32.dll!SetWindowsHookExA                                                                               74DD6F76 5 Bytes  JMP 00320600 
.text           C:\Program Files\Lexmark Pro700 Series\lxeemon.exe[4264] ntdll.dll!LdrUnloadDll                                                                       76F62029 5 Bytes  JMP 002103FC 
.text           C:\Program Files\Lexmark Pro700 Series\lxeemon.exe[4264] ntdll.dll!LdrLoadDll                                                                         76F75D29 5 Bytes  JMP 002101F8 
.text           C:\Program Files\Lexmark Pro700 Series\lxeemon.exe[4264] KERNEL32.dll!GetBinaryTypeW + 6F                                                             76A1DDE0 1 Byte  [62]
.text           C:\Program Files\Lexmark Pro700 Series\lxeemon.exe[4264] USER32.dll!UnhookWindowsHookEx                                                               74DBA37A 5 Bytes  JMP 00230A08 
.text           C:\Program Files\Lexmark Pro700 Series\lxeemon.exe[4264] USER32.dll!SetWindowsHookExW                                                                 74DBF223 5 Bytes  JMP 00230804 
.text           C:\Program Files\Lexmark Pro700 Series\lxeemon.exe[4264] USER32.dll!UnhookWinEvent                                                                    74DBFE7F 5 Bytes  JMP 002303FC 
.text           C:\Program Files\Lexmark Pro700 Series\lxeemon.exe[4264] USER32.dll!SetWinEventHook                                                                   74DC938E 5 Bytes  JMP 002301F8 
.text           C:\Program Files\Lexmark Pro700 Series\lxeemon.exe[4264] USER32.dll!SetWindowsHookExA                                                                 74DD6F76 5 Bytes  JMP 00230600 
.text           C:\Program Files\Lexmark Pro700 Series\ezprint.exe[4276] ntdll.dll!LdrUnloadDll                                                                       76F62029 5 Bytes  JMP 002003FC 
.text           C:\Program Files\Lexmark Pro700 Series\ezprint.exe[4276] ntdll.dll!LdrLoadDll                                                                         76F75D29 5 Bytes  JMP 002001F8 
.text           C:\Program Files\Lexmark Pro700 Series\ezprint.exe[4276] KERNEL32.dll!GetBinaryTypeW + 6F                                                             76A1DDE0 1 Byte  [62]
.text           C:\Program Files\Lexmark Pro700 Series\ezprint.exe[4276] USER32.dll!UnhookWindowsHookEx                                                               74DBA37A 5 Bytes  JMP 004A0A08 
.text           C:\Program Files\Lexmark Pro700 Series\ezprint.exe[4276] USER32.dll!SetWindowsHookExW                                                                 74DBF223 5 Bytes  JMP 004A0804 
.text           C:\Program Files\Lexmark Pro700 Series\ezprint.exe[4276] USER32.dll!UnhookWinEvent                                                                    74DBFE7F 5 Bytes  JMP 004A03FC 
.text           C:\Program Files\Lexmark Pro700 Series\ezprint.exe[4276] USER32.dll!SetWinEventHook                                                                   74DC938E 5 Bytes  JMP 004A01F8 
.text           C:\Program Files\Lexmark Pro700 Series\ezprint.exe[4276] USER32.dll!SetWindowsHookExA                                                                 74DD6F76 5 Bytes  JMP 004A0600 
.text           C:\WINDOWS\system32\ctfmon.exe[4312] ntdll.dll!LdrUnloadDll                                                                                           76F62029 5 Bytes  JMP 00A803FC 
.text           C:\WINDOWS\system32\ctfmon.exe[4312] ntdll.dll!LdrLoadDll                                                                                             76F75D29 5 Bytes  JMP 00A801F8 
.text           C:\WINDOWS\system32\ctfmon.exe[4312] USER32.dll!UnhookWindowsHookEx                                                                                   74DBA37A 5 Bytes  JMP 00AA0A08 
.text           C:\WINDOWS\system32\ctfmon.exe[4312] USER32.dll!SetWindowsHookExW                                                                                     74DBF223 5 Bytes  JMP 00AA0804 
.text           C:\WINDOWS\system32\ctfmon.exe[4312] USER32.dll!UnhookWinEvent                                                                                        74DBFE7F 5 Bytes  JMP 00AA03FC 
.text           C:\WINDOWS\system32\ctfmon.exe[4312] USER32.dll!SetWinEventHook                                                                                       74DC938E 5 Bytes  JMP 00AA01F8 
.text           C:\WINDOWS\system32\ctfmon.exe[4312] USER32.dll!SetWindowsHookExA                                                                                     74DD6F76 5 Bytes  JMP 00AA0600 
.text           C:\Program Files\AVAST Software\Avast\AvastUI.exe[4320] KERNEL32.DLL!GetBinaryTypeW + 6F                                                              76A1DDE0 1 Byte  [62]
.text           C:\Program Files\Boxcryptor Classic\BoxcryptorClassic.exe[4424] ntdll.dll!LdrUnloadDll                                                                76F62029 5 Bytes  JMP 00B303FC 
.text           C:\Program Files\Boxcryptor Classic\BoxcryptorClassic.exe[4424] ntdll.dll!LdrLoadDll                                                                  76F75D29 5 Bytes  JMP 00B301F8 
