Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Spybot 2.0 Rootkit scan: HKEY_LOCAL_MACHINE\SOFTWARE\Xanthic + Blue Screen IRQL_NOT_LESS_OR_EQUAL (https://www.trojaner-board.de/119622-spybot-2-0-rootkit-scan-hkey_local_machine-software-xanthic-blue-screen-irql_not_less_or_equal.html)

Polarbär 16.07.2012 11:50
Spybot 2.0 Rootkit scan: HKEY_LOCAL_MACHINE\SOFTWARE\Xanthic + Blue Screen IRQL_NOT_LESS_OR_EQUAL
 
Hallo,
ich wäre Dankbar für eure Hilfe.
Habe folgendes Problem:
Der Adobe Flashplayer verursacht nach einer gewissen Zeit ab neuinstalation beim abspielen von Youtube Videos das der PC komplet einfriert oder ein Bluescrenn erscheint (Bluescrenn erscheint ab und zu auch bei Systemstart).
Könnte auch der Grafigtreiber von ATI verursachen habe mefach neu instaliert? oder folgendes
Spybot2.0 Rootkit scanner hat eine Programm endeckt das sich nicht löschen lässt in der Regedit, (SOFTWARE\Xanthic)?
Avast und Malwarebytest haben nichts endeckt!
Habe Win xp und Grafigkarte ATI Radon HD 5450 Treibervers.8.980.0.0
Danke im voraus!

Zitat:
// vom 16.7.2012 info: Rootkit removal help file
// copyright: (c) 2008-2012 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"No admin in ACL","C:\WINDOWS\system32\A3DA537E26.sys"
File:"No admin in ACL","C:\WINDOWS\system32\F993342A13.sys"
Directory:"Hidden directory","Files in System folder"
Directory:"Hidden directory","Global run entries"
Directory:"Hidden directory","Winlogon entries"
Directory:"Hidden directory","Invisible processes (from handles)"
Directory:"Hidden directory","Invisible processes (from threads)"
RegyValue:"Zero char in key name","HKEY_LOCAL_MACHINE","\SOFTWARE\Xanthic\","{1246792F-C12E-81AE-FE96-35D2FC917677}\0_"
// Attention: entries with a zero character will not be displayed correctly and may not work!
RegyValue:"Invisible to Win32","HKEY_LOCAL_MACHINE","\SOFTWARE\Xanthic\","{1246792F-C12E-81AE-FE96-35D2FC917677}\0_"
// Attention: entries with a zero character will not be displayed correctly and may not work!
RegyValue:"Zero char in key name","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Windows\CurrentVersion\","System\0"
// Attention: entries with a zero character will not be displayed correctly and may not work!
Zitat:
:: VOM 13.7.2012 RootAlyzer Results
File:"Invisible to Win32","C:\avenger.txtbox"
File:"No admin in ACL","C:\WINDOWS\system32\A3DA537E26.sys"
File:"No admin in ACL","C:\WINDOWS\system32\F993342A13.sys"
File:"No admin in ACL","C:\WINDOWS\system32\KGyGaAvL.sys"
File:"No admin in ACL","C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\SRTSP\SrtETmp"
Directory:"Hidden directory","Files in System folder"
Directory:"Hidden directory","Global run entries"
Directory:"Hidden directory","Winlogon entries"
Directory:"Hidden directory","Invisible processes (from handles)"
Directory:"Hidden directory","Invisible processes (from threads)"
RegyValue:"Zero char in key name","HKEY_LOCAL_MACHINE","\SOFTWARE\Xanthic\","{1246792F-C12E-81AE-FE96-35D2FC917677}\0_"
// Attention: entries with a zero character will not be displayed correctly and may not work!
RegyValue:"Invisible to Win32","HKEY_LOCAL_MACHINE","\SOFTWARE\Xanthic\","{1246792F-C12E-81AE-FE96-35D2FC917677}\0_"
// Attention: entries with a zero character will not be displayed correctly and may not work!
RegyValue:"Zero char in key name","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Windows\CurrentVersion\","System\0"
Zitat:
Bluescreen
Mini071612-01.dmp 16.07.2012 09:31:20 IRQL_NOT_LESS_OR_EQUAL 0x0000000a 0x623fd8cc 0x00000002 0x00000001 0x805224f7 ntkrnlpa.exe ntkrnlpa.exe+6d4e8 5.1.2600.3670 (xpsp_sp2_qfe.100216-2016) 32-bit ntkrnlpa.exe+6d4e8 ntkrnlpa.exe+4b4f7 ntkrnlpa.exe+4b850 ntkrnlpa.exe+3d939 C:\WINDOWS\Minidump\Mini071612-01.dmp 2 15 2600 65.536
ntkrnlpa.exe ntkrnlpa.exe+4b4f7 0x804d7000 0x806e4000 0x0020d000 0x4b7ace87 16.02.2010 16:57:43 Betriebssystem Microsoft® Windows® NT-Kernel und -System 5.1.2600.3670 (xpsp_sp2_qfe.100216-2016) Microsoft Corporation C:\WINDOWS\system32\ntkrnlpa.exe

Polarbär 16.07.2012 14:47
:headbang::headbang::headbang:Entschuldigung für die verspätung der Log Files
aber OLT und Defroger werden nicht richtig ausgeführt!
GMER logfile wurde hier angehängt.

OLT
beim ausführen wird folgende Fehlermeldung angezeigt:
Exeeption EOle Sys Error in module OTL.exe at 000584A5.
Klasse nicht registriert

Zitat:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:01 on 16/07/2012 (Roman)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-

cosinus 17.07.2012 10:26
Zitat:
Avast und Malwarebytest haben nichts endeckt!
Trotzdem bitte alle Logs davon posten
Die Logs enthalten ein paar mehr Infos als nur Fund oder kein Fund.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Polarbär 17.07.2012 18:16
Hallo
also mit Avast habe ich eine "Strartzeitprüfung" und heute noch eine "Vollständige Prüfung" durchgeführt das seltsame ist nur das ich keine Logfiles dafür finden kann (Prog./AVAST5/DATA/log+report) es wird nur im Avast-programmfenster unter Protokolle angezeigt das die Scans durchgeführt wurden. Ergebnis Vollständige Prüfung; Einige Datein konten nicht überprüft werden- Datei ist offline sie ist aktuell nicht verfügbar: C:\Programme\SCi Games\Richard Burns Rally /www.bhmotorsports.com.txt
C:\Programme\SCi Games/www.bhmotorsports.com.txt

Unter C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software\Avast5\log
sind einige Logs aber keine von virusscan; aswAr1.log+setup.log+...

Zitat:
setup.log ....10:29:42 min/gen Started: 17.07.2012, 10:29:42
10:29:42 vrb/gen Operation set to INST_OP_UNKNOWN
10:29:49 min/gen Old version: 5b0 (1456)
10:29:51 nrm/int SYNCER: Agent=Syncer/5.00 (ais-1456;p)
10:29:51 min/gen Running SETUP_AIS-5b0 (1456)
10:29:51 nrm/sys Operating system: WindowsXP ver 5.1, build 2600, sp 2.0 [Service Pack 2]
10:29:51 nrm/sys Memory: 40% load. Phys:1256420/2095532K free, Page:3407736/4032888K free, Virt:2050648/2097024K free
10:29:51 vrb/sys Computer WinName: PALME
10:29:51 min/sys Windows Net User: NT-AUTORITÄT\SYSTEM
10:29:51 min/gen Cmdline: /checkupdate /verysilent
10:29:51 vrb/gen DldSrc set to inet
10:29:51 vrb/gen Operation set to INST_OP_CHECK_UPDATE
10:29:51 min/gen Old version: 5b0 (1456)
10:29:52 vrb/reg Deleted registry: Software\AVAST Software\Avast\UpdateReady
10:29:52 nrm/sys Using temp: C:\WINDOWS\TEMP\_asw_aisI.tm~a02264 (43689M free)
10:29:52 nrm/gen SGW32AIS::CheckIfInstalled set m_bAlreadyInstalled to 1
10:29:52 nrm/int SYNCER: Agent=Syncer/5.00 (ais-1456;p)
10:29:53 vrb/sys Computer DnsName: Palme
10:29:53 vrb/sys Computer Ip Addr: 192.168.178.20
10:29:53 nrm/sys Installed in: C:\Programme\Alwil Software\Avast5 (43689M free)
10:29:53 vrb/gen LoadState: Edition=1
10:29:53 nrm/int SYNCER: Type: use IE settings
10:29:53 nrm/int SYNCER: Auth: another authentication, use WinInet
10:29:53 vrb/pkg Part prg_ais-5b0 is installed
10:29:53 vrb/pkg Part vps_win32-12071600 is installed
10:29:53 vrb/pkg Part setup_ais-5b0 is installed
10:29:53 vrb/pkg Part jrog-a7 is installed
10:29:53 vrb/pkg Part jrog2-557 is installed
10:29:53 min/gen Old version: 5b0 (1456)
10:30:39 vrb/fil SetExistingFilesBitmap: 1095->373->368
10:30:39 min/gen GUID: a0469928-e95f-4475-8cca-40358391a522
10:30:40 nrm/gen Server definition(s) loaded for 'main': 185 (maintenance:0)
10:30:40 nrm/gen SelectCurrent: selected server 'Download344 AVAST5 Server' from 'main'
10:30:40 nrm/int SYNCER: Type: use IE settings
10:30:40 nrm/int SYNCER: Auth: another authentication, use WinInet
10:30:42 nrm/int Used server: hxxp://95.211.168.39/iavs5x
10:30:42 min/fil GetFileWithRetry: servers.def.vpx downloaded .
10:30:42 min/fil servers.def.vpx not changed, 1342165328
10:30:43 nrm/gen Server definition(s) loaded for 'main': 185 (maintenance:0)
10:30:43 nrm/gen SelectCurrent: selected server 'Download352 AVAST5 Server' from 'main'
10:30:43 nrm/int SYNCER: Type: use IE settings
10:30:43 nrm/int SYNCER: Auth: another authentication, use WinInet
10:30:43 nrm/int Used server: hxxp://download352.avast.com/iavs5x
10:30:43 min/fil GetFileWithRetry: prod-ais.vpx downloaded .
10:30:44 vrb/pkg LoadPartInfo: jrog = jrog-a7 returned 00000000
10:30:44 vrb/pkg LoadPartInfo: jrog2 = jrog2-559 returned 00000000
10:30:44 vrb/pkg LoadPartInfo: program = prg_ais-5b0 returned 00000000
10:30:44 vrb/pkg LoadPartInfo: setup = setup_ais-5b0 returned 00000000
10:30:44 vrb/pkg LoadPartInfo: vps = vps_win32-12071700 returned 00000000
10:30:44 vrb/reg Set registry: Software\AVAST Software\Avast\DataFolder=C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software\Avast5
10:30:44 vrb/reg Set registry: Software\AVAST Software\Avast\Version=7.0
10:30:44 vrb/reg Set registry: Software\AVAST Software\Avast\VersionShort=7.0
10:30:44 vrb/reg Set registry: Software\AVAST Software\Avast\SetupVersion=1456
10:30:44 vrb/reg Set registry: Software\AVAST Software\Avast\ProgramFolder=C:\Programme\Alwil Software\Avast5
10:30:44 vrb/reg Set registry: Software\AVAST Software\Avast\Product=ais
10:30:46 nrm/pkg Transferred: files 2, bytes 592, time 2359 ms
10:30:46 nrm/pkg Retries: total 0, files 0, servers 2
10:30:46 vrb/fil NeedReboot=false
10:30:46 min/gen Return code: 0x20000000 [Something done]
10:30:46 min/gen Stopped: 17.07.2012, 10:30:46


10:30:49 min/gen Started: 17.07.2012, 10:30:49
10:30:49 vrb/gen Operation set to INST_OP_UNKNOWN
10:30:49 min/gen Old version: 5b0 (1456)
10:30:49 nrm/int SYNCER: Agent=Syncer/5.00 (ais-1456;p)
10:30:49 min/gen Running SETUP_AIS-5b0 (1456)
10:30:49 nrm/sys Operating system: WindowsXP ver 5.1, build 2600, sp 2.0 [Service Pack 2]
10:30:49 nrm/sys Memory: 43% load. Phys:1186004/2095532K free, Page:3344684/4032888K free, Virt:2050648/2097024K free
10:30:49 vrb/sys Computer WinName: PALME
10:30:49 min/sys Windows Net User: NT-AUTORITÄT\SYSTEM
10:30:49 min/gen Cmdline: /downloadpkgs /noreboot /updatevps /verysilent /session "0" /limitcpu
10:30:49 vrb/gen DldSrc set to inet
10:30:49 vrb/gen Operation set to INST_OP_UPDATE_GET_PACKAGES
10:30:49 min/gen Old version: 5b0 (1456)
10:30:49 vrb/reg Deleted registry: Software\AVAST Software\Avast\UpdateReady
10:30:49 nrm/sys Using temp: C:\WINDOWS\TEMP\_asw_aisI.tm~a02700 (43689M free)
10:30:49 nrm/gen SGW32AIS::CheckIfInstalled set m_bAlreadyInstalled to 1
10:30:49 nrm/int SYNCER: Agent=Syncer/5.00 (ais-1456;p)
10:30:50 vrb/sys Computer DnsName: Palme
10:30:50 vrb/sys Computer Ip Addr: 192.168.178.20
10:30:50 nrm/sys Installed in: C:\Programme\Alwil Software\Avast5 (43689M free)
10:30:50 vrb/gen LoadState: Edition=1
10:30:50 nrm/int SYNCER: Type: use IE settings
10:30:50 nrm/int SYNCER: Auth: another authentication, use WinInet
10:30:50 vrb/pkg Part prg_ais-5b0 is installed
10:30:50 vrb/pkg Part vps_win32-12071600 is installed
10:30:50 vrb/pkg Part setup_ais-5b0 is installed
10:30:50 vrb/pkg Part jrog-a7 is installed
10:30:50 vrb/pkg Part jrog2-557 is installed
10:30:50 min/gen Old version: 5b0 (1456)
10:30:50 vrb/fil skipped CPackageEngine_File::SetExistingFilesBitmap
10:30:50 min/gen GUID: a0469928-e95f-4475-8cca-40358391a522
10:30:51 nrm/gen Server definition(s) loaded for 'main': 185 (maintenance:0)
10:30:51 nrm/gen SelectCurrent: selected server 'Download328 AVAST5 Server' from 'main'
10:30:51 nrm/int SYNCER: Type: use IE settings
10:30:51 nrm/int SYNCER: Auth: another authentication, use WinInet
10:30:51 nrm/int SYNCER: Agent=Syncer/5.00 (ais-1456;p)
10:30:52 nrm/int Used server: hxxp://download328.avast.com/iavs5x
10:30:52 min/fil GetFileWithRetry: servers.def.vpx downloaded .
10:30:52 min/fil servers.def.vpx not changed, 1342165328
10:30:52 nrm/gen Server definition(s) loaded for 'main': 185 (maintenance:0)
10:30:53 nrm/gen SelectCurrent: selected server 'Download119 AVAST5 Server' from 'main'
10:30:53 nrm/int SYNCER: Type: use IE settings
10:30:53 nrm/int SYNCER: Auth: another authentication, use WinInet
10:30:56 nrm/int Used server: hxxp://download119.avast.com/iavs5x
10:30:56 min/fil GetFileWithRetry: prod-ais.vpx downloaded .
10:30:56 min/fil prod-ais.vpx not changed, 1342513013
10:30:56 vrb/pkg LoadPartInfo: jrog = jrog-a7 returned 00000000
10:30:56 vrb/pkg LoadPartInfo: jrog2 = jrog2-559 returned 00000000
10:30:56 vrb/pkg LoadPartInfo: program = prg_ais-5b0 returned 00000000
10:30:56 vrb/pkg LoadPartInfo: setup = setup_ais-5b0 returned 00000000
10:30:56 vrb/pkg LoadPartInfo: vps = vps_win32-12071700 returned 00000000
10:30:56 nrm/int Used server: hxxp://download119.avast.com/iavs5x
10:30:56 min/fil GetFileWithRetry: part-vps_win32-12071700.vpx downloaded and verified
10:30:56 vrb/pkg Part vps_win32-12071700 was set to be installed
10:30:56 vrb/pkg DeleteObsoletePackages: Removed part-vps_win32-12071600.vpx
10:30:56 nrm/int Used server: hxxp://download119.avast.com/iavs5x
10:30:57 min/fil GetFileWithRetry: part-jrog2-559.vpx downloaded and verified
10:30:57 vrb/pkg Part jrog2-559 was set to be installed
10:30:57 vrb/pkg DeleteObsoletePackages: Removed part-jrog2-557.vpx
10:30:57 vrb/pkg Part vps_win32-12071700 was set to be installed
10:30:57 vrb/pkg Part jrog2-559 was set to be installed
10:30:57 vrb/pkg IsFullOkay: jrog2-559.vpx - not okay (doesn't exist)
10:30:57 nrm/int Used server: hxxp://download119.avast.com/iavs5x
10:30:57 min/fil GetFileWithRetry: jrog2-558-557.vpx downloaded and verified
10:30:57 nrm/pkg DldPackage: C:\Programme\Alwil Software\Avast5\Setup\jrog2-558-557.vpx, returned 0x00000000
10:30:57 min/pkg PerformPkgDiff: pPkgDiffStorage->m_pbtBufNew allocated 1296346
10:30:57 vrb/pkg PerformDiff: Ok
10:30:57 nrm/int Used server: hxxp://download119.avast.com/iavs5x
10:30:57 min/fil GetFileWithRetry: jrog2-559-558.vpx downloaded and verified
10:30:57 nrm/pkg DldPackage: C:\Programme\Alwil Software\Avast5\Setup\jrog2-559-558.vpx, returned 0x00000000
10:30:57 min/pkg PerformPkgDiff: pPkgDiffStorage->m_pbtBufNew allocated 1296896
10:30:57 vrb/pkg PerformDiff: Ok
10:30:57 vrb/pkg DeleteObsoletePackages: Removed jrog2-557.vpx
10:31:01 vrb/pkg IsFullOkay: vps_32-859.vpx - not okay (doesn't exist)
10:31:20 vrb/pkg IsFullOkay: vps_win32-86d.vpx - not okay (doesn't exist)
10:31:24 nrm/int Used server: hxxp://download119.avast.com/iavs5x
10:31:24 min/fil GetFileWithRetry: vps_32-858-857.vpx downloaded and verified
10:31:24 nrm/pkg DldPackage: C:\Programme\Alwil Software\Avast5\Setup\vps_32-858-857.vpx, returned 0x00000000
10:31:25 min/pkg PerformPkgDiff: pPkgDiffStorage->m_pbtBufNew allocated 70034129
10:31:26 vrb/pkg PerformDiff: Ok
10:31:29 nrm/int Used server: hxxp://download119.avast.com/iavs5x
10:31:29 min/fil GetFileWithRetry: vps_32-859-858.vpx downloaded and verified
10:31:29 nrm/pkg DldPackage: C:\Programme\Alwil Software\Avast5\Setup\vps_32-859-858.vpx, returned 0x00000000
10:31:29 min/pkg PerformPkgDiff: pPkgDiffStorage->m_pbtBufNew allocated 70080624
10:31:30 vrb/pkg PerformDiff: Ok
10:31:38 vrb/pkg DeleteObsoletePackages: Removed vps_32-857.vpx
10:31:38 nrm/int Used server: hxxp://download119.avast.com/iavs5x
10:31:38 min/fil GetFileWithRetry: vps_win32-86c-86b.vpx downloaded and verified
10:31:38 nrm/pkg DldPackage: C:\Programme\Alwil Software\Avast5\Setup\vps_win32-86c-86b.vpx, returned 0x00000000
10:31:38 min/pkg PerformPkgDiff: pPkgDiffStorage->m_pbtBufNew allocated 6546959
10:31:39 vrb/pkg PerformDiff: Ok
10:31:39 nrm/int Used server: hxxp://download119.avast.com/iavs5x
10:31:39 min/fil GetFileWithRetry: vps_win32-86d-86c.vpx downloaded and verified
10:31:39 nrm/pkg DldPackage: C:\Programme\Alwil Software\Avast5\Setup\vps_win32-86d-86c.vpx, returned 0x00000000
10:31:39 min/pkg PerformPkgDiff: pPkgDiffStorage->m_pbtBufNew allocated 6546959
10:31:39 vrb/pkg PerformDiff: Ok
10:31:41 vrb/pkg DeleteObsoletePackages: Removed vps_win32-86b.vpx
10:31:43 min/int submit has nothing to send
10:31:43 nrm/pkg Submit: files 0, bytes 0, time 0 ms
10:31:43 nrm/pkg Submit success: files 0, bytes 0, time 0 ms
10:31:43 nrm/pkg Transferred: files 10, bytes 436253, time 10357 ms
10:31:43 nrm/pkg Retries: total 0, files 0, servers 2
10:31:43 vrb/int Sending stats 'hxxp://stats7.avast.com/cgi-bin/iavs4stats.cgi': 00000000 204
10:31:44 vrb/fil NeedReboot=false
10:31:44 min/gen Return code: 0x20000000 [Something done]
10:31:44 min/gen Stopped: 17.07.2012, 10:31:44


10:31:53 min/gen Started: 17.07.2012, 10:31:53
10:31:53 vrb/gen Operation set to INST_OP_UNKNOWN
10:31:53 min/gen Old version: 5b0 (1456)
10:31:53 nrm/int SYNCER: Agent=Syncer/5.00 (ais-1456;p)
10:31:53 min/gen Running SETUP_AIS-5b0 (1456)
10:31:53 nrm/sys Operating system: WindowsXP ver 5.1, build 2600, sp 2.0 [Service Pack 2]
10:31:53 nrm/sys Memory: 43% load. Phys:1175828/2095532K free, Page:3326220/4032888K free, Virt:2050648/2097024K free
10:31:53 vrb/sys Computer WinName: PALME
10:31:53 min/sys Windows Net User: NT-AUTORITÄT\SYSTEM
10:31:55 min/gen Cmdline: /refresh /noreboot /updatevps /verysilent /session "0" /limitcpu
10:31:55 vrb/gen Operation set to INST_OP_UPDATE_INSTALL_PACKAGES
10:31:55 min/gen Old version: 5b0 (1456)
10:31:55 vrb/reg Deleted registry: Software\AVAST Software\Avast\UpdateReady
10:31:55 nrm/sys Using temp: C:\WINDOWS\TEMP\_asw_aisI.tm~a03288 (43614M free)
10:31:55 nrm/gen SGW32AIS::CheckIfInstalled set m_bAlreadyInstalled to 1
10:31:55 nrm/sys Installed in: C:\Programme\Alwil Software\Avast5 (43614M free)
10:31:55 vrb/gen LoadState: Edition=1
10:31:57 nrm/int SYNCER: Type: use IE settings
10:31:57 nrm/int SYNCER: Auth: another authentication, use WinInet
10:31:57 vrb/pkg Part prg_ais-5b0 is installed
10:31:57 vrb/pkg Part vps_win32-12071700 is installed
10:31:58 vrb/pkg Part setup_ais-5b0 is installed
10:31:58 vrb/pkg Part jrog-a7 is installed
10:31:58 vrb/pkg Part jrog2-559 is installed
10:31:58 min/gen Old version: 5b0 (1456)
10:32:00 vrb/fil skipped CPackageEngine_File::SetExistingFilesBitmap
10:32:00 min/gen GUID: a0469928-e95f-4475-8cca-40358391a522
10:32:00 vrb/gen Entering:UpdateInstallPackages
10:32:00 vrb/pkg LoadPartInfo: jrog = jrog-a7 returned 00000000
10:32:00 vrb/pkg LoadPartInfo: jrog2 = jrog2-559 returned 00000000
10:32:00 vrb/pkg LoadPartInfo: program = prg_ais-5b0 returned 00000000
10:32:00 vrb/pkg LoadPartInfo: setup = setup_ais-5b0 returned 00000000
10:32:00 vrb/pkg LoadPartInfo: vps = vps_win32-12071700 returned 00000000
10:32:02 vrb/pkg ArePartsInstallable: 1
10:32:02 min/pkg vps version 12071700
10:32:02 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\Sf.bin (4)
10:32:02 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\Sf.bin
10:32:02 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\Sf1.bin (4)
10:32:02 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\Sf1.bin
10:32:02 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\dllcc.dat (2)
10:32:02 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\dllcc.dat
10:32:02 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\ArPot.dll (4)
10:32:02 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\ArPot.dll
10:32:02 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\aswAR.dll (4)
10:32:02 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\aswAR.dll
10:32:02 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\aswBoot.dll (4)
10:32:02 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\aswBoot.dll
10:32:02 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\aswCleanerDLL.dll (4)
10:32:02 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\aswCleanerDLL.dll
10:32:02 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\aswCmnBS.dll (4)
10:32:02 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\aswCmnBS.dll
10:32:02 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\aswCmnIS.dll (4)
10:32:02 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\aswCmnIS.dll
10:32:02 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\aswCmnOS.dll (4)
10:32:02 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\aswCmnOS.dll
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\aswEngin.dll (4)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\aswEngin.dll
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\aswFiDb.dll (4)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\aswFiDb.dll
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\aswRawFS.dll (4)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\aswRawFS.dll
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\aswRep.dll (4)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\aswRep.dll
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\aswScan.dll (4)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\aswScan.dll
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\exts.dll (4)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\exts.dll
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\fwAux.dll (4)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\fwAux.dll
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\uiext.dll (4)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\uiext.dll
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\list_d.txt (2)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\list_d.txt
10:32:03 min/pkg vps: ExtractFilesFromPackage(vps_win32-86d.vpx) returned 0x00000000
10:32:03 min/pkg vps: OpenPackage(C:\Programme\Alwil Software\Avast5\Setup\vps_32-859.vpx) returned 0x00000000, files: 44
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\whitelist.db (2)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\whitelist.db
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_dex.dat (2)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_dex.dat
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_dyna.dat (2)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_dyna.dat
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_el.dat (2)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_el.dat
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_elf.dat (2)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_elf.dat
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_elfa.dat (2)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_elfa.dat
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_evope.dat (2)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_evope.dat
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_java.dat (2)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_java.dat
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_js.dat (2)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_js.dat
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_mx4.dat (2)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_mx4.dat
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_mx95.dat (2)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_mx95.dat
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_o7.dat (2)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_o7.dat
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_ob2.dat (2)
10:32:03 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_ob2.dat
10:32:03 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_pe2.dat (2)
10:32:06 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_pe2.dat
10:32:06 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_pe3.dat (2)
10:32:06 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_pe3.dat
10:32:06 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_swf.dat (2)
10:32:06 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_swf.dat
10:32:06 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_tx.dat (2)
10:32:06 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_tx.dat
10:32:06 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_u.dat (2)
10:32:07 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_u.dat
10:32:07 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_w6.dat (2)
10:32:07 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_w6.dat
10:32:07 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_wh2.dat (2)
10:32:07 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_wh2.dat
10:32:07 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\sc_dst.dat (2)
10:32:07 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\sc_dst.dat
10:32:07 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\sc_src.dat (2)
10:32:07 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\sc_src.dat
10:32:07 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\algo.dll (4)
10:32:07 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\algo.dll
10:32:07 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\def.ini (2)
10:32:07 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\def.ini
10:32:07 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\certs.map (2)
10:32:07 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\certs.map
10:32:07 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_dex.map (20000)
10:32:07 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_dex.map
10:32:07 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_dyna.map (20000)
10:32:07 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_dyna.map
10:32:07 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_elf.map (20000)
10:32:07 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_elf.map
10:32:07 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_elfa.map (20000)
10:32:07 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_elfa.map
10:32:07 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_java.map (20000)
10:32:07 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_java.map
10:32:07 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_js.map (20000)
10:32:07 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_js.map
10:32:07 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_mx4.map (20000)
10:32:07 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_mx4.map
10:32:07 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_mx95.map (20000)
10:32:07 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_mx95.map
10:32:07 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_o7.map (20000)
10:32:07 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_o7.map
10:32:07 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_swf.map (20000)
10:32:07 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_swf.map
10:32:07 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_w6.map (20000)
10:32:07 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_w6.map
10:32:07 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\db_xtn.map (20000)
10:32:07 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\db_xtn.map
10:32:07 min/pkg vps: going to extract C:\Programme\Alwil Software\Avast5\defs\12071700\list_i.txt (2)
10:32:07 min/pkg extracted file C:\Programme\Alwil Software\Avast5\defs\12071700\list_i.txt
10:32:07 min/pkg vps: preparePool C:\Programme\Alwil Software\Avast5\defs\12071700\l_idx.map, ok
10:32:07 min/pkg vps: preparePool C:\Programme\Alwil Software\Avast5\defs\12071700\s_idx.map, ok
10:32:07 min/pkg vps: preparePool C:\Programme\Alwil Software\Avast5\defs\12071700\sl_idx.map, ok
10:32:09 min/pkg vps: Create file C:\Programme\Alwil Software\Avast5\defs\12071700\lshe3.map, ok
10:32:09 min/pkg vps: Create file C:\Programme\Alwil Software\Avast5\defs\12071700\acshort.map, ok
10:32:09 min/pkg vps: event 0x0004002A set
10:32:09 min/sys GUI DLL not loaded but "installOffer" function executed.
10:32:09 vrb/gen Offer installed, 0x00000002
10:32:11 nrm/pkg Transferred: files 0, bytes 0, time 0 ms
10:32:11 nrm/pkg Retries: total 0, files 0, servers 0
10:32:11 vrb/fil NeedReboot=false
10:32:11 min/gen Return code: 0x20000000 [Something done]
10:32:11 min/gen Stopped: 17.07.2012, 10:32:11


11:44:39 min/gen Started: 17.07.2012, 11:44:39
11:44:39 vrb/gen Operation set to INST_OP_UNKNOWN
11:44:39 min/gen Old version: 5b0 (1456)
11:44:40 nrm/int SYNCER: Agent=Syncer/5.00 (ais-1456;p)
11:44:40 min/gen Running SETUP_AIS-5b0 (1456)
11:44:40 nrm/sys Operating system: WindowsXP ver 5.1, build 2600, sp 2.0 [Service Pack 2]
11:44:40 nrm/sys Memory: 41% load. Phys:1230628/2095532K free, Page:3387904/4032888K free, Virt:2050648/2097024K free
11:44:40 vrb/sys Computer WinName: PALME
11:44:40 min/sys Windows Net User: NT-AUTORITÄT\SYSTEM
11:44:40 min/gen Cmdline: /checkupdate /verysilent
11:44:40 vrb/gen DldSrc set to inet
11:44:40 vrb/gen Operation set to INST_OP_CHECK_UPDATE
11:44:40 min/gen Old version: 5b0 (1456)
11:44:40 vrb/reg Deleted registry: Software\AVAST Software\Avast\UpdateReady
11:44:40 nrm/sys Using temp: C:\WINDOWS\TEMP\_asw_aisI.tm~a03508 (43613M free)
11:44:40 nrm/gen SGW32AIS::CheckIfInstalled set m_bAlreadyInstalled to 1
11:44:40 nrm/int SYNCER: Agent=Syncer/5.00 (ais-1456;p)
11:44:40 vrb/sys Computer DnsName: Palme
11:44:40 vrb/sys Computer Ip Addr: 192.168.178.20
11:44:40 nrm/sys Installed in: C:\Programme\Alwil Software\Avast5 (43613M free)
11:44:40 vrb/gen LoadState: Edition=1
11:44:41 nrm/int SYNCER: Type: use IE settings
11:44:41 nrm/int SYNCER: Auth: another authentication, use WinInet
11:44:41 vrb/pkg Part prg_ais-5b0 is installed
11:44:41 vrb/pkg Part vps_win32-12071700 is installed
11:44:41 vrb/pkg Part setup_ais-5b0 is installed
11:44:41 vrb/pkg Part jrog-a7 is installed
11:44:41 vrb/pkg Part jrog2-559 is installed
11:44:41 min/gen Old version: 5b0 (1456)
11:45:13 vrb/fil SetExistingFilesBitmap: 1095->373->368
11:45:13 min/gen GUID: a0469928-e95f-4475-8cca-40358391a522
11:45:13 nrm/gen Server definition(s) loaded for 'main': 185 (maintenance:0)
11:45:13 nrm/gen SelectCurrent: selected server 'Download324 AVAST5 Server' from 'main'
11:45:13 nrm/int SYNCER: Type: use IE settings
11:45:13 nrm/int SYNCER: Auth: another authentication, use WinInet
11:45:13 nrm/int ERROR:HttpGetWininet, catch returned 0x00002EE7 (12007)
11:45:13 nrm/gen InvalidateCurrent: invalidated server 'Download324 AVAST5 Server' from 'main'
11:45:13 nrm/gen SelectCurrent: selected server 'Download328 AVAST5 Server' from 'main'
11:45:13 nrm/int SYNCER: Type: use IE settings
11:45:13 nrm/int SYNCER: Auth: another authentication, use WinInet
11:45:13 nrm/int ERROR:HttpGetWininet, catch returned 0x00002EE7 (12007)
11:45:13 nrm/gen InvalidateCurrent: invalidated server 'Download328 AVAST5 Server' from 'main'
11:45:13 nrm/gen SelectCurrent: selected server 'Download339 AVAST5 Server' from 'main'
11:45:13 nrm/int SYNCER: Type: use IE settings
11:45:13 nrm/int SYNCER: Auth: another authentication, use WinInet
11:45:16 nrm/int ERROR:HttpGetWininet, catch returned 0x00002EE7 (12007)
11:45:16 nrm/gen InvalidateCurrent: invalidated server 'Download339 AVAST5 Server' from 'main'
11:45:16 nrm/gen SelectCurrent: selected server 'Download718 AVAST5 Server' from 'main'
11:45:16 nrm/int SYNCER: Type: use IE settings
11:45:16 nrm/int SYNCER: Auth: another authentication, use WinInet
11:45:18 nrm/int ERROR:HttpGetWininet, catch returned 0x00002EE7 (12007)
11:45:18 nrm/gen InvalidateCurrent: invalidated server 'Download718 AVAST5 Server' from 'main'
11:45:18 nrm/gen SelectCurrent: selected server 'Download981 AVAST5 Server' from 'main'
11:45:18 nrm/int SYNCER: Type: use IE settings
11:45:18 nrm/int SYNCER: Auth: another authentication, use WinInet
11:45:20 nrm/int ERROR:HttpGetWininet, catch returned 0x00002EE7 (12007)
11:45:20 nrm/gen InvalidateCurrent: invalidated server 'Download981 AVAST5 Server' from 'main'
11:45:20 nrm/gen SelectCurrent: selected server 'Download320 AVAST5 Server' from 'main'
11:45:20 nrm/int SYNCER: Type: use IE settings
11:45:20 nrm/int SYNCER: Auth: another authentication, use WinInet
11:45:22 nrm/int ERROR:HttpGetWininet, catch returned 0x00002EE7 (12007)
11:45:22 nrm/gen InvalidateCurrent: invalidated server 'Download320 AVAST5 Server' from 'main'
11:45:22 nrm/gen SelectCurrent: selected server 'Download376 AVAST5 Server' from 'main'
11:45:22 nrm/int SYNCER: Type: use IE settings
11:45:22 nrm/int SYNCER: Auth: another authentication, use WinInet
11:45:24 nrm/int ERROR:HttpGetWininet, catch returned 0x00002EE7 (12007)
11:45:24 nrm/gen InvalidateCurrent: invalidated server 'Download376 AVAST5 Server' from 'main'
11:45:24 nrm/gen SelectCurrent: selected server 'Download336 AVAST5 Server' from 'main'
11:45:24 nrm/int SYNCER: Type: use IE settings
11:45:24 nrm/int SYNCER: Auth: another authentication, use WinInet
11:45:26 nrm/int ERROR:HttpGetWininet, catch returned 0x00002EE7 (12007)
11:45:26 nrm/gen InvalidateCurrent: invalidated server 'Download336 AVAST5 Server' from 'main'
11:45:26 nrm/gen SelectCurrent: selected server 'Download379 AVAST5 Server' from 'main'
11:45:26 nrm/int SYNCER: Type: use IE settings
11:45:26 nrm/int SYNCER: Auth: another authentication, use WinInet
11:45:28 nrm/int ERROR:HttpGetWininet, catch returned 0x00002EE7 (12007)
11:45:28 nrm/gen InvalidateCurrent: invalidated server 'Download379 AVAST5 Server' from 'main'
11:45:28 nrm/gen SelectCurrent: selected server 'Download119 AVAST5 Server' from 'main'
11:45:28 nrm/int SYNCER: Type: use IE settings
11:45:28 nrm/int SYNCER: Auth: another authentication, use WinInet
11:45:30 nrm/int ERROR:HttpGetWininet, catch returned 0x00002EE7 (12007)
11:45:30 nrm/gen InvalidateCurrent: invalidated server 'Download119 AVAST5 Server' from 'main'
11:45:30 nrm/gen SelectCurrent: selected server 'Download368 AVAST5 Server' from 'main'
11:45:30 nrm/int SYNCER: Type: use IE settings
11:45:30 nrm/int SYNCER: Auth: another authentication, use WinInet
11:45:32 min/int tried 10 servers to get file 'servers.def.vpx', but failed (0x20000004)
11:45:32 min/fil servers.def.vpx not changed, 1342165328
11:45:32 min/pkg Download servers.def, servers.def.vpx failed with error 0x20000004.
11:45:32 nrm/int ERROR:HttpGetWininet, catch returned 0x00002EFD (12029)
11:45:32 nrm/gen InvalidateCurrent: invalidated server 'Download368 AVAST5 Server' from 'main'
11:45:32 nrm/gen SelectCurrent: selected server 'Download970 AVAST5 Server' from 'main'
11:45:32 nrm/int SYNCER: Type: use IE settings
11:45:32 nrm/int SYNCER: Auth: another authentication, use WinInet
11:45:32 nrm/int ERROR:HttpGetWininet, catch returned 0x00002EE7 (12007)
11:45:32 nrm/gen InvalidateCurrent: invalidated server 'Download970 AVAST5 Server' from 'main'
11:45:32 nrm/gen SelectCurrent: selected server 'Download955 AVAST5 Server' from 'main'
11:45:32 nrm/int SYNCER: Type: use IE settings
11:45:32 nrm/int SYNCER: Auth: another authentication, use WinInet
11:45:34 nrm/int ERROR:HttpGetWininet, catch returned 0x00002EE7 (12007)
11:45:34 nrm/gen InvalidateCurrent: invalidated server 'Download955 AVAST5 Server' from 'main'
11:45:34 nrm/gen SelectCurrent: selected server 'Download341 AVAST5 Server' from 'main'
11:45:34 nrm/int SYNCER: Type: use IE settings
11:45:34 nrm/int SYNCER: Auth: another authentication, use WinInet
11:45:36 nrm/int ERROR:HttpGetWininet, catch returned 0x00002EFD (12029)
11:45:36 nrm/gen InvalidateCurrent: invalidated server 'Download341 AVAST5 Server' from 'main'
11:45:36 nrm/gen SelectCurrent: selected server 'Download366 AVAST5 Server' from 'main'
11:45:36 nrm/int SYNCER: Type: use IE settings
11:45:36 nrm/int SYNCER: Auth: another authentication, use WinInet
11:45:39 nrm/int Used server: hxxp://download366.avast.com/iavs5x
11:45:39 min/fil GetFileWithRetry: servers.def downloaded .
11:45:39 min/fil servers.def not changed, 1342165328
11:45:39 nrm/gen Server definition(s) loaded for 'main': 185 (maintenance:0)
11:45:39 nrm/gen SelectCurrent: selected server 'Download772 AVAST5 Server' from 'main'
11:45:39 nrm/int SYNCER: Type: use IE settings
11:45:39 nrm/int SYNCER: Auth: another authentication, use WinInet
11:45:39 nrm/int Used server: hxxp://download772.avast.com/iavs5x
11:45:39 min/fil GetFileWithRetry: prod-ais.vpx downloaded .
11:45:39 min/fil prod-ais.vpx not changed, 1342513013
11:45:39 vrb/pkg LoadPartInfo: jrog = jrog-a7 returned 00000000
11:45:39 vrb/pkg LoadPartInfo: jrog2 = jrog2-559 returned 00000000
11:45:39 vrb/pkg LoadPartInfo: program = prg_ais-5b0 returned 00000000
11:45:39 vrb/pkg LoadPartInfo: setup = setup_ais-5b0 returned 00000000
11:45:39 vrb/pkg LoadPartInfo: vps = vps_win32-12071700 returned 00000000
11:45:39 vrb/reg Set registry: Software\AVAST Software\Avast\DataFolder=C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software\Avast5
11:45:39 vrb/reg Set registry: Software\AVAST Software\Avast\Version=7.0
11:45:39 vrb/reg Set registry: Software\AVAST Software\Avast\VersionShort=7.0
11:45:39 vrb/reg Set registry: Software\AVAST Software\Avast\SetupVersion=1456
11:45:39 vrb/reg Set registry: Software\AVAST Software\Avast\ProgramFolder=C:\Programme\Alwil Software\Avast5
11:45:39 vrb/reg Set registry: Software\AVAST Software\Avast\Product=ais
11:45:40 nrm/pkg Transferred: files 16, bytes 0, time 1862 ms
11:45:40 nrm/pkg Retries: total 14, files 2, servers 16
11:45:40 vrb/fil NeedReboot=false
11:45:40 min/gen Return code: 0x20000001 [Nothing done]
11:45:40 min/gen Stopped: 17.07.2012, 11:45:40