.text           C:\Program Files\Boxcryptor Classic\BoxcryptorClassic.exe[4424] KERNEL32.dll!GetBinaryTypeW + 6F                                                      76A1DDE0 1 Byte  [62]
.text           C:\Program Files\Boxcryptor Classic\BoxcryptorClassic.exe[4424] USER32.dll!UnhookWindowsHookEx                                                        74DBA37A 5 Bytes  JMP 00B60A08 
.text           C:\Program Files\Boxcryptor Classic\BoxcryptorClassic.exe[4424] USER32.dll!SetWindowsHookExW                                                          74DBF223 5 Bytes  JMP 00B60804 
.text           C:\Program Files\Boxcryptor Classic\BoxcryptorClassic.exe[4424] USER32.dll!UnhookWinEvent                                                             74DBFE7F 5 Bytes  JMP 00B603FC 
.text           C:\Program Files\Boxcryptor Classic\BoxcryptorClassic.exe[4424] USER32.dll!SetWinEventHook                                                            74DC938E 5 Bytes  JMP 00B601F8 
.text           C:\Program Files\Boxcryptor Classic\BoxcryptorClassic.exe[4424] USER32.dll!SetWindowsHookExA                                                          74DD6F76 5 Bytes  JMP 00B60600 
.text           C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[4600] ntdll.dll!LdrUnloadDll                                                                     76F62029 5 Bytes  JMP 005603FC 
.text           C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[4600] ntdll.dll!LdrLoadDll                                                                       76F75D29 5 Bytes  JMP 005601F8 
.text           C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[4600] KERNEL32.dll!GetBinaryTypeW + 6F                                                           76A1DDE0 1 Byte  [62]
.text           C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[4600] USER32.dll!UnhookWindowsHookEx                                                             74DBA37A 5 Bytes  JMP 005A0A08 
.text           C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[4600] USER32.dll!SetWindowsHookExW                                                               74DBF223 5 Bytes  JMP 005A0804 
.text           C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[4600] USER32.dll!UnhookWinEvent                                                                  74DBFE7F 5 Bytes  JMP 005A03FC 
.text           C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[4600] USER32.dll!SetWinEventHook                                                                 74DC938E 5 Bytes  JMP 005A01F8 
.text           C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[4600] USER32.dll!SetWindowsHookExA                                                               74DD6F76 5 Bytes  JMP 005A0600 
?               C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4608] C:\WINDOWS\SYSTEM32\ntdll.dll                                                time/date stamp mismatch; 
.text           C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4608] ntdll.dll!NtProtectVirtualMemory                                             76F55940 5 Bytes  JMP 698F1986 C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\ushata.dll (Ushata module/Kaspersky Lab ZAO)
.text           C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4608] ntdll.dll!LdrUnloadDll                                                       76F62029 5 Bytes  JMP 001803FC 
.text           C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4608] ntdll.dll!LdrLoadDll                                                         76F75D29 5 Bytes  JMP 001801F8 
?               C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4608] C:\WINDOWS\system32\KERNEL32.dll                                             time/date stamp mismatch; unknown module: 0.dllunknown module: cryptnet.dllunknown module: 0.dllunknown module: KERNELBASE.dll
.text           C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4608] user32.dll!UnhookWindowsHookEx                                               74DBA37A 5 Bytes  JMP 001E0A08 
.text           C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4608] user32.dll!UserClientDllInitialize + 311                                     74DBC3EC 4 Bytes  [F0, 28, 8F, 69]
.text           C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4608] user32.dll!SetWindowsHookExW                                                 74DBF223 5 Bytes  JMP 001E0804 
.text           C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4608] user32.dll!UnhookWinEvent                                                    74DBFE7F 5 Bytes  JMP 001E03FC 
.text           C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4608] user32.dll!SetWinEventHook                                                   74DC938E 5 Bytes  JMP 001E01F8 
.text           C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4608] user32.dll!SetWindowsHookExA                                                 74DD6F76 5 Bytes  JMP 001E0600 
.text           C:\Program Files\Apoint2K\ApMsgFwd.exe[4640] ntdll.dll!LdrUnloadDll                                                                                   76F62029 5 Bytes  JMP 002003FC 