13:45:14 min/gen Started: 17.07.2012, 13:45:14
13:45:14 vrb/gen Operation set to INST_OP_UNKNOWN
13:45:14 min/gen Old version: 5b0 (1456)
13:45:14 nrm/int SYNCER: Agent=Syncer/5.00 (ais-1456;p)
13:45:14 min/gen Running SETUP_AIS-5b0 (1456)
13:45:14 nrm/sys Operating system: WindowsXP ver 5.1, build 2600, sp 2.0 [Service Pack 2]
13:45:14 nrm/sys Memory: 34% load. Phys:1364232/2095532K free, Page:3524256/4032888K free, Virt:2050648/2097024K free
13:45:14 vrb/sys Computer WinName: PALME
13:45:14 min/sys Windows Net User: NT-AUTORITÄT\SYSTEM
13:45:19 min/gen Cmdline: /checkupdate /verysilent
13:45:19 vrb/gen DldSrc set to inet
13:45:19 vrb/gen Operation set to INST_OP_CHECK_UPDATE
13:45:19 min/gen Old version: 5b0 (1456)
13:45:19 vrb/reg Deleted registry: Software\AVAST Software\Avast\UpdateReady
13:45:19 nrm/sys Using temp: C:\WINDOWS\TEMP\_asw_aisI.tm~a02468 (43613M free)
13:45:19 nrm/gen SGW32AIS::CheckIfInstalled set m_bAlreadyInstalled to 1
13:45:19 nrm/int SYNCER: Agent=Syncer/5.00 (ais-1456;p)
13:45:22 vrb/sys Computer DnsName: Palme
13:45:22 vrb/sys Computer Ip Addr: 192.168.178.20
13:45:22 nrm/sys Installed in: C:\Programme\Alwil Software\Avast5 (43613M free)
13:45:22 vrb/gen LoadState: Edition=1
13:45:22 nrm/int SYNCER: Type: use IE settings
13:45:22 nrm/int SYNCER: Auth: another authentication, use WinInet
13:45:23 vrb/pkg Part prg_ais-5b0 is installed
13:45:23 vrb/pkg Part vps_win32-12071700 is installed
13:45:23 vrb/pkg Part setup_ais-5b0 is installed
13:45:23 vrb/pkg Part jrog-a7 is installed
13:45:23 vrb/pkg Part jrog2-559 is installed
13:45:23 min/gen Old version: 5b0 (1456)
13:46:18 vrb/fil SetExistingFilesBitmap: 1095->373->368
13:46:18 min/gen GUID: a0469928-e95f-4475-8cca-40358391a522
13:46:18 nrm/gen Server definition(s) loaded for 'main': 185 (maintenance:0)
13:46:18 nrm/gen SelectCurrent: selected server 'Download341 AVAST5 Server' from 'main'
13:46:18 nrm/int SYNCER: Type: use IE settings
13:46:18 nrm/int SYNCER: Auth: another authentication, use WinInet
13:46:19 nrm/int Used server: hxxp://82.192.95.91/iavs5x
13:46:19 min/fil GetFileWithRetry: servers.def.vpx downloaded .
13:46:19 min/fil servers.def.vpx not changed, 1342165328
13:46:19 nrm/gen Server definition(s) loaded for 'main': 185 (maintenance:0)
13:46:19 nrm/gen SelectCurrent: selected server 'Download119 AVAST5 Server' from 'main'
13:46:19 nrm/int SYNCER: Type: use IE settings
13:46:19 nrm/int SYNCER: Auth: another authentication, use WinInet
13:46:20 nrm/int Used server: hxxp://download119.avast.com/iavs5x
13:46:20 min/fil GetFileWithRetry: prod-ais.vpx downloaded .
13:46:20 min/fil prod-ais.vpx not changed, 1342513013
13:46:20 vrb/pkg LoadPartInfo: jrog = jrog-a7 returned 00000000
13:46:20 vrb/pkg LoadPartInfo: jrog2 = jrog2-559 returned 00000000
13:46:20 vrb/pkg LoadPartInfo: program = prg_ais-5b0 returned 00000000
13:46:20 vrb/pkg LoadPartInfo: setup = setup_ais-5b0 returned 00000000
13:46:20 vrb/pkg LoadPartInfo: vps = vps_win32-12071700 returned 00000000
13:46:20 vrb/reg Set registry: Software\AVAST Software\Avast\DataFolder=C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software\Avast5
13:46:20 vrb/reg Set registry: Software\AVAST Software\Avast\Version=7.0
13:46:20 vrb/reg Set registry: Software\AVAST Software\Avast\VersionShort=7.0
13:46:20 vrb/reg Set registry: Software\AVAST Software\Avast\SetupVersion=1456
13:46:20 vrb/reg Set registry: Software\AVAST Software\Avast\ProgramFolder=C:\Programme\Alwil Software\Avast5
13:46:20 vrb/reg Set registry: Software\AVAST Software\Avast\Product=ais
13:46:22 nrm/pkg Transferred: files 2, bytes 0, time 1312 ms
13:46:22 nrm/pkg Retries: total 0, files 0, servers 2
13:46:22 vrb/fil NeedReboot=false
13:46:22 min/gen Return code: 0x20000001 [Nothing done]
13:46:22 min/gen Stopped: 17.07.2012, 13:46:22


17:47:50 min/gen Started: 17.07.2012, 17:47:50
17:47:50 vrb/gen Operation set to INST_OP_UNKNOWN
17:47:50 min/gen Old version: 5b0 (1456)
17:47:50 nrm/int SYNCER: Agent=Syncer/5.00 (ais-1456;p)
17:47:50 min/gen Running SETUP_AIS-5b0 (1456)
17:47:50 nrm/sys Operating system: WindowsXP ver 5.1, build 2600, sp 2.0 [Service Pack 2]
17:47:50 nrm/sys Memory: 69% load. Phys:630708/2095532K free, Page:2741040/4032888K free, Virt:2050648/2097024K free
17:47:50 vrb/sys Computer WinName: PALME
17:47:50 min/sys Windows Net User: NT-AUTORITÄT\SYSTEM
17:47:50 min/gen Cmdline: /checkupdate /verysilent
17:47:50 vrb/gen DldSrc set to inet
17:47:50 vrb/gen Operation set to INST_OP_CHECK_UPDATE
17:47:50 min/gen Old version: 5b0 (1456)
17:47:50 vrb/reg Deleted registry: Software\AVAST Software\Avast\UpdateReady
17:47:50 nrm/sys Using temp: C:\WINDOWS\TEMP\_asw_aisI.tm~a04012 (43514M free)
17:47:50 nrm/gen SGW32AIS::CheckIfInstalled set m_bAlreadyInstalled to 1
17:47:50 nrm/int SYNCER: Agent=Syncer/5.00 (ais-1456;p)
17:47:50 vrb/sys Computer DnsName: Palme
17:47:50 vrb/sys Computer Ip Addr: 192.168.178.20
17:47:50 nrm/sys Installed in: C:\Programme\Alwil Software\Avast5 (43514M free)
17:47:50 vrb/gen LoadState: Edition=1
17:47:50 nrm/int SYNCER: Type: use IE settings
17:47:50 nrm/int SYNCER: Auth: another authentication, use WinInet
17:47:50 vrb/pkg Part prg_ais-5b0 is installed
17:47:50 vrb/pkg Part vps_win32-12071700 is installed
17:47:50 vrb/pkg Part setup_ais-5b0 is installed
17:47:50 vrb/pkg Part jrog-a7 is installed
17:47:50 vrb/pkg Part jrog2-559 is installed
17:47:50 min/gen Old version: 5b0 (1456)
17:47:54 vrb/fil SetExistingFilesBitmap: 1095->373->368
17:47:54 min/gen GUID: a0469928-e95f-4475-8cca-40358391a522
17:47:55 nrm/gen Server definition(s) loaded for 'main': 185 (maintenance:0)
17:47:55 nrm/gen SelectCurrent: selected server 'Download120 AVAST5 Server' from 'main'
17:47:55 nrm/int SYNCER: Type: use IE settings
17:47:55 nrm/int SYNCER: Auth: another authentication, use WinInet
17:47:55 nrm/int Used server: hxxp://77.234.43.39/iavs5x
17:47:55 min/fil GetFileWithRetry: servers.def.vpx downloaded .
17:47:55 min/fil servers.def.vpx not changed, 1342165328
17:47:55 nrm/gen Server definition(s) loaded for 'main': 185 (maintenance:0)
17:47:56 nrm/gen SelectCurrent: selected server 'Download317 AVAST5 Server' from 'main'
17:47:56 nrm/int SYNCER: Type: use IE settings
17:47:56 nrm/int SYNCER: Auth: another authentication, use WinInet
17:47:56 nrm/int Used server: hxxp://download317.avast.com/iavs5x
17:47:56 min/fil GetFileWithRetry: prod-ais.vpx downloaded .
17:47:56 min/fil prod-ais.vpx not changed, 1342513013
17:47:56 vrb/pkg LoadPartInfo: jrog = jrog-a7 returned 00000000
17:47:56 vrb/pkg LoadPartInfo: jrog2 = jrog2-559 returned 00000000
17:47:56 vrb/pkg LoadPartInfo: program = prg_ais-5b0 returned 00000000
17:47:56 vrb/pkg LoadPartInfo: setup = setup_ais-5b0 returned 00000000
17:47:56 vrb/pkg LoadPartInfo: vps = vps_win32-12071700 returned 00000000
17:47:56 vrb/reg Set registry: Software\AVAST Software\Avast\DataFolder=C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software\Avast5
17:47:56 vrb/reg Set registry: Software\AVAST Software\Avast\Version=7.0
17:47:56 vrb/reg Set registry: Software\AVAST Software\Avast\VersionShort=7.0
17:47:56 vrb/reg Set registry: Software\AVAST Software\Avast\SetupVersion=1456
17:47:56 vrb/reg Set registry: Software\AVAST Software\Avast\ProgramFolder=C:\Programme\Alwil Software\Avast5
17:47:56 vrb/reg Set registry: Software\AVAST Software\Avast\Product=ais
17:47:56 nrm/pkg Transferred: files 2, bytes 0, time 1265 ms
17:47:56 nrm/pkg Retries: total 0, files 0, servers 2
17:47:56 vrb/fil NeedReboot=false
17:47:56 min/gen Return code: 0x20000001 [Nothing done]
17:47:56 min/gen Stopped: 17.07.2012, 17:47:56
Zitat:
aswAr1.log avast! Antirootkit, version 1.0 [Quick]
Scan started: Dienstag, 17. Juli 2012 14:30:29

Process [0]
Process [4]
Process C:\WINDOWS\system32\smss.exe [600]
Process C:\WINDOWS\system32\csrss.exe [1016]
Process C:\WINDOWS\system32\winlogon.exe [1120]
Process C:\WINDOWS\system32\services.exe [1180]
Process C:\WINDOWS\system32\lsass.exe [1200]
Process C:\WINDOWS\system32\ati2evxx.exe [1380]
Process C:\WINDOWS\system32\svchost.exe [1400]
Process C:\WINDOWS\system32\svchost.exe [1472]
Process C:\WINDOWS\system32\svchost.exe [1520]
Process C:\Programme\Alwil Software\Avast5\AvastSvc.exe [1860]
Process C:\WINDOWS\system32\ati2evxx.exe [1900]
Process C:\WINDOWS\system32\spoolsv.exe [1992]
Process C:\Programme\Windows7FirewallControl\Windows7FirewallService.exe [308]
Process C:\Programme\SUPERAntiSpyware\SASCORE.EXE [360]
Process C:\WINDOWS\Explorer.exe [592]
Process C:\Programme\FolderSize\FolderSizeSvc.exe [940]
Process C:\WINDOWS\system32\svchost.exe [672]
Process C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe [732]
Process C:\WINDOWS\system32\poweroff.exe [828]
Process C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe [972]
Process C:\Programme\ThreatFire\TFTray.exe [1196]
Process C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVComS.exe [1572]
Process C:\Programme\Logitech\Gaming Software\LWEMon.exe [1880]
Process C:\Programme\Windows7FirewallControl\Windows7FirewallControl.exe [1924]
Process C:\Programme\Medion Info Display\MdionLCM.exe [1248]
Process C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [1952]
Process C:\WINDOWS\RTHDCPL.EXE [1964]
Process C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [1972]
Process C:\Programme\Microsoft IntelliPoint\ipoint.exe [2024]
Process C:\Programme\Spybot - Search & Destroy 2\SDTray.exe [2044]
Process C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [1956]
Process C:\Programme\RocketDock\RocketDock.exe [236]
Process C:\Programme\Secunia\PSI\psi_tray.exe [1408]
Process C:\Programme\Secunia\PSI\psia.exe [1800]
Process C:\WINDOWS\system32\tcpsvcs.exe [2168]
Process C:\WINDOWS\system32\snmp.exe [2196]
Process C:\Programme\ThreatFire\TFService.exe [2212]
Process C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [2436]
Process C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe [2816]
Process C:\WINDOWS\system32\wbem\wmiapsrv.exe [4068]
Process C:\WINDOWS\system32\alg.exe [2656]
Process C:\WINDOWS\ALCFDRTM.EXE [4048]
Process C:\Programme\Secunia\PSI\sua.exe [2412]
Process C:\Programme\Mozilla Firefox\firefox.exe [3228]
Process C:\Programme\Alwil Software\Avast5\AvastUI.exe [2908]
Process C:\WINDOWS\system32\svchost.exe [3368]
Process C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [1632]
Process C:\WINDOWS\notepad.exe [3216]
Disk 0 MBR
File C:\WINDOWS\$hf_mig$
File C:\WINDOWS\$hf_mig$\KB2229593...File C:\WINDOWS\WinSxS
....

\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_de_78e7f208
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_de_78e7f208\rtcres.dll
File C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
File C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
File C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
File C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492
File C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
File C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
File C:\WINDOWS\wiso.ini
File C:\WINDOWS\WMPrfDeu.prx
File C:\WINDOWS\WMSysPr9.prx
File C:\WINDOWS\x2.64.exe
File C:\WINDOWS\zip.exe
File C:\WINDOWS\_default.pif
File C:\WINDOWS\_delis32.ini
Service !SASCORE [C:\Programme\SUPERAntiSpyware\SASCORE.EXE]
Service .NET CLR Data [???]
Service .NET CLR Networking [???]
Service .NET CLR Networking 4.0.0.0 [???]
Service .NET Data Provider for Oracle [???]
Service .NET Data Provider for SqlServer [???]
Service .NET Memory Cache 4.0 [???]
Service .NETFramework [???]
Service 3xHybrid [C:\WINDOWS\system32\DRIVERS\3xHybrid.sys]
Service 6to4 [C:\WINDOWS\System32\6to4svc.dll]
Service Aavmker4 [C:\WINDOWS\System32\Drivers\Aavmker4.sys]
Service Abiosdsk [C:\WINDOWS\System32\Drivers\Abiosdsk.sys]
Service abp480n5 [C:\WINDOWS\System32\Drivers\abp480n5.sys]
Service ACPI [C:\WINDOWS\system32\DRIVERS\ACPI.sys]
Service ACPIEC [C:\WINDOWS\System32\Drivers\ACPIEC.sys]
Service adpu160m [C:\WINDOWS\System32\Drivers\adpu160m.sys]
Service aec [C:\WINDOWS\system32\drivers\aec.sys]
Service AegisP [C:\WINDOWS\system32\DRIVERS\AegisP.sys]
Service AFD [C:\WINDOWS\System32\drivers\afd.sys]
Service AgereSoftModem [C:\WINDOWS\system32\DRIVERS\AGRSM.sys]
Service Aha154x [C:\WINDOWS\System32\Drivers\Aha154x.sys]
Service aic78u2 [C:\WINDOWS\System32\Drivers\aic78u2.sys]
Service aic78xx [C:\WINDOWS\System32\Drivers\aic78xx.sys]
Service Alerter [C:\WINDOWS\system32\alrsvc.dll]
Service ALG [C:\WINDOWS\System32\alg.exe]
Service AliIde [C:\WINDOWS\System32\Drivers\AliIde.sys]
Service Ambfilt [C:\WINDOWS\system32\drivers\Ambfilt.sys]
Service Amps2prt [C:\WINDOWS\system32\DRIVERS\Amps2prt.sys]
Service amsint [C:\WINDOWS\System32\Drivers\amsint.sys]
Service AppMgmt [C:\WINDOWS\System32\appmgmts.dll]
Service Arp1394 [C:\WINDOWS\system32\DRIVERS\arp1394.sys]
Service asc [C:\WINDOWS\System32\Drivers\asc.sys]
Service asc3350p [C:\WINDOWS\System32\Drivers\asc3350p.sys]
Service asc3550 [C:\WINDOWS\System32\Drivers\asc3550.sys]
Service ASP.NET [???]
Service ASP.NET_1.1.4322 [???]
Service ASP.NET_2.0.50727 [???]
Service ASP.NET_4.0.30319 [???]
Service aspnet_state [C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe]
Service aswFsBlk [C:\WINDOWS\System32\Drivers\aswFsBlk.sys]
Service aswMon2 [C:\WINDOWS\System32\Drivers\aswMon2.sys]
Service aswRdr [C:\WINDOWS\System32\Drivers\aswRdr.sys]
Service aswSnx [C:\WINDOWS\System32\Drivers\aswSnx.sys]
Service aswSP [C:\WINDOWS\System32\Drivers\aswSP.sys]
Service aswTdi [C:\WINDOWS\System32\Drivers\aswTdi.sys]
Service AsyncMac [C:\WINDOWS\system32\DRIVERS\asyncmac.sys]
Service atapi [C:\WINDOWS\system32\DRIVERS\atapi.sys]
Service Atdisk [C:\WINDOWS\System32\Drivers\Atdisk.sys]
Service Ati HotKey Poller [C:\WINDOWS\system32\Ati2evxx.exe]
Service ati2mtag [C:\WINDOWS\system32\DRIVERS\ati2mtag.sys]
Service Atierecord [???]
Service AtiHDAudioService [C:\WINDOWS\system32\drivers\AtihdXP3.sys]
Service ATITool [C:\WINDOWS\system32\DRIVERS\ATITool.sys]
Service Atmarpc [C:\WINDOWS\system32\DRIVERS\atmarpc.sys]
Service ATSWPDRV [C:\WINDOWS\System32\Drivers\ATSwpDrv.sys]
Service AudioSrv [C:\WINDOWS\System32\audiosrv.dll]
Service audstub [C:\WINDOWS\system32\DRIVERS\audstub.sys]
Service avast! Antivirus [C:\Programme\Alwil Software\Avast5\AvastSvc.exe]
Service BattC [???]
Service Beep [C:\WINDOWS\System32\Drivers\Beep.sys]
Service BITS [C:\WINDOWS\system32\qmgr.dll]
Service Browser [C:\WINDOWS\System32\browser.dll]
Service Busmouse [???]
Service catchme [C:\DOKUME~1\Roman\LOKALE~1\Temp\catchme.sys]
Service cbidf2k [C:\WINDOWS\System32\Drivers\cbidf2k.sys]
Service CCDECODE [C:\WINDOWS\system32\DRIVERS\CCDECODE.sys]
Service cd20xrnt [C:\WINDOWS\System32\Drivers\cd20xrnt.sys]
Service Cdaudio [C:\WINDOWS\System32\Drivers\Cdaudio.sys]
Service Cdfs [C:\WINDOWS\System32\Drivers\Cdfs.sys]
Service Cdrom [C:\WINDOWS\system32\DRIVERS\cdrom.sys]
Service Changer [C:\WINDOWS\System32\Drivers\Changer.sys]
Service CiSvc [C:\WINDOWS\system32\cisvc.exe]
Service Class [???]
Service CLCapSvc [C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe]
Service ClipSrv [C:\WINDOWS\system32\clipsrv.exe]
Service clr_optimization_v2.0.50727_32 [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe]
Service clr_optimization_v4.0.30319_32 [C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe]
Service CLSched [C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe]
Service CmdIde [C:\WINDOWS\System32\Drivers\CmdIde.sys]
Service CMISTOR [C:\WINDOWS\system32\DRIVERS\cmiucr.SYS]
Service COMSysApp [C:\WINDOWS\system32\dllhost.exe]
Service ContentFilter [???]
Service ContentIndex [???]
Service Cpqarray [C:\WINDOWS\System32\Drivers\Cpqarray.sys]
Service CryptSvc [C:\WINDOWS\System32\cryptsvc.dll]
Service CrystalSysInfo [C:\Programme\MediaCoder\SysInfo.sys]
Service CyberLink Media Library Service [C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe]
Service dac2w2k [C:\WINDOWS\System32\Drivers\dac2w2k.sys]
Service dac960nt [C:\WINDOWS\System32\Drivers\dac960nt.sys]
Service DcomLaunch [C:\WINDOWS\system32\svchost]
Service DgiVecp [C:\WINDOWS\system32\Drivers\DgiVecp.sys]
Service Dhcp [C:\WINDOWS\System32\dhcpcsvc.dll]
Service dhdxyi [C:\WINDOWS\System32\Drivers\dhdxyi.sys]
Service Disk [C:\WINDOWS\system32\DRIVERS\disk.sys]
Service dmadmin [C:\WINDOWS\System32\dmadmin.exe]
Service dmboot [C:\WINDOWS\System32\drivers\dmboot.sys]
Service dmio [C:\WINDOWS\System32\drivers\dmio.sys]
Service dmload [C:\WINDOWS\System32\drivers\dmload.sys]
Service dmserver [C:\WINDOWS\System32\dmserver.dll]
Service DMusic [C:\WINDOWS\system32\drivers\DMusic.sys]
Service Dnscache [C:\WINDOWS\System32\dnsrslvr.dll]
Service Dokan [C:\WINDOWS\system32\drivers\dokan.sys]
Service DokanMounter [C:\Programme\Dokan\DokanLibrary\mounter.exe]
Service dpti2o [C:\WINDOWS\System32\Drivers\dpti2o.sys]
Service DragonUpdater [C:\Programme\Comodo\Dragon\dragon_updater.exe]
Service drmkaud [C:\WINDOWS\system32\drivers\drmkaud.sys]
Service dsltestSp5 [C:\WINDOWS\System32\Drivers\dsltestSp5.sys]
Service ERSvc [C:\WINDOWS\System32\ersvc.dll]
Service Eventlog [C:\WINDOWS\system32\services.exe]
Service EventSystem [C:\WINDOWS\system32\es.dll]
Service Fastfat [C:\WINDOWS\System32\Drivers\Fastfat.sys]
Service FastUserSwitchingCompatibility [C:\WINDOWS\System32\shsvcs.dll]
Service Fdc [C:\WINDOWS\system32\DRIVERS\fdc.sys]
Service Fips [C:\WINDOWS\System32\Drivers\Fips.sys]
Service Flpydisk [C:\WINDOWS\System32\Drivers\Flpydisk.sys]
Service FltMgr [C:\WINDOWS\system32\DRIVERS\fltMgr.sys]
Service FolderSize [C:\Programme\FolderSize\FolderSizeSvc.exe]
Service FontCache3.0.0.0 [C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe]
Service FsUsbExDisk [C:\WINDOWS\system32\FsUsbExDisk.SYS]
Service FsUsbExService [C:\WINDOWS\system32\FsUsbExService.Exe]
Service Fs_Rec [C:\WINDOWS\System32\Drivers\Fs_Rec.sys]
Service Ftdisk [C:\WINDOWS\system32\DRIVERS\ftdisk.sys]
Service GEARAspiWDM [C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys]
Service giveio [C:\WINDOWS\system32\giveio.sys]
Service Gpc [C:\WINDOWS\system32\DRIVERS\msgpc.sys]
Service HDAudBus [C:\WINDOWS\system32\DRIVERS\HDAudBus.sys]
Service HDPrfDrv [C:\WINDOWS\system32\HDPrfDrv-1.sys]
Service helpsvc [C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll]
Service HidServ [C:\WINDOWS\System32\hidserv.dll]
Service HidUsb [C:\WINDOWS\system32\DRIVERS\hidusb.sys]
Service hpn [C:\WINDOWS\System32\Drivers\hpn.sys]
Service HTTP [C:\WINDOWS\System32\Drivers\HTTP.sys]
Service HTTPFilter [C:\WINDOWS\System32\w3ssl.dll]
Service i2omgmt [C:\WINDOWS\System32\Drivers\i2omgmt.sys]
Service i2omp [C:\WINDOWS\System32\Drivers\i2omp.sys]
Service i8042prt [C:\WINDOWS\system32\DRIVERS\i8042prt.sys]
Service ICSharing [???]
Service idsvc [C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe]
Service Imapi [C:\WINDOWS\system32\DRIVERS\imapi.sys]
Service ImapiService [C:\WINDOWS\system32\imapi.exe]
Service inetaccs [???]
Service ini910u [C:\WINDOWS\System32\Drivers\ini910u.sys]
Service Inport [???]
Service IntcAzAudAddService [C:\WINDOWS\system32\drivers\RtkHDAud.sys]
Service IntelIde [C:\WINDOWS\System32\Drivers\IntelIde.sys]
Service intelppm [C:\WINDOWS\system32\DRIVERS\intelppm.sys]
Service Ip6Fw [C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys]
Service IpFilterDriver [C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys]
Service IpInIp [C:\WINDOWS\system32\DRIVERS\ipinip.sys]
Service IpNat [C:\WINDOWS\system32\DRIVERS\ipnat.sys]
Service Iprip [C:\WINDOWS\System32\iprip.dll]
Service IPSec [C:\WINDOWS\system32\DRIVERS\ipsec.sys]
Service IRENUM [C:\WINDOWS\system32\DRIVERS\irenum.sys]
Service ISAPISearch [???]
Service isapnp [C:\WINDOWS\system32\DRIVERS\isapnp.sys]
Service JavaQuickStarterService [C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe]
Service Kbdclass [C:\WINDOWS\system32\DRIVERS\kbdclass.sys]
Service kbdhid [C:\WINDOWS\system32\DRIVERS\kbdhid.sys]
Service kmixer [C:\WINDOWS\system32\drivers\kmixer.sys]
Service KSecDD [C:\WINDOWS\System32\Drivers\KSecDD.sys]
Service lanmanserver [C:\WINDOWS\System32\srvsvc.dll]
Service lanmanworkstation [C:\WINDOWS\System32\wkssvc.dll]
Service lbrtfdc [C:\WINDOWS\System32\Drivers\lbrtfdc.sys]
Service ldap [???]
Service LicenseService [???]
Service LightScribeService [C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe]
Service LmHosts [C:\WINDOWS\System32\lmhsvc.dll]
Service MBAMSwissArmy [C:\WINDOWS\system32\drivers\mbamswissarmy.sys]
Service mbmiodrvr [C:\WINDOWS\system32\mbmiodrvr.sys]
Service Messenger [C:\WINDOWS\System32\msgsvc.dll]
Service mnmdd [C:\WINDOWS\System32\Drivers\mnmdd.sys]
Service mnmsrvc [C:\WINDOWS\system32\mnmsrvc.exe]
Service Modem [C:\WINDOWS\System32\Drivers\Modem.sys]
Service Monfilt [C:\WINDOWS\system32\drivers\Monfilt.sys]
Service Mouclass [C:\WINDOWS\system32\DRIVERS\mouclass.sys]
Service mouhid [C:\WINDOWS\system32\DRIVERS\mouhid.sys]
Service MountMgr [C:\WINDOWS\System32\Drivers\MountMgr.sys]
Service MozillaMaintenance [C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe]
Service MPE [C:\WINDOWS\system32\DRIVERS\MPE.sys]
Service mraid35x [C:\WINDOWS\System32\Drivers\mraid35x.sys]
Service MRxDAV [C:\WINDOWS\system32\DRIVERS\mrxdav.sys]
Service MRxSmb [C:\WINDOWS\system32\DRIVERS\mrxsmb.sys]
Service MSDTC [C:\WINDOWS\system32\msdtc.exe]
Service MSDTC Bridge 3.0.0.0 [???]
Service MSDTC Bridge 4.0.0.0 [???]
Service Msfs [C:\WINDOWS\System32\Drivers\Msfs.sys]
Service MSIServer [C:\WINDOWS\system32\msiexec.exe]
Service MSKSSRV [C:\WINDOWS\system32\drivers\MSKSSRV.sys]
Service MSPCLOCK [C:\WINDOWS\system32\drivers\MSPCLOCK.sys]
Service MSPQM [C:\WINDOWS\system32\drivers\MSPQM.sys]
Service mssmbios [C:\WINDOWS\system32\DRIVERS\mssmbios.sys]
Service MSTEE [C:\WINDOWS\system32\drivers\MSTEE.sys]
Service Mup [C:\WINDOWS\System32\Drivers\Mup.sys]
Service MxlW2k [C:\WINDOWS\System32\Drivers\MxlW2k.sys]
Service NABTSFEC [C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys]
Service NDIS [C:\WINDOWS\System32\Drivers\NDIS.sys]
Service NdisIP [C:\WINDOWS\system32\DRIVERS\NdisIP.sys]
Service NdisTapi [C:\WINDOWS\system32\DRIVERS\ndistapi.sys]
Service Ndisuio [C:\WINDOWS\system32\DRIVERS\ndisuio.sys]
Service NdisWan [C:\WINDOWS\system32\DRIVERS\ndiswan.sys]
Service NDProxy [C:\WINDOWS\System32\Drivers\NDProxy.sys]
Service NetBIOS [C:\WINDOWS\system32\DRIVERS\netbios.sys]
Service NetBT [C:\WINDOWS\system32\DRIVERS\netbt.sys]
Service NetDDE [C:\WINDOWS\system32\netdde.exe]
Service NetDDEdsdm [C:\WINDOWS\system32\netdde.exe]
Service Netlogon [C:\WINDOWS\system32\lsass.exe]
Service Netman [C:\WINDOWS\System32\netman.dll]
Service NetTcpPortSharing [C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe]
Service NIC1394 [C:\WINDOWS\system32\DRIVERS\nic1394.sys]
Service Nla [C:\WINDOWS\System32\mswsock.dll]
Service nm [C:\WINDOWS\system32\DRIVERS\NMnt.sys]
Service Npfs [C:\WINDOWS\System32\Drivers\Npfs.sys]
Service NPPTNT2 [C:\WINDOWS\system32\npptNT2.sys]
Service Ntfs [C:\WINDOWS\System32\Drivers\Ntfs.sys]
Service NtLmSsp [C:\WINDOWS\system32\lsass.exe]
Service NtmsSvc [C:\WINDOWS\system32\ntmssvc.dll]
Service Null [C:\WINDOWS\System32\Drivers\Null.sys]
Service nv [C:\WINDOWS\system32\DRIVERS\nv4_mini.sys]
Service NVR0Dev [C:\WINDOWS\nvoclock.sys]
Service NVStrap [???]
Service NwlnkFlt [C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys]
Service NwlnkFwd [C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys]
Service ohci1394 [C:\WINDOWS\system32\DRIVERS\ohci1394.sys]
Service omniserv [C:\Programme\Softex\OmniPass\Omniserv.exe]
Service p2pgasvc [C:\WINDOWS\system32\p2pgasvc.dll]
Service p2pimsvc [C:\WINDOWS\system32\p2psvc.dll]
Service p2psvc [C:\WINDOWS\system32\p2psvc.dll]
Service P3 [???]
Service PageDefrag [???]
Service Parport [C:\WINDOWS\system32\DRIVERS\parport.sys]
Service PartMgr [C:\WINDOWS\System32\Drivers\PartMgr.sys]
Service ParVdm [C:\WINDOWS\System32\Drivers\ParVdm.sys]
Service PCI [C:\WINDOWS\system32\DRIVERS\pci.sys]
Service PCIDump [C:\WINDOWS\System32\Drivers\PCIDump.sys]
Service PCIIde [C:\WINDOWS\system32\DRIVERS\pciide.sys]
Service Pcmcia [C:\WINDOWS\System32\Drivers\Pcmcia.sys]
Service PDCOMP [C:\WINDOWS\System32\Drivers\PDCOMP.sys]
Service PDFRAME [C:\WINDOWS\System32\Drivers\PDFRAME.sys]
Service PDRELI [C:\WINDOWS\System32\Drivers\PDRELI.sys]
Service PDRFRAME [C:\WINDOWS\System32\Drivers\PDRFRAME.sys]
Service perc2 [C:\WINDOWS\System32\Drivers\perc2.sys]
Service perc2hib [C:\WINDOWS\System32\Drivers\perc2hib.sys]
Service PerfDisk [???]
Service PerfNet [???]
Service PerfOS [???]
Service PerfProc [???]
Service PlugPlay [C:\WINDOWS\system32\services.exe]
Service PNRPSvc [C:\WINDOWS\system32\p2psvc.dll]
Service Point32 [C:\WINDOWS\system32\DRIVERS\point32.sys]
Service PolicyAgent [C:\WINDOWS\system32\lsass.exe]
Service PortProxy [???]
Service PortTalk [C:\WINDOWS\system32\Drivers\PtbTalk.sys]
Service Poweroff [C:\WINDOWS\system32\poweroff.exe]
Service PptpMiniport [C:\WINDOWS\system32\DRIVERS\raspptp.sys]
Service prodrv06 [C:\WINDOWS\System32\drivers\prodrv06.sys]
Service prohlp02 [C:\WINDOWS\System32\drivers\prohlp02.sys]
Service prosync1 [C:\WINDOWS\System32\drivers\prosync1.sys]
Service ProtectedStorage [C:\WINDOWS\system32\lsass.exe]
Service PSched [C:\WINDOWS\system32\DRIVERS\psched.sys]
Service PSI [C:\WINDOWS\system32\DRIVERS\psi_mf.sys]
Service Ptilink [C:\WINDOWS\system32\DRIVERS\ptilink.sys]
Service PxHelp20 [C:\WINDOWS\System32\Drivers\PxHelp20.sys]
Service QCPro [C:\WINDOWS\system32\DRIVERS\p35u.sys]
Service ql1080 [C:\WINDOWS\System32\Drivers\ql1080.sys]
Service Ql10wnt [C:\WINDOWS\System32\Drivers\Ql10wnt.sys]
Service ql12160 [C:\WINDOWS\System32\Drivers\ql12160.sys]
Service ql1240 [C:\WINDOWS\System32\Drivers\ql1240.sys]
Service ql1280 [C:\WINDOWS\System32\Drivers\ql1280.sys]
Service RasAcd [C:\WINDOWS\system32\DRIVERS\rasacd.sys]
Service RasAuto [C:\WINDOWS\System32\rasauto.dll]
Service Rasl2tp [C:\WINDOWS\system32\DRIVERS\rasl2tp.sys]
Service RasMan [C:\WINDOWS\System32\rasmans.dll]
Service RasPppoe [C:\WINDOWS\system32\DRIVERS\raspppoe.sys]
Service Raspti [C:\WINDOWS\system32\DRIVERS\raspti.sys]
Service Rdbss [C:\WINDOWS\system32\DRIVERS\rdbss.sys]
Service RDPCDD [C:\WINDOWS\System32\DRIVERS\RDPCDD.sys]
Service RDPDD [???]
Service RDPNP [???]
Service RDPWD [C:\WINDOWS\System32\Drivers\RDPWD.sys]
Service Rdr [???]
Service RDSessMgr [C:\WINDOWS\system32\sessmgr.exe]
Service redbook [C:\WINDOWS\system32\DRIVERS\redbook.sys]
Service RemoteAccess [C:\WINDOWS\System32\mprdim.dll]
Service RemoteRegistry [???]
Service RichVideo [C:\Programme\CyberLink\Shared Files\RichVideo.exe]
Service RpcLocator [C:\WINDOWS\system32\locator.exe]
Service RpcSs [C:\WINDOWS\system32\svchost]
Service rseb [C:\WINDOWS\System32\Drivers\rseb.sys]
Service RSVP [C:\WINDOWS\system32\rsvp.exe]
Service RT2500USB [C:\WINDOWS\system32\DRIVERS\rt2500usb.sys]
Service rtl8139 [C:\WINDOWS\system32\DRIVERS\RTL8139.SYS]
Service SamSs [C:\WINDOWS\system32\lsass.exe]
Service SASDIFSV [C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS]
Service SASKUTIL [C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS]
Service SCardDrv [???]
Service SCardSvr [C:\WINDOWS\System32\SCardSvr.exe]
Service Schedule [C:\WINDOWS\system32\schedsvc.dll]
Service ScsiPort [???]
Service SDScannerService [C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe]
Service SDUpdateService [C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe]
Service Secdrv [C:\WINDOWS\system32\DRIVERS\secdrv.sys]
Service seclogon [C:\WINDOWS\System32\seclogon.dll]
Service Secunia PSI Agent [C:\Programme\Secunia\PSI\PSIA.exe]
Service Secunia Update Agent [C:\Programme\Secunia\PSI\sua.exe]
Service SENS [C:\WINDOWS\system32\sens.dll]
Service serenum [C:\WINDOWS\system32\DRIVERS\serenum.sys]
Service Serial [C:\WINDOWS\system32\DRIVERS\serial.sys]
Service sermouse [C:\WINDOWS\system32\DRIVERS\sermouse.sys]
Service ServiceModelEndpoint 3.0.0.0 [???]
Service ServiceModelEndpoint 4.0.0.0 [???]
Service ServiceModelOperation 3.0.0.0 [???]
Service ServiceModelOperation 4.0.0.0 [???]
Service ServiceModelService 3.0.0.0 [???]
Service ServiceModelService 4.0.0.0 [???]
Service sfdrv01a [C:\WINDOWS\System32\drivers\sfdrv01a.sys]
Service sfhlp01 [C:\WINDOWS\System32\drivers\sfhlp01.sys]
Service sfhlp02 [C:\WINDOWS\System32\drivers\sfhlp02.sys]
Service Sfloppy [C:\WINDOWS\System32\Drivers\Sfloppy.sys]
Service sfsync04 [C:\WINDOWS\System32\drivers\sfsync04.sys]
Service sfvfs02 [C:\WINDOWS\System32\drivers\sfvfs02.sys]
Service SharedAccess [C:\WINDOWS\System32\ipnathlp.dll]
Service ShellHWDetection [C:\WINDOWS\System32\shsvcs.dll]
Service Simbad [C:\WINDOWS\System32\Drivers\Simbad.sys]
Service SimpTcp [C:\WINDOWS\system32\tcpsvcs.exe]
Service SLIP [C:\WINDOWS\system32\DRIVERS\SLIP.sys]
Service SMSvcHost 3.0.0.0 [???]
Service SMSvcHost 4.0.0.0 [???]
Service SNMP [C:\WINDOWS\System32\snmp.exe]
Service SNMPTRAP [C:\WINDOWS\System32\snmptrap.exe]
Service Sparrow [C:\WINDOWS\System32\Drivers\Sparrow.sys]
Service splitter [C:\WINDOWS\system32\drivers\splitter.sys]
Service Spooler [C:\WINDOWS\system32\spoolsv.exe]
Service sptd [C:\WINDOWS\System32\Drivers\sptd.sys]
Service sr [C:\WINDOWS\system32\DRIVERS\sr.sys]
Service srservice [C:\WINDOWS\system32\srsvc.dll]
Service Srv [C:\WINDOWS\system32\DRIVERS\srv.sys]
Service SSDPSRV [C:\WINDOWS\System32\ssdpsrv.dll]
Service SSPORT [C:\WINDOWS\system32\Drivers\SSPORT.sys]
Service ss_bbus [C:\WINDOWS\system32\DRIVERS\ss_bbus.sys]
Service ss_bmdfl [C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys]
Service ss_bmdm [C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys]
Service StarOpen [C:\WINDOWS\System32\Drivers\StarOpen.sys]
Service stisvc [C:\WINDOWS\system32\wiaservc.dll]
Service streamip [C:\WINDOWS\system32\DRIVERS\StreamIP.sys]
Service swenum [C:\WINDOWS\system32\DRIVERS\swenum.sys]
Service swmidi [C:\WINDOWS\system32\drivers\swmidi.sys]
Service SwPrv [C:\WINDOWS\system32\dllhost.exe]
Service swwd [???]
Service symc810 [C:\WINDOWS\System32\Drivers\symc810.sys]
Service symc8xx [C:\WINDOWS\System32\Drivers\symc8xx.sys]
Service sym_hi [C:\WINDOWS\System32\Drivers\sym_hi.sys]
Service sym_u3 [C:\WINDOWS\System32\Drivers\sym_u3.sys]
Service sysaudio [C:\WINDOWS\system32\drivers\sysaudio.sys]
Service SysmonLog [C:\WINDOWS\system32\smlogsvc.exe]
Service TapiSrv [C:\WINDOWS\System32\tapisrv.dll]
Service tbhsd [C:\WINDOWS\system32\drivers\tbhsd.sys]
Service Tcpip [C:\WINDOWS\system32\DRIVERS\tcpip.sys]
Service Tcpip6 [C:\WINDOWS\system32\DRIVERS\tcpip6.sys]
Service TDPIPE [C:\WINDOWS\System32\Drivers\TDPIPE.sys]
Service TDTCP [C:\WINDOWS\System32\Drivers\TDTCP.sys]
Service TermDD [C:\WINDOWS\system32\DRIVERS\termdd.sys]
Service TermService [C:\WINDOWS\System32\svchost]
Service TfFsMon [C:\WINDOWS\system32\drivers\TfFsMon.sys]
Service TfNetMon [C:\WINDOWS\system32\drivers\TfNetMon.sys]
Service TfSysMon [C:\WINDOWS\system32\drivers\TfSysMon.sys]
Service Themes [C:\WINDOWS\System32\shsvcs.dll]
Service ThreatFire [C:\Programme\ThreatFire\TFService.exe]
Service TlntSvr [???]
Service TosIde [C:\WINDOWS\System32\Drivers\TosIde.sys]
Service TrkWks [C:\WINDOWS\system32\trkwks.dll]
Service TSDDD [???]
Service TuneUp.UtilitiesSvc [C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe]
Service TuneUpUtilitiesDrv [C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys]
Service tunmp [C:\WINDOWS\system32\DRIVERS\tunmp.sys]
Service Udfs [C:\WINDOWS\System32\Drivers\Udfs.sys]
Service ultra [C:\WINDOWS\System32\Drivers\ultra.sys]
Service UMWdf [C:\WINDOWS\system32\wdfmgr.exe]
Service Update [C:\WINDOWS\system32\DRIVERS\update.sys]
Service uploadmgr [C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll]
Service upnphost [C:\WINDOWS\System32\upnphost.dll]
Service UPS [C:\WINDOWS\System32\ups.exe]
Service usb [???]
Service usbccgp [C:\WINDOWS\system32\DRIVERS\usbccgp.sys]
Service usbehci [C:\WINDOWS\system32\DRIVERS\usbehci.sys]
Service usbhub [C:\WINDOWS\system32\DRIVERS\usbhub.sys]
Service usbprint [C:\WINDOWS\system32\DRIVERS\usbprint.sys]
Service usbscan [C:\WINDOWS\system32\DRIVERS\usbscan.sys]
Service usbser [???]
Service usbstor [C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS]
Service usbuhci [C:\WINDOWS\system32\DRIVERS\usbuhci.sys]
Service usprserv [C:\WINDOWS\System32\svchost.exe]
Service UxTuneUp [C:\WINDOWS\System32\uxtuneup.dll]
Service VgaSave [C:\WINDOWS\System32\drivers\vga.sys]
Service ViaIde [C:\WINDOWS\System32\Drivers\ViaIde.sys]
Service VMnetAdapter [C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys]
Service VolSnap [C:\WINDOWS\System32\Drivers\VolSnap.sys]
Service vsdatant [C:\WINDOWS\System32\vsdatant.sys]
Service VSS [C:\WINDOWS\System32\vssvc.exe]
Service VxD [???]
Service W32Time [C:\WINDOWS\system32\w32time.dll]
Service W3SVC [???]
Service Wanarp [C:\WINDOWS\system32\DRIVERS\wanarp.sys]
Service wanatw [C:\WINDOWS\system32\DRIVERS\wanatw4.sys]
Service WDICA [C:\WINDOWS\System32\Drivers\WDICA.sys]
Service wdmaud [C:\WINDOWS\system32\drivers\wdmaud.sys]
Service WDMCAPI [C:\WINDOWS\system32\DRIVERS\WDMCAPI.sys]
Service WDMWANMP [C:\WINDOWS\system32\DRIVERS\wdmwanmp.sys]
Service WebClient [C:\WINDOWS\System32\webclnt.dll]
Service Windows Workflow Foundation 3.0.0.0 [???]
Service Windows Workflow Foundation 4.0.0.0 [???]
Service Windows7FirewallControl [C:\Programme\Windows7FirewallControl\Windows7FirewallControl.sys]
Service Windows7FirewallService [C:\Programme\Windows7FirewallControl\Windows7FirewallService.exe]
Service winmgmt [C:\WINDOWS\system32\wbem\WMIsvc.dll]
Service WinRing0_1_2_0 [C:\WINDOWS\system32\Drivers\ptbring0.sys]
Service Winsock [C:\WINDOWS\System32\Drivers\Winsock.sys]
Service WinSock2 [???]
Service WinTrust [???]
Service WmBEnum [C:\WINDOWS\system32\drivers\WmBEnum.sys]
Service WmdmPmSN [C:\WINDOWS\system32\mspmsnsv.dll]
Service WmdmPmSp [???]
Service WmFilter [C:\WINDOWS\system32\drivers\WmFilter.sys]
Service WmHidLo [C:\WINDOWS\system32\drivers\WmHidLo.sys]
Service Wmi [???]
Service WmiApRpl [???]
Service WmiApSrv [C:\WINDOWS\system32\wbem\wmiapsrv.exe]
Service WmVirHid [C:\WINDOWS\system32\drivers\WmVirHid.sys]
Service WmXlCore [C:\WINDOWS\system32\drivers\WmXlCore.sys]
Service WPFFontCache_v0400 [C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe]
Service WS2IFSL [C:\WINDOWS\System32\drivers\ws2ifsl.sys]
Service wscsvc [C:\WINDOWS\system32\wscsvc.dll]
Service WSTCODEC [C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS]
Service wuauserv [C:\WINDOWS\system32\wuauserv.dll]
Service WZCSVC [C:\WINDOWS\System32\wzcsvc.dll]
Service x10nets [C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe]
Service xmlprov [C:\WINDOWS\System32\xmlprov.dll]
Service XUIF [C:\WINDOWS\System32\Drivers\x10ufx2.sys]
Service {8E114390-8C7B-4796-9780-75FD5C8BC72D} [???]
Service {9483E099-9769-4F78-BC0F-E60192C6DD9B} [???]
Service {C359499E-F946-419E-8538-B856D0881332} [???]
Service {E95E35F4-9C2C-4D71-B3F7-B37DBCCA9AC7} [???]

Scan finished: Dienstag, 17. Juli 2012 14:33:18
Hidden files found: 0
Hidden registry items found: 0
Hidden processes found: 0
Hidden services found: 0
Hidden boot sectors found: 0
Zitat:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/17/2012 at 05:43 PM

Application Version : 5.1.1002

Core Rules Database Version : 8912
Trace Rules Database Version: 6724

Scan type : Quick Scan
Total Scan Time : 00:08:40

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 2 (Build 5.01.2600)
Administrator

Memory items scanned : 611
Memory threats detected : 0
Registry items scanned : 30080
Registry threats detected : 0
File items scanned : 8048
File threats detected : 6

Adware.Tracking Cookie
.elitetrading.de [ C:\DOKUMENTE UND EINSTELLUNGEN\ROMAN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\KNVWX1WV.ROMAN\COOKIES.SQLITE ]
.elitetrading.de [ C:\DOKUMENTE UND EINSTELLUNGEN\ROMAN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\KNVWX1WV.ROMAN\COOKIES.SQLITE ]
.accounts.google.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ROMAN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\KNVWX1WV.ROMAN\COOKIES.SQLITE ]
.accounts.google.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ROMAN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\KNVWX1WV.ROMAN\COOKIES.SQLITE ]
.accounts.google.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ROMAN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\KNVWX1WV.ROMAN\COOKIES.SQLITE ]
accounts.google.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ROMAN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\KNVWX1WV.ROMAN\COOKIES.SQLITE ]
Zitat:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.13.09

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Roman :: PALME [Administrator]

17.07.2012 14:05:43
mbam-log-2012-07-17 (14-05-43).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 257313
Laufzeit: 11 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Ein Trojaner Fund!
Zitat:
Malwarebytes Anti-Malware 1.62.0.1300
Malwarebytes : Free anti-malware download

Datenbank Version: v2012.07.17.07

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Roman :: PALME [Administrator]

17.07.2012 22:36:39
mbam-log-2012-07-17 (22-36-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 428745
Laufzeit: 1 Stunde(n), 29 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\WINDOWS\ie8\iexplore.exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\www.download.de\kmplayer_downloader.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Polarbär 18.07.2012 12:23
GMER LOGFILE vom 18.7.12 angehängt

Polarbär 18.07.2012 14:05
Trojaner gefunden!
Zitat:
SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 07/18/2012 at 02:59 PM

Application Version : 5.1.1002

Core Rules Database Version : 8917
Trace Rules Database Version: 6729

Scan type : Complete Scan
Total Scan Time : 01:29:24

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 2 (Build 5.01.2600)
Administrator

Memory items scanned : 567
Memory threats detected : 0
Registry items scanned : 38835
Registry threats detected : 0
File items scanned : 71017
File threats detected : 3

Trojan.Agent/Gen-Bancos
C:\PROGRAMME\MEDIAPIRATEN\MEDIAPIRATEN\DATA\METASPINNERTELETEXTFILTER.AX

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{20EA187A-C68E-49AC-A1E6-FEF621E0E4FC}\RP144\A0134398.EXE

Trojan.Agent/Gen-Downloader
C:\WWW.DOWNLOAD.DE\DSP_ROCKSTEADY21.EXE

cosinus 18.07.2012 14:41
Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button http://img695.imageshack.us/img695/1599/eset1l.jpg (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use.
  • Drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
  • http://img707.imageshack.us/img707/687/starteg.jpg drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:
"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:
"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
Poste nun den Inhalt der log.txt.

Polarbär 18.07.2012 19:56
:heilig:Hallo Cosinus hier die Logfile wie gewünscht
Zitat:
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7c2681206c3f5e4886217db698871183
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-18 06:35:54
# local_time=2012-07-18 08:35:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 149062365 149062365 0 0
# compatibility_mode=768 16777215 100 0 74366252 74366252 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=186034
# found=10
# cleaned=0
# scan_time=15022
C:\Dokumente und Einstellungen\Roman\Desktop\sonstiges\KFZ Vers TK +Rabattschutz_files\status.js JS/Agent.NEJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Roman\Desktop\sonstiges\KFZ Vers VK 500 grob varl + Rabattsch_files\status.js JS/Agent.NEJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Roman\Desktop\sonstiges\KFZ Vers VK 500 grob varl o Rabattsch_files\status.js JS/Agent.NEJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Roman\Desktop\sonstiges\KFZ VK +Rabattschutz_files\status.js JS/Agent.NEJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Programme\Registry Easy\RegEasy.exe probably a variant of Win32/Adware.RegistryEasy application (unable to clean) 00000000000000000000000000000000 I
C:\Programme\Trend Micro\HijackThis\backups\backup-20081207-152341-860.dll Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I
C:\www.download.de\asc-setup.exe a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\www.download.de\fvdsuite_installer.exe a variant of Win32/InstallCore.W application (unable to clean) 00000000000000000000000000000000 I
C:\www.download.de\registrybooster.exe multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\www.download.de\unlocker1.8.9.exe Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I

cosinus 19.07.2012 12:31
Zitat:
C:\Dokumente und Einstellungen\Roman\Desktop\sonstiges\KFZ Vers TK +Rabattschutz_files\status.js
Was genau soll das sein? Woher kommt das?

Zitat:
C:\Programme\Registry Easy\RegEasy.exe
\www.download.de\registrybooster.exe
Finger weg von Registry-Cleanern!!

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr startet.
  • Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
  • Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
  • Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.

Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.


adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Polarbär 19.07.2012 13:53
Hey Cosinus :D
Das hab ich von einem Versicherungsvergleichsportal deren Webseite ich gespeichert habe, kann ich löschen brauch ich nicht mehr.
C:\Dokumente und Einstellungen\Roman\Desktop\sonstiges\KFZ Vers TK +Rabattschutz_files\status.js
O.k. Danke! Registry-Cleanern werde ich nicht mehr verwenden.

Zitat:
# AdwCleaner v1.702 - Logfile created 07/19/2012 at 14:35:25
# Updated 13/07/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : Roman - PALME
# Running from : C:\Dokumente und Einstellungen\Roman\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
Folder Found : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
Folder Found : C:\Programme\Conduit
Folder Found : C:\Programme\Viewpoint
Folder Found : C:\Programme\Viewpoint
File Found : C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\QuickStores.url

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\DT Soft
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Viewpoint

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A3F2A195-0D11-463b-96BB-D2FF1B7490A1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ECD0ECC6-DCA4-4013-A915-12355AB70999}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [2809 octets] - [19/07/2012 14:35:25]

########## EOF - C:\AdwCleaner[R1].txt - [2937 octets] ##########

cosinus 19.07.2012 19:35
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Polarbär 20.07.2012 05:30
Alles Ausgefüht:daumenhoc:daumenhoc:daumenhoc
Zitat:
# AdwCleaner v1.702 - Logfile created 07/20/2012 at 06:18:34
# Updated 13/07/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : Roman - PALME
# Running from : C:\Dokumente und Einstellungen\Roman\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
Folder Deleted : C:\Programme\Conduit
Folder Deleted : C:\Programme\Viewpoint
File Deleted : C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\QuickStores.url

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DT Soft
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Viewpoint

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3F2A195-0D11-463b-96BB-D2FF1B7490A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ECD0ECC6-DCA4-4013-A915-12355AB70999}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [2938 octets] - [19/07/2012 14:35:25]
AdwCleaner[S1].txt - [2799 octets] - [20/07/2012 06:18:34]

########## EOF - C:\AdwCleaner[S1].txt - [2927 octets] ##########

cosinus 20.07.2012 15:51
Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Polarbär 20.07.2012 17:21
Hallo Arne,
1.) Der normale Modus von Windows geht soweit normal.
2.) Sind da leere Ordner unter alle Programme?
Sind leere Ordner da ,aber wahrscheinlich von mir gelöschte Programme.

cosinus 21.07.2012 14:42
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Polarbär 21.07.2012 15:27
Hallo Arne,
bei mir funktioniert OLT nicht. Beim öffnen kommt folgende Fehlermeldung :
Exeeption EOle Sys Error in module OTL.exe at 000584A5.
Klasse nicht registriert

cosinus 23.07.2012 13:42
Dann probier das Ganze bitte im abgesicherten Modus mit Netzwerktreibern

Polarbär 23.07.2012 14:15
Im abgesicherten Modus mit Netzwerktreibern kommt auch die Fehlermeldung.:confused:

cosinus 23.07.2012 15:33
Dann probier es bitte so im normalen Modus

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Polarbär 23.07.2012 17:30
Hallo Arne
die Fehlermeldung kommt wenn ich ein Doppelklick auf die OTL.exe mache. Ich kann also das Programm nicht Starten.
Exeption EOle Sys Error in module OTL.exe at 000584A5.
Klasse nicht registriert

cosinus 24.07.2012 13:35
Du hast die OTL.exe auch neu runtergeladen? http://cheesebuerger.de/images/midi/froehlich/a048.gif

Polarbär 24.07.2012 16:06
Ja klar! Gerade nochmal probiert geht nicht.
Hab festgestellt das Internet Explorer8 sich nicht öffnet. Gibts da einen Zusammenhang?