.text           C:\Program Files\Apoint2K\ApMsgFwd.exe[4640] ntdll.dll!LdrLoadDll                                                                                     76F75D29 5 Bytes  JMP 002001F8 
.text           C:\Program Files\Apoint2K\ApMsgFwd.exe[4640] KERNEL32.dll!GetBinaryTypeW + 6F                                                                         76A1DDE0 1 Byte  [62]
.text           C:\Program Files\Apoint2K\ApMsgFwd.exe[4640] USER32.dll!UnhookWindowsHookEx                                                                           74DBA37A 5 Bytes  JMP 00220A08 
.text           C:\Program Files\Apoint2K\ApMsgFwd.exe[4640] USER32.dll!SetWindowsHookExW                                                                             74DBF223 5 Bytes  JMP 00220804 
.text           C:\Program Files\Apoint2K\ApMsgFwd.exe[4640] USER32.dll!UnhookWinEvent                                                                                74DBFE7F 5 Bytes  JMP 002203FC 
.text           C:\Program Files\Apoint2K\ApMsgFwd.exe[4640] USER32.dll!SetWinEventHook                                                                               74DC938E 5 Bytes  JMP 002201F8 
.text           C:\Program Files\Apoint2K\ApMsgFwd.exe[4640] USER32.dll!SetWindowsHookExA                                                                             74DD6F76 5 Bytes  JMP 00220600 
.text           C:\Program Files\Secunia\PSI\psi_tray.exe[4688] ntdll.dll!LdrUnloadDll                                                                                76F62029 5 Bytes  JMP 00CA03FC 
.text           C:\Program Files\Secunia\PSI\psi_tray.exe[4688] ntdll.dll!LdrLoadDll                                                                                  76F75D29 5 Bytes  JMP 00CA01F8 
.text           C:\Program Files\Secunia\PSI\psi_tray.exe[4688] USER32.dll!UnhookWindowsHookEx                                                                        74DBA37A 5 Bytes  JMP 00CC0A08 
.text           C:\Program Files\Secunia\PSI\psi_tray.exe[4688] USER32.dll!SetWindowsHookExW                                                                          74DBF223 5 Bytes  JMP 00CC0804 
.text           C:\Program Files\Secunia\PSI\psi_tray.exe[4688] USER32.dll!UnhookWinEvent                                                                             74DBFE7F 5 Bytes  JMP 00CC03FC 
.text           C:\Program Files\Secunia\PSI\psi_tray.exe[4688] USER32.dll!SetWinEventHook                                                                            74DC938E 5 Bytes  JMP 00CC01F8 
.text           C:\Program Files\Secunia\PSI\psi_tray.exe[4688] USER32.dll!SetWindowsHookExA                                                                          74DD6F76 5 Bytes  JMP 00CC0600 
.text           C:\Program Files\Apoint2K\Apntex.exe[4740] ntdll.dll!LdrUnloadDll                                                                                     76F62029 5 Bytes  JMP 002003FC 
.text           C:\Program Files\Apoint2K\Apntex.exe[4740] ntdll.dll!LdrLoadDll                                                                                       76F75D29 5 Bytes  JMP 002001F8 
.text           C:\Program Files\Apoint2K\Apntex.exe[4740] USER32.dll!UnhookWindowsHookEx                                                                             74DBA37A 5 Bytes  JMP 00220A08 
.text           C:\Program Files\Apoint2K\Apntex.exe[4740] USER32.dll!SetWindowsHookExW                                                                               74DBF223 5 Bytes  JMP 00220804 
.text           C:\Program Files\Apoint2K\Apntex.exe[4740] USER32.dll!UnhookWinEvent                                                                                  74DBFE7F 5 Bytes  JMP 002203FC 
.text           C:\Program Files\Apoint2K\Apntex.exe[4740] USER32.dll!SetWinEventHook                                                                                 74DC938E 5 Bytes  JMP 002201F8 
.text           C:\Program Files\Apoint2K\Apntex.exe[4740] USER32.dll!SetWindowsHookExA                                                                               74DD6F76 5 Bytes  JMP 00220600 
.text           C:\WINDOWS\system32\conhost.exe[4768] ntdll.dll!LdrUnloadDll                                                                                          76F62029 5 Bytes  JMP 00D703FC 
.text           C:\WINDOWS\system32\conhost.exe[4768] ntdll.dll!LdrLoadDll                                                                                            76F75D29 5 Bytes  JMP 00D701F8 
.text           C:\WINDOWS\system32\conhost.exe[4768] USER32.dll!UnhookWindowsHookEx                                                                                  74DBA37A 5 Bytes  JMP 00D90A08 
.text           C:\WINDOWS\system32\conhost.exe[4768] USER32.dll!SetWindowsHookExW                                                                                    74DBF223 5 Bytes  JMP 00D90804 
.text           C:\WINDOWS\system32\conhost.exe[4768] USER32.dll!UnhookWinEvent                                                                                       74DBFE7F 5 Bytes  JMP 00D903FC 
.text           C:\WINDOWS\system32\conhost.exe[4768] USER32.dll!SetWinEventHook                                                                                      74DC938E 5 Bytes  JMP 00D901F8 
.text           C:\WINDOWS\system32\conhost.exe[4768] USER32.dll!SetWindowsHookExA                                                                                    74DD6F76 5 Bytes  JMP 00D90600 
.text           C:\Users\Lib!\Desktop\gmer_2.1.19163.exe[4816] KERNEL32.DLL!GetBinaryTypeW + 6F                                                                       76A1DDE0 1 Byte  [62]
.text           C:\Program Files\Apoint2K\HidFind.exe[4884] ntdll.dll!LdrUnloadDll                                                                                    76F62029 5 Bytes  JMP 002003FC 
.text           C:\Program Files\Apoint2K\HidFind.exe[4884] ntdll.dll!LdrLoadDll                                                                                      76F75D29 5 Bytes  JMP 002001F8 
.text           C:\Program Files\Apoint2K\HidFind.exe[4884] KERNEL32.dll!GetBinaryTypeW + 6F                                                                          76A1DDE0 1 Byte  [62]
.text           C:\Program Files\Apoint2K\HidFind.exe[4884] USER32.dll!UnhookWindowsHookEx                                                                            74DBA37A 5 Bytes  JMP 00220A08 
.text           C:\Program Files\Apoint2K\HidFind.exe[4884] USER32.dll!SetWindowsHookExW                                                                              74DBF223 5 Bytes  JMP 00220804 
.text           C:\Program Files\Apoint2K\HidFind.exe[4884] USER32.dll!UnhookWinEvent                                                                                 74DBFE7F 5 Bytes  JMP 002203FC 
.text           C:\Program Files\Apoint2K\HidFind.exe[4884] USER32.dll!SetWinEventHook                                                                                74DC938E 5 Bytes  JMP 002201F8 
.text           C:\Program Files\Apoint2K\HidFind.exe[4884] USER32.dll!SetWindowsHookExA                                                                              74DD6F76 5 Bytes  JMP 00220600 
.text           C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[5036] ntdll.dll!LdrUnloadDll                                                                     76F62029 5 Bytes  JMP 002103FC 
.text           C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[5036] ntdll.dll!LdrLoadDll                                                                       76F75D29 5 Bytes  JMP 002101F8 
.text           C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[5036] KERNEL32.dll!GetBinaryTypeW + 6F                                                           76A1DDE0 1 Byte  [62]
.text           C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[5036] user32.dll!UnhookWindowsHookEx                                                             74DBA37A 5 Bytes  JMP 00390A08 
.text           C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[5036] user32.dll!SetWindowsHookExW                                                               74DBF223 5 Bytes  JMP 00390804 
.text           C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[5036] user32.dll!UnhookWinEvent                                                                  74DBFE7F 5 Bytes  JMP 003903FC 
.text           C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[5036] user32.dll!SetWinEventHook                                                                 74DC938E 5 Bytes  JMP 003901F8 
.text           C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[5036] user32.dll!SetWindowsHookExA                                                               74DD6F76 5 Bytes  JMP 00390600 
.text           C:\Windows\System32\RuntimeBroker.exe[5104] ntdll.dll!LdrUnloadDll                                                                                    76F62029 5 Bytes  JMP 009903FC 
.text           C:\Windows\System32\RuntimeBroker.exe[5104] ntdll.dll!LdrLoadDll                                                                                      76F75D29 5 Bytes  JMP 009901F8 
.text           C:\Windows\System32\RuntimeBroker.exe[5104] KERNEL32.dll!GetBinaryTypeW + 6F                                                                          76A1DDE0 1 Byte  [62]
.text           C:\Windows\System32\RuntimeBroker.exe[5104] USER32.dll!UnhookWindowsHookEx                                                                            74DBA37A 5 Bytes  JMP 009C0A08 
.text           C:\Windows\System32\RuntimeBroker.exe[5104] USER32.dll!SetWindowsHookExW                                                                              74DBF223 5 Bytes  JMP 009C0804 
.text           C:\Windows\System32\RuntimeBroker.exe[5104] USER32.dll!UnhookWinEvent                                                                                 74DBFE7F 5 Bytes  JMP 009C03FC 
.text           C:\Windows\System32\RuntimeBroker.exe[5104] USER32.dll!SetWinEventHook                                                                                74DC938E 5 Bytes  JMP 009C01F8 
.text           C:\Windows\System32\RuntimeBroker.exe[5104] USER32.dll!SetWindowsHookExA                                                                              74DD6F76 5 Bytes  JMP 009C0600 
.text           C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe[5288] KERNEL32.DLL!GetBinaryTypeW + 6F                                                 76A1DDE0 1 Byte  [62]