cosinus 24.07.2012 20:43
Könnte sein. Überspringen wir OTL erstmal

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Polarbär 24.07.2012 21:28
Hi Arne,
Hier die Logfile :kaffee:
Zitat:
22:06:58.0218 2248 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
22:06:58.0531 2248 ============================================================
22:06:58.0531 2248 Current date / time: 2012/07/24 22:06:58.0531
22:06:58.0531 2248 SystemInfo:
22:06:58.0531 2248
22:06:58.0531 2248 OS Version: 5.1.2600 ServicePack: 2.0
22:06:58.0531 2248 Product type: Workstation
22:06:58.0531 2248 ComputerName: PALME
22:06:58.0531 2248 UserName: Roman
22:06:58.0531 2248 Windows directory: C:\WINDOWS
22:06:58.0531 2248 System windows directory: C:\WINDOWS
22:06:58.0531 2248 Processor architecture: Intel x86
22:06:58.0531 2248 Number of processors: 2
22:06:58.0531 2248 Page size: 0x1000
22:06:58.0531 2248 Boot type: Normal boot
22:06:58.0531 2248 ============================================================
22:07:01.0296 2248 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:07:01.0312 2248 ============================================================
22:07:01.0312 2248 \Device\Harddisk0\DR0:
22:07:01.0312 2248 MBR partitions:
22:07:01.0312 2248 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8D46DE
22:07:01.0328 2248 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xE8D475C, BlocksNum 0xD7D2E08
22:07:01.0343 2248 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x1C0A75A3, BlocksNum 0x111CFDE
22:07:01.0343 2248 ============================================================
22:07:01.0406 2248 C: <-> \Device\Harddisk0\DR0\Partition0
22:07:01.0453 2248 D: <-> \Device\Harddisk0\DR0\Partition1
22:07:01.0468 2248 E: <-> \Device\Harddisk0\DR0\Partition2
22:07:01.0468 2248 ============================================================
22:07:01.0468 2248 Initialize success
22:07:01.0468 2248 ============================================================
22:07:14.0796 3316 ============================================================
22:07:14.0796 3316 Scan started
22:07:14.0796 3316 Mode: Manual; SigCheck; TDLFS;
22:07:14.0796 3316 ============================================================
22:07:15.0203 3316 3xHybrid (78f9f9efba9000feb475f617c23b078f) C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
22:07:16.0656 3316 3xHybrid - ok
22:07:16.0687 3316 6to4 (c1874dc75a0fa1746cd2f4db3b2a3d94) C:\WINDOWS\System32\6to4svc.dll
22:07:16.0734 3316 6to4 - ok
22:07:16.0750 3316 Aavmker4 (0b27ae82c113d3687024d18459440426) C:\WINDOWS\system32\drivers\Aavmker4.sys
22:07:16.0812 3316 Aavmker4 - ok
22:07:16.0828 3316 Abiosdsk - ok
22:07:16.0859 3316 abp480n5 - ok
22:07:16.0906 3316 ACPI (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:07:17.0093 3316 ACPI - ok
22:07:17.0125 3316 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:07:17.0296 3316 ACPIEC - ok
22:07:17.0312 3316 adpu160m - ok
22:07:17.0359 3316 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
22:07:17.0703 3316 aec - ok
22:07:17.0734 3316 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
22:07:17.0765 3316 AegisP ( UnsignedFile.Multi.Generic ) - warning
22:07:17.0765 3316 AegisP - detected UnsignedFile.Multi.Generic (1)
22:07:17.0812 3316 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
22:07:17.0828 3316 AFD - ok
22:07:17.0906 3316 AgereSoftModem (34f27c7d71f1c49c7d3857f28b42f544) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
22:07:17.0968 3316 AgereSoftModem - ok
22:07:17.0984 3316 Aha154x - ok
22:07:18.0015 3316 aic78u2 - ok
22:07:18.0031 3316 aic78xx - ok
22:07:18.0093 3316 Alerter (1aab6c5f8376357cb9b16c38c42c4076) C:\WINDOWS\system32\alrsvc.dll
22:07:18.0234 3316 Alerter - ok
22:07:18.0265 3316 ALG (6596dd260ffde1bdc994c1df236307bb) C:\WINDOWS\System32\alg.exe
22:07:18.0375 3316 ALG - ok
22:07:18.0390 3316 AliIde - ok
22:07:18.0500 3316 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
22:07:18.0593 3316 Ambfilt - ok
22:07:18.0718 3316 Amps2prt (4c7c8f1678e516a961cd79a1ca0a0c82) C:\WINDOWS\system32\DRIVERS\Amps2prt.sys
22:07:18.0718 3316 Amps2prt ( UnsignedFile.Multi.Generic ) - warning
22:07:18.0718 3316 Amps2prt - detected UnsignedFile.Multi.Generic (1)
22:07:18.0734 3316 amsint - ok
22:07:18.0765 3316 AppMgmt - ok
22:07:18.0812 3316 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:07:18.0968 3316 Arp1394 - ok
22:07:18.0984 3316 asc - ok
22:07:19.0015 3316 asc3350p - ok
22:07:19.0046 3316 asc3550 - ok
22:07:19.0203 3316 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
22:07:19.0218 3316 aspnet_state - ok
22:07:19.0234 3316 aswFsBlk (1c1f3d6dddc046c920c493a779649f66) C:\WINDOWS\system32\drivers\aswFsBlk.sys
22:07:19.0250 3316 aswFsBlk - ok
22:07:19.0281 3316 aswMon2 (9e912fe7b41650701ef2b227aca440f3) C:\WINDOWS\system32\drivers\aswMon2.sys
22:07:19.0296 3316 aswMon2 - ok
22:07:19.0328 3316 aswRdr (982e275d1c5801042fe94209fb0160fb) C:\WINDOWS\system32\drivers\aswRdr.sys
22:07:19.0343 3316 aswRdr - ok
22:07:19.0406 3316 aswSnx (73dbcf808e00580f2a47f93dd9b03876) C:\WINDOWS\system32\drivers\aswSnx.sys
22:07:19.0453 3316 aswSnx - ok
22:07:19.0500 3316 aswSP (6cbd7d3a33f498d09c831cdd732da2e0) C:\WINDOWS\system32\drivers\aswSP.sys
22:07:19.0531 3316 aswSP - ok
22:07:19.0578 3316 aswTdi (7109a9aa551f37cd168c02368465957e) C:\WINDOWS\system32\drivers\aswTdi.sys
22:07:19.0593 3316 aswTdi - ok
22:07:19.0625 3316 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:07:19.0781 3316 AsyncMac - ok
22:07:19.0812 3316 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:07:19.0953 3316 atapi - ok
22:07:19.0968 3316 Atdisk - ok
22:07:20.0031 3316 Ati HotKey Poller (86a76cae252598fcc25bb728baecde27) C:\WINDOWS\system32\Ati2evxx.exe
22:07:20.0078 3316 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - warning
22:07:20.0078 3316 Ati HotKey Poller - detected UnsignedFile.Multi.Generic (1)
22:07:20.0390 3316 ati2mtag (cc26b3bdb00fb13f52bf0945fa3a5664) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:07:20.0671 3316 ati2mtag ( UnsignedFile.Multi.Generic ) - warning
22:07:20.0671 3316 ati2mtag - detected UnsignedFile.Multi.Generic (1)
22:07:20.0828 3316 AtiHDAudioService (b2a236dc65e90170a369164384efb460) C:\WINDOWS\system32\drivers\AtihdXP3.sys
22:07:20.0843 3316 AtiHDAudioService - ok
22:07:20.0875 3316 ATITool (0e4bb35c5305099ac82053ac992e3e0e) C:\WINDOWS\system32\DRIVERS\ATITool.sys
22:07:20.0906 3316 ATITool ( UnsignedFile.Multi.Generic ) - warning
22:07:20.0906 3316 ATITool - detected UnsignedFile.Multi.Generic (1)
22:07:20.0937 3316 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:07:21.0093 3316 Atmarpc - ok
22:07:21.0125 3316 ATSWPDRV (d19c1309c83123647b233a71e8a05683) C:\WINDOWS\system32\Drivers\ATSwpDrv.sys
22:07:21.0156 3316 ATSWPDRV - ok
22:07:21.0187 3316 AudioSrv (e98b8250398f6637b335a76ba8dfb602) C:\WINDOWS\System32\audiosrv.dll
22:07:21.0343 3316 AudioSrv - ok
22:07:21.0375 3316 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:07:21.0515 3316 audstub - ok
22:07:21.0593 3316 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Programme\Alwil Software\Avast5\AvastSvc.exe
22:07:21.0609 3316 avast! Antivirus - ok
22:07:21.0656 3316 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:07:21.0812 3316 Beep - ok
22:07:21.0859 3316 BITS (3a5e54a9ab96ef2d273b58136fb58efe) C:\WINDOWS\system32\qmgr.dll
22:07:22.0046 3316 BITS - ok
22:07:22.0078 3316 Browser (d8653dcd80cf2ebb333fc4fcc43a7def) C:\WINDOWS\System32\browser.dll
22:07:22.0218 3316 Browser - ok
22:07:22.0312 3316 catchme - ok
22:07:22.0359 3316 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:07:22.0500 3316 cbidf2k - ok
22:07:22.0546 3316 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:07:22.0687 3316 CCDECODE - ok
22:07:22.0703 3316 cd20xrnt - ok
22:07:22.0750 3316 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:07:22.0890 3316 Cdaudio - ok
22:07:22.0906 3316 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
22:07:23.0062 3316 Cdfs - ok
22:07:23.0078 3316 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:07:23.0250 3316 Cdrom - ok
22:07:23.0265 3316 Changer - ok
22:07:23.0296 3316 CiSvc (234d52c63c67a8cf4af9becce43bfb4a) C:\WINDOWS\system32\cisvc.exe
22:07:23.0625 3316 CiSvc - ok
22:07:23.0765 3316 CLCapSvc (7b4a70857bc32b4159d8e36fa6b5454c) C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
22:07:23.0796 3316 CLCapSvc ( UnsignedFile.Multi.Generic ) - warning
22:07:23.0796 3316 CLCapSvc - detected UnsignedFile.Multi.Generic (1)
22:07:23.0828 3316 ClipSrv (0461868578d29dc18fb1c79933c5158a) C:\WINDOWS\system32\clipsrv.exe
22:07:23.0968 3316 ClipSrv - ok
22:07:24.0046 3316 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:07:24.0078 3316 clr_optimization_v2.0.50727_32 - ok
22:07:24.0140 3316 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:07:24.0187 3316 clr_optimization_v4.0.30319_32 - ok
22:07:24.0218 3316 CLSched (3f6e2012ae0e1dde594572f9d91baca5) C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
22:07:24.0234 3316 CLSched ( UnsignedFile.Multi.Generic ) - warning
22:07:24.0234 3316 CLSched - detected UnsignedFile.Multi.Generic (1)
22:07:24.0250 3316 CmdIde - ok
22:07:24.0296 3316 CMISTOR (ee2519e054904b12bf0a42ca84a2d464) C:\WINDOWS\system32\DRIVERS\cmiucr.SYS
22:07:24.0328 3316 CMISTOR - ok
22:07:24.0343 3316 COMSysApp - ok
22:07:24.0406 3316 Cpqarray - ok
22:07:24.0453 3316 CryptSvc (1a5f9db98df7955b4c7cbdbf2c638238) C:\WINDOWS\System32\cryptsvc.dll
22:07:24.0609 3316 CryptSvc - ok
22:07:24.0640 3316 CrystalSysInfo - ok
22:07:24.0734 3316 CyberLink Media Library Service (1cfdcb99812c62e19c47896a5857d342) C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
22:07:24.0796 3316 CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - warning
22:07:24.0796 3316 CyberLink Media Library Service - detected UnsignedFile.Multi.Generic (1)
22:07:24.0812 3316 dac2w2k - ok
22:07:24.0843 3316 dac960nt - ok
22:07:24.0890 3316 DcomLaunch (8afbc2e1e5555a1c29953af854f0fca5) C:\WINDOWS\system32\rpcss.dll
22:07:25.0000 3316 DcomLaunch - ok
22:07:25.0031 3316 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\WINDOWS\system32\Drivers\DgiVecp.sys
22:07:25.0046 3316 DgiVecp ( UnsignedFile.Multi.Generic ) - warning
22:07:25.0046 3316 DgiVecp - detected UnsignedFile.Multi.Generic (1)
22:07:25.0078 3316 Dhcp (7c4d218f9017725589adacab82beb0f8) C:\WINDOWS\System32\dhcpcsvc.dll
22:07:25.0453 3316 Dhcp - ok
22:07:25.0468 3316 dhdxyi - ok
22:07:25.0515 3316 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
22:07:25.0671 3316 Disk - ok
22:07:25.0687 3316 dmadmin - ok
22:07:25.0750 3316 dmboot (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys
22:07:25.0937 3316 dmboot - ok
22:07:25.0968 3316 dmio (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys
22:07:26.0125 3316 dmio - ok
22:07:26.0156 3316 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:07:26.0296 3316 dmload - ok
22:07:26.0328 3316 dmserver (fa2d9d1a9f6b5a88d01e1685ce2378ba) C:\WINDOWS\System32\dmserver.dll
22:07:26.0484 3316 dmserver - ok
22:07:26.0515 3316 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
22:07:26.0656 3316 DMusic - ok
22:07:26.0671 3316 Dnscache (d20c5b5f0d8ac53ffec17ff9b1658a6e) C:\WINDOWS\System32\dnsrslvr.dll
22:07:27.0046 3316 Dnscache - ok
22:07:27.0093 3316 Dokan (bf94acf77e2c7458d91d0bef8718eece) C:\WINDOWS\system32\drivers\dokan.sys
22:07:27.0109 3316 Dokan ( UnsignedFile.Multi.Generic ) - warning
22:07:27.0109 3316 Dokan - detected UnsignedFile.Multi.Generic (1)
22:07:27.0171 3316 DokanMounter (95b725beb4a465c5851d629cbe1fe132) C:\Programme\Dokan\DokanLibrary\mounter.exe
22:07:27.0187 3316 DokanMounter ( UnsignedFile.Multi.Generic ) - warning
22:07:27.0187 3316 DokanMounter - detected UnsignedFile.Multi.Generic (1)
22:07:27.0203 3316 dpti2o - ok
22:07:27.0250 3316 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
22:07:27.0406 3316 drmkaud - ok
22:07:27.0421 3316 dsltestSp5 (c6b2e10cfe79169c72f0269087b9a603) C:\WINDOWS\system32\Drivers\dsltestSp5.sys
22:07:27.0437 3316 dsltestSp5 - ok
22:07:27.0468 3316 ERSvc (877a4512cc9074d6954776af47021766) C:\WINDOWS\System32\ersvc.dll
22:07:27.0609 3316 ERSvc - ok
22:07:27.0640 3316 Eventlog (a07ca23ea361a01e627d911cf139b950) C:\WINDOWS\system32\services.exe
22:07:27.0734 3316 Eventlog - ok
22:07:27.0781 3316 EventSystem (3912bef896d1d687b6053409e5f5f2a6) C:\WINDOWS\system32\es.dll
22:07:27.0828 3316 EventSystem - ok
22:07:27.0859 3316 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
22:07:28.0015 3316 Fastfat - ok
22:07:28.0046 3316 FastUserSwitchingCompatibility (521a4cb71cc419fdf60db83e7308ae2b) C:\WINDOWS\System32\shsvcs.dll
22:07:28.0468 3316 FastUserSwitchingCompatibility - ok
22:07:28.0500 3316 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:07:28.0640 3316 Fdc - ok
22:07:28.0671 3316 Fips (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys
22:07:28.0812 3316 Fips - ok
22:07:28.0843 3316 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:07:28.0984 3316 Flpydisk - ok
22:07:29.0015 3316 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:07:29.0421 3316 FltMgr - ok
22:07:29.0468 3316 FolderSize (5043f0d9a22aabf550508b3165c5b0fd) C:\Programme\FolderSize\FolderSizeSvc.exe
22:07:29.0484 3316 FolderSize ( UnsignedFile.Multi.Generic ) - warning
22:07:29.0484 3316 FolderSize - detected UnsignedFile.Multi.Generic (1)
22:07:29.0562 3316 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:07:29.0578 3316 FontCache3.0.0.0 - ok
22:07:29.0609 3316 FsUsbExDisk (cbe5f69a5e5b918225f420ba748f3742) C:\WINDOWS\system32\FsUsbExDisk.SYS
22:07:29.0625 3316 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
22:07:29.0625 3316 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
22:07:29.0671 3316 FsUsbExService (96633419f4a1e37acb89b45ebccfe001) C:\WINDOWS\system32\FsUsbExService.Exe
22:07:29.0703 3316 FsUsbExService - ok
22:07:29.0734 3316 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:07:29.0875 3316 Fs_Rec - ok
22:07:29.0921 3316 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:07:30.0078 3316 Ftdisk - ok
22:07:30.0109 3316 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
22:07:30.0125 3316 GEARAspiWDM - ok
22:07:30.0187 3316 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
22:07:30.0203 3316 giveio ( UnsignedFile.Multi.Generic ) - warning
22:07:30.0203 3316 giveio - detected UnsignedFile.Multi.Generic (1)
22:07:30.0234 3316 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:07:30.0375 3316 Gpc - ok
22:07:30.0406 3316 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:07:30.0453 3316 HDAudBus - ok
22:07:30.0484 3316 HDPrfDrv (e2a4ac182f9aa80aac6034708b6a42db) C:\WINDOWS\system32\HDPrfDrv-1.sys
22:07:30.0500 3316 HDPrfDrv ( UnsignedFile.Multi.Generic ) - warning
22:07:30.0515 3316 HDPrfDrv - detected UnsignedFile.Multi.Generic (1)
22:07:30.0562 3316 helpsvc (ba85bcf1a2bcf927c3600574173403e0) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:07:30.0718 3316 helpsvc - ok
22:07:30.0750 3316 HidServ (b647ca198b9c73056abfb0a9d8f4916d) C:\WINDOWS\System32\hidserv.dll
22:07:30.0890 3316 HidServ - ok
22:07:30.0921 3316 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:07:31.0062 3316 HidUsb - ok
22:07:31.0078 3316 hpn - ok
22:07:31.0125 3316 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
22:07:31.0156 3316 HTTP - ok
22:07:31.0187 3316 HTTPFilter (9ec7e866bbdbf3ecc0e67f4e0a838eb2) C:\WINDOWS\System32\w3ssl.dll
22:07:31.0328 3316 HTTPFilter - ok
22:07:31.0343 3316 i2omgmt - ok
22:07:31.0375 3316 i2omp - ok
22:07:31.0421 3316 i8042prt (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:07:31.0546 3316 i8042prt - ok
22:07:31.0640 3316 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:07:31.0687 3316 idsvc - ok
22:07:31.0734 3316 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:07:31.0875 3316 Imapi - ok
22:07:31.0921 3316 ImapiService (57d7267a9ed91ecaf4336b08c9628fca) C:\WINDOWS\system32\imapi.exe
22:07:32.0078 3316 ImapiService - ok
22:07:32.0109 3316 ini910u - ok
22:07:32.0421 3316 IntcAzAudAddService (5d138adc44c43bf37634c8e528d75b1f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:07:32.0750 3316 IntcAzAudAddService - ok
22:07:32.0843 3316 IntelIde - ok
22:07:32.0890 3316 intelppm (c1c2cc1da79c5ee10457ef0a3b8568c7) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:07:33.0015 3316 intelppm - ok
22:07:33.0046 3316 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:07:33.0187 3316 Ip6Fw - ok
22:07:33.0218 3316 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:07:33.0359 3316 IpFilterDriver - ok
22:07:33.0390 3316 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:07:33.0531 3316 IpInIp - ok
22:07:33.0562 3316 IpNat (472c75f85e631f8aa87d21c9fee6238d) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:07:34.0000 3316 IpNat - ok
22:07:34.0031 3316 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:07:34.0156 3316 IPSec - ok
22:07:34.0187 3316 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:07:34.0281 3316 IRENUM - ok
22:07:34.0343 3316 isapnp (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:07:34.0468 3316 isapnp - ok
22:07:34.0578 3316 JavaQuickStarterService (c2c1660ddcc9bd67eb98d6d5f91c107f) C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
22:07:34.0593 3316 JavaQuickStarterService - ok
22:07:34.0625 3316 Kbdclass (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:07:34.0765 3316 Kbdclass - ok
22:07:34.0796 3316 kbdhid (7ec877aa899323b92874fe62c7ddcde7) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:07:34.0921 3316 kbdhid - ok
22:07:34.0968 3316 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
22:07:35.0390 3316 kmixer - ok
22:07:35.0421 3316 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
22:07:35.0453 3316 KSecDD - ok
22:07:35.0484 3316 lanmanserver (2865fa4ed4471929881c053a6e5a85f6) C:\WINDOWS\System32\srvsvc.dll
22:07:35.0906 3316 lanmanserver - ok
22:07:35.0953 3316 lanmanworkstation (0a8468a97530a35a6912322dff113449) C:\WINDOWS\System32\wkssvc.dll
22:07:36.0000 3316 lanmanworkstation - ok
22:07:36.0015 3316 lbrtfdc - ok
22:07:36.0125 3316 LightScribeService (6e5dac168d1ff9843e84a59d51d31107) C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
22:07:36.0156 3316 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
22:07:36.0156 3316 LightScribeService - detected UnsignedFile.Multi.Generic (1)
22:07:36.0187 3316 LmHosts (4c25fadd7fe1d5bd779b20d3d0eb8d7c) C:\WINDOWS\System32\lmhsvc.dll
22:07:36.0312 3316 LmHosts - ok
22:07:36.0343 3316 mbmiodrvr (290fb01f7f51eff0960599404a09f8d6) C:\WINDOWS\system32\mbmiodrvr.sys
22:07:36.0375 3316 mbmiodrvr ( UnsignedFile.Multi.Generic ) - warning
22:07:36.0375 3316 mbmiodrvr - detected UnsignedFile.Multi.Generic (1)
22:07:36.0406 3316 Messenger (e5215ab942c5ac5f7eb0e54871d7a27c) C:\WINDOWS\System32\msgsvc.dll
22:07:36.0531 3316 Messenger - ok
22:07:36.0562 3316 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:07:36.0703 3316 mnmdd - ok
22:07:36.0734 3316 mnmsrvc (bb2470d20405b272ea47ca5e18f1c58e) C:\WINDOWS\system32\mnmsrvc.exe
22:07:36.0859 3316 mnmsrvc - ok
22:07:36.0890 3316 Modem (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys
22:07:37.0031 3316 Modem - ok
22:07:37.0125 3316 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
22:07:37.0203 3316 Monfilt - ok
22:07:37.0312 3316 Mouclass (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:07:37.0437 3316 Mouclass - ok
22:07:37.0468 3316 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:07:37.0609 3316 mouhid - ok
22:07:37.0625 3316 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
22:07:37.0765 3316 MountMgr - ok
22:07:37.0859 3316 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
22:07:37.0875 3316 MozillaMaintenance - ok
22:07:37.0890 3316 MPE (55a9a7e6bb297bf0f5b144029dcb79cc) C:\WINDOWS\system32\DRIVERS\MPE.sys
22:07:38.0031 3316 MPE - ok
22:07:38.0062 3316 mraid35x - ok
22:07:38.0093 3316 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:07:38.0531 3316 MRxDAV - ok
22:07:38.0578 3316 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:07:38.0625 3316 MRxSmb - ok
22:07:38.0656 3316 MSDTC (d059f9c7752ef461476e83180daa5c62) C:\WINDOWS\system32\msdtc.exe
22:07:38.0796 3316 MSDTC - ok
22:07:38.0859 3316 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
22:07:38.0984 3316 Msfs - ok
22:07:39.0000 3316 MSIServer - ok
22:07:39.0046 3316 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:07:39.0171 3316 MSKSSRV - ok
22:07:39.0203 3316 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:07:39.0343 3316 MSPCLOCK - ok
22:07:39.0359 3316 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
22:07:39.0484 3316 MSPQM - ok
22:07:39.0515 3316 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:07:39.0656 3316 mssmbios - ok
22:07:39.0687 3316 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
22:07:39.0828 3316 MSTEE - ok
22:07:39.0859 3316 Mup (f66b6b1cddee6ca87cefc016eb7a0d8e) C:\WINDOWS\system32\drivers\Mup.sys
22:07:40.0296 3316 Mup - ok
22:07:40.0343 3316 MxlW2k (19dd5c581eef70134ccef87d626f4417) C:\WINDOWS\system32\drivers\MxlW2k.sys
22:07:40.0359 3316 MxlW2k ( UnsignedFile.Multi.Generic ) - warning
22:07:40.0359 3316 MxlW2k - detected UnsignedFile.Multi.Generic (1)
22:07:40.0390 3316 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:07:40.0531 3316 NABTSFEC - ok
22:07:40.0562 3316 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
22:07:40.0687 3316 NDIS - ok
22:07:40.0718 3316 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:07:40.0875 3316 NdisIP - ok
22:07:40.0906 3316 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:07:41.0031 3316 NdisTapi - ok
22:07:41.0046 3316 Ndisuio (5146c3d286e66c72328f6ce6e4d983a8) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:07:41.0125 3316 Ndisuio - ok
22:07:41.0156 3316 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:07:41.0296 3316 NdisWan - ok
22:07:41.0343 3316 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
22:07:41.0468 3316 NDProxy - ok
22:07:41.0500 3316 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:07:41.0625 3316 NetBIOS - ok
22:07:41.0656 3316 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:07:41.0796 3316 NetBT - ok
22:07:41.0843 3316 NetDDE (f4eff57254f565f39b6029150414a0d5) C:\WINDOWS\system32\netdde.exe
22:07:42.0000 3316 NetDDE - ok
22:07:42.0015 3316 NetDDEdsdm (f4eff57254f565f39b6029150414a0d5) C:\WINDOWS\system32\netdde.exe
22:07:42.0156 3316 NetDDEdsdm - ok
22:07:42.0187 3316 Netlogon (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
22:07:42.0312 3316 Netlogon - ok
22:07:42.0359 3316 Netman (1e5218fbe323c375b488318950e10fb4) C:\WINDOWS\System32\netman.dll
22:07:42.0796 3316 Netman - ok
22:07:42.0937 3316 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:07:43.0000 3316 NetTcpPortSharing - ok
22:07:43.0015 3316 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:07:43.0171 3316 NIC1394 - ok
22:07:43.0203 3316 Nla (774274c487493452df3b0126dbe7ff3b) C:\WINDOWS\System32\mswsock.dll
22:07:43.0296 3316 Nla - ok
22:07:43.0343 3316 nm (60cf8c7192b3614f240838ddbaa4a245) C:\WINDOWS\system32\DRIVERS\NMnt.sys
22:07:43.0484 3316 nm - ok
22:07:43.0500 3316 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
22:07:43.0640 3316 Npfs - ok
22:07:43.0671 3316 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\WINDOWS\system32\npptNT2.sys
22:07:43.0703 3316 NPPTNT2 ( UnsignedFile.Multi.Generic ) - warning
22:07:43.0703 3316 NPPTNT2 - detected UnsignedFile.Multi.Generic (1)
22:07:43.0750 3316 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
22:07:44.0171 3316 Ntfs - ok
22:07:44.0203 3316 NtLmSsp (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
22:07:44.0328 3316 NtLmSsp - ok
22:07:44.0375 3316 NtmsSvc (428aa946a8d9f32dbb4260c8e6e13377) C:\WINDOWS\system32\ntmssvc.dll
22:07:44.0531 3316 NtmsSvc - ok
22:07:44.0546 3316 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:07:44.0687 3316 Null - ok
22:07:45.0187 3316 nv (6733e80a193fc36f41c24142b0c45c0e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:07:45.0765 3316 nv ( UnsignedFile.Multi.Generic ) - warning
22:07:45.0765 3316 nv - detected UnsignedFile.Multi.Generic (1)
22:07:45.0812 3316 NVR0Dev (c6de0bb88e504db095487c7c782f9679) C:\WINDOWS\nvoclock.sys
22:07:45.0843 3316 NVR0Dev ( UnsignedFile.Multi.Generic ) - warning
22:07:45.0843 3316 NVR0Dev - detected UnsignedFile.Multi.Generic (1)
22:07:45.0953 3316 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:07:46.0078 3316 NwlnkFlt - ok
22:07:46.0109 3316 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:07:46.0250 3316 NwlnkFwd - ok
22:07:46.0281 3316 NwlnkIpx (79ea3fcda7067977625b3363a2657c80) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
22:07:46.0437 3316 NwlnkIpx - ok
22:07:46.0453 3316 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
22:07:46.0609 3316 NwlnkNb - ok
22:07:46.0640 3316 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
22:07:46.0781 3316 NwlnkSpx - ok
22:07:46.0796 3316 NwSapAgent (34f763fe20ea568062687bcdde72c830) C:\WINDOWS\System32\ipxsap.dll
22:07:46.0953 3316 NwSapAgent - ok
22:07:46.0984 3316 ohci1394 (fc128c3d7d5ad30a13742dc3737b9df7) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:07:47.0406 3316 ohci1394 - ok
22:07:47.0484 3316 omniserv (767dfeed6eb4bfcab0f425c4ce908104) C:\Programme\Softex\OmniPass\Omniserv.exe
22:07:47.0484 3316 omniserv ( UnsignedFile.Multi.Generic ) - warning
22:07:47.0484 3316 omniserv - detected UnsignedFile.Multi.Generic (1)
22:07:47.0546 3316 Parport (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\DRIVERS\parport.sys
22:07:47.0687 3316 Parport - ok
22:07:47.0718 3316 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
22:07:47.0859 3316 PartMgr - ok
22:07:47.0875 3316 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
22:07:48.0015 3316 ParVdm - ok
22:07:48.0046 3316 PCI (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys
22:07:48.0187 3316 PCI - ok
22:07:48.0203 3316 PCIDump - ok
22:07:48.0250 3316 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:07:48.0375 3316 PCIIde - ok
22:07:48.0421 3316 Pcmcia (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:07:48.0562 3316 Pcmcia - ok
22:07:48.0593 3316 PDCOMP - ok
22:07:48.0609 3316 PDFRAME - ok
22:07:48.0640 3316 PDRELI - ok
22:07:48.0671 3316 PDRFRAME - ok
22:07:48.0703 3316 perc2 - ok
22:07:48.0734 3316 perc2hib - ok
22:07:48.0843 3316 PlugPlay (a07ca23ea361a01e627d911cf139b950) C:\WINDOWS\system32\services.exe
22:07:48.0921 3316 PlugPlay - ok
22:07:48.0953 3316 Point32 (7e6ee233b06a921f44e98720990f1f75) C:\WINDOWS\system32\DRIVERS\point32.sys
22:07:48.0968 3316 Point32 - ok
22:07:49.0000 3316 PolicyAgent (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
22:07:49.0125 3316 PolicyAgent - ok
22:07:49.0171 3316 PortTalk (7d5a2d755b6c6579f63657b527d6ff1b) C:\WINDOWS\system32\Drivers\PtbTalk.sys
22:07:49.0203 3316 PortTalk ( UnsignedFile.Multi.Generic ) - warning
22:07:49.0203 3316 PortTalk - detected UnsignedFile.Multi.Generic (1)
22:07:49.0234 3316 Poweroff (49246760948b5013d466c3dffaf3b2f8) C:\WINDOWS\system32\poweroff.exe
22:07:49.0281 3316 Poweroff ( UnsignedFile.Multi.Generic ) - warning
22:07:49.0281 3316 Poweroff - detected UnsignedFile.Multi.Generic (1)
22:07:49.0312 3316 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:07:49.0453 3316 PptpMiniport - ok
22:07:49.0484 3316 prodrv06 (c051deb1ad5fdaae04114a30998ff869) C:\WINDOWS\System32\drivers\prodrv06.sys
22:07:49.0500 3316 prodrv06 ( UnsignedFile.Multi.Generic ) - warning
22:07:49.0500 3316 prodrv06 - detected UnsignedFile.Multi.Generic (1)
22:07:49.0531 3316 prohlp02 (d9d5cc53e73d7796ffc6266d52de80da) C:\WINDOWS\system32\drivers\prohlp02.sys
22:07:49.0546 3316 prohlp02 ( UnsignedFile.Multi.Generic ) - warning
22:07:49.0546 3316 prohlp02 - detected UnsignedFile.Multi.Generic (1)
22:07:49.0593 3316 prosync1 (f3471e7971ee62420451d958da635064) C:\WINDOWS\system32\drivers\prosync1.sys
22:07:49.0609 3316 prosync1 ( UnsignedFile.Multi.Generic ) - warning
22:07:49.0609 3316 prosync1 - detected UnsignedFile.Multi.Generic (1)
22:07:49.0625 3316 ProtectedStorage (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
22:07:49.0750 3316 ProtectedStorage - ok
22:07:49.0781 3316 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
22:07:49.0906 3316 PSched - ok
22:07:49.0937 3316 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
22:07:49.0953 3316 PSI - ok
22:07:49.0984 3316 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:07:50.0125 3316 Ptilink - ok
22:07:50.0156 3316 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:07:50.0171 3316 PxHelp20 - ok
22:07:50.0203 3316 QCPro (77a1f8658c4c03847eb70503c29e60ed) C:\WINDOWS\system32\DRIVERS\p35u.sys
22:07:50.0250 3316 QCPro - ok
22:07:50.0265 3316 ql1080 - ok
22:07:50.0296 3316 Ql10wnt - ok
22:07:50.0312 3316 ql12160 - ok
22:07:50.0343 3316 ql1240 - ok
22:07:50.0375 3316 ql1280 - ok
22:07:50.0421 3316 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:07:50.0546 3316 RasAcd - ok
22:07:50.0593 3316 RasAuto (e3c6e87c1f84584a773d7c3dd205dbff) C:\WINDOWS\System32\rasauto.dll
22:07:50.0750 3316 RasAuto - ok
22:07:50.0781 3316 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:07:50.0906 3316 Rasl2tp - ok
22:07:50.0953 3316 RasMan (ffc8343b35fb2df01a5767748efa5b58) C:\WINDOWS\System32\rasmans.dll
22:07:51.0406 3316 RasMan - ok
22:07:51.0437 3316 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:07:51.0578 3316 RasPppoe - ok
22:07:51.0609 3316 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:07:51.0734 3316 Raspti - ok
22:07:51.0765 3316 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:07:52.0218 3316 Rdbss - ok
22:07:52.0250 3316 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:07:52.0375 3316 RDPCDD - ok
22:07:52.0437 3316 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
22:07:52.0859 3316 RDPWD - ok
22:07:52.0921 3316 RDSessMgr (aec159942df64a9890072d7bb1797762) C:\WINDOWS\system32\sessmgr.exe
22:07:53.0078 3316 RDSessMgr - ok
22:07:53.0109 3316 redbook (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:07:53.0250 3316 redbook - ok
22:07:53.0281 3316 RemoteAccess (eba80cdf25e02084857957e820004934) C:\WINDOWS\System32\mprdim.dll
22:07:53.0421 3316 RemoteAccess - ok
22:07:53.0546 3316 RichVideo (bd517c7fb119997effbe39d5e4b37b05) C:\Programme\CyberLink\Shared Files\RichVideo.exe
22:07:53.0578 3316 RichVideo ( UnsignedFile.Multi.Generic ) - warning
22:07:53.0578 3316 RichVideo - detected UnsignedFile.Multi.Generic (1)
22:07:53.0609 3316 RpcLocator (da23f9f3f1b1871120f980a6879581ac) C:\WINDOWS\system32\locator.exe
22:07:53.0750 3316 RpcLocator - ok
22:07:53.0796 3316 RpcSs (8afbc2e1e5555a1c29953af854f0fca5) C:\WINDOWS\System32\rpcss.dll
22:07:53.0875 3316 RpcSs - ok
22:07:53.0890 3316 rseb - ok
22:07:53.0937 3316 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
22:07:54.0093 3316 RSVP - ok
22:07:54.0125 3316 RT2500USB (25fb8164d26474c3e13423fd6ee60b1b) C:\WINDOWS\system32\DRIVERS\rt2500usb.sys
22:07:54.0156 3316 RT2500USB ( UnsignedFile.Multi.Generic ) - warning
22:07:54.0156 3316 RT2500USB - detected UnsignedFile.Multi.Generic (1)
22:07:54.0187 3316 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
22:07:54.0328 3316 rtl8139 - ok
22:07:54.0359 3316 SamSs (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
22:07:54.0484 3316 SamSs - ok
22:07:54.0531 3316 SCardSvr (b4cf7b42de6cfa6fde7d6af4daa55f57) C:\WINDOWS\System32\SCardSvr.exe
22:07:54.0671 3316 SCardSvr - ok
22:07:54.0718 3316 Schedule (d5e73842f38e24457c63fef8ceffbe19) C:\WINDOWS\system32\schedsvc.dll
22:07:54.0859 3316 Schedule - ok
22:07:55.0015 3316 SDScannerService (43d29ecb8137eeae30b0970bbc7a5500) C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
22:07:55.0062 3316 SDScannerService - ok
22:07:55.0156 3316 SDUpdateService (6b859b122e85c2c833e6d8c5dc4b07f3) C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
22:07:55.0234 3316 SDUpdateService - ok
22:07:55.0343 3316 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:07:55.0781 3316 Secdrv - ok
22:07:55.0796 3316 seclogon (fed544b43903fb801b106f062110358a) C:\WINDOWS\System32\seclogon.dll
22:07:55.0953 3316 seclogon - ok
22:07:56.0000 3316 Secunia PSI Agent - ok
22:07:56.0031 3316 Secunia Update Agent - ok
22:07:56.0078 3316 SENS (ab74d986c1dd0d0c95b6ad37ec1e9f4f) C:\WINDOWS\system32\sens.dll
22:07:56.0234 3316 SENS - ok
22:07:56.0265 3316 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:07:56.0406 3316 serenum - ok
22:07:56.0437 3316 Serial (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\DRIVERS\serial.sys
22:07:56.0562 3316 Serial - ok
22:07:56.0593 3316 sermouse (e8f3e51da8098201f50678cec5fce179) C:\WINDOWS\system32\DRIVERS\sermouse.sys
22:07:56.0718 3316 sermouse - ok
22:07:56.0859 3316 sfdrv01a (4d0ce0fadca29e7da68ce597ac9010bd) C:\WINDOWS\system32\drivers\sfdrv01a.sys
22:07:56.0875 3316 sfdrv01a - ok
22:07:56.0890 3316 sfhlp01 (462aee0ea0481ea8bd45cac876a4ccc4) C:\WINDOWS\system32\drivers\sfhlp01.sys
22:07:56.0921 3316 sfhlp01 ( UnsignedFile.Multi.Generic ) - warning
22:07:56.0921 3316 sfhlp01 - detected UnsignedFile.Multi.Generic (1)
22:07:56.0937 3316 sfhlp02 (daad4c099ebf5094d32c373ac1ac0f3c) C:\WINDOWS\system32\drivers\sfhlp02.sys
22:07:56.0953 3316 sfhlp02 - ok
22:07:57.0000 3316 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:07:57.0140 3316 Sfloppy - ok
22:07:57.0156 3316 sfsync04 (c526ad307ff1900bc4c864f74553f762) C:\WINDOWS\system32\drivers\sfsync04.sys
22:07:57.0171 3316 sfsync04 - ok
22:07:57.0203 3316 sfvfs02 (d5a7e09d2c6a702809e49190d52adc9f) C:\WINDOWS\system32\drivers\sfvfs02.sys
22:07:57.0218 3316 sfvfs02 ( UnsignedFile.Multi.Generic ) - warning
22:07:57.0218 3316 sfvfs02 - detected UnsignedFile.Multi.Generic (1)
22:07:57.0265 3316 SharedAccess (9245420422e409a25c1410acb4244060) C:\WINDOWS\System32\ipnathlp.dll
22:07:57.0421 3316 SharedAccess - ok
22:07:57.0453 3316 ShellHWDetection (521a4cb71cc419fdf60db83e7308ae2b) C:\WINDOWS\System32\shsvcs.dll
22:07:57.0906 3316 ShellHWDetection - ok
22:07:57.0921 3316 Simbad - ok
22:07:57.0968 3316 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:07:58.0109 3316 SLIP - ok
22:07:58.0156 3316 Sparrow - ok
22:07:58.0187 3316 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
22:07:58.0609 3316 splitter - ok
22:07:58.0640 3316 Spooler (da81ec57acd4cdc3d4c51cf3d409af9f) C:\WINDOWS\system32\spoolsv.exe
22:07:59.0093 3316 Spooler - ok
22:07:59.0156 3316 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\System32\Drivers\sptd.sys
22:07:59.0203 3316 sptd - ok
22:07:59.0250 3316 sr (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys
22:07:59.0343 3316 sr - ok
22:07:59.0375 3316 srservice (015f302c4cf961f20c3f98f3a7ca7917) C:\WINDOWS\system32\srsvc.dll
22:07:59.0484 3316 srservice - ok
22:07:59.0531 3316 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
22:07:59.0578 3316 Srv - ok
22:07:59.0609 3316 SSDPSRV (6fa03b462b2fffe2627171b7fe73ee29) C:\WINDOWS\System32\ssdpsrv.dll
22:07:59.0718 3316 SSDPSRV - ok
22:07:59.0734 3316 SSPORT - ok
22:07:59.0781 3316 ss_bbus (3f0164fbc0bd1adbd02df9759181451a) C:\WINDOWS\system32\DRIVERS\ss_bbus.sys
22:07:59.0812 3316 ss_bbus - ok
22:07:59.0843 3316 ss_bmdfl (b89d62206034e5fe573c80a24dd55675) C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys
22:07:59.0859 3316 ss_bmdfl - ok
22:07:59.0890 3316 ss_bmdm (1ed0fcea586fe2a416ee15196e5631dd) C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys
22:07:59.0921 3316 ss_bmdm - ok
22:07:59.0937 3316 StarOpen - ok
22:07:59.0984 3316 stisvc (25e9b30af1fa1b9af1853577f39ff20b) C:\WINDOWS\system32\wiaservc.dll
22:08:00.0437 3316 stisvc - ok
22:08:00.0468 3316 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:08:00.0609 3316 streamip - ok
22:08:00.0640 3316 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:08:00.0781 3316 swenum - ok
22:08:00.0812 3316 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
22:08:00.0953 3316 swmidi - ok
22:08:00.0968 3316 SwPrv - ok
22:08:01.0015 3316 symc810 - ok
22:08:01.0031 3316 symc8xx - ok
22:08:01.0062 3316 sym_hi - ok
22:08:01.0093 3316 sym_u3 - ok
22:08:01.0125 3316 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
22:08:01.0265 3316 sysaudio - ok
22:08:01.0312 3316 SysmonLog (6d0c43df9d3a7c5a9b4f94772cbd5ddc) C:\WINDOWS\system32\smlogsvc.exe
22:08:01.0453 3316 SysmonLog - ok
22:08:01.0484 3316 TapiSrv (427d7eb3b453347082c8f4b370065d60) C:\WINDOWS\System32\tapisrv.dll
22:08:01.0968 3316 TapiSrv - ok
22:08:02.0000 3316 tbhsd (4d46f63f7ddc2442941d63327c360b90) C:\WINDOWS\system32\drivers\tbhsd.sys
22:08:02.0015 3316 tbhsd - ok
22:08:02.0062 3316 Tcpip (3adce4790f591bf160a94f6f08039577) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:08:02.0093 3316 Tcpip ( UnsignedFile.Multi.Generic ) - warning
22:08:02.0093 3316 Tcpip - detected UnsignedFile.Multi.Generic (1)
22:08:02.0125 3316 Tcpip6 (be4007ab8c9b62e3688fc2f469b98190) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
22:08:02.0171 3316 Tcpip6 - ok
22:08:02.0203 3316 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:08:02.0343 3316 TDPIPE - ok
22:08:02.0359 3316 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
22:08:02.0500 3316 TDTCP - ok
22:08:02.0531 3316 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:08:02.0671 3316 TermDD - ok
22:08:02.0718 3316 TermService (1850bc10de5dcccede063fc2d0f2ceda) C:\WINDOWS\System32\termsrv.dll
22:08:02.0875 3316 TermService - ok
22:08:02.0906 3316 TfFsMon (95746e5b1473432f3d9458940dba6e3a) C:\WINDOWS\system32\drivers\TfFsMon.sys
22:08:02.0921 3316 TfFsMon - ok
22:08:02.0953 3316 TfNetMon (02ffdd873e31c5c2d57ca87d11ec36af) C:\WINDOWS\system32\drivers\TfNetMon.sys
22:08:02.0968 3316 TfNetMon - ok
22:08:03.0000 3316 TfSysMon (f8bd92251ab439383c051ce907d78cce) C:\WINDOWS\system32\drivers\TfSysMon.sys
22:08:03.0015 3316 TfSysMon - ok
22:08:03.0046 3316 Themes (521a4cb71cc419fdf60db83e7308ae2b) C:\WINDOWS\System32\shsvcs.dll
22:08:03.0484 3316 Themes - ok
22:08:03.0546 3316 ThreatFire - ok
22:08:03.0593 3316 TosIde - ok
22:08:03.0625 3316 TrkWks (a34e894201d66e380e1fa96fe11b587e) C:\WINDOWS\system32\trkwks.dll
22:08:03.0781 3316 TrkWks - ok
22:08:03.0906 3316 TuneUp.UtilitiesSvc (af5f31156ee89d35ad6ec3179a805d23) C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
22:08:04.0000 3316 TuneUp.UtilitiesSvc - ok
22:08:04.0046 3316 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
22:08:04.0062 3316 TuneUpUtilitiesDrv - ok
22:08:04.0171 3316 tunmp (87a0e9e18c10a9e454238e3330e2a26d) C:\WINDOWS\system32\DRIVERS\tunmp.sys
22:08:04.0296 3316 tunmp - ok
22:08:04.0328 3316 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
22:08:04.0468 3316 Udfs - ok
22:08:04.0484 3316 ultra - ok
22:08:04.0531 3316 UMWdf (2c1d59933077ba0d8a64cb1fb9ef8638) C:\WINDOWS\system32\wdfmgr.exe
22:08:04.0578 3316 UMWdf - ok
22:08:04.0625 3316 Update (7b2170ee3d858ce8fbe503904cc9b663) C:\WINDOWS\system32\DRIVERS\update.sys
22:08:05.0078 3316 Update - ok
22:08:05.0125 3316 uploadmgr (ba85bcf1a2bcf927c3600574173403e0) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:08:05.0265 3316 uploadmgr - ok
22:08:05.0312 3316 upnphost (855790c1baced245a6b210af430ed17b) C:\WINDOWS\System32\upnphost.dll
22:08:05.0765 3316 upnphost - ok
22:08:05.0796 3316 UPS (a99f867e76cfdaa28ee305b93f70e84f) C:\WINDOWS\System32\ups.exe
22:08:05.0937 3316 UPS - ok
22:08:05.0984 3316 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:08:06.0125 3316 usbccgp - ok
22:08:06.0156 3316 usbehci (a45ea1550ea4b368c4fba7ca9d056bc9) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:08:06.0234 3316 usbehci - ok
22:08:06.0265 3316 usbhub (6d46b1f89134892a862ac56b00ac11fe) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:08:06.0359 3316 usbhub - ok
22:08:06.0390 3316 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:08:06.0531 3316 usbprint - ok
22:08:06.0562 3316 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:08:06.0687 3316 usbscan - ok
22:08:06.0734 3316 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:08:06.0875 3316 usbstor - ok
22:08:06.0906 3316 usbuhci (0ee1925590ba1abec14254d54d9870f4) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:08:06.0968 3316 usbuhci - ok
22:08:07.0000 3316 UxTuneUp (6275822ac454a8a831d063841a4dbb5d) C:\WINDOWS\System32\uxtuneup.dll
22:08:07.0031 3316 UxTuneUp - ok
22:08:07.0062 3316 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
22:08:07.0187 3316 VgaSave - ok
22:08:07.0203 3316 ViaIde - ok
22:08:07.0234 3316 VMnetAdapter - ok
22:08:07.0281 3316 VolSnap (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys
22:08:07.0421 3316 VolSnap - ok
22:08:07.0437 3316 vsdatant - ok
22:08:07.0484 3316 VSS (6635ecbf0d8090dc3a452d0d072b5d5b) C:\WINDOWS\System32\vssvc.exe
22:08:07.0593 3316 VSS - ok
22:08:07.0640 3316 W32Time (c6d874cd2a5b83cd11cdebd28a638584) C:\WINDOWS\system32\w32time.dll
22:08:07.0796 3316 W32Time - ok
22:08:07.0843 3316 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:08:07.0984 3316 Wanarp - ok
22:08:08.0015 3316 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
22:08:08.0046 3316 wanatw - ok
22:08:08.0062 3316 WDICA - ok
22:08:08.0093 3316 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
22:08:08.0500 3316 wdmaud - ok
22:08:08.0562 3316 WDMCAPI (26951c2707e2149c07f7df914cf94396) C:\WINDOWS\system32\DRIVERS\WDMCAPI.sys
22:08:08.0625 3316 WDMCAPI - ok
22:08:08.0640 3316 WDMWANMP (595d5e2a629bb7c620671307fc505c81) C:\WINDOWS\system32\DRIVERS\wdmwanmp.sys
22:08:08.0671 3316 WDMWANMP - ok
22:08:08.0718 3316 WebClient (879ecb9a5f14a03960b84edb7207a051) C:\WINDOWS\System32\webclnt.dll
22:08:09.0171 3316 WebClient - ok
22:08:09.0265 3316 Windows7FirewallControl (c53decc95db03d42a5cc58892ed0e9ad) C:\Programme\Windows7FirewallControl\Windows7FirewallControl.sys
22:08:09.0281 3316 Windows7FirewallControl ( UnsignedFile.Multi.Generic ) - warning
22:08:09.0281 3316 Windows7FirewallControl - detected UnsignedFile.Multi.Generic (1)
22:08:09.0328 3316 Windows7FirewallService (6bbb21a007ca528f3f956fbbec8a0e46) C:\Programme\Windows7FirewallControl\Windows7FirewallService.exe
22:08:09.0359 3316 Windows7FirewallService ( UnsignedFile.Multi.Generic ) - warning
22:08:09.0359 3316 Windows7FirewallService - detected UnsignedFile.Multi.Generic (1)
22:08:09.0421 3316 winmgmt (da2dadb42916e59c6e4bba593bccda73) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:08:09.0578 3316 winmgmt - ok
22:08:09.0609 3316 WinRing0_1_2_0 (845af1ba23c8d5e64def61bcc441604c) C:\WINDOWS\system32\Drivers\ptbring0.sys
22:08:09.0625 3316 WinRing0_1_2_0 - ok
22:08:09.0703 3316 WmBEnum (5d410936831f7fb58eff941eac3f6d3d) C:\WINDOWS\system32\drivers\WmBEnum.sys
22:08:09.0718 3316 WmBEnum - ok
22:08:09.0750 3316 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\mspmsnsv.dll
22:08:09.0781 3316 WmdmPmSN - ok
22:08:09.0828 3316 WmFilter (7a13cfde92956ca61a0927d766c5ad4f) C:\WINDOWS\system32\drivers\WmFilter.sys
22:08:09.0843 3316 WmFilter - ok
22:08:09.0875 3316 WmHidLo (1f596392149cac51f7c095af7d533934) C:\WINDOWS\system32\drivers\WmHidLo.sys
22:08:09.0875 3316 WmHidLo - ok
22:08:09.0953 3316 WmiApSrv (042a78fcd1adfb0fba9865d55c6f5cc1) C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:08:10.0093 3316 WmiApSrv - ok
22:08:10.0125 3316 WmVirHid (6f04646bc690f8bbfc344be32a60796d) C:\WINDOWS\system32\drivers\WmVirHid.sys
22:08:10.0140 3316 WmVirHid - ok
22:08:10.0171 3316 WmXlCore (1d6ca43d562333f4dfb40bcef2453f3a) C:\WINDOWS\system32\drivers\WmXlCore.sys
22:08:10.0187 3316 WmXlCore - ok
22:08:10.0328 3316 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:08:10.0390 3316 WPFFontCache_v0400 - ok
22:08:10.0421 3316 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:08:10.0546 3316 WS2IFSL - ok
22:08:10.0593 3316 wscsvc (bd3561aae748150cf51c2ca876449ea7) C:\WINDOWS\system32\wscsvc.dll
22:08:10.0750 3316 wscsvc - ok
22:08:10.0781 3316 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:08:10.0921 3316 WSTCODEC - ok
22:08:10.0953 3316 wuauserv (1eddd5c0ecf3fa6edfd8a25b2b4e7df6) C:\WINDOWS\system32\wuauserv.dll
22:08:11.0093 3316 wuauserv - ok
22:08:11.0140 3316 WZCSVC (ea8a1d431d4cd8e1be0324c3cf710903) C:\WINDOWS\System32\wzcsvc.dll
22:08:11.0250 3316 WZCSVC - ok
22:08:11.0328 3316 x10nets (5a0c788c5bc5f2c993cb60940adcf95e) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
22:08:11.0343 3316 x10nets ( UnsignedFile.Multi.Generic ) - warning
22:08:11.0343 3316 x10nets - detected UnsignedFile.Multi.Generic (1)
22:08:11.0375 3316 xmlprov (8302de1c64618d72346dd0034dbc5d9b) C:\WINDOWS\System32\xmlprov.dll
22:08:11.0562 3316 xmlprov - ok
22:08:11.0609 3316 XUIF (41cf36a3cc7786575247ed456918e112) C:\WINDOWS\system32\Drivers\x10ufx2.sys
22:08:11.0625 3316 XUIF - ok
22:08:11.0718 3316 MBR (0x1B8) (cd4b33d87c7514dc261fef658d8de9a8) \Device\Harddisk0\DR0
22:08:12.0250 3316 \Device\Harddisk0\DR0 - ok
22:08:12.0265 3316 Boot (0x1200) (736e7638de3ce948b556e1951a6c9ee7) \Device\Harddisk0\DR0\Partition0
22:08:12.0265 3316 \Device\Harddisk0\DR0\Partition0 - ok
22:08:12.0312 3316 Boot (0x1200) (5622fb1d4fce7a426c5e78724bdeed3f) \Device\Harddisk0\DR0\Partition1
22:08:12.0312 3316 \Device\Harddisk0\DR0\Partition1 - ok
22:08:12.0343 3316 Boot (0x1200) (6125f792b63764df17bdc46f80cfe6ab) \Device\Harddisk0\DR0\Partition2
22:08:12.0343 3316 \Device\Harddisk0\DR0\Partition2 - ok
22:08:12.0343 3316 ============================================================
22:08:12.0343 3316 Scan finished
22:08:12.0343 3316 ============================================================
22:08:12.0484 2736 Detected object count: 35
22:08:12.0484 2736 Actual detected object count: 35
22:09:02.0281 2736 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:02.0296 2736 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:09:02.0296 2736 Amps2prt ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:02.0296 2736 Amps2prt ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:09:02.0296 2736 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:02.0296 2736 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:09:02.0312 2736 ati2mtag ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:02.0312 2736 ati2mtag ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:09:02.0328 2736 ATITool ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:02.0328 2736 ATITool ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:09:02.0343 2736 CLCapSvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:02.0343 2736 CLCapSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:09:02.0359 2736 CLSched ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:02.0359 2736 CLSched ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:09:02.0375 2736 CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:02.0375 2736 CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:09:02.0390 2736 DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:02.0390 2736 DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:09:02.0406 2736 Dokan ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:02.0406 2736 Dokan ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:09:02.0406 2736 DokanMounter ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:02.0421 2736 DokanMounter ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:09:02.0421 2736 FolderSize ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:02.0421 2736 FolderSize ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:09:02.0437 2736 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:02.0437 2736 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:09:02.0453 2736 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:02.0453 2736 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:09:02.0468 2736 HDPrfDrv ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:02.0468 2736 HDPrfDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:09:02.0484 2736 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:02.0484 2736 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:09:02.0500 2736 mbmiodrvr ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:02.0500 2736 mbmiodrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:09:02.0515 2736 MxlW2k ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:02.0515 2736 MxlW2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:09:02.0531 2736 NPPTNT2 ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:02.0531 2736 NPPTNT2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:09:02.0531 2736 nv ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:02.0531 2736 nv ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:09:02.0531 2736 NVR0Dev ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:02.0531 2736 NVR0Dev ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:09:02.0546 2736 omniserv ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:02.0546 2736 omniserv ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:09:02.0562 2736 PortTalk ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:02.0562 2736 PortTalk ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:09:02.0578 2736 Poweroff ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:02.0578 2736 Poweroff ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:09:02.0593 2736 prodrv06 ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:02.0593 2736 prodrv06 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:09:02.0609 2736 prohlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:02.0609 2736 prohlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:09:02.0625 2736 prosync1 ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:02.0625 2736 prosync1 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:09:02.0640 2736 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:02.0640 2736 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:09:02.0640 2736 RT2500USB ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:02.0656 2736 RT2500USB ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:09:02.0656 2736 sfhlp01 ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:02.0656 2736 sfhlp01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:09:02.0671 2736 sfvfs02 ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:02.0671 2736 sfvfs02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:09:02.0687 2736 Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:02.0687 2736 Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:09:02.0703 2736 Windows7FirewallControl ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:02.0703 2736 Windows7FirewallControl ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:09:02.0718 2736 Windows7FirewallService ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:02.0718 2736 Windows7FirewallService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:09:02.0734 2736 x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
22:09:02.0734 2736 x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:10:43.0546 0872 Deinitialize success