---- Devices - GMER 2.1 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                                                aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                                               aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                                                               aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                              fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                              cbfs4.sys (Callback File System Driver/EldoS Corporation)

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                                                     -1136276321

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                                                                                 unknown MBR code

---- EOF - GMER 2.1 ----
         
Code:
ATTFilter
C:\Users\Lib!\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7IMQ7W51\pack[1].7z	Variante von Win32/bProtector.A Anwendung
C:\Users\Lib!\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QRBR2828\wajam_install[1].exe	Win32/Wajam.A Anwendung
C:\Users\Lib!\AppData\Local\Temp\WEM5e3Is.exe.part	Variante von Win32/InstallCore.CN Anwendung
C:\Users\Lib!\AppData\Local\Temp\16561674.Uninstall\uninstaller.exe	Variante von Win32/InstallCore.AZ Anwendung
C:\Users\Lib!\AppData\Local\Temp\16588241.Uninstall\uninstaller.exe	Variante von Win32/InstallCore.AZ Anwendung
C:\Users\Lib!\AppData\Local\Temp\16631079.Uninstall\uninstaller.exe	Variante von Win32/InstallCore.AZ Anwendung
C:\Users\Lib!\AppData\Local\Temp\3132765.Uninstall\uninstaller.exe	Variante von Win32/InstallCore.AZ Anwendung
C:\Users\Lib!\AppData\Local\Temp\5112230.Uninstall\uninstaller.exe	Variante von Win32/InstallCore.AZ Anwendung
C:\Users\Lib!\AppData\Local\Temp\EFBC509D-BAB0-7891-9EB2-06E06E3E2329\Latest\BabMaint.exe	Win32/Toolbar.Babylon.I Anwendung
C:\Users\Lib!\AppData\Local\Temp\EFBC509D-BAB0-7891-9EB2-06E06E3E2329\Latest\ccp.exe	Win32/Toolbar.Babylon.M Anwendung
C:\Users\Lib!\AppData\Local\Temp\EFBC509D-BAB0-7891-9EB2-06E06E3E2329\Latest\IEHelper.dll	Win32/Toolbar.Babylon.E Anwendung
C:\Users\Lib!\AppData\Local\Temp\is357113909\1823777_stp\uninstaller.exe	Variante von Win32/InstallCore.AZ Anwendung
C:\Users\Lib!\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe	Variante von Win32/InstallCore.AZ Anwendung
C:\Users\Lib!\Downloads\icq8_setup_8.0b6019 - CHIP-Downloader.exe	Variante von Win32/DownloadSponsor.A Anwendung
D:\Down\CrystalDiskInfo5_0_2-en.exe	Win32/OpenCandy Anwendung
D:\Down\SoftonicDownloader_fuer_unlocker.exe	Win32/SoftonicDownloader.E Anwendung
D:\Down\winamp561_full_emusic-7plus_all.exe	Win32/OpenCandy Anwendung
D:\Down\winamp5623_full_emusic-7plus_de-de.exe	Win32/OpenCandy Anwendung
D:\Down\winamp563_full_emusic-7plus_de-de.exe	Win32/OpenCandy Anwendung
         