cosinus 24.07.2012 22:19
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Polarbär 25.07.2012 06:50
Log ComboFix erledigt.

Zitat:
ComboFix 12-07-25.04 - Roman 25.07.2012 6:56.22.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.49.1031.18.2046.1311 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Roman\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: R-Firewall *Disabled* {E2DA7C08-BEAC-4E18-AE35-F72D585DDFF5}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\1&1
c:\dokumente und einstellungen\All Users\Anwendungsdaten\1&1\1&1 SmartFax\Settings.xml
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\Default User\WINDOWS
c:\dokumente und einstellungen\Internet\WINDOWS
c:\dokumente und einstellungen\Roman\Anwendungsdaten\1&1
c:\dokumente und einstellungen\Roman\Anwendungsdaten\1&1\1&1 SmartFax\FaxNumberHistory.xml
c:\dokumente und einstellungen\Roman\Anwendungsdaten\1&1\1&1 SmartFax\Settings.xml
c:\dokumente und einstellungen\Roman\WINDOWS
c:\programme\Internet Explorer\SET2.tmp
c:\programme\Internet Explorer\SET5.tmp
c:\programme\xp-AntiSpy
c:\programme\xp-AntiSpy\sponsoring\ebay.ico
c:\programme\xp-AntiSpy\sponsoring\ebay_desktop.ico
c:\programme\xp-AntiSpy\sponsoring\ebay_hover.ico
c:\programme\xp-AntiSpy\sponsoring\ebayGadget.gadget
c:\programme\xp-AntiSpy\sponsoring\sponsor.html
c:\programme\xp-AntiSpy\sponsoring\sponsor.url
c:\programme\xp-AntiSpy\Uninstall.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.chm
c:\programme\xp-AntiSpy\xp-AntiSpy.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.url
c:\windows\IsUn0407.exe
c:\windows\IsUn0411.exe
c:\windows\iun6002.exe
c:\windows\system32\AegisI5Installer.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\Oleaut32.1
c:\windows\system32\regobj.dll
c:\windows\system32\SET10.tmp
c:\windows\system32\SET11.tmp
c:\windows\system32\SET12.tmp
c:\windows\system32\SET13.tmp
c:\windows\system32\SET14.tmp
c:\windows\system32\SET15.tmp
c:\windows\system32\SET16.tmp
c:\windows\system32\SET17.tmp
c:\windows\system32\SET19.tmp
c:\windows\system32\SET1A.tmp
c:\windows\system32\SET1B.tmp
c:\windows\system32\SET1C.tmp
c:\windows\system32\SET1D.tmp
c:\windows\system32\SET1E.tmp
c:\windows\system32\SET1F.tmp
c:\windows\system32\SET20.tmp
c:\windows\system32\SET21.tmp
c:\windows\system32\SET22.tmp
c:\windows\system32\SET23.tmp
c:\windows\system32\SET24.tmp
c:\windows\system32\SET25.tmp
c:\windows\system32\SET26.tmp
c:\windows\system32\SET27.tmp
c:\windows\system32\SET28.tmp
c:\windows\system32\SET29.tmp
c:\windows\system32\SET2A.tmp
c:\windows\system32\SET2B.tmp
c:\windows\system32\SET2C.tmp
c:\windows\system32\SET2D.tmp
c:\windows\system32\SET2E.tmp
c:\windows\system32\SET2F.tmp
c:\windows\system32\SET30.tmp
c:\windows\system32\SET31.tmp
c:\windows\system32\SET32.tmp
c:\windows\system32\SET33.tmp
c:\windows\system32\SET34.tmp
c:\windows\system32\SET35.tmp
c:\windows\system32\SET36.tmp
c:\windows\system32\SET37.tmp
c:\windows\system32\SET38.tmp
c:\windows\system32\SET39.tmp
c:\windows\system32\SET3B.tmp
c:\windows\system32\SET3C.tmp
c:\windows\system32\SET3D.tmp
c:\windows\system32\SET3E.tmp
c:\windows\system32\SET3F.tmp
c:\windows\system32\SET40.tmp
c:\windows\system32\SET41.tmp
c:\windows\system32\SET42.tmp
c:\windows\system32\SET43.tmp
c:\windows\system32\SET44.tmp
c:\windows\system32\SET45.tmp
c:\windows\system32\SET46.tmp
c:\windows\system32\SET47.tmp
c:\windows\system32\SET48.tmp
c:\windows\system32\SET49.tmp
c:\windows\system32\SET4A.tmp
c:\windows\system32\SET4B.tmp
c:\windows\system32\SET4C.tmp
c:\windows\system32\SET4D.tmp
c:\windows\system32\SET4E.tmp
c:\windows\system32\SET4F.tmp
c:\windows\system32\SET50.tmp
c:\windows\system32\SET7.tmp
c:\windows\system32\SET8.tmp
c:\windows\system32\SET9.tmp
c:\windows\system32\SETA.tmp
c:\windows\system32\SETB.tmp
c:\windows\system32\SETC.tmp
c:\windows\system32\SETD.tmp
c:\windows\system32\SETE.tmp
c:\windows\system32\SETF.tmp
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-25 bis 2012-07-25 ))))))))))))))))))))))))))))))
.
.
2012-07-24 04:37 . 2009-02-12 07:55 241408 ----a-w- c:\windows\system32\drivers\rt2500usb.sys
2012-07-24 04:37 . 2012-07-24 04:37 -------- d-----w- c:\programme\RALINK
2012-07-23 08:07 . 2012-07-23 08:07 -------- d-----w- c:\dokumente und einstellungen\Roman\Startmen³
2012-07-16 04:38 . 2012-07-16 04:38 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-16 04:38 . 2012-07-16 04:38 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-08 11:46 . 2009-01-25 11:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-07-08 11:46 . 2012-07-11 18:37 -------- d-----w- c:\programme\Spybot - Search & Destroy 2
2012-07-03 12:15 . 2012-07-03 12:15 -------- d-----w- c:\programme\AMD
2012-07-02 19:08 . 2012-07-03 04:56 -------- d-----w- c:\programme\ATI
2012-07-02 18:51 . 2012-07-17 12:04 -------- d-----w- C:\AMD
2012-06-26 19:06 . 2012-06-26 19:06 -------- d-----w- c:\programme\Oracle
2012-06-26 19:05 . 2012-05-04 17:29 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-26 19:05 . 2012-06-26 19:05 -------- d-----w- c:\programme\Java
2012-06-26 14:01 . 2012-06-26 14:01 0 ----a-w- c:\windows\system32\REN2F.tmp
2012-06-26 14:01 . 2012-06-26 14:01 0 ----a-w- c:\windows\system32\REN2E.tmp
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-24 04:37 . 2007-10-27 17:23 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2012-07-03 16:21 . 2007-11-29 20:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2011-02-26 16:25 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2008-04-03 11:13 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2008-04-03 11:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2007-11-29 20:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-03 16:21 . 2007-11-29 20:21 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-07-03 16:21 . 2007-11-29 20:21 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-07-03 16:21 . 2007-11-29 20:21 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-07-03 16:21 . 2010-07-01 04:52 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2007-11-29 20:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-03 11:46 . 2010-11-17 16:39 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-30 04:50 . 2010-01-02 06:25 14416 ----a-w- c:\windows\system32\drivers\ptbring0.sys
2012-06-11 18:57 . 2011-12-28 19:02 6629888 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2012-06-11 17:38 . 2011-12-28 19:02 19587072 ----a-w- c:\windows\system32\atioglxx.dll
2012-06-11 17:15 . 2011-12-28 19:02 307200 ----a-w- c:\windows\system32\atiiiexx.dll
2012-06-11 17:13 . 2011-12-28 19:02 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-06-11 17:12 . 2011-12-28 19:02 305664 ----a-w- c:\windows\system32\ati2dvag.dll
2012-06-11 17:10 . 2011-12-28 19:02 4579904 ----a-w- c:\windows\system32\ati3duag.dll
2012-06-11 16:51 . 2011-12-28 19:02 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2012-06-11 16:51 . 2011-12-28 19:02 163840 ----a-w- c:\windows\system32\Oemdspif.dll
2012-06-11 16:51 . 2011-12-28 19:02 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2012-06-11 16:51 . 2011-12-28 19:02 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-06-11 16:51 . 2011-12-28 19:02 192512 ----a-w- c:\windows\system32\ati2evxx.dll
2012-06-11 16:50 . 2011-12-28 19:02 3565440 ----a-w- c:\windows\system32\ativvaxx.dll
2012-06-11 16:49 . 2011-12-28 19:02 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2012-06-11 16:48 . 2011-12-28 19:02 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2012-06-11 16:45 . 2011-12-28 19:02 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-06-11 16:40 . 2011-12-28 19:02 835584 ----a-w- c:\windows\system32\atikvmag.dll
2012-06-11 16:36 . 2011-12-28 19:02 638976 ----a-w- c:\windows\system32\atiok3x2.dll
2012-06-11 16:35 . 2011-12-28 19:02 241664 ----a-w- c:\windows\system32\atiadlxx.dll
2012-06-11 16:35 . 2011-12-28 19:02 17408 ----a-w- c:\windows\system32\atitvo32.dll
2012-06-11 16:33 . 2011-12-28 19:02 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-06-11 16:28 . 2011-12-28 19:02 675840 ----a-w- c:\windows\system32\ati2cqag.dll
2012-06-11 16:25 . 2011-12-28 19:02 65024 ----a-w- c:\windows\system32\atimpc32.dll
2012-06-11 16:25 . 2011-12-28 19:02 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2012-06-09 15:07 . 2012-06-09 15:04 45320 ----a-w- c:\windows\system32\certsentry.dll
2012-06-09 15:02 . 2012-06-09 15:02 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-06-09 15:02 . 2012-06-09 15:02 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-06-08 13:22 . 2012-06-08 13:23 143872 ----a-w- c:\windows\system32javacpl.cpl
2012-06-08 13:22 . 2012-06-08 13:22 0 ----a-w- c:\windows\system32\REN16.tmp
2012-06-08 13:22 . 2012-06-08 13:22 0 ----a-w- c:\windows\system32\REN15.tmp
2012-05-29 11:09 . 2011-12-29 19:10 31584 ----a-w- c:\windows\system32\TURegOpt.exe
2012-05-29 11:09 . 2012-06-08 10:07 29024 ----a-w- c:\windows\system32\uxtuneup.dll
2012-05-04 17:29 . 2010-04-21 17:33 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-18 18:49 . 2011-12-02 17:07 136672 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-08-25 . 3ADCE4790F591BF160A94F6F08039577 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\TCPIP.SYS
[-] 2009-08-25 . 3ADCE4790F591BF160A94F6F08039577 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2006-06-13 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
.
[-] 2007-06-13 . E4B6C25FBAC8336CE8991F729B5A1415 . 1200640 . . [6.00.2900.3156] . . c:\windows\Explorer.exe
[-] 2007-06-13 . E4B6C25FBAC8336CE8991F729B5A1415 . 1200640 . . [6.00.2900.3156] . . c:\windows\system32\dllcache\explorer.exe
.
[-] 2009-03-08 . 9653723D3466889709D390B42AD5ABB2 . 412512 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
.
((((((((((((((((((((((((((((( SnapShot@2011-01-04_18.15.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-11 08:59 . 2011-01-11 08:59 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_214ee422\vcomp90.dll
+ 2011-01-11 08:59 . 2011-01-11 08:59 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90rus.dll
+ 2011-01-11 08:59 . 2011-01-11 08:59 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90kor.dll
+ 2011-01-11 08:59 . 2011-01-11 08:59 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90jpn.dll
+ 2011-01-11 08:59 . 2011-01-11 08:59 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90ita.dll
+ 2011-01-11 08:59 . 2011-01-11 08:59 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90fra.dll
+ 2011-01-11 08:59 . 2011-01-11 08:59 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90esp.dll
+ 2011-01-11 08:59 . 2011-01-11 08:59 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90esn.dll
+ 2011-01-11 08:59 . 2011-01-11 08:59 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90enu.dll
+ 2011-01-11 08:59 . 2011-01-11 08:59 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90deu.dll
+ 2011-01-11 08:59 . 2011-01-11 08:59 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90cht.dll
+ 2011-01-11 08:59 . 2011-01-11 08:59 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90chs.dll
+ 2011-01-11 08:59 . 2011-01-11 08:59 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfcm90u.dll
+ 2011-01-11 08:59 . 2011-01-11 08:59 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfcm90.dll
+ 2011-01-10 21:03 . 2011-01-10 21:03 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_189d6662\vcomp.dll
+ 2011-01-10 20:32 . 2011-01-10 20:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80KOR.dll
+ 2011-01-10 20:32 . 2011-01-10 20:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80JPN.dll
+ 2011-01-10 20:32 . 2011-01-10 20:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ITA.dll
+ 2011-01-10 20:32 . 2011-01-10 20:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80FRA.dll
+ 2011-01-10 20:32 . 2011-01-10 20:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ESP.dll
+ 2011-01-10 20:32 . 2011-01-10 20:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ENU.dll
+ 2011-01-10 20:32 . 2011-01-10 20:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80DEU.dll
+ 2011-01-10 20:32 . 2011-01-10 20:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80CHT.dll
+ 2011-01-10 20:32 . 2011-01-10 20:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80CHS.dll
+ 2011-01-11 02:05 . 2011-01-11 02:05 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfcm80u.dll
+ 2011-01-11 02:23 . 2011-01-11 02:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfcm80.dll
+ 2011-01-10 19:21 . 2011-01-10 19:21 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_7837863c\ATL80.dll
+ 2011-09-01 09:34 . 2011-09-01 09:34 21880 c:\windows\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5\Microsoft.Workflow.Compiler.exe
- 2010-04-18 15:20 . 1999-12-17 08:13 86016 c:\windows\unvise32.exe
+ 2010-04-18 15:20 . 1999-12-17 09:13 86016 c:\windows\unvise32.exe
+ 2012-01-03 19:46 . 2000-09-26 19:52 37888 c:\windows\UninstallLegend.exe
+ 2011-05-28 18:42 . 2001-09-24 08:10 12288 c:\windows\twain_32\QuickCam\LQCTwn32.dll
+ 2011-05-28 18:42 . 2001-09-24 07:43 28672 c:\windows\twain_32\QuickCam\HVideoSP.dll
+ 2012-07-23 07:39 . 2012-07-23 07:39 16384 c:\windows\temp\Perflib_Perfdata_300.dat
+ 2001-05-01 15:04 . 2001-05-01 15:04 66048 c:\windows\system32\WMErrENU.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03 51024 c:\windows\system32\vcomp100.dll
+ 2012-01-30 18:20 . 2009-12-02 16:48 86016 c:\windows\system32\UI1&1MON.DLL
+ 2007-12-25 10:52 . 2004-10-11 12:25 57344 c:\windows\system32\SUGG1CI.dll
- 2007-12-25 10:52 . 2004-10-12 05:25 57344 c:\windows\system32\SUGG1CI.dll
+ 2011-01-13 15:29 . 2006-01-10 12:00 56215 c:\windows\system32\spool\drivers\w32x86\SUGG1tk.dat
- 2007-12-25 10:52 . 2006-01-11 05:00 56215 c:\windows\system32\spool\drivers\w32x86\SUGG1tk.dat
- 2007-12-25 10:52 . 2006-01-11 04:59 55410 c:\windows\system32\spool\drivers\w32x86\SUGG1sw.dat
+ 2011-01-13 15:29 . 2006-01-10 11:59 55410 c:\windows\system32\spool\drivers\w32x86\SUGG1sw.dat
+ 2011-01-13 15:29 . 2006-01-10 11:59 59692 c:\windows\system32\spool\drivers\w32x86\SUGG1sp.dat
- 2007-12-25 10:52 . 2006-01-11 04:59 59692 c:\windows\system32\spool\drivers\w32x86\SUGG1sp.dat
+ 2011-01-13 15:29 . 2006-01-10 11:59 57303 c:\windows\system32\spool\drivers\w32x86\SUGG1ru.dat
- 2007-12-25 10:52 . 2006-01-11 04:59 57303 c:\windows\system32\spool\drivers\w32x86\SUGG1ru.dat
+ 2011-01-13 15:29 . 2006-01-10 11:58 59873 c:\windows\system32\spool\drivers\w32x86\SUGG1pt.dat
- 2007-12-25 10:52 . 2006-01-11 04:58 59873 c:\windows\system32\spool\drivers\w32x86\SUGG1pt.dat
- 2007-12-25 10:52 . 2006-01-11 04:58 57083 c:\windows\system32\spool\drivers\w32x86\SUGG1po.dat
+ 2011-01-13 15:29 . 2006-01-10 11:58 57083 c:\windows\system32\spool\drivers\w32x86\SUGG1po.dat
+ 2011-01-13 15:29 . 2006-01-10 11:58 55040 c:\windows\system32\spool\drivers\w32x86\SUGG1nr.dat
- 2007-12-25 10:52 . 2006-01-11 04:58 55040 c:\windows\system32\spool\drivers\w32x86\SUGG1nr.dat
- 2007-12-25 10:52 . 2005-07-06 04:53 53248 c:\windows\system32\spool\drivers\w32x86\SUGG1lf.DLL
+ 2011-01-13 15:29 . 2005-07-05 11:53 53248 c:\windows\system32\spool\drivers\w32x86\SUGG1lf.DLL
- 2007-12-25 10:52 . 2006-01-11 04:58 52112 c:\windows\system32\spool\drivers\w32x86\SUGG1kr.dat
+ 2011-01-13 15:29 . 2006-01-10 11:58 52112 c:\windows\system32\spool\drivers\w32x86\SUGG1kr.dat
- 2007-12-25 10:52 . 2006-01-11 04:57 58957 c:\windows\system32\spool\drivers\w32x86\SUGG1it.dat
+ 2011-01-13 15:29 . 2006-01-10 11:57 58957 c:\windows\system32\spool\drivers\w32x86\SUGG1it.dat
- 2007-12-25 10:52 . 2006-01-11 04:53 58042 c:\windows\system32\spool\drivers\w32x86\SUGG1hu.dat
+ 2011-01-13 15:29 . 2006-01-10 11:53 58042 c:\windows\system32\spool\drivers\w32x86\SUGG1hu.dat
- 2007-12-25 10:52 . 2006-01-11 04:53 60166 c:\windows\system32\spool\drivers\w32x86\SUGG1gr.dat
+ 2011-01-13 15:29 . 2006-01-10 11:53 60166 c:\windows\system32\spool\drivers\w32x86\SUGG1gr.dat
- 2007-12-25 10:52 . 2006-01-11 04:52 62902 c:\windows\system32\spool\drivers\w32x86\SUGG1fn.dat
+ 2011-01-13 15:29 . 2006-01-10 11:52 62902 c:\windows\system32\spool\drivers\w32x86\SUGG1fn.dat
+ 2011-01-13 15:29 . 2006-01-10 11:52 56509 c:\windows\system32\spool\drivers\w32x86\SUGG1fi.dat
- 2007-12-25 10:52 . 2006-01-11 04:52 56509 c:\windows\system32\spool\drivers\w32x86\SUGG1fi.dat
+ 2011-01-13 15:29 . 2006-01-10 11:52 54019 c:\windows\system32\spool\drivers\w32x86\SUGG1en.dat
- 2007-12-25 10:52 . 2006-01-11 04:52 54019 c:\windows\system32\spool\drivers\w32x86\SUGG1en.dat
- 2007-12-25 10:52 . 2006-01-11 04:51 58276 c:\windows\system32\spool\drivers\w32x86\SUGG1dt.dat
+ 2011-01-13 15:29 . 2006-01-10 11:51 58276 c:\windows\system32\spool\drivers\w32x86\SUGG1dt.dat
+ 2011-01-13 15:29 . 2006-01-10 11:51 56098 c:\windows\system32\spool\drivers\w32x86\SUGG1dn.dat
- 2007-12-25 10:52 . 2006-01-11 04:51 56098 c:\windows\system32\spool\drivers\w32x86\SUGG1dn.dat
+ 2011-01-13 15:29 . 2006-01-10 11:51 56046 c:\windows\system32\spool\drivers\w32x86\SUGG1cz.dat
- 2007-12-25 10:52 . 2006-01-11 04:51 56046 c:\windows\system32\spool\drivers\w32x86\SUGG1cz.dat
- 2007-12-25 10:52 . 2006-01-11 04:48 46704 c:\windows\system32\spool\drivers\w32x86\SUGG1ct.dat
+ 2011-01-13 15:29 . 2006-01-10 11:48 46704 c:\windows\system32\spool\drivers\w32x86\SUGG1ct.dat
+ 2011-01-13 15:29 . 2006-01-10 11:47 46843 c:\windows\system32\spool\drivers\w32x86\SUGG1cp.dat
- 2007-12-25 10:52 . 2006-01-11 04:47 46843 c:\windows\system32\spool\drivers\w32x86\SUGG1cp.dat
+ 2011-01-13 15:29 . 2006-11-20 12:42 59616 c:\windows\system32\spool\drivers\w32x86\SUGG1bp.dat
- 2007-12-25 10:52 . 2006-11-21 05:42 59616 c:\windows\system32\spool\drivers\w32x86\SUGG1bp.dat
- 2007-12-25 10:52 . 2006-01-11 05:00 56215 c:\windows\system32\spool\drivers\w32x86\3\SUGG1tk.dat
+ 2011-01-13 15:29 . 2006-01-10 12:00 56215 c:\windows\system32\spool\drivers\w32x86\3\SUGG1tk.dat
+ 2011-01-13 15:29 . 2006-01-10 11:59 55410 c:\windows\system32\spool\drivers\w32x86\3\SUGG1sw.dat
- 2007-12-25 10:52 . 2006-01-11 04:59 55410 c:\windows\system32\spool\drivers\w32x86\3\SUGG1sw.dat
- 2007-12-25 10:52 . 2006-01-11 04:59 59692 c:\windows\system32\spool\drivers\w32x86\3\SUGG1sp.dat
+ 2011-01-13 15:29 . 2006-01-10 11:59 59692 c:\windows\system32\spool\drivers\w32x86\3\SUGG1sp.dat
- 2007-12-25 10:52 . 2006-01-11 04:59 57303 c:\windows\system32\spool\drivers\w32x86\3\SUGG1ru.dat
+ 2011-01-13 15:29 . 2006-01-10 11:59 57303 c:\windows\system32\spool\drivers\w32x86\3\SUGG1ru.dat
+ 2011-01-13 15:29 . 2006-01-10 11:58 59873 c:\windows\system32\spool\drivers\w32x86\3\SUGG1pt.dat
- 2007-12-25 10:52 . 2006-01-11 04:58 59873 c:\windows\system32\spool\drivers\w32x86\3\SUGG1pt.dat
- 2007-12-25 10:52 . 2006-01-11 04:58 57083 c:\windows\system32\spool\drivers\w32x86\3\SUGG1po.dat
+ 2011-01-13 15:29 . 2006-01-10 11:58 57083 c:\windows\system32\spool\drivers\w32x86\3\SUGG1po.dat
- 2007-12-25 10:52 . 2006-01-11 04:58 55040 c:\windows\system32\spool\drivers\w32x86\3\SUGG1nr.dat
+ 2011-01-13 15:29 . 2006-01-10 11:58 55040 c:\windows\system32\spool\drivers\w32x86\3\SUGG1nr.dat
+ 2011-01-13 15:29 . 2005-07-05 11:53 53248 c:\windows\system32\spool\drivers\w32x86\3\SUGG1lf.DLL
- 2007-12-25 10:52 . 2005-07-06 04:53 53248 c:\windows\system32\spool\drivers\w32x86\3\SUGG1lf.DLL
- 2007-12-25 10:52 . 2006-01-11 04:58 52112 c:\windows\system32\spool\drivers\w32x86\3\SUGG1kr.dat
+ 2011-01-13 15:29 . 2006-01-10 11:58 52112 c:\windows\system32\spool\drivers\w32x86\3\SUGG1kr.dat
- 2007-12-25 10:52 . 2006-01-11 04:57 58957 c:\windows\system32\spool\drivers\w32x86\3\SUGG1it.dat
+ 2011-01-13 15:29 . 2006-01-10 11:57 58957 c:\windows\system32\spool\drivers\w32x86\3\SUGG1it.dat
- 2007-12-25 10:52 . 2006-01-11 04:53 58042 c:\windows\system32\spool\drivers\w32x86\3\SUGG1hu.dat
+ 2011-01-13 15:29 . 2006-01-10 11:53 58042 c:\windows\system32\spool\drivers\w32x86\3\SUGG1hu.dat
- 2007-12-25 10:52 . 2006-01-11 04:53 60166 c:\windows\system32\spool\drivers\w32x86\3\SUGG1gr.dat
+ 2011-01-13 15:29 . 2006-01-10 11:53 60166 c:\windows\system32\spool\drivers\w32x86\3\SUGG1gr.dat
- 2007-12-25 10:52 . 2006-01-11 04:52 62902 c:\windows\system32\spool\drivers\w32x86\3\SUGG1fn.dat
+ 2011-01-13 15:29 . 2006-01-10 11:52 62902 c:\windows\system32\spool\drivers\w32x86\3\SUGG1fn.dat
- 2007-12-25 10:52 . 2006-01-11 04:52 56509 c:\windows\system32\spool\drivers\w32x86\3\SUGG1fi.dat
+ 2011-01-13 15:29 . 2006-01-10 11:52 56509 c:\windows\system32\spool\drivers\w32x86\3\SUGG1fi.dat
- 2007-12-25 10:52 . 2006-01-11 04:52 54019 c:\windows\system32\spool\drivers\w32x86\3\SUGG1en.dat
+ 2011-01-13 15:29 . 2006-01-10 11:52 54019 c:\windows\system32\spool\drivers\w32x86\3\SUGG1en.dat
+ 2011-01-13 15:29 . 2006-01-10 11:51 58276 c:\windows\system32\spool\drivers\w32x86\3\SUGG1dt.dat
- 2007-12-25 10:52 . 2006-01-11 04:51 58276 c:\windows\system32\spool\drivers\w32x86\3\SUGG1dt.dat
- 2007-12-25 10:52 . 2006-01-11 04:51 56098 c:\windows\system32\spool\drivers\w32x86\3\SUGG1dn.dat
+ 2011-01-13 15:29 . 2006-01-10 11:51 56098 c:\windows\system32\spool\drivers\w32x86\3\SUGG1dn.dat
+ 2011-01-13 15:29 . 2006-01-10 11:51 56046 c:\windows\system32\spool\drivers\w32x86\3\SUGG1cz.dat
- 2007-12-25 10:52 . 2006-01-11 04:51 56046 c:\windows\system32\spool\drivers\w32x86\3\SUGG1cz.dat
+ 2011-01-13 15:29 . 2006-01-10 11:48 46704 c:\windows\system32\spool\drivers\w32x86\3\SUGG1ct.dat
- 2007-12-25 10:52 . 2006-01-11 04:48 46704 c:\windows\system32\spool\drivers\w32x86\3\SUGG1ct.dat
- 2007-12-25 10:52 . 2006-01-11 04:47 46843 c:\windows\system32\spool\drivers\w32x86\3\SUGG1cp.dat
+ 2011-01-13 15:29 . 2006-01-10 11:47 46843 c:\windows\system32\spool\drivers\w32x86\3\SUGG1cp.dat
- 2007-12-25 10:52 . 2006-11-21 05:42 59616 c:\windows\system32\spool\drivers\w32x86\3\SUGG1bp.dat
+ 2011-01-13 15:29 . 2006-11-20 12:42 59616 c:\windows\system32\spool\drivers\w32x86\3\SUGG1bp.dat
+ 2012-01-03 19:48 . 2012-01-03 19:48 21840 c:\windows\system32\SIntfNT.dll
+ 2012-01-03 19:48 . 2012-01-03 19:48 17212 c:\windows\system32\SIntf32.dll
+ 2012-01-03 19:48 . 2012-01-03 19:48 12067 c:\windows\system32\SIntf16.dll
+ 2012-03-11 16:06 . 2011-11-22 15:28 11368 c:\windows\system32\RtkCoLDRXP.dll
+ 2012-03-11 16:06 . 2011-12-12 16:20 64616 c:\windows\system32\RtkCoInstIIXP.dll
+ 2005-03-02 14:39 . 2005-03-02 14:39 90432 c:\windows\system32\RFWNT.SYS
+ 2012-07-02 19:10 . 2001-11-09 16:01 24064 c:\windows\system32\ReinstallBackups\0043\DriverFiles\B129753\ativcoxx.dll
+ 2012-07-02 19:10 . 2011-12-06 02:18 17408 c:\windows\system32\ReinstallBackups\0043\DriverFiles\B129753\atitvo32.dll
+ 2012-07-02 19:10 . 2009-06-22 15:34 45056 c:\windows\system32\ReinstallBackups\0043\DriverFiles\B129753\ATIODCLI.exe
+ 2012-07-02 19:10 . 2011-12-06 02:10 65024 c:\windows\system32\ReinstallBackups\0043\DriverFiles\B129753\atimpc32.dll
+ 2012-07-02 19:10 . 2011-12-06 02:29 53248 c:\windows\system32\ReinstallBackups\0043\DriverFiles\B129753\ATIDDC.DLL
+ 2012-07-02 19:10 . 2011-12-06 03:26 57344 c:\windows\system32\ReinstallBackups\0043\DriverFiles\B129753\aticalrt.dll
+ 2012-07-02 19:10 . 2011-12-06 03:26 53248 c:\windows\system32\ReinstallBackups\0043\DriverFiles\B129753\aticalcl.dll
+ 2012-07-02 19:10 . 2011-12-06 02:32 26112 c:\windows\system32\ReinstallBackups\0043\DriverFiles\B129753\Ati2mdxx.exe
+ 2012-07-02 19:10 . 2011-12-06 02:12 53248 c:\windows\system32\ReinstallBackups\0043\DriverFiles\B129753\ati2erec.dll
+ 2012-07-02 19:10 . 2011-12-06 02:32 43520 c:\windows\system32\ReinstallBackups\0043\DriverFiles\B129753\ati2edxx.dll
+ 2012-03-11 16:07 . 2006-07-21 15:14 86016 c:\windows\system32\ReinstallBackups\0042\DriverFiles\SOUNDMAN.EXE
+ 2012-03-11 16:07 . 2004-08-03 22:58 23552 c:\windows\system32\ReinstallBackups\0042\DriverFiles\i386\wdmaud.drv
+ 2012-03-11 16:07 . 2004-08-03 22:08 48640 c:\windows\system32\ReinstallBackups\0042\DriverFiles\i386\stream.sys
+ 2012-03-11 16:07 . 2004-08-03 22:08 60288 c:\windows\system32\ReinstallBackups\0042\DriverFiles\i386\drmk.sys
+ 2012-03-11 16:07 . 2005-05-03 17:43 69632 c:\windows\system32\ReinstallBackups\0042\DriverFiles\ALCMTR.EXE
+ 2011-06-13 08:23 . 2010-04-27 14:57 31816 c:\windows\system32\ReinstallBackups\0040\DriverFiles\WmHidLo.sys
+ 2011-06-13 08:23 . 2004-08-03 21:08 24960 c:\windows\system32\ReinstallBackups\0040\DriverFiles\i386\hidparse.sys
+ 2011-06-13 08:23 . 2006-12-25 11:51 36864 c:\windows\system32\ReinstallBackups\0040\DriverFiles\i386\hidclass.sys
+ 2011-06-13 08:23 . 2004-08-04 12:00 20992 c:\windows\system32\ReinstallBackups\0040\DriverFiles\i386\hid.dll
+ 2011-06-13 08:24 . 2010-04-27 12:01 37704 c:\windows\system32\ReinstallBackups\0036\DriverFiles\WmFilter.sys
+ 2011-06-13 08:24 . 2010-04-27 14:57 15048 c:\windows\system32\ReinstallBackups\0021\DriverFiles\WmVirHid.sys
+ 2011-06-13 08:24 . 2010-04-27 14:57 66632 c:\windows\system32\ReinstallBackups\0020\DriverFiles\WmXlCore.sys
+ 2011-06-13 08:24 . 2010-04-27 14:57 22856 c:\windows\system32\ReinstallBackups\0020\DriverFiles\WmBEnum.sys
+ 2011-07-16 07:19 . 2011-03-04 19:44 59888 c:\windows\system32\pxwma.dll
+ 2009-04-07 14:39 . 2011-03-04 19:44 68592 c:\windows\system32\pxinsa64.exe
- 2009-04-07 14:39 . 2008-08-20 17:58 72176 c:\windows\system32\pxhpinst.exe
+ 2009-04-07 14:39 . 2011-03-04 19:44 72176 c:\windows\system32\pxhpinst.exe
+ 2009-04-07 14:39 . 2011-03-04 19:44 68080 c:\windows\system32\pxcpya64.exe
+ 2011-12-05 21:03 . 2011-12-05 21:03 54784 c:\windows\system32\OVDecode.dll
+ 2011-12-05 21:04 . 2011-12-05 21:04 59904 c:\windows\system32\OpenVideo.dll
+ 2011-12-05 21:02 . 2011-12-05 21:02 44032 c:\windows\system32\OpenCL.dll
+ 2003-04-18 14:29 . 2003-04-19 00:29 82432 c:\windows\system32\msxml4r.dll
- 2003-04-18 14:29 . 2003-04-18 14:29 82432 c:\windows\system32\msxml4r.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03 81744 c:\windows\system32\mfcm100u.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03 81744 c:\windows\system32\mfcm100.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03 60752 c:\windows\system32\mfc100rus.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03 43344 c:\windows\system32\mfc100kor.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03 43856 c:\windows\system32\mfc100jpn.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03 62288 c:\windows\system32\mfc100ita.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03 64336 c:\windows\system32\mfc100fra.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03 63824 c:\windows\system32\mfc100esn.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03 55120 c:\windows\system32\mfc100enu.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03 64336 c:\windows\system32\mfc100deu.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03 36176 c:\windows\system32\mfc100cht.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03 36176 c:\windows\system32\mfc100chs.dll
+ 2011-05-28 18:42 . 2001-09-24 07:41 69632 c:\windows\system32\LVUI2RC.dll
+ 2011-05-28 18:42 . 2001-09-24 07:39 98304 c:\windows\system32\LVComS.exe
+ 2011-05-28 18:42 . 2001-09-24 07:39 57344 c:\windows\system32\LVComC.dll
+ 2011-05-28 18:42 . 2001-09-24 07:18 21504 c:\windows\system32\jpgl.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 70472 c:\windows\system32\dxva2.dll
+ 2012-06-28 15:48 . 2012-01-15 17:40 25512 c:\windows\system32\DRVSTORE\zeus_1283762158262ED421CE28A24CFC29018AE5B0F0\x86\ggsemc.sys
+ 2012-06-28 15:48 . 2012-01-15 17:40 13224 c:\windows\system32\DRVSTORE\zeus_1283762158262ED421CE28A24CFC29018AE5B0F0\x86\ggflt.sys
+ 2011-11-05 08:37 . 2009-09-09 17:24 62424 c:\windows\system32\DRVSTORE\xusb21_0EC413ACC59D625240DD4FD73E5D586003F09393\x86\xusb21.sys
+ 2012-06-28 15:48 . 2012-01-15 17:40 25512 c:\windows\system32\DRVSTORE\ste8500_C5365E86AD16BCA0C46BAC8265B0C57C7598C833\x86\ggsemc.sys
+ 2012-06-28 15:48 . 2012-01-15 17:40 13224 c:\windows\system32\DRVSTORE\ste8500_C5365E86AD16BCA0C46BAC8265B0C57C7598C833\x86\ggflt.sys
+ 2012-06-28 15:48 . 2012-01-15 17:40 25512 c:\windows\system32\DRVSTORE\pnx6513_4F315AA11954B91EF014015EBDF8EEAE2F31CC8D\x86\ggsemc.sys
+ 2012-06-28 15:48 . 2012-01-15 17:40 13224 c:\windows\system32\DRVSTORE\pnx6513_4F315AA11954B91EF014015EBDF8EEAE2F31CC8D\x86\ggflt.sys
+ 2012-06-28 15:48 . 2012-01-15 17:40 25512 c:\windows\system32\DRVSTORE\pnx4910_A5AA9D360CFAC6085FD76F7289F827094FDCDBA9\x86\ggsemc.sys
+ 2012-06-28 15:48 . 2012-01-15 17:40 13224 c:\windows\system32\DRVSTORE\pnx4910_A5AA9D360CFAC6085FD76F7289F827094FDCDBA9\x86\ggflt.sys
+ 2012-06-28 15:48 . 2012-01-15 17:40 25512 c:\windows\system32\DRVSTORE\omap3430_8868D88B07B45D82FC6928CD6D65F6F08211771E\x86\ggsemc.sys
+ 2012-06-28 15:48 . 2012-01-15 17:40 13224 c:\windows\system32\DRVSTORE\omap3430_8868D88B07B45D82FC6928CD6D65F6F08211771E\x86\ggflt.sys
+ 2012-04-28 09:29 . 2011-08-10 14:39 21784 c:\windows\system32\DRVSTORE\nuidfltr_E43E90E372F0A2F8BC202108BA821FE6CFC086E0\NuidFltr.sys
+ 2012-06-28 15:48 . 2012-01-15 17:40 25512 c:\windows\system32\DRVSTORE\ggsemc_69474B299F8096A4E4CB4CE6EB0E19FC32D18E55\x86\ggsemc.sys
+ 2012-06-28 15:48 . 2012-01-15 17:40 13224 c:\windows\system32\DRVSTORE\ggsemc_69474B299F8096A4E4CB4CE6EB0E19FC32D18E55\x86\ggflt.sys
+ 2012-04-28 09:29 . 2011-08-10 14:39 45288 c:\windows\system32\DRVSTORE\dc3du_39E47C72985BACB24FE918E6F37284425E557DA1\dc3d.sys
+ 2012-07-02 19:10 . 2012-06-11 16:51 83495 c:\windows\system32\DRVSTORE\CX141405_2DFBF2E57FDFFA308C58FBEE75326DD43CF4065D\B140419\oemdspif.dll
+ 2012-07-02 19:10 . 2001-11-09 16:01 12614 c:\windows\system32\DRVSTORE\CX141405_2DFBF2E57FDFFA308C58FBEE75326DD43CF4065D\B140419\ativcoxx.dll
+ 2012-07-02 19:10 . 2010-08-27 18:32 81222 c:\windows\system32\DRVSTORE\CX141405_2DFBF2E57FDFFA308C58FBEE75326DD43CF4065D\B140419\atiode.exe
+ 2012-07-02 19:10 . 2009-06-22 15:34 25130 c:\windows\system32\DRVSTORE\CX141405_2DFBF2E57FDFFA308C58FBEE75326DD43CF4065D\B140419\atiodcli.exe
+ 2012-07-02 19:10 . 2012-06-11 16:25 41668 c:\windows\system32\DRVSTORE\CX141405_2DFBF2E57FDFFA308C58FBEE75326DD43CF4065D\B140419\atimpc32.dll
+ 2012-07-02 19:10 . 2012-06-11 16:48 28695 c:\windows\system32\DRVSTORE\CX141405_2DFBF2E57FDFFA308C58FBEE75326DD43CF4065D\B140419\atiddc.dll
+ 2012-07-02 19:10 . 2009-05-11 21:35 71662 c:\windows\system32\DRVSTORE\CX141405_2DFBF2E57FDFFA308C58FBEE75326DD43CF4065D\B140419\atibtmon.exe
+ 2012-07-02 19:10 . 2012-06-11 16:45 62331 c:\windows\system32\DRVSTORE\CX141405_2DFBF2E57FDFFA308C58FBEE75326DD43CF4065D\B140419\atiapfxx.exe
+ 2012-07-02 19:10 . 2012-06-11 16:51 16311 c:\windows\system32\DRVSTORE\CX141405_2DFBF2E57FDFFA308C58FBEE75326DD43CF4065D\B140419\ati2mdxx.exe
+ 2012-07-02 19:10 . 2012-06-11 16:33 13670 c:\windows\system32\DRVSTORE\CX141405_2DFBF2E57FDFFA308C58FBEE75326DD43CF4065D\B140419\ati2erec.dll
+ 2012-07-02 19:10 . 2012-06-11 16:51 28839 c:\windows\system32\DRVSTORE\CX141405_2DFBF2E57FDFFA308C58FBEE75326DD43CF4065D\B140419\ati2edxx.dll
+ 2012-07-02 14:39 . 2012-05-23 01:28 83495 c:\windows\system32\DRVSTORE\CX139737_6CED53E4302B689D15AAA27726CAFB621DBDE3A4\B139213\oemdspif.dll
+ 2012-07-02 14:39 . 2001-11-09 16:01 12614 c:\windows\system32\DRVSTORE\CX139737_6CED53E4302B689D15AAA27726CAFB621DBDE3A4\B139213\ativcoxx.dll
+ 2012-07-02 14:39 . 2010-08-27 18:32 81222 c:\windows\system32\DRVSTORE\CX139737_6CED53E4302B689D15AAA27726CAFB621DBDE3A4\B139213\atiode.exe
+ 2012-07-02 14:39 . 2009-06-22 15:34 25130 c:\windows\system32\DRVSTORE\CX139737_6CED53E4302B689D15AAA27726CAFB621DBDE3A4\B139213\atiodcli.exe
+ 2012-07-02 14:39 . 2012-05-23 01:06 41673 c:\windows\system32\DRVSTORE\CX139737_6CED53E4302B689D15AAA27726CAFB621DBDE3A4\B139213\atimpc32.dll
+ 2012-07-02 14:39 . 2012-05-23 01:25 28695 c:\windows\system32\DRVSTORE\CX139737_6CED53E4302B689D15AAA27726CAFB621DBDE3A4\B139213\atiddc.dll
+ 2012-07-02 14:39 . 2009-05-11 21:35 71662 c:\windows\system32\DRVSTORE\CX139737_6CED53E4302B689D15AAA27726CAFB621DBDE3A4\B139213\atibtmon.exe
+ 2012-07-02 14:39 . 2012-05-23 01:21 62331 c:\windows\system32\DRVSTORE\CX139737_6CED53E4302B689D15AAA27726CAFB621DBDE3A4\B139213\atiapfxx.exe
+ 2012-07-02 14:39 . 2012-05-23 01:28 16310 c:\windows\system32\DRVSTORE\CX139737_6CED53E4302B689D15AAA27726CAFB621DBDE3A4\B139213\ati2mdxx.exe
+ 2012-07-02 14:39 . 2012-05-23 01:05 13670 c:\windows\system32\DRVSTORE\CX139737_6CED53E4302B689D15AAA27726CAFB621DBDE3A4\B139213\ati2erec.dll
+ 2012-07-02 14:39 . 2012-05-23 01:27 28839 c:\windows\system32\DRVSTORE\CX139737_6CED53E4302B689D15AAA27726CAFB621DBDE3A4\B139213\ati2edxx.dll
+ 2012-02-04 09:14 . 2011-12-06 02:33 81679 c:\windows\system32\DRVSTORE\CX132103_19CCC5E312006EE735A1627DB1DD4A60ABAE0F50\B129753\oemdspif.dll
+ 2012-02-04 09:14 . 2001-11-09 16:01 12614 c:\windows\system32\DRVSTORE\CX132103_19CCC5E312006EE735A1627DB1DD4A60ABAE0F50\B129753\ativcoxx.dll
+ 2012-02-04 09:14 . 2010-08-27 19:32 81222 c:\windows\system32\DRVSTORE\CX132103_19CCC5E312006EE735A1627DB1DD4A60ABAE0F50\B129753\atiode.exe
+ 2012-02-04 09:14 . 2009-06-22 16:34 25130 c:\windows\system32\DRVSTORE\CX132103_19CCC5E312006EE735A1627DB1DD4A60ABAE0F50\B129753\atiodcli.exe
+ 2012-02-04 09:14 . 2011-12-06 02:10 41500 c:\windows\system32\DRVSTORE\CX132103_19CCC5E312006EE735A1627DB1DD4A60ABAE0F50\B129753\atimpc32.dll
+ 2012-02-04 09:14 . 2011-12-06 02:29 28699 c:\windows\system32\DRVSTORE\CX132103_19CCC5E312006EE735A1627DB1DD4A60ABAE0F50\B129753\atiddc.dll
+ 2012-02-04 09:14 . 2011-12-06 03:26 29982 c:\windows\system32\DRVSTORE\CX132103_19CCC5E312006EE735A1627DB1DD4A60ABAE0F50\B129753\aticalrt.dll
+ 2012-02-04 09:14 . 2011-12-06 03:26 29023 c:\windows\system32\DRVSTORE\CX132103_19CCC5E312006EE735A1627DB1DD4A60ABAE0F50\B129753\aticalcl.dll
+ 2012-02-04 09:14 . 2009-05-11 22:35 71662 c:\windows\system32\DRVSTORE\CX132103_19CCC5E312006EE735A1627DB1DD4A60ABAE0F50\B129753\atibtmon.exe
+ 2012-02-04 09:14 . 2011-12-06 02:28 61530 c:\windows\system32\DRVSTORE\CX132103_19CCC5E312006EE735A1627DB1DD4A60ABAE0F50\B129753\atiapfxx.exe
+ 2012-02-04 09:14 . 2011-12-06 02:32 16308 c:\windows\system32\DRVSTORE\CX132103_19CCC5E312006EE735A1627DB1DD4A60ABAE0F50\B129753\ati2mdxx.exe
+ 2012-02-04 09:14 . 2011-12-06 02:12 13668 c:\windows\system32\DRVSTORE\CX132103_19CCC5E312006EE735A1627DB1DD4A60ABAE0F50\B129753\ati2erec.dll
+ 2012-02-04 09:14 . 2011-12-06 02:32 28843 c:\windows\system32\DRVSTORE\CX132103_19CCC5E312006EE735A1627DB1DD4A60ABAE0F50\B129753\ati2edxx.dll
+ 2011-12-28 19:02 . 2011-01-26 22:31 81691 c:\windows\system32\DRVSTORE\CX113662_CDE1B1CDD7D29A047CD158502AD05F7B4339882B\B112566\oemdspif.dll
+ 2011-12-28 19:02 . 2001-11-09 16:01 12614 c:\windows\system32\DRVSTORE\CX113662_CDE1B1CDD7D29A047CD158502AD05F7B4339882B\B112566\ativcoxx.dll
+ 2011-12-28 19:02 . 2010-08-27 19:32 81222 c:\windows\system32\DRVSTORE\CX113662_CDE1B1CDD7D29A047CD158502AD05F7B4339882B\B112566\atiode.exe
+ 2011-12-28 19:02 . 2009-06-22 16:34 25130 c:\windows\system32\DRVSTORE\CX113662_CDE1B1CDD7D29A047CD158502AD05F7B4339882B\B112566\atiodcli.exe
+ 2011-12-28 19:02 . 2011-01-26 22:12 41424 c:\windows\system32\DRVSTORE\CX113662_CDE1B1CDD7D29A047CD158502AD05F7B4339882B\B112566\atimpc32.dll
+ 2011-12-28 19:02 . 2011-01-26 22:28 28700 c:\windows\system32\DRVSTORE\CX113662_CDE1B1CDD7D29A047CD158502AD05F7B4339882B\B112566\atiddc.dll
+ 2011-12-28 19:02 . 2011-01-26 23:01 29987 c:\windows\system32\DRVSTORE\CX113662_CDE1B1CDD7D29A047CD158502AD05F7B4339882B\B112566\aticalrt.dll
+ 2011-12-28 19:02 . 2011-01-26 23:00 29024 c:\windows\system32\DRVSTORE\CX113662_CDE1B1CDD7D29A047CD158502AD05F7B4339882B\B112566\aticalcl.dll
+ 2011-12-28 19:02 . 2009-05-11 22:35 71662 c:\windows\system32\DRVSTORE\CX113662_CDE1B1CDD7D29A047CD158502AD05F7B4339882B\B112566\atibtmon.exe
+ 2011-12-28 19:02 . 2011-01-26 22:27 55072 c:\windows\system32\DRVSTORE\CX113662_CDE1B1CDD7D29A047CD158502AD05F7B4339882B\B112566\atiapfxx.exe
+ 2011-12-28 19:02 . 2011-01-26 22:31 16309 c:\windows\system32\DRVSTORE\CX113662_CDE1B1CDD7D29A047CD158502AD05F7B4339882B\B112566\ati2mdxx.exe
+ 2011-12-28 19:02 . 2011-01-26 22:12 13650 c:\windows\system32\DRVSTORE\CX113662_CDE1B1CDD7D29A047CD158502AD05F7B4339882B\B112566\ati2erec.dll
+ 2011-12-28 19:02 . 2011-01-26 22:31 28842 c:\windows\system32\DRVSTORE\CX113662_CDE1B1CDD7D29A047CD158502AD05F7B4339882B\B112566\ati2edxx.dll
+ 2012-06-28 15:48 . 2012-01-15 17:40 31312 c:\windows\system32\DRVSTORE\android_us_214A9477F8D7526BE9A5C9EA4868C3CCEF8358E9\i386\androidusb.sys
+ 2012-06-28 15:48 . 2012-01-15 17:40 10144 c:\windows\system32\DRVSTORE\android_te_B7CD208B2DC5811423DE0060B747924E143A6EB9\i386\ssadwhnt.sys
+ 2012-06-28 15:48 . 2012-01-15 17:40 96416 c:\windows\system32\DRVSTORE\android_te_B7CD208B2DC5811423DE0060B747924E143A6EB9\i386\ssadbus.sys
+ 2010-01-14 22:46 . 2010-01-14 23:08 59664 c:\windows\system32\drivers\TfSysMon.sys
+ 2010-01-14 22:46 . 2010-01-14 23:08 33552 c:\windows\system32\drivers\TfNetMon.sys
+ 2010-01-14 22:45 . 2010-01-14 23:08 51984 c:\windows\system32\drivers\TfFsMon.sys
+ 2006-08-11 13:47 . 2006-08-11 13:47 59776 c:\windows\system32\drivers\sfsync04.sys
+ 2006-06-14 14:56 . 2006-06-14 14:56 13680 c:\windows\system32\drivers\sfhlp02.sys
+ 2006-07-05 12:46 . 2006-07-05 12:46 63352 c:\windows\system32\drivers\sfdrv01a.sys
+ 2011-01-13 15:28 . 2006-01-10 12:00 56215 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1tk.dat
- 2007-12-25 10:51 . 2006-01-11 05:00 56215 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1tk.dat
- 2007-12-25 10:51 . 2006-01-11 04:59 55410 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1sw.dat
+ 2011-01-13 15:28 . 2006-01-10 11:59 55410 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1sw.dat
+ 2011-01-13 15:28 . 2006-01-10 11:59 59692 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1sp.dat
- 2007-12-25 10:51 . 2006-01-11 04:59 59692 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1sp.dat
- 2007-12-25 10:51 . 2006-01-11 04:59 57303 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1ru.dat
+ 2011-01-13 15:28 . 2006-01-10 11:59 57303 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1ru.dat
+ 2011-01-13 15:28 . 2006-01-10 11:58 59873 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1pt.dat
- 2007-12-25 10:51 . 2006-01-11 04:58 59873 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1pt.dat
+ 2011-01-13 15:28 . 2006-01-10 11:58 57083 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1po.dat
- 2007-12-25 10:51 . 2006-01-11 04:58 57083 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1po.dat
+ 2011-01-13 15:28 . 2006-01-10 11:58 55040 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1nr.dat
- 2007-12-25 10:51 . 2006-01-11 04:58 55040 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1nr.dat
+ 2011-01-13 15:28 . 2006-09-01 05:05 22663 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1lmk.dll
- 2007-12-25 10:51 . 2006-09-01 22:05 22663 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1lmk.dll
+ 2011-01-13 15:28 . 2005-07-05 11:53 53248 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1lf.dll
- 2007-12-25 10:51 . 2005-07-06 04:53 53248 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1lf.dll
+ 2011-01-13 15:28 . 2006-01-10 11:58 52112 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1kr.dat
- 2007-12-25 10:51 . 2006-01-11 04:58 52112 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1kr.dat
+ 2011-01-13 15:28 . 2006-01-10 11:57 58957 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1it.dat
- 2007-12-25 10:51 . 2006-01-11 04:57 58957 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1it.dat
+ 2011-01-13 15:28 . 2006-01-10 11:53 58042 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1hu.dat
- 2007-12-25 10:51 . 2006-01-11 04:53 58042 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1hu.dat
+ 2011-01-13 15:28 . 2006-01-10 11:53 60166 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1gr.dat
- 2007-12-25 10:51 . 2006-01-11 04:53 60166 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1gr.dat
+ 2011-01-13 15:28 . 2006-01-10 11:52 62902 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1fn.dat
- 2007-12-25 10:51 . 2006-01-11 04:52 62902 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1fn.dat
- 2007-12-25 10:51 . 2006-01-11 04:52 56509 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1fi.dat
+ 2011-01-13 15:28 . 2006-01-10 11:52 56509 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1fi.dat
- 2007-12-25 10:51 . 2006-01-11 04:52 54019 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1en.dat
+ 2011-01-13 15:28 . 2006-01-10 11:52 54019 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1en.dat
+ 2011-01-13 15:28 . 2006-01-10 11:51 58276 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1dt.dat
- 2007-12-25 10:51 . 2006-01-11 04:51 58276 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1dt.dat
+ 2011-01-13 15:28 . 2006-01-10 11:51 56098 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1dn.dat
- 2007-12-25 10:51 . 2006-01-11 04:51 56098 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1dn.dat
+ 2011-01-13 15:28 . 2006-01-10 11:51 56046 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1cz.dat
- 2007-12-25 10:51 . 2006-01-11 04:51 56046 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1cz.dat
+ 2011-01-13 15:28 . 2006-01-10 11:48 46704 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1ct.dat
- 2007-12-25 10:51 . 2006-01-11 04:48 46704 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1ct.dat
- 2007-12-25 10:51 . 2006-01-11 04:47 46843 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1cp.dat
+ 2011-01-13 15:28 . 2006-01-10 11:47 46843 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1cp.dat
- 2007-12-25 10:51 . 2004-10-12 05:25 57344 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1CI.dll
+ 2011-01-13 15:28 . 2004-10-11 12:25 57344 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1CI.dll
- 2007-12-25 10:51 . 2006-11-21 05:42 59616 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1bp.dat
+ 2011-01-13 15:28 . 2006-11-20 12:42 59616 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1bp.dat
+ 2012-03-11 16:06 . 2011-11-24 10:37 21736 c:\windows\system32\drivers\RTAIODAT.DAT
+ 2009-04-07 14:39 . 2011-03-04 19:44 45648 c:\windows\system32\drivers\PxHelp20.sys
+ 2010-09-01 08:30 . 2010-09-01 08:30 15544 c:\windows\system32\drivers\psi_mf.sys
- 2007-12-25 10:51 . 2006-06-12 18:06 41984 c:\windows\system32\drivers\DGIVECP.SYS
+ 2007-12-25 10:51 . 2006-06-12 01:06 41984 c:\windows\system32\drivers\DGIVECP.SYS
+ 2006-11-10 13:08 . 2006-11-10 13:08 24064 c:\windows\system32\drivers\ATITool.sys
+ 2010-11-13 10:49 . 2010-04-16 15:20 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2011-12-28 19:02 . 2001-11-09 16:01 24064 c:\windows\system32\ativcoxx.dll
+ 2011-12-28 19:02 . 2009-06-22 15:34 45056 c:\windows\system32\ATIODCLI.exe
+ 2010-03-18 14:47 . 2010-03-18 14:47 17760 c:\windows\system32\aspnet_counters.dll
+ 2012-01-03 19:46 . 2000-08-14 00:15 61440 c:\windows\system\mmxImage.dll
+ 2012-01-03 19:46 . 1999-01-27 04:15 24064 c:\windows\system\borlndmm.dll
+ 2005-10-09 09:27 . 2010-11-03 17:15 84584 c:\windows\SOUNDMAN.EXE
+ 2012-02-25 12:37 . 2007-05-29 23:21 45056 c:\windows\Samsung\PanelMgr\SPaddon.exe
- 2007-12-25 10:53 . 2007-05-30 16:21 45056 c:\windows\Samsung\PanelMgr\SPaddon.exe
+ 2010-03-18 14:47 . 2010-03-18 14:47 97624 c:\windows\Microsoft.NET\Framework\v4.0.30319\XamlBuildTask.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 87408 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsFormsIntegration.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 93024 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationTypes.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 35688 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationProvider.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 17784 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Presentation.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 58240 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Input.Manipulations.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 67912 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PenIMC.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 31576 c:\windows\Microsoft.NET\Framework\v4.0.30319\WMINet_Utils.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 14160 c:\windows\Microsoft.NET\Framework\v4.0.30319\webengine.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 69960 c:\windows\Microsoft.NET\Framework\v4.0.30319\TLBREF.DLL
+ 2010-03-18 14:47 . 2010-03-18 14:47 29544 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Xaml.Hosting.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 70040 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.DataVisualization.Design.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 24928 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Routing.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 81272 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.RegularExpressions.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 33144 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.DynamicData.Design.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 93576 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.DataVisualization.Design.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 44920 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.ApplicationServices.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 24944 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Abstractions.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 28024 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.WasHosting.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 12168 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.ServiceMoniker40.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 37240 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Channels.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 95592 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Caching.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 64352 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Numerics.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 45952 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.Thunk.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 86888 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.Design.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 51032 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Device.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 50552 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.DataSetExtensions.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 81784 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Configuration.Install.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 81800 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.DataAnnotations.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 39784 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.Contract.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 68952 c:\windows\Microsoft.NET\Framework\v4.0.30319\SMDiagnostics.dll
+ 2010-03-18 19:58 . 2010-03-18 19:58 96088 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\SetupUtility.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 78152 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\3082\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\3076\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\2070\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\2052\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1055\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1053\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1049\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1046\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1045\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1044\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 19288 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1043\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 15192 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1042\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 15704 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1041\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1040\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1038\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 16728 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1037\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1036\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1035\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1033\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 19288 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1032\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1031\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1030\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1029\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1028\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1025\SetupResources.dll
+ 2010-03-18 19:58 . 2010-03-18 19:58 96088 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\SetupUtility.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 78152 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\3082\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\3076\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\2070\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\2052\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1055\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1053\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1049\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1046\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1045\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1044\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 19288 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1043\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 15192 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1042\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 15704 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1041\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1040\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1038\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 16728 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1037\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1036\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1035\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1033\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 19288 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1032\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1031\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1030\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1029\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1028\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1025\SetupResources.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 17256 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceMonikerSupport.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 13648 c:\windows\Microsoft.NET\Framework\v4.0.30319\SbsNclPerf.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 58192 c:\windows\Microsoft.NET\Framework\v4.0.30319\regtlibv12.exe
+ 2010-03-18 11:16 . 2010-03-18 11:16 32592 c:\windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
+ 2010-03-18 11:16 . 2010-03-18 11:16 52040 c:\windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
+ 2010-03-18 11:16 . 2010-03-18 11:16 21336 c:\windows\Microsoft.NET\Framework\v4.0.30319\normalization.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 27984 c:\windows\Microsoft.NET\Framework\v4.0.30319\MUI\0409\mscorsecr.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 15184 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsn.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 40784 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorpe.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 20816 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscoreeis.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 96592 c:\windows\Microsoft.NET\Framework\v4.0.30319\MmcAspExt.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 21880 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe
+ 2010-03-18 14:47 . 2010-03-18 14:47 40304 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualC.STLCLR.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 12128 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualC.Dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 97680 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 38784 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Data.Entity.Build.Tasks.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 67968 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.Conversion.v4.0.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 36168 c:\windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
+ 2010-03-18 11:16 . 2010-03-18 11:16 78168 c:\windows\Microsoft.NET\Framework\v4.0.30319\ISymWrapper.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 58200 c:\windows\Microsoft.NET\Framework\v4.0.30319\InstallUtilLib.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 27992 c:\windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
+ 2010-03-18 11:16 . 2010-03-18 11:16 42312 c:\windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 84296 c:\windows\Microsoft.NET\Framework\v4.0.30319\EdmGen.exe
+ 2010-03-18 11:16 . 2010-03-18 11:16 11592 c:\windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
+ 2010-03-18 11:16 . 2010-03-18 11:16 88904 c:\windows\Microsoft.NET\Framework\v4.0.30319\dfdll.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 60248 c:\windows\Microsoft.NET\Framework\v4.0.30319\DataSvcUtil.exe
+ 2010-03-18 11:16 . 2010-03-18 11:16 31048 c:\windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
+ 2010-03-18 11:16 . 2010-03-18 11:16 81248 c:\windows\Microsoft.NET\Framework\v4.0.30319\CustomMarshalers.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 44368 c:\windows\Microsoft.NET\Framework\v4.0.30319\Culture.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 95048 c:\windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
+ 2010-03-18 14:47 . 2010-03-18 14:47 32592 c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe
+ 2010-03-18 14:47 . 2010-03-18 14:47 35160 c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
+ 2010-03-18 14:47 . 2010-03-18 14:47 30040 c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
+ 2010-03-18 14:47 . 2010-03-18 14:47 19808 c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
+ 2010-03-18 14:47 . 2010-03-18 14:47 78160 c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_rc.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 30040 c:\windows\Microsoft.NET\Framework\v4.0.30319\Aspnet_perf.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 24408 c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_filter.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 30048 c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
+ 2010-03-18 11:16 . 2010-03-18 11:16 29008 c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe
+ 2010-03-18 11:16 . 2010-03-18 11:16 29528 c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
+ 2010-03-18 11:16 . 2010-03-18 11:16 29016 c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe
+ 2010-03-18 11:16 . 2010-03-18 11:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\Accessibility.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 11608 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\FileTrackerUI.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 10064 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\CvtResUI.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 24400 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\alinkui.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorlib.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 13648 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 13648 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 13648 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 13648 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 13648 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 13648 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 13648 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 13648 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 13648 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2011-09-01 09:34 . 2011-09-01 09:34 97624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2011-09-01 09:34 . 2011-09-01 09:34 29544 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2011-09-01 09:34 . 2011-09-01 09:34 70040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisua lization.Design.dll
+ 2011-09-01 09:34 . 2011-09-01 09:34 24928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2011-09-01 09:34 . 2011-09-01 09:34 81272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-09-01 09:34 . 2011-09-01 09:34 33144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2011-09-01 09:34 . 2011-09-01 09:34 93576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2011-09-01 09:34 . 2011-09-01 09:34 24944 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2011-09-01 09:34 . 2011-09-01 09:34 28024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2011-09-01 09:34 . 2011-09-01 09:34 12168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dl l
+ 2011-09-01 09:29 . 2011-09-01 09:29 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2011-09-01 09:34 . 2011-09-01 09:34 95592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2011-09-01 09:34 . 2011-09-01 09:34 86888 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations. dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2011-09-01 09:34 . 2011-09-01 09:34 21880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe
+ 2011-09-01 09:29 . 2011-09-01 09:29 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-09-01 09:34 . 2011-09-01 09:34 40304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibilit y.Data.dll
+ 2011-09-01 09:34 . 2011-09-01 09:34 67968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-12-29 19:09 . 2011-12-29 19:09 26112 c:\windows\Installer\64a14e.msi
+ 2012-02-27 13:12 . 2012-02-27 13:12 22016 c:\windows\Installer\5753bc.msi
+ 2011-01-05 10:01 . 2011-01-05 10:01 26112 c:\windows\Installer\3a2b0.msi
+ 2012-02-18 19:23 . 2012-02-18 19:23 22528 c:\windows\Installer\2521087.msi
+ 2012-06-23 16:13 . 2012-06-23 16:13 28672 c:\windows\Installer\1326a6.msi
+ 2012-07-02 14:42 . 2012-07-02 14:42 10134 c:\windows\Installer\{FC050491-5596-A401-BDC7-CC58852A6DF8}\ARPPRODUCTICON.exe
+ 2012-07-02 14:42 . 2012-07-02 14:42 10134 c:\windows\Installer\{F987807D-8C05-9FE6-06E9-12CD0BBCB646}\ARPPRODUCTICON.exe
+ 2012-07-02 14:42 . 2012-07-02 14:42 10134 c:\windows\Installer\{F4B3FFE1-A912-5A60-722A-EABCC17D1017}\ARPPRODUCTICON.exe
+ 2012-07-02 14:42 . 2012-07-02 14:42 10134 c:\windows\Installer\{F0829F00-CF11-4842-6874-5293A289963A}\ARPPRODUCTICON.exe
+ 2012-07-02 14:42 . 2012-07-02 14:42 10134 c:\windows\Installer\{F0085545-93D5-38EB-0289-1F8324246C46}\ARPPRODUCTICON.exe
+ 2012-07-03 04:57 . 2012-07-03 04:57 88102 c:\windows\Installer\{E9697AD2-F178-0181-AF10-8B086F5D3C22}\NewShortcut5_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2012-07-03 04:57 . 2012-07-03 04:57 88102 c:\windows\Installer\{E9697AD2-F178-0181-AF10-8B086F5D3C22}\NewShortcut4_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2012-07-03 04:57 . 2012-07-03 04:57 88102 c:\windows\Installer\{E9697AD2-F178-0181-AF10-8B086F5D3C22}\NewShortcut3_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2012-07-03 04:56 . 2012-07-03 04:57 88102 c:\windows\Installer\{E9697AD2-F178-0181-AF10-8B086F5D3C22}\NewShortcut2_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2012-07-03 04:56 . 2012-07-03 04:56 88102 c:\windows\Installer\{E9697AD2-F178-0181-AF10-8B086F5D3C22}\ARPPRODUCTICON.exe
+ 2012-07-02 14:42 . 2012-07-02 14:42 10134 c:\windows\Installer\{E8A70381-3FED-9302-6061-AA75FC65C70B}\ARPPRODUCTICON.exe
+ 2012-07-02 14:41 . 2012-07-02 14:41 10134 c:\windows\Installer\{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}\ARPPRODUCTICON.exe
+ 2012-07-02 14:42 . 2012-07-02 14:42 10134 c:\windows\Installer\{DF5D238D-8F65-8810-E258-AF6E3A63AA00}\ARPPRODUCTICON.exe
+ 2012-07-02 14:42 . 2012-07-02 14:42 10134 c:\windows\Installer\{D897A150-96DE-0800-FB34-3136C5E4D197}\ARPPRODUCTICON.exe
+ 2012-07-02 14:41 . 2012-07-02 14:41 10134 c:\windows\Installer\{D3654E61-63C1-6F8E-FF45-B201A451EA64}\ARPPRODUCTICON.exe
+ 2012-07-02 14:42 . 2012-07-02 14:42 10134 c:\windows\Installer\{CCB3AEF4-868A-2380-3D4A-0E210C11684F}\ARPPRODUCTICON.exe
+ 2011-12-28 19:05 . 2011-12-28 19:05 77542 c:\windows\Installer\{CC551765-6250-3F18-CEDB-5402C9B1CE6C}\ARPPRODUCTICON.exe
+ 2012-02-04 09:14 . 2012-02-04 09:14 88102 c:\windows\Installer\{C4186C0D-FB9F-5D83-21FB-A737A13EFAE6}\NewShortcut5_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2012-02-04 09:14 . 2012-02-04 09:14 88102 c:\windows\Installer\{C4186C0D-FB9F-5D83-21FB-A737A13EFAE6}\NewShortcut4_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2012-02-04 09:14 . 2012-02-04 09:14 88102 c:\windows\Installer\{C4186C0D-FB9F-5D83-21FB-A737A13EFAE6}\NewShortcut3_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2012-02-04 09:14 . 2012-02-04 09:14 88102 c:\windows\Installer\{C4186C0D-FB9F-5D83-21FB-A737A13EFAE6}\NewShortcut2_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2012-07-02 14:42 . 2012-07-02 14:42 10134 c:\windows\Installer\{BA263F1F-C34D-4F76-25E2-B9EEBE5958F1}\ARPPRODUCTICON.exe
+ 2012-07-02 14:42 . 2012-07-02 14:42 10134 c:\windows\Installer\{B980C8CC-DD6A-E617-B1C1-9CD4837AF8F8}\ARPPRODUCTICON.exe
+ 2012-07-02 14:41 . 2012-07-02 14:41 10134 c:\windows\Installer\{B94E7B34-E756-3458-A0E1-C31AF84DF78A}\ARPPRODUCTICON.exe
+ 2012-07-02 14:41 . 2012-07-02 14:41 10134 c:\windows\Installer\{B182F3FD-7D69-EF3D-CD95-48FE7BA5E2CF}\ARPPRODUCTICON.exe
+ 2012-02-04 09:13 . 2012-02-04 09:13 10134 c:\windows\Installer\{ADD24D05-DDEA-39CB-0E92-AA371AEE2894}\ARPPRODUCTICON.exe
+ 2012-02-04 09:19 . 2012-02-04 09:19 10134 c:\windows\Installer\{A25FF1C0-80B6-4B8B-A551-DC525697A408}\ARPPRODUCTICON.exe
+ 2005-10-09 12:27 . 2011-05-11 14:32 45056 c:\windows\Installer\{911B0407-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2005-10-09 12:27 . 2010-12-15 14:18 45056 c:\windows\Installer\{911B0407-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2005-10-09 12:27 . 2011-05-11 14:32 22528 c:\windows\Installer\{911B0407-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2005-10-09 12:27 . 2010-12-15 14:18 22528 c:\windows\Installer\{911B0407-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2005-10-09 12:27 . 2010-12-15 14:18 16384 c:\windows\Installer\{911B0407-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2005-10-09 12:27 . 2011-05-11 14:32 16384 c:\windows\Installer\{911B0407-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2005-10-09 12:27 . 2010-12-15 14:18 34304 c:\windows\Installer\{911B0407-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2005-10-09 12:27 . 2011-05-11 14:32 34304 c:\windows\Installer\{911B0407-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2012-07-02 14:38 . 2012-07-02 14:38 10134 c:\windows\Installer\{900E3011-5B24-70C8-A038-A36A70A4FB6E}\ARPPRODUCTICON.exe