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.17.07

Windows 8 x86 NTFS
Internet Explorer 10.0.9200.16688
Lib! :: LIB-PC [Administrator]

17.09.2013 15:57:48
mbam-log-2013-09-17 (15-57-48).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 217202
Laufzeit: 9 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 7
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0L1N1H2O1S -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 3
C:\Users\Lib!\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lib!\AppData\Roaming\BABSOLUTION (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lib!\AppData\Roaming\BABSOLUTION\Shared (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 19
C:\ProgramData\DSearchLink\DSearchLink.exe (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
C:\Users\Lib!\AppData\Local\Temp\ZKRge08m.exe.part (PUP.Optional.Bandoo) -> Keine Aktion durchgeführt.
C:\Users\Lib!\AppData\Local\Temp\WEM5e3Is.exe.part (PUP.Optional.Installcore) -> Keine Aktion durchgeführt.
C:\Users\Lib!\AppData\Local\Temp\EFBC509D-BAB0-7891-9EB2-06E06E3E2329\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\Users\Lib!\AppData\Local\Temp\EFBC509D-BAB0-7891-9EB2-06E06E3E2329\Latest\BExternal.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lib!\AppData\Local\Temp\EFBC509D-BAB0-7891-9EB2-06E06E3E2329\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lib!\AppData\Local\Temp\EFBC509D-BAB0-7891-9EB2-06E06E3E2329\Latest\DSearchLink.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lib!\AppData\Local\Temp\EFBC509D-BAB0-7891-9EB2-06E06E3E2329\Latest\MntrDLLInstall.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lib!\AppData\Local\Temp\EFBC509D-BAB0-7891-9EB2-06E06E3E2329\Latest\MyDeltaTB.exe (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lib!\AppData\Local\Temp\EFBC509D-BAB0-7891-9EB2-06E06E3E2329\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lib!\AppData\Local\Temp\is357113909\1823681_stp.EXE (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lib!\AppData\Local\Temp\is357113909\1823334_stp\DeltaTB.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lib!\AppData\Local\Temp\is357113909\1823419_stp\wajam_download.exe (PUP.Optional.Wajam) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lib!\AppData\Local\Temp\is357113909\1823565_stp\OptimizerPro.exe (PUP.Optional.OptimizePro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\Optimizer_Pro.exe (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lib!\Downloads\ZipOpenerSetup.exe (PUP.Optional.Installcore) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lib!\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lib!\AppData\Local\Google\Chrome\User Data\Default\Local Storage\CHROME-EXTENSION_EOONCJEJNPPFJJKLAPAAMHCDMJBILMDE_0.LOCALSTORAGE (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lib!\AppData\Roaming\BABSOLUTION\Shared\BUSolution.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
__________________