+ 2010-06-04 07:12 . 2012-05-10 12:12 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-06-04 07:12 . 2010-12-16 20:30 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2012-07-02 14:42 . 2012-07-02 14:42 10134 c:\windows\Installer\{857D90BE-8169-5124-1475-A414F23F3ADB}\ARPPRODUCTICON.exe
+ 2012-07-02 14:42 . 2012-07-02 14:42 10134 c:\windows\Installer\{7DBC6EE6-4113-BA11-F4B3-65CD34114427}\ARPPRODUCTICON.exe
+ 2011-12-28 19:05 . 2011-12-28 19:05 44758 c:\windows\Installer\{7AF3EE4B-D0BD-B57E-2813-A5BD61116260}\NewShortcut11_EAB9635D261D49BE88DDE71A7C809B2D.exe
+ 2012-07-02 14:42 . 2012-07-02 14:42 10134 c:\windows\Installer\{6E521E62-22A9-35C9-5C13-2C393CEF1C5E}\ARPPRODUCTICON.exe
+ 2012-07-02 19:10 . 2012-07-02 19:10 10134 c:\windows\Installer\{67E488E8-40FE-32A2-AD55-2832FE6A78A7}\ARPPRODUCTICON.exe
+ 2011-07-21 19:33 . 2011-07-21 19:33 10134 c:\windows\Installer\{612C34C7-5E90-47D8-9B5C-0F717DD82726}\ARPPRODUCTICON.exe
+ 2012-07-02 14:42 . 2012-07-02 14:42 10134 c:\windows\Installer\{5B446546-A794-BA4B-375A-F27A89BA5B77}\ARPPRODUCTICON.exe
+ 2012-07-02 14:42 . 2012-07-02 14:42 10134 c:\windows\Installer\{4B159022-AA02-7E06-5D8B-4D9727898DDC}\ARPPRODUCTICON.exe
+ 2012-07-02 14:42 . 2012-07-02 14:42 10134 c:\windows\Installer\{3E0F0686-72E5-671B-B553-4CC258C03F53}\ARPPRODUCTICON.exe
+ 2012-07-02 19:08 . 2012-07-02 19:10 88102 c:\windows\Installer\{35E9F053-D554-1D50-F3DC-924AE7CFEBEE}\NewShortcut5_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2012-07-02 19:08 . 2012-07-02 19:10 88102 c:\windows\Installer\{35E9F053-D554-1D50-F3DC-924AE7CFEBEE}\NewShortcut4_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2012-07-02 19:08 . 2012-07-02 19:10 88102 c:\windows\Installer\{35E9F053-D554-1D50-F3DC-924AE7CFEBEE}\NewShortcut3_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2012-07-02 19:08 . 2012-07-02 19:10 88102 c:\windows\Installer\{35E9F053-D554-1D50-F3DC-924AE7CFEBEE}\NewShortcut2_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2012-07-02 19:08 . 2012-07-02 19:10 88102 c:\windows\Installer\{35E9F053-D554-1D50-F3DC-924AE7CFEBEE}\ARPPRODUCTICON.exe
+ 2012-07-02 14:42 . 2012-07-02 14:42 10134 c:\windows\Installer\{33D12DB7-B831-31CE-8016-6630F6129800}\ARPPRODUCTICON.exe
+ 2011-12-28 19:02 . 2011-12-28 19:02 77542 c:\windows\Installer\{23EDDDBA-F603-3241-BF70-1AA2F13C7495}\NewShortcut5_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2011-12-28 19:02 . 2011-12-28 19:02 77542 c:\windows\Installer\{23EDDDBA-F603-3241-BF70-1AA2F13C7495}\NewShortcut4_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2011-12-28 19:02 . 2011-12-28 19:02 77542 c:\windows\Installer\{23EDDDBA-F603-3241-BF70-1AA2F13C7495}\NewShortcut3_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2011-12-28 19:02 . 2011-12-28 19:02 77542 c:\windows\Installer\{23EDDDBA-F603-3241-BF70-1AA2F13C7495}\NewShortcut2_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2012-07-03 04:56 . 2012-07-03 04:56 10134 c:\windows\Installer\{20435DF7-5E22-75AB-30AF-563B51B55110}\ARPPRODUCTICON.exe
+ 2012-07-02 14:41 . 2012-07-02 14:41 10134 c:\windows\Installer\{19B0F977-3345-1DDB-59A4-8257E9688F06}\ARPPRODUCTICON.exe
+ 2012-07-02 14:42 . 2012-07-02 14:42 10134 c:\windows\Installer\{1661E04A-A4DC-D736-8374-2243F4F2AB0E}\ARPPRODUCTICON.exe
+ 2012-07-02 14:42 . 2012-07-02 14:42 10134 c:\windows\Installer\{11A0D261-8359-DA51-1CCC-318B6E712F65}\ARPPRODUCTICON.exe
+ 2012-07-02 14:39 . 2012-07-02 14:39 88102 c:\windows\Installer\{108433AC-4560-1E5B-682E-1145F173EF34}\NewShortcut5_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2012-07-02 14:39 . 2012-07-02 14:39 88102 c:\windows\Installer\{108433AC-4560-1E5B-682E-1145F173EF34}\NewShortcut4_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2012-07-02 14:39 . 2012-07-02 14:39 88102 c:\windows\Installer\{108433AC-4560-1E5B-682E-1145F173EF34}\NewShortcut3_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2012-07-02 14:39 . 2012-07-02 14:39 88102 c:\windows\Installer\{108433AC-4560-1E5B-682E-1145F173EF34}\NewShortcut2_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2012-07-02 14:42 . 2012-07-02 14:42 10134 c:\windows\Installer\{06912C15-A239-7907-F949-7A600930977A}\ARPPRODUCTICON.exe
+ 2012-07-02 14:42 . 2012-07-02 14:42 10134 c:\windows\Installer\{04320342-10AF-74E5-42D0-CBC0454D3AA1}\ARPPRODUCTICON.exe
+ 2011-12-14 11:23 . 2011-12-14 11:23 28992 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\uxtuneupx86.dll
+ 2011-12-14 11:23 . 2011-12-14 11:23 11584 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\tux64thk.exe
+ 2011-12-14 11:23 . 2011-12-14 11:23 76608 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\TUUnInstallHelper.exe
+ 2011-12-14 11:23 . 2011-12-14 11:23 61760 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\TURatingSynch.exe
+ 2011-12-14 11:23 . 2011-12-14 11:23 30016 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\SDShelEx86.dll
+ 2011-12-14 11:22 . 2011-12-14 11:22 15680 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\RegistryDefragHelper.exe
+ 2011-12-14 11:23 . 2011-12-14 11:23 84800 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\PowerModeManager.exe
+ 2011-12-14 11:22 . 2011-12-14 11:22 35136 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\PMLauncher.exe
+ 2011-12-14 11:23 . 2011-12-14 11:23 25920 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\DseShExtx86.dll
+ 2011-12-14 11:23 . 2011-12-14 11:23 31552 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\C_TURegOpt.exe
+ 2011-12-14 11:23 . 2011-12-14 11:23 21312 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\authuitu_x86.dll
+ 2011-09-01 11:22 . 2011-09-01 11:22 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\0eb3c18ec758534395684f3ca286a201\UIAutomationProvider.ni.dll
+ 2011-09-01 11:26 . 2011-09-01 11:26 54784 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml.Hosting\70c840dc13aae2e1323b13d7b27030ae\System.Xaml.Hosting.ni.dll
+ 2011-09-01 11:51 . 2011-09-01 11:51 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\9bbefd2263d8f2169ab3695798208293\System.Windows.Presentation.ni.dll
+ 2011-09-01 11:50 . 2011-09-01 11:50 24064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Routing\9484262c4f1cfaace92aa9d1fee76025\System.Web.Routing.ni.dll
+ 2011-09-01 11:49 . 2011-09-01 11:49 46592 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\569a7210fae634e8827a1bd805922540\System.Web.DynamicData.Design.ni.dll
+ 2011-09-01 11:22 . 2011-09-01 11:22 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\02068ef9dafba3308b13444b8f4e5940\System.Web.ApplicationServices.ni.dll
+ 2011-09-01 11:28 . 2011-09-01 11:28 24576 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Abstract#\0d2eb147f2b4b13af1141810688e2d5f\System.Web.Abstractions.ni.dll
+ 2011-09-01 11:28 . 2011-09-01 11:28 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\c3831eb95ccf3904bab81a97a9b08ed3\System.ServiceModel.Channels.ni.dll
+ 2011-09-01 11:28 . 2011-09-01 11:28 12288 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\2ac3fd2abc9bb5eab553ef8e44ca77ca\System.ServiceModel.ServiceMoniker40.ni.dll
+ 2011-09-01 11:23 . 2011-09-01 11:23 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\5c87f21925d5a61059ee68cef72841f4\System.AddIn.Contract.ni.dll
+ 2011-09-01 11:21 . 2011-09-01 11:21 37376 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Workflow.#\6a8da5dd61b1fcfed27f84047a3e2bad\Microsoft.Workflow.Compiler.ni.exe
+ 2011-09-01 11:21 . 2011-09-01 11:21 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\552a460a8bcf608aecc6418db0d40216\Microsoft.VisualC.ni.dll
+ 2011-09-01 11:14 . 2011-09-01 11:14 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\01254caa0efc15b5cd48fb3178018701\Accessibility.ni.dll
+ 2011-04-06 18:13 . 2011-04-06 18:13 73840 c:\windows\assembly\GAC_MSIL\Google.GData.YouTube\1.7.0.1__af04a32718ae8833\Google.GData.YouTube.dll
+ 2011-04-06 18:13 . 2011-04-06 18:13 90224 c:\windows\assembly\GAC_MSIL\Google.GData.Extensions\1.7.0.1__0b4c5df2ebf20876\Google.GData.Extensions.dll
+ 2012-04-30 06:21 . 2012-04-30 06:21 11264 c:\windows\assembly\GAC_MSIL\cli_basetypes\1.0.19.0__ce2cb7e279207b9e\cli_basetypes.dll
+ 2012-04-30 06:21 . 2012-04-30 06:21 64000 c:\windows\assembly\GAC_32\cli_cppuhelper\1.0.22.0__ce2cb7e279207b9e\cli_cppuhelper.dll
+ 2007-10-25 10:48 . 2010-11-03 17:13 64104 c:\windows\ALCMTR.EXE
- 2007-10-25 10:51 . 2007-10-25 10:51 73728 c:\windows\ALCFDRTM.EXE
+ 2012-03-11 17:01 . 2012-03-11 17:01 73728 c:\windows\ALCFDRTM.EXE
+ 2012-01-30 18:20 . 2009-12-02 16:48 3584 c:\windows\system32\spool\drivers\w32x86\3\UI1&1FAX.DLL
+ 2012-03-11 16:07 . 2004-08-03 23:57 4096 c:\windows\system32\ReinstallBackups\0042\DriverFiles\i386\ksuser.dll
+ 2011-06-13 08:23 . 2001-08-17 12:02 9600 c:\windows\system32\ReinstallBackups\0040\DriverFiles\i386\hidusb.sys
+ 2012-07-02 19:10 . 2012-06-11 16:35 8309 c:\windows\system32\DRVSTORE\CX141405_2DFBF2E57FDFFA308C58FBEE75326DD43CF4065D\B140419\atitvo32.dll
+ 2012-07-02 14:39 . 2012-05-23 01:12 8309 c:\windows\system32\DRVSTORE\CX139737_6CED53E4302B689D15AAA27726CAFB621DBDE3A4\B139213\atitvo32.dll
+ 2012-02-04 09:14 . 2011-12-06 02:18 8348 c:\windows\system32\DRVSTORE\CX132103_19CCC5E312006EE735A1627DB1DD4A60ABAE0F50\B129753\atitvo32.dll
+ 2011-12-28 19:02 . 2011-01-26 22:21 8348 c:\windows\system32\DRVSTORE\CX113662_CDE1B1CDD7D29A047CD158502AD05F7B4339882B\B112566\atitvo32.dll
+ 2005-12-25 23:25 . 2012-07-02 18:39 9112 c:\windows\system32\d3d9caps.dat
+ 2010-03-18 11:16 . 2010-03-18 11:16 8536 c:\windows\Microsoft.NET\NETFXRepair.3082.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8536 c:\windows\Microsoft.NET\NETFXRepair.3076.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8536 c:\windows\Microsoft.NET\NETFXRepair.2070.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8024 c:\windows\Microsoft.NET\NETFXRepair.2052.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1055.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1053.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1049.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1046.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1045.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1044.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1043.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1042.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1041.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1040.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1038.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1037.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1036.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1035.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1033.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1032.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1031.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1030.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1029.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8024 c:\windows\Microsoft.NET\NETFXRepair.1028.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1025.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8032 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelRegUI.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8040 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelInstallRC.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 8032 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll
+ 2012-02-04 09:18 . 2012-02-04 09:18 9662 c:\windows\Installer\{A6991E11-AF13-652B-5736-C8800EF5527B}\NewShortcut11_EAB9635D261D49BE88DDE71A7C809B2D.exe
+ 2005-10-09 12:27 . 2011-05-11 14:32 3584 c:\windows\Installer\{911B0407-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2005-10-09 12:27 . 2010-12-15 14:18 3584 c:\windows\Installer\{911B0407-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2005-10-09 12:27 . 2010-12-15 14:18 8192 c:\windows\Installer\{911B0407-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2005-10-09 12:27 . 2011-05-11 14:32 8192 c:\windows\Installer\{911B0407-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2005-10-09 12:27 . 2010-12-15 14:18 2560 c:\windows\Installer\{911B0407-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2005-10-09 12:27 . 2011-05-11 14:32 2560 c:\windows\Installer\{911B0407-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2011-07-02 17:42 . 2011-07-02 17:42 3262 c:\windows\Installer\{8047C1BD-BB4D-4C64-A8EF-A34A45D71F04}\ARPPRODUCTICON.exe
+ 2011-05-28 18:41 . 2011-05-28 18:41 8854 c:\windows\Installer\{77E70C3C-DBB9-4C47-8663-1E1F81FEC623}\MainApp.exe
+ 2012-07-02 14:42 . 2012-07-02 14:42 9662 c:\windows\Installer\{1661E04A-A4DC-D736-8374-2243F4F2AB0E}\NewShortcut11_EAB9635D261D49BE88DDE71A7C809B2D.exe
+ 2011-12-28 19:03 . 2011-12-28 19:03 9158 c:\windows\Installer\{0DD3B9C1-6D06-5C71-1B30-E365451194BF}\ARPPRODUCTICON.exe
+ 2011-09-01 11:14 . 2011-09-01 11:14 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\b9b6069e6da06eb57e89cc544397f735\dfsvc.ni.exe
+ 2012-04-30 06:21 . 2012-04-30 06:21 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_uretypes\8.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_uretypes.dll
+ 2012-04-30 06:21 . 2012-04-30 06:21 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_ure\22.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_ure.dll
+ 2012-04-30 06:22 . 2012-04-30 06:22 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_oootypes\8.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_oootypes.dll
+ 2012-04-30 06:21 . 2012-04-30 06:21 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_basetypes\19.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_basetypes.dll
+ 2012-04-30 06:21 . 2012-04-30 06:21 7680 c:\windows\assembly\GAC_MSIL\cli_ure\1.0.22.0__ce2cb7e279207b9e\cli_ure.dll
+ 2012-04-30 06:22 . 2012-04-30 06:22 3072 c:\windows\assembly\GAC_32\policy.1.0.cli_cppuhelper\22.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_cppuhelper.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
+ 2011-01-11 08:59 . 2011-01-11 08:59 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcr90.dll
+ 2011-01-11 08:59 . 2011-01-11 08:59 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcp90.dll
+ 2011-01-11 08:59 . 2011-01-11 08:59 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcm90.dll
+ 2011-01-11 08:59 . 2011-01-11 08:59 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_65b7a93a\atl90.dll
+ 2011-01-11 02:27 . 2011-01-11 02:27 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcr80.dll
+ 2011-01-11 02:24 . 2011-01-11 02:24 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcp80.dll
+ 2011-01-11 02:08 . 2011-01-11 02:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcm80.dll
+ 2012-03-11 16:06 . 2010-11-03 17:15 359016 c:\windows\vncutil.exe
+ 2011-05-28 18:42 . 2001-09-24 07:43 188416 c:\windows\twain_32\QuickCam\LHPortal.dll
+ 2011-05-28 18:42 . 2001-09-24 07:43 126976 c:\windows\twain_32\QuickCam\HVideoS.exe
+ 2011-05-28 18:42 . 2001-09-24 07:44 147456 c:\windows\twain_32\QuickCam\HPortal.dll
+ 2001-05-09 14:50 . 2001-05-09 14:50 446464 c:\windows\system32\wmvdmoe.dll
+ 2001-05-09 14:47 . 2001-05-09 14:47 466944 c:\windows\system32\wmv8dmoe.dll
+ 2009-04-07 14:39 . 2011-03-04 19:44 100848 c:\windows\system32\vxblock.dll
+ 2006-03-02 14:50 . 2010-03-15 10:31 165376 c:\windows\system32\unrar.dll
- 2007-12-25 10:52 . 2005-03-03 21:32 151552 c:\windows\system32\SUGG1CI.exe
+ 2007-12-25 10:52 . 2005-03-03 04:32 151552 c:\windows\system32\SUGG1CI.exe
- 2007-12-25 10:52 . 2006-10-30 17:52 704512 c:\windows\system32\spool\drivers\w32x86\SUGG1UM.DLL
+ 2011-01-13 15:29 . 2006-10-30 00:52 704512 c:\windows\system32\spool\drivers\w32x86\SUGG1UM.DLL
- 2007-12-25 10:52 . 2006-08-19 22:04 224056 c:\windows\system32\spool\drivers\w32x86\SUGG1UI.DLL
+ 2011-01-13 15:29 . 2006-08-19 05:04 224056 c:\windows\system32\spool\drivers\w32x86\SUGG1UI.DLL
- 2007-12-25 10:52 . 2004-09-10 19:07 835584 c:\windows\system32\spool\drivers\w32x86\SUGG1U2.DLL
+ 2011-01-13 15:29 . 2004-09-10 02:07 835584 c:\windows\system32\spool\drivers\w32x86\SUGG1U2.DLL
- 2007-12-25 10:52 . 2005-12-22 21:19 606208 c:\windows\system32\spool\drivers\w32x86\SUGG1U.DLL
+ 2011-01-13 15:29 . 2005-12-22 04:19 606208 c:\windows\system32\spool\drivers\w32x86\SUGG1U.DLL
- 2007-12-25 10:52 . 2005-08-30 01:25 208896 c:\windows\system32\spool\drivers\w32x86\SUGG1M.DLL
+ 2011-01-13 15:29 . 2005-08-29 08:25 208896 c:\windows\system32\spool\drivers\w32x86\SUGG1M.DLL
- 2007-12-25 10:52 . 2006-10-30 17:58 204800 c:\windows\system32\spool\drivers\w32x86\SUGG1CM.DLL
+ 2011-01-13 15:29 . 2006-10-30 00:58 204800 c:\windows\system32\spool\drivers\w32x86\SUGG1CM.DLL
- 2007-12-25 10:52 . 2006-08-19 22:04 837028 c:\windows\system32\spool\drivers\w32x86\SUGG1.DLL
+ 2011-01-13 15:29 . 2006-08-19 05:04 837028 c:\windows\system32\spool\drivers\w32x86\SUGG1.DLL
+ 2011-01-13 15:29 . 2006-10-30 00:52 704512 c:\windows\system32\spool\drivers\w32x86\3\SUGG1UM.DLL
- 2007-12-25 10:52 . 2006-10-30 17:52 704512 c:\windows\system32\spool\drivers\w32x86\3\SUGG1UM.DLL
- 2007-12-25 10:52 . 2006-08-19 22:04 224056 c:\windows\system32\spool\drivers\w32x86\3\SUGG1UI.DLL
+ 2011-01-13 15:29 . 2006-08-19 05:04 224056 c:\windows\system32\spool\drivers\w32x86\3\SUGG1UI.DLL
- 2007-12-25 10:52 . 2004-09-10 19:07 835584 c:\windows\system32\spool\drivers\w32x86\3\SUGG1U2.DLL
+ 2011-01-13 15:29 . 2004-09-10 02:07 835584 c:\windows\system32\spool\drivers\w32x86\3\SUGG1U2.DLL
+ 2011-01-13 15:29 . 2005-12-22 04:19 606208 c:\windows\system32\spool\drivers\w32x86\3\SUGG1U.DLL
- 2007-12-25 10:52 . 2005-12-22 21:19 606208 c:\windows\system32\spool\drivers\w32x86\3\SUGG1U.DLL
- 2007-12-25 10:52 . 2005-08-30 01:25 208896 c:\windows\system32\spool\drivers\w32x86\3\SUGG1M.DLL
+ 2011-01-13 15:29 . 2005-08-29 08:25 208896 c:\windows\system32\spool\drivers\w32x86\3\SUGG1M.DLL
- 2007-12-25 10:52 . 2006-10-30 17:58 204800 c:\windows\system32\spool\drivers\w32x86\3\SUGG1CM.DLL
+ 2011-01-13 15:29 . 2006-10-30 00:58 204800 c:\windows\system32\spool\drivers\w32x86\3\SUGG1CM.DLL
- 2007-12-25 10:52 . 2006-08-19 22:04 837028 c:\windows\system32\spool\drivers\w32x86\3\SUGG1.DLL
+ 2011-01-13 15:29 . 2006-08-19 05:04 837028 c:\windows\system32\spool\drivers\w32x86\3\SUGG1.DLL
+ 2011-11-15 16:57 . 2011-11-15 16:57 122880 c:\windows\system32\SlotMaximizerAg.dll
+ 2005-10-09 09:27 . 2011-10-18 12:55 137832 c:\windows\system32\RTCOM\RTLCPAPI.dll
+ 2005-10-09 09:27 . 2011-12-05 17:44 297576 c:\windows\system32\RTCOM\RTCOMDLL.dll
+ 2012-07-02 19:10 . 2011-12-06 02:33 155648 c:\windows\system32\ReinstallBackups\0043\DriverFiles\B129753\Oemdspif.dll
+ 2012-07-02 19:10 . 2011-12-06 02:39 956160 c:\windows\system32\ReinstallBackups\0043\DriverFiles\B129753\ativvamv.dll
+ 2012-07-02 19:10 . 2011-12-06 02:24 887724 c:\windows\system32\ReinstallBackups\0043\DriverFiles\B129753\ativva6x.dat
+ 2012-07-02 19:10 . 2011-12-06 02:33 212992 c:\windows\system32\ReinstallBackups\0043\DriverFiles\B129753\atipdlxx.dll
+ 2012-07-02 19:10 . 2011-12-06 02:21 602112 c:\windows\system32\ReinstallBackups\0043\DriverFiles\B129753\atiok3x2.dll
+ 2012-07-02 19:10 . 2010-08-27 18:32 294912 c:\windows\system32\ReinstallBackups\0043\DriverFiles\B129753\ATIODE.exe
+ 2012-07-02 19:10 . 2011-12-06 02:24 806912 c:\windows\system32\ReinstallBackups\0043\DriverFiles\B129753\atikvmag.dll
+ 2012-07-02 19:10 . 2011-12-06 03:39 311296 c:\windows\system32\ReinstallBackups\0043\DriverFiles\B129753\atiiiexx.dll
+ 2012-07-02 19:10 . 2011-11-14 19:47 608507 c:\windows\system32\ReinstallBackups\0043\DriverFiles\B129753\atiicdxx.dat
+ 2012-07-02 19:10 . 2011-12-06 02:55 466944 c:\windows\system32\ReinstallBackups\0043\DriverFiles\B129753\ATIDEMGX.dll
+ 2012-07-02 19:10 . 2009-05-11 21:35 118784 c:\windows\system32\ReinstallBackups\0043\DriverFiles\B129753\atibtmon.exe
+ 2012-07-02 19:10 . 2011-12-06 02:28 159744 c:\windows\system32\ReinstallBackups\0043\DriverFiles\B129753\atiapfxx.exe
+ 2012-07-02 19:10 . 2011-12-06 02:19 233472 c:\windows\system32\ReinstallBackups\0043\DriverFiles\B129753\atiadlxx.dll
+ 2012-07-02 19:10 . 2011-12-06 02:31 643072 c:\windows\system32\ReinstallBackups\0043\DriverFiles\B129753\ati2evxx.exe
+ 2012-07-02 19:10 . 2011-12-06 02:32 192512 c:\windows\system32\ReinstallBackups\0043\DriverFiles\B129753\ati2evxx.dll
+ 2012-07-02 19:10 . 2011-12-06 02:54 304640 c:\windows\system32\ReinstallBackups\0043\DriverFiles\B129753\ati2dvag.dll
+ 2012-07-02 19:10 . 2011-12-06 02:12 884736 c:\windows\system32\ReinstallBackups\0043\DriverFiles\B129753\ati2cqag.dll
+ 2012-03-11 16:07 . 2006-07-22 06:40 143360 c:\windows\system32\ReinstallBackups\0042\DriverFiles\RTLCPAPI.dll
+ 2012-03-11 16:07 . 2006-08-17 13:03 270336 c:\windows\system32\ReinstallBackups\0042\DriverFiles\RTCOMDLL.dll
+ 2012-03-11 16:07 . 2004-03-16 08:58 136960 c:\windows\system32\ReinstallBackups\0042\DriverFiles\i386\portcls.sys
+ 2012-03-11 16:07 . 2004-08-03 22:15 140928 c:\windows\system32\ReinstallBackups\0042\DriverFiles\i386\ks.sys
+ 2012-02-04 09:14 . 2011-01-26 22:26 887724 c:\windows\system32\ReinstallBackups\0041\DriverFiles\B112566\ativva6x.dat
+ 2012-02-04 09:14 . 2011-01-26 22:41 311296 c:\windows\system32\ReinstallBackups\0041\DriverFiles\B112566\atiiiexx.dll
+ 2012-02-04 09:14 . 2010-12-17 16:00 227587 c:\windows\system32\ReinstallBackups\0041\DriverFiles\B112566\atiicdxx.dat
+ 2012-02-04 09:14 . 2011-01-26 22:52 462848 c:\windows\system32\ReinstallBackups\0041\DriverFiles\B112566\ATIDEMGX.dll
+ 2011-06-13 08:23 . 2010-04-27 14:57 255560 c:\windows\system32\ReinstallBackups\0040\DriverFiles\WmJoyFrc.dll
+ 2012-07-23 19:21 . 2005-07-14 18:58 241536 c:\windows\system32\ReinstallBackups\0028\DriverFiles\rt2500usb.sys
+ 2011-12-10 08:29 . 2010-11-29 17:38 180224 c:\windows\system32\QTCF.dll
+ 2009-04-07 14:39 . 2011-03-04 19:44 440816 c:\windows\system32\pxwave.dll
+ 2009-04-07 14:39 . 2011-03-04 19:44 219632 c:\windows\system32\pxmas.dll
- 2009-04-07 14:39 . 2008-08-20 17:58 219632 c:\windows\system32\pxmas.dll
+ 2009-08-06 15:03 . 2011-03-04 19:44 126448 c:\windows\system32\pxinsi64.exe
+ 2009-04-07 14:39 . 2011-03-04 19:44 571888 c:\windows\system32\pxdrv.dll
+ 2009-08-06 15:03 . 2011-03-04 19:44 123888 c:\windows\system32\pxcpyi64.exe
+ 2009-04-07 14:39 . 2011-03-04 19:44 133616 c:\windows\system32\pxafs.dll
+ 2009-04-07 14:39 . 2011-03-04 19:44 698864 c:\windows\system32\px.dll
+ 2005-10-09 05:46 . 2012-07-24 15:16 597154 c:\windows\system32\perfh009.dat
+ 2005-10-09 05:46 . 2012-07-24 15:16 640378 c:\windows\system32\perfh007.dat
+ 2005-10-09 05:46 . 2012-07-24 15:16 128692 c:\windows\system32\perfc009.dat
+ 2005-10-09 05:46 . 2012-07-24 15:16 155712 c:\windows\system32\perfc007.dat
+ 2012-04-22 07:20 . 2012-04-04 16:47 772504 c:\windows\system32\npdeployJava1.dll
+ 2012-01-19 18:47 . 1997-06-23 08:06 287504 c:\windows\system32\MSXBSE35.DLL
+ 2010-03-18 11:16 . 2010-03-18 11:16 771424 c:\windows\system32\msvcr100_clr0400.dll
+ 2011-02-18 23:40 . 2011-02-18 23:40 773968 c:\windows\system32\msvcr100.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03 421200 c:\windows\system32\msvcp100.dll
+ 2012-01-19 18:47 . 1997-06-23 08:06 165648 c:\windows\system32\MSTEXT35.DLL
+ 2006-05-01 10:37 . 2000-06-12 23:00 415504 c:\windows\system32\MSREPL35.DLL
+ 2012-01-19 18:47 . 1997-06-23 08:06 250128 c:\windows\system32\MSPDOX35.DLL
+ 2012-01-19 18:47 . 1997-06-23 08:06 166160 c:\windows\system32\MSLTUS35.DLL
+ 2012-01-19 18:47 . 1997-07-01 09:45 250128 c:\windows\system32\MSEXCL35.DLL
+ 2012-01-19 18:47 . 1997-06-23 08:06 330000 c:\windows\system32\MSEXCH35.DLL
+ 2009-09-23 22:30 . 2009-09-23 22:30 156488 c:\windows\system32\mscorier.dll
+ 2012-07-16 04:38 . 2012-07-16 04:38 686280 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_262_Plugin.exe
+ 2012-07-16 04:38 . 2012-07-16 04:38 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2011-05-28 18:42 . 2001-09-24 07:41 200704 c:\windows\system32\LVUI2.dll
+ 2011-05-28 18:42 . 2001-09-24 07:40 172032 c:\windows\system32\lvcodec2.dll
+ 2012-06-26 19:05 . 2012-05-04 17:29 227720 c:\windows\system32\javaws.exe
+ 2012-06-26 19:05 . 2012-06-26 19:05 174064 c:\windows\system32\javaw.exe
+ 2012-06-26 19:05 . 2012-06-26 19:05 174064 c:\windows\system32\java.exe
+ 2005-10-08 21:51 . 2012-07-23 17:02 430184 c:\windows\system32\FNTCACHE.DAT
+ 2010-03-18 11:16 . 2010-03-18 11:16 486216 c:\windows\system32\evr.dll
+ 2012-06-28 15:47 . 2012-01-15 17:40 581192 c:\windows\system32\DRVSTORE\sa0102adb_B9C7ECBA2DA9E0A33DC1D80969D4C0FA08174A12\i386\WinUSBCoInstaller.dll
+ 2012-06-28 15:48 . 2012-01-15 17:40 581192 c:\windows\system32\DRVSTORE\sa0102adb_6B80C2E8586795E98C47F8FC9EA550361B9095DE\i386\WinUSBCoInstaller.dll
+ 2012-07-24 04:37 . 2009-02-12 07:55 241408 c:\windows\system32\DRVSTORE\rt2500usb_DA522D2637378F1964554D017847032DC5017844\rt2500usb.sys
+ 2012-07-02 19:10 . 2012-06-11 16:51 109091 c:\windows\system32\DRVSTORE\CX141405_2DFBF2E57FDFFA308C58FBEE75326DD43CF4065D\B140419\atipdlxx.dll
+ 2012-07-02 19:10 . 2012-06-11 16:36 314441 c:\windows\system32\DRVSTORE\CX141405_2DFBF2E57FDFFA308C58FBEE75326DD43CF4065D\B140419\atiok3x2.dll
+ 2012-07-02 19:10 . 2012-06-11 16:40 435542 c:\windows\system32\DRVSTORE\CX141405_2DFBF2E57FDFFA308C58FBEE75326DD43CF4065D\B140419\atikvmag.dll
+ 2012-07-02 19:10 . 2012-06-11 17:15 307200 c:\windows\system32\DRVSTORE\CX141405_2DFBF2E57FDFFA308C58FBEE75326DD43CF4065D\B140419\atiiiexx.dll
+ 2012-07-02 19:10 . 2012-04-12 19:30 637743 c:\windows\system32\DRVSTORE\CX141405_2DFBF2E57FDFFA308C58FBEE75326DD43CF4065D\B140419\atiicdxx.dat
+ 2012-07-02 19:10 . 2012-06-11 17:13 442368 c:\windows\system32\DRVSTORE\CX141405_2DFBF2E57FDFFA308C58FBEE75326DD43CF4065D\B140419\atidemgx.dll
+ 2012-07-02 19:10 . 2012-06-11 16:35 129787 c:\windows\system32\DRVSTORE\CX141405_2DFBF2E57FDFFA308C58FBEE75326DD43CF4065D\B140419\atiadlxx.dll
+ 2012-07-02 19:10 . 2012-06-11 16:49 343982 c:\windows\system32\DRVSTORE\CX141405_2DFBF2E57FDFFA308C58FBEE75326DD43CF4065D\B140419\ati2evxx.exe
+ 2012-07-02 19:10 . 2012-06-11 16:51 104257 c:\windows\system32\DRVSTORE\CX141405_2DFBF2E57FDFFA308C58FBEE75326DD43CF4065D\B140419\ati2evxx.dll
+ 2012-07-02 19:10 . 2012-06-11 17:12 192578 c:\windows\system32\DRVSTORE\CX141405_2DFBF2E57FDFFA308C58FBEE75326DD43CF4065D\B140419\ati2dvag.dll
+ 2012-07-02 19:10 . 2012-06-11 16:28 377627 c:\windows\system32\DRVSTORE\CX141405_2DFBF2E57FDFFA308C58FBEE75326DD43CF4065D\B140419\ati2cqag.dll
+ 2012-07-02 14:39 . 2012-05-23 01:28 109091 c:\windows\system32\DRVSTORE\CX139737_6CED53E4302B689D15AAA27726CAFB621DBDE3A4\B139213\atipdlxx.dll
+ 2012-07-02 14:39 . 2012-05-23 01:15 314441 c:\windows\system32\DRVSTORE\CX139737_6CED53E4302B689D15AAA27726CAFB621DBDE3A4\B139213\atiok3x2.dll
+ 2012-07-02 14:39 . 2012-05-23 01:17 435542 c:\windows\system32\DRVSTORE\CX139737_6CED53E4302B689D15AAA27726CAFB621DBDE3A4\B139213\atikvmag.dll
+ 2012-07-02 14:39 . 2012-05-23 01:54 307200 c:\windows\system32\DRVSTORE\CX139737_6CED53E4302B689D15AAA27726CAFB621DBDE3A4\B139213\atiiiexx.dll
+ 2012-07-02 14:39 . 2012-04-12 19:30 637743 c:\windows\system32\DRVSTORE\CX139737_6CED53E4302B689D15AAA27726CAFB621DBDE3A4\B139213\atiicdxx.dat
+ 2012-07-02 14:39 . 2012-05-23 01:50 442368 c:\windows\system32\DRVSTORE\CX139737_6CED53E4302B689D15AAA27726CAFB621DBDE3A4\B139213\atidemgx.dll
+ 2012-07-02 14:39 . 2012-05-23 01:13 129786 c:\windows\system32\DRVSTORE\CX139737_6CED53E4302B689D15AAA27726CAFB621DBDE3A4\B139213\atiadlxx.dll
+ 2012-07-02 14:39 . 2012-05-23 01:26 343982 c:\windows\system32\DRVSTORE\CX139737_6CED53E4302B689D15AAA27726CAFB621DBDE3A4\B139213\ati2evxx.exe
+ 2012-07-02 14:39 . 2012-05-23 01:27 104257 c:\windows\system32\DRVSTORE\CX139737_6CED53E4302B689D15AAA27726CAFB621DBDE3A4\B139213\ati2evxx.dll
+ 2012-07-02 14:39 . 2012-05-23 01:49 192579 c:\windows\system32\DRVSTORE\CX139737_6CED53E4302B689D15AAA27726CAFB621DBDE3A4\B139213\ati2dvag.dll
+ 2012-07-02 14:39 . 2012-05-23 01:07 377627 c:\windows\system32\DRVSTORE\CX139737_6CED53E4302B689D15AAA27726CAFB621DBDE3A4\B139213\ati2cqag.dll
+ 2012-02-04 09:14 . 2011-12-06 02:39 501661 c:\windows\system32\DRVSTORE\CX132103_19CCC5E312006EE735A1627DB1DD4A60ABAE0F50\B129753\ativvamv.dll
+ 2012-02-04 09:14 . 2011-12-06 02:24 887724 c:\windows\system32\DRVSTORE\CX132103_19CCC5E312006EE735A1627DB1DD4A60ABAE0F50\B129753\ativva6x.dat
+ 2012-02-04 09:14 . 2011-12-06 02:33 110204 c:\windows\system32\DRVSTORE\CX132103_19CCC5E312006EE735A1627DB1DD4A60ABAE0F50\B129753\atipdlxx.dll
+ 2012-02-04 09:14 . 2011-12-06 02:21 293507 c:\windows\system32\DRVSTORE\CX132103_19CCC5E312006EE735A1627DB1DD4A60ABAE0F50\B129753\atiok3x2.dll
+ 2012-02-04 09:14 . 2011-12-06 02:24 419091 c:\windows\system32\DRVSTORE\CX132103_19CCC5E312006EE735A1627DB1DD4A60ABAE0F50\B129753\atikvmag.dll
+ 2012-02-04 09:14 . 2011-12-06 03:39 311296 c:\windows\system32\DRVSTORE\CX132103_19CCC5E312006EE735A1627DB1DD4A60ABAE0F50\B129753\atiiiexx.dll
+ 2012-02-04 09:14 . 2011-11-14 19:47 608507 c:\windows\system32\DRVSTORE\CX132103_19CCC5E312006EE735A1627DB1DD4A60ABAE0F50\B129753\atiicdxx.dat
+ 2012-02-04 09:14 . 2011-12-06 02:55 466944 c:\windows\system32\DRVSTORE\CX132103_19CCC5E312006EE735A1627DB1DD4A60ABAE0F50\B129753\atidemgx.dll
+ 2012-02-04 09:14 . 2011-12-06 02:19 126637 c:\windows\system32\DRVSTORE\CX132103_19CCC5E312006EE735A1627DB1DD4A60ABAE0F50\B129753\atiadlxx.dll
+ 2012-02-04 09:14 . 2011-12-06 02:31 345761 c:\windows\system32\DRVSTORE\CX132103_19CCC5E312006EE735A1627DB1DD4A60ABAE0F50\B129753\ati2evxx.exe
+ 2012-02-04 09:14 . 2011-12-06 02:32 103367 c:\windows\system32\DRVSTORE\CX132103_19CCC5E312006EE735A1627DB1DD4A60ABAE0F50\B129753\ati2evxx.dll
+ 2012-02-04 09:14 . 2011-12-06 02:54 191846 c:\windows\system32\DRVSTORE\CX132103_19CCC5E312006EE735A1627DB1DD4A60ABAE0F50\B129753\ati2dvag.dll
+ 2012-02-04 09:14 . 2011-12-06 02:12 447903 c:\windows\system32\DRVSTORE\CX132103_19CCC5E312006EE735A1627DB1DD4A60ABAE0F50\B129753\ati2cqag.dll
+ 2011-12-28 19:02 . 2011-01-26 22:35 562471 c:\windows\system32\DRVSTORE\CX113662_CDE1B1CDD7D29A047CD158502AD05F7B4339882B\B112566\ativvamv.dll
+ 2011-12-28 19:02 . 2011-01-26 22:26 887724 c:\windows\system32\DRVSTORE\CX113662_CDE1B1CDD7D29A047CD158502AD05F7B4339882B\B112566\ativva6x.dat
+ 2011-12-28 19:02 . 2011-01-26 22:32 110217 c:\windows\system32\DRVSTORE\CX113662_CDE1B1CDD7D29A047CD158502AD05F7B4339882B\B112566\atipdlxx.dll
+ 2011-12-28 19:02 . 2011-01-26 22:21 228294 c:\windows\system32\DRVSTORE\CX113662_CDE1B1CDD7D29A047CD158502AD05F7B4339882B\B112566\atiok3x2.dll
+ 2011-12-28 19:02 . 2011-01-26 22:23 334451 c:\windows\system32\DRVSTORE\CX113662_CDE1B1CDD7D29A047CD158502AD05F7B4339882B\B112566\atikvmag.dll
+ 2011-12-28 19:02 . 2011-01-26 22:41 311296 c:\windows\system32\DRVSTORE\CX113662_CDE1B1CDD7D29A047CD158502AD05F7B4339882B\B112566\atiiiexx.dll
+ 2011-12-28 19:02 . 2010-12-17 16:00 227587 c:\windows\system32\DRVSTORE\CX113662_CDE1B1CDD7D29A047CD158502AD05F7B4339882B\B112566\atiicdxx.dat
+ 2011-12-28 19:02 . 2011-01-26 22:52 462848 c:\windows\system32\DRVSTORE\CX113662_CDE1B1CDD7D29A047CD158502AD05F7B4339882B\B112566\atidemgx.dll
+ 2011-12-28 19:02 . 2011-01-26 22:21 106562 c:\windows\system32\DRVSTORE\CX113662_CDE1B1CDD7D29A047CD158502AD05F7B4339882B\B112566\atiadlxx.dll
+ 2011-12-28 19:02 . 2011-01-26 22:30 343681 c:\windows\system32\DRVSTORE\CX113662_CDE1B1CDD7D29A047CD158502AD05F7B4339882B\B112566\ati2evxx.exe
+ 2011-12-28 19:02 . 2011-01-26 22:31 102782 c:\windows\system32\DRVSTORE\CX113662_CDE1B1CDD7D29A047CD158502AD05F7B4339882B\B112566\ati2evxx.dll
+ 2011-12-28 19:02 . 2011-01-26 22:51 189834 c:\windows\system32\DRVSTORE\CX113662_CDE1B1CDD7D29A047CD158502AD05F7B4339882B\B112566\ati2dvag.dll
+ 2011-12-28 19:02 . 2011-01-26 22:15 423612 c:\windows\system32\DRVSTORE\CX113662_CDE1B1CDD7D29A047CD158502AD05F7B4339882B\B112566\ati2cqag.dll
+ 2012-06-28 15:48 . 2012-01-15 17:40 581192