Antwort

Themen zu Win 8 diverse Funde PUP (Babylon) Win32/installcore
adware.agent, antivirus se, ccsetup, chip-downloader.exe, diagnostics, dr.web, farbar, farbar recovery scan tool, fehlercode 1, launch, msiinstaller, newtab, nexus, nicht installiert, plug-in, pup.optional.babsolution.a, pup.optional.babylon.a, pup.optional.bandoo, pup.optional.browserdefender.a, pup.optional.datamngr.a, pup.optional.delta, pup.optional.delta.a, pup.optional.installcore, pup.optional.installcore.a, pup.optional.optimizepro.a, pup.optional.optimizerpro.a, pup.optional.wajam, pup.optional.wajam.a, richtlinie, secunia psi, srtasks.exe, win32/bprotector.a, win32/downloadsponsor.a, win32/installcore.az, win32/installcore.cn, win32/softonicdownloader.e, win32/toolbar.babylon.e, win32/toolbar.babylon.i, win32/toolbar.babylon.m, win32/wajam.a, windowsapps



Ähnliche Themen: Win 8 diverse Funde PUP (Babylon) Win32/installcore


  1. Avira Funde: Somoto.hzis, ATRAPS.Gen, Synatix.isks, InstallCore.Gen7, DownlaodSponsor.Gen - System läuft ansonsten einwandfrei
    Log-Analyse und Auswertung - 25.04.2015 (13)
  2. Fehlermeldung von Avira und diverse Funde von Adaware Cleaner
    Log-Analyse und Auswertung - 28.11.2014 (17)
  3. Diverse Funde mit MBAM
    Plagegeister aller Art und deren Bekämpfung - 15.10.2014 (5)
  4. Windows 7: diverse Probleme und viele Funde bei MWB Antimalware
    Log-Analyse und Auswertung - 06.03.2014 (15)
  5. Windows 7, PC langsam und diverse Funde durch Malwarebytes Antimalware
    Log-Analyse und Auswertung - 07.12.2013 (27)
  6. Win8 - eMail Anhang geöffnet [Fax von 04018138550] diverse Funde
    Log-Analyse und Auswertung - 30.10.2013 (15)
  7. Trojan.P2P.Worm, PUP.Optitionional.Babylon.A, PUP.Optitional.InstallCore und PUP.Optitional.PerformerSoft.A
    Log-Analyse und Auswertung - 29.09.2013 (29)
  8. Win 7 64bit: 2 Funde - Diverse Viren in Quarantäne
    Log-Analyse und Auswertung - 15.09.2013 (3)
  9. Diverse Mailware (BrowserDefender, Babylon, LoadTubes...)
    Log-Analyse und Auswertung - 05.08.2013 (9)
  10. Diverse bedenkliche Funde von AntiVir
    Log-Analyse und Auswertung - 13.09.2012 (11)
  11. Java/HackAV.A, Win32/Toolbar.Babylon, MSIL/Solimba.B, Win32/SoftonicDownloader.A, etc.
    Log-Analyse und Auswertung - 08.03.2012 (1)
  12. Mögliche Funde wie "Win32/InstallCore.A" / Suspect "npqtplugin5.dll" u.s.w
    Plagegeister aller Art und deren Bekämpfung - 19.12.2011 (23)
  13. Diverse Funde PUP.FunWebProducts
    Log-Analyse und Auswertung - 12.12.2011 (1)
  14. Windows XP - diverse Antivir Funde u.a. TR/EyeStye.N.490, TR/Hiloti.D.3194, TR/Dldr.Karagany.A.92
    Log-Analyse und Auswertung - 24.08.2011 (1)
  15. Diverse Funde, kritische Fehler - lohnt sich Reperatur?
    Plagegeister aller Art und deren Bekämpfung - 22.08.2011 (12)
  16. Weiterleitung bei Google und diverse andere Funde
    Log-Analyse und Auswertung - 15.07.2009 (7)
  17. Bitte anschauen. Habe diverse Funde gehabt.
    Log-Analyse und Auswertung - 27.01.2009 (0)

Zum Thema Win 8 diverse Funde PUP (Babylon) Win32/installcore - Hallo, seit ein paar Tagen erlebe ich merkwürdige Website-Öffnungen auf meinem PC. AVAST verhindert zwar, dass sich die Seiten öffnen, aber ich will da auf Nummer sicher gehen. darum habe - Win 8 diverse Funde PUP (Babylon) Win32/installcore...
Archiv
Du betrachtest: Win 8 diverse Funde PUP (Babylon) Win32/installcore auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.