Polarbär 25.07.2012 06:51
2.Teil log
Zitat:
c:\windows\system32\DRVSTORE\android_wi_FBB7F129888AF22EA0EC84E8DF3E9D3E94F4DBC6\i386\WinUSBCoInstaller.dll
+ 2012-06-28 15:48 . 2012-01-15 17:40 851176 c:\windows\system32\DRVSTORE\android_wi_D9EDE73877A0CD581B33FA5A0E014893C9B73185\i386\WinUSBCoInstaller2.dll
+ 2012-06-28 15:48 . 2012-01-15 17:40 581192 c:\windows\system32\DRVSTORE\android_wi_34D57B2130A4CDA74F361B132C8A47FBC6D66D47\i386\WinUSBCoInstaller.dll
- 2007-12-25 10:51 . 2006-10-30 17:52 704512 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1UM.dll
+ 2011-01-13 15:28 . 2006-10-30 00:52 704512 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1UM.dll
- 2007-12-25 10:51 . 2006-08-19 22:04 224056 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1ui.dll
+ 2011-01-13 15:28 . 2006-08-19 05:04 224056 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1ui.dll
- 2007-12-25 10:51 . 2004-09-10 19:07 835584 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1u2.dll
+ 2011-01-13 15:28 . 2004-09-10 02:07 835584 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1u2.dll
+ 2011-01-13 15:28 . 2005-12-22 04:19 606208 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1U.dll
- 2007-12-25 10:51 . 2005-12-22 21:19 606208 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1U.dll
+ 2011-01-13 15:28 . 2005-08-29 08:25 208896 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1M.DLL
- 2007-12-25 10:51 . 2005-08-30 01:25 208896 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1M.DLL
+ 2011-01-13 15:28 . 2006-10-30 00:58 204800 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1CM.dll
- 2007-12-25 10:51 . 2006-10-30 17:58 204800 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1CM.dll
+ 2011-01-13 15:28 . 2005-03-03 04:32 151552 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1CI.exe
- 2007-12-25 10:51 . 2005-03-03 21:32 151552 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1CI.exe
- 2007-12-25 10:51 . 2006-08-19 22:04 837028 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1.dll
+ 2011-01-13 15:28 . 2006-08-19 05:04 837028 c:\windows\system32\drivers\Samsung\Samsung CLP-300 Series\SUGG1.dll
+ 2011-05-28 18:42 . 2001-09-24 07:42 116448 c:\windows\system32\drivers\p35u.sys
+ 2011-12-28 19:11 . 2010-11-17 12:03 101904 c:\windows\system32\drivers\AtihdXP3.sys
+ 2011-12-28 19:02 . 2011-12-06 02:54 304640 c:\windows\system32\dllcache\ati2dvag.dll
+ 2011-12-28 19:02 . 2011-12-06 02:12 884736 c:\windows\system32\dllcache\ati2cqag.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03 138056 c:\windows\system32\atl100.dll
+ 2011-12-28 19:02 . 2011-12-06 02:39 956160 c:\windows\system32\ativvamv.dll
+ 2011-12-28 19:02 . 2011-12-06 02:24 887724 c:\windows\system32\ativva6x.dat
+ 2011-12-28 19:02 . 2010-08-27 18:32 294912 c:\windows\system32\ATIODE.exe
+ 2011-12-28 19:02 . 2012-04-12 19:30 637743 c:\windows\system32\atiicdxx.dat
+ 2011-12-28 19:02 . 2009-05-11 21:35 118784 c:\windows\system32\atibtmon.exe
+ 2012-01-19 18:47 . 2000-08-08 12:59 123224 c:\windows\system32\AIM\SkyLt3Pr.dll
+ 2012-01-03 19:46 . 1999-01-27 04:15 908800 c:\windows\system\cp3245mt.dll
+ 2012-02-25 12:37 . 2007-05-29 23:21 520192 c:\windows\Samsung\PanelMgr\SSMMgr.exe
- 2007-12-25 10:53 . 2007-05-30 16:21 520192 c:\windows\Samsung\PanelMgr\SSMMgr.exe
- 2007-12-25 10:53 . 2007-01-23 05:18 327168 c:\windows\Samsung\PanelMgr\caller64.exe
+ 2012-02-25 12:37 . 2007-01-22 12:18 327168 c:\windows\Samsung\PanelMgr\caller64.exe
+ 2012-03-11 16:06 . 2010-11-03 17:14 129640 c:\windows\RtkAudioService.exe
+ 2011-01-05 21:15 . 2010-08-19 20:07 756736 c:\windows\Resources\Themes\TarsTheme\Shell\NormalColor\shellstyle.dll
+ 2011-01-05 21:15 . 2010-08-19 20:07 786944 c:\windows\Resources\Themes\SilverMAX\Shell\NormalColor\shellstyle.dll
+ 2011-01-05 21:15 . 2010-08-19 20:07 928256 c:\windows\Resources\Themes\Revel\Shell\NormalColor\shellstyle.dll
+ 2011-01-07 11:26 . 2011-01-07 11:26 462848 c:\windows\Resources\Themes\OS Theme 360\shell\normalcolor\shellstyle.dll
+ 2011-01-05 21:15 . 2010-08-19 20:07 756736 c:\windows\Resources\Themes\Obsidian\Shell\NormalColor\shellstyle.dll
+ 2011-01-05 21:15 . 2010-08-19 20:07 356864 c:\windows\Resources\Themes\Nocturnal\Shell\NormalColor\shellstyle.dll
+ 2011-01-05 21:15 . 2010-08-19 20:07 752128 c:\windows\Resources\Themes\NightStorm\Shell\NormalColor\shellstyle.dll
+ 2011-01-05 21:15 . 2010-08-19 20:07 756736 c:\windows\Resources\Themes\MysticDreams\Shell\NormalColor\shellstyle.dll
+ 2011-01-05 21:15 . 2010-08-19 20:07 752128 c:\windows\Resources\Themes\Luxor\Shell\NormalColor\shellstyle.dll
+ 2011-01-05 21:15 . 2010-08-19 20:07 752128 c:\windows\Resources\Themes\Happiness\Shell\NormalColor\shellstyle.dll
- 2008-04-09 17:03 . 2002-08-15 12:53 729088 c:\windows\Resources\Themes\Elegance\Shell\NormalColor\shellstyle.dll
+ 2011-01-07 11:24 . 2002-08-15 13:53 729088 c:\windows\Resources\Themes\Elegance\Shell\NormalColor\shellstyle.dll
+ 2011-01-05 21:15 . 2010-08-19 20:07 756736 c:\windows\Resources\Themes\Dazzle\Shell\NormalColor\shellstyle.dll
+ 2011-01-05 21:15 . 2010-08-19 20:07 756736 c:\windows\Resources\Themes\Aurora\Shell\NormalColor\shellstyle.dll
+ 2011-01-05 21:15 . 2010-08-19 20:07 756736 c:\windows\Resources\Themes\Aquatica\Shell\NormalColor\shellstyle.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 114520 c:\windows\Microsoft.NET\NETFXRepair.exe
+ 2010-03-18 14:47 . 2010-03-18 14:47 142672 c:\windows\Microsoft.NET\Framework\v4.0.30319\WsatConfig.exe
+ 2010-03-18 11:16 . 2010-03-18 11:16 915800 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpftxt_v0400.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 753504 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
+ 2010-03-18 11:16 . 2010-03-18 11:16 350592 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationClientsideProviders.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 163168 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationClient.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 675672 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Speech.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 334688 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Printing.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 581464 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\ReachFramework.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 832856 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationUI.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 801136 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 181096 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationHost_v0400.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 194424 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Royale.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 478576 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Luna.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 167288 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Classic.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 232304 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Aero.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 587624 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationBuildTasks.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 807264 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\NaturalLanguage6.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 492368 c:\windows\Microsoft.NET\Framework\v4.0.30319\webengine4.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 138592 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Linq.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 699224 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Xaml.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 431984 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.WorkflowServices.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 511344 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Workflow.Runtime.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 857960 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Services.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 826208 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Mobile.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 321912 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Extensions.Design.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 137568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Entity.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 132464 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Entity.Design.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 237928 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.DynamicData.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 269672 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Transactions.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 113512 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceProcess.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 316272 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Web.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 129912 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Routing.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 390008 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Discovery.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 505208 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Activities.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 170872 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Activation.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 261472 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Security.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 122264 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 291184 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Remoting.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 349568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.DurableInstancing.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 231760 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Net.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 253280 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Messaging.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 134528 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Management.Instrumentation.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 378720 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Management.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 123736 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.IO.Log.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 125816 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.IdentityModel.Selectors.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 392552 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.IdentityModel.dll
+ 2010-03-17 22:51 . 2010-03-17 22:51 109568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.Wrapper.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 246128 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 120152 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Dynamic.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 607064 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 182144 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.Protocols.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 395120 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 285072 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.AccountManagement.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 829280 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Deployment.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 747360 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.SqlXml.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 683368 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Services.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 178040 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Services.Design.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 436600 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Services.Client.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 495984 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.OracleClient.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 683872 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Linq.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 804720 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Entity.Design.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 409448 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.configuration.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 210816 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.Composition.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 149848 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 122248 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.DurableInstancing.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 525704 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.Core.Presentation.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 112976 c:\windows\Microsoft.NET\Framework\v4.0.30319\sysglobl.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 124240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
+ 2009-08-31 10:44 . 2009-08-31 10:44 144416 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\sqmapi.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 295248 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\SetupUi.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 807256 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\SetupEngine.dll
+ 2010-03-18 23:55 . 2010-03-18 23:55 495616 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\netfx_extended_x86.msi
+ 2009-08-31 10:44 . 2009-08-31 10:44 144416 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\sqmapi.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 295248 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\SetupUi.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 807256 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\SetupEngine.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 173920 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe
+ 2010-03-18 14:47 . 2010-03-18 14:47 181584 c:\windows\Microsoft.NET\Framework\v4.0.30319\peverify.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 121688 c:\windows\Microsoft.NET\Framework\v4.0.30319\PerfCounter.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 150856 c:\windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
+ 2010-03-18 11:16 . 2010-03-18 11:16 130384 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
+ 2010-03-18 11:16 . 2010-03-18 11:16 335184 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 110936 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsecimpl.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 372048 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 145752 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorpehost.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 413008 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 955728 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 132944 c:\windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
+ 2010-03-18 11:16 . 2010-03-18 11:16 661352 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 349576 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Compatibility.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 170368 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Transactions.Bridge.Dtc.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 387960 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Transactions.Bridge.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 746336 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.JScript.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 505184 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.CSharp.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 220024 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.Utilities.v4.0.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 107376 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.Framework.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 714600 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.Engine.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 294728 c:\windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe
+ 2010-03-18 14:47 . 2010-03-18 14:47 173400 c:\windows\Microsoft.NET\Framework\v4.0.30319\FileTracker.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 794464 c:\windows\Microsoft.NET\Framework\v4.0.30319\EventLogMessages.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 688472 c:\windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 129880 c:\windows\Microsoft.NET\Framework\v4.0.30319\CORPerfMonExt.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 163672 c:\windows\Microsoft.NET\Framework\v4.0.30319\ComSvcConfig.exe
+ 2010-03-18 11:16 . 2010-03-18 11:16 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 498520 c:\windows\Microsoft.NET\Framework\v4.0.30319\AspNetMMCExt.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 102744 c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe
+ 2010-03-18 11:16 . 2010-03-18 11:16 105808 c:\windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
+ 2010-03-18 11:16 . 2010-03-18 11:16 105288 c:\windows\Microsoft.NET\Framework\v4.0.30319\alink.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 139088 c:\windows\Microsoft.NET\Framework\v4.0.30319\AdoNetDiag.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 255304 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\vbc7ui.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 255896 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\Microsoft.VisualBasic.Activities.CompilerUI.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 182088 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\cscui.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2011-09-01 09:34 . 2011-09-01 09:34 431984 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2011-09-01 09:34 . 2011-09-01 09:34 511344 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Runtime\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-09-01 09:34 . 2011-09-01 09:34 826208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Mobile\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-09-01 09:34 . 2011-09-01 09:34 321912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2011-09-01 09:34 . 2011-09-01 09:34 137568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2011-09-01 09:34 . 2011-09-01 09:34 132464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2011-09-01 09:34 . 2011-09-01 09:34 237928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-09-01 09:34 . 2011-09-01 09:34 316272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2011-09-01 09:34 . 2011-09-01 09:34 170872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Fo rmatters.Soap.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountM anagement.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-09-01 09:34 . 2011-09-01 09:34 683368 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2011-09-01 09:34 . 2011-09-01 09:34 178040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2011-09-01 09:34 . 2011-09-01 09:34 804720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2011-09-01 09:34 . 2011-09-01 09:34 587624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks\v4.0_4.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2011-09-01 09:34 . 2011-09-01 09:34 220024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll
+ 2011-09-01 09:34 . 2011-09-01 09:34 107376 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-09-01 09:34 . 2011-09-01 09:34 714600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-09-01 09:34 . 2011-09-01 09:34 498520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\v4.0_4.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-09-01 09:34 . 2011-09-01 09:34 495984 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-02-20 13:02 . 2012-02-20 13:02 901120 c:\windows\Installer\e1985.msi
+ 2012-02-09 10:06 . 2012-02-09 10:06 920576 c:\windows\Installer\c1eb0.msp
+ 2012-01-19 18:46 . 2012-01-19 18:46 276992 c:\windows\Installer\b8f985.msi
+ 2012-04-28 09:28 . 2012-04-28 09:28 301056 c:\windows\Installer\b88f8.msi
+ 2011-06-02 06:54 . 2011-06-02 06:54 112640 c:\windows\Installer\b6d6d.msi
+ 2011-07-21 19:33 . 2011-07-21 19:33 430592 c:\windows\Installer\ae8cb6.msi
+ 2012-06-26 19:06 . 2012-06-26 19:06 457728 c:\windows\Installer\9f99e.msi
+ 2012-06-26 19:05 . 2012-06-26 19:05 863744 c:\windows\Installer\9f99a.msi
+ 2012-07-02 19:10 . 2012-07-02 19:10 437248 c:\windows\Installer\7a7fe.msi
+ 2011-12-28 19:05 . 2011-12-28 19:05 996864 c:\windows\Installer\79faa.msi
+ 2011-12-28 19:03 . 2011-12-28 19:03 916480 c:\windows\Installer\79ee3.msi
+ 2012-07-03 04:57 . 2012-07-03 04:57 425984 c:\windows\Installer\723a8.msi
+ 2012-07-03 04:56 . 2012-07-03 04:56 444928 c:\windows\Installer\72399.msi
+ 2011-06-13 08:23 . 2011-06-13 08:23 654336 c:\windows\Installer\6cb125.msi
+ 2012-04-05 10:51 . 2012-04-05 10:51 890368 c:\windows\Installer\6b9d9.msp
+ 2011-12-29 19:10 . 2011-12-29 19:10 407552 c:\windows\Installer\64a152.msi
+ 2012-04-22 07:21 . 2012-04-22 07:21 176128 c:\windows\Installer\5d07e7.msi
+ 2012-02-13 15:02 . 2012-02-13 15:02 333824 c:\windows\Installer\54e81b.msi
+ 2012-04-18 12:13 . 2012-04-18 12:13 553472 c:\windows\Installer\5123d.msi
+ 2012-02-04 09:19 . 2012-02-04 09:19 843264 c:\windows\Installer\4a5336.msi
+ 2012-02-04 09:13 . 2012-02-04 09:13 441856 c:\windows\Installer\4a500d.msi
+ 2012-07-02 14:42 . 2012-07-02 14:42 228864 c:\windows\Installer\3e895b.msi
+ 2012-07-02 14:42 . 2012-07-02 14:42 414720 c:\windows\Installer\3e8954.msi
+ 2012-07-02 14:42 . 2012-07-02 14:42 251904 c:\windows\Installer\3e894d.msi
+ 2012-07-02 14:42 . 2012-07-02 14:42 249344 c:\windows\Installer\3e8946.msi
+ 2012-07-02 14:42 . 2012-07-02 14:42 250368 c:\windows\Installer\3e893f.msi
+ 2012-07-02 14:42 . 2012-07-02 14:42 250368 c:\windows\Installer\3e8938.msi
+ 2012-07-02 14:42 . 2012-07-02 14:42 250368 c:\windows\Installer\3e8931.msi
+ 2012-07-02 14:42 . 2012-07-02 14:42 250368 c:\windows\Installer\3e892a.msi
+ 2012-07-02 14:42 . 2012-07-02 14:42 250880 c:\windows\Installer\3e8923.msi
+ 2012-07-02 14:42 . 2012-07-02 14:42 250368 c:\windows\Installer\3e891c.msi
+ 2012-07-02 14:42 . 2012-07-02 14:42 250368 c:\windows\Installer\3e8915.msi
+ 2012-07-02 14:42 . 2012-07-02 14:42 250368 c:\windows\Installer\3e890e.msi
+ 2012-07-02 14:42 . 2012-07-02 14:42 250880 c:\windows\Installer\3e8907.msi
+ 2012-07-02 14:42 . 2012-07-02 14:42 250880 c:\windows\Installer\3e8900.msi
+ 2012-07-02 14:42 . 2012-07-02 14:42 251392 c:\windows\Installer\3e88f9.msi
+ 2012-07-02 14:42 . 2012-07-02 14:42 250368 c:\windows\Installer\3e88f2.msi
+ 2012-07-02 14:42 . 2012-07-02 14:42 251392 c:\windows\Installer\3e88eb.msi
+ 2012-07-02 14:42 . 2012-07-02 14:42 250368 c:\windows\Installer\3e88e4.msi
+ 2012-07-02 14:42 . 2012-07-02 14:42 251392 c:\windows\Installer\3e88dd.msi
+ 2012-07-02 14:42 . 2012-07-02 14:42 251392 c:\windows\Installer\3e88d6.msi
+ 2012-07-02 14:42 . 2012-07-02 14:42 251392 c:\windows\Installer\3e88cf.msi
+ 2012-07-02 14:41 . 2012-07-02 14:41 251392 c:\windows\Installer\3e88c8.msi
+ 2012-07-02 14:41 . 2012-07-02 14:41 251392 c:\windows\Installer\3e88c1.msi
+ 2012-07-02 14:41 . 2012-07-02 14:41 250368 c:\windows\Installer\3e88ba.msi
+ 2012-07-02 14:41 . 2012-07-02 14:41 260608 c:\windows\Installer\3e88b2.msi
+ 2012-07-02 14:41 . 2012-07-02 14:41 356352 c:\windows\Installer\3e88ab.msi
+ 2012-07-02 14:38 . 2012-07-02 14:38 437248 c:\windows\Installer\3e863f.msi
+ 2010-11-22 13:11 . 2010-11-22 13:11 247808 c:\windows\Installer\3a2ca.msp
+ 2011-12-07 13:23 . 2011-12-07 13:23 160768 c:\windows\Installer\1af489.msi
+ 2011-04-13 15:27 . 2011-04-13 15:27 459264 c:\windows\Installer\1435d4.msi
+ 2011-04-13 15:26 . 2011-04-13 15:26 223232 c:\windows\Installer\1435bb.msi
+ 2011-06-06 16:19 . 2011-06-06 16:19 496640 c:\windows\Installer\124fcb.msp
+ 2011-05-20 12:31 . 2011-05-20 12:31 494592 c:\windows\Installer\124fca.msp
+ 2011-09-01 09:35 . 2011-09-01 09:35 492544 c:\windows\Installer\11a5fb.msi
+ 2011-06-13 08:23 . 2011-06-13 08:23 102400 c:\windows\Installer\{60D32CDC-E3BE-4578-BA10-29322307CDDC}\NewShortcut1_C5961323A2E54FABB92DDBF6C282F0F5.exe
+ 2011-06-13 08:23 . 2011-06-13 08:23 102400 c:\windows\Installer\{60D32CDC-E3BE-4578-BA10-29322307CDDC}\ARPPRODUCTICON.exe
+ 2011-12-14 11:22 . 2011-12-14 11:22 219968 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\UpdateWizard.exe
+ 2011-12-14 11:22 . 2011-12-14 11:22 244544 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\UninstallManager.exe
+ 2011-12-14 11:22 . 2011-12-14 11:22 193856 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\Undelete.exe
+ 2011-12-14 11:23 . 2011-12-14 11:23 644928 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\TUTuningIndex.dll
+ 2011-12-14 11:23 . 2011-12-14 11:23 545088 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\TUSqlDB32.dll
+ 2011-12-14 11:23 . 2011-12-14 11:23 110400 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\TUParams.dll
+ 2011-12-14 11:22 . 2011-12-14 11:22 246080 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\TuneUpSystemStatusCheck.exe
+ 2011-12-14 11:22 . 2011-12-14 11:22 131904 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\TUMessages.exe
+ 2011-12-14 11:22 . 2011-12-14 11:22 390976 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\TUInstallHelper.exe
+ 2011-12-14 11:23 . 2011-12-14 11:23 118592 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\TUAutoUpdateCheck.exe
+ 2011-12-14 11:23 . 2011-12-14 11:23 182080 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\TUAnalyzeInfo.dll
+ 2011-12-14 11:22 . 2011-12-14 11:22 247616 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\SystemInformation.exe
+ 2011-12-14 11:22 . 2011-12-14 11:22 116544 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\SystemControl.exe
+ 2011-12-14 11:23 . 2011-12-14 11:23 936768 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\Styler.exe
+ 2011-12-14 11:23 . 2011-12-14 11:23 124224 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\Stiderc.dll
+ 2011-12-14 11:23 . 2011-12-14 11:23 534336 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\StartupOptimizer.exe
+ 2011-12-14 11:22 . 2011-12-14 11:22 321856 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\StartUpManager.exe
+ 2011-12-14 11:22 . 2011-12-14 11:22 137536 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\Shredder.exe
+ 2011-12-14 11:22 . 2011-12-14 11:22 226112 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\ShortcutCleaner.exe
+ 2011-12-14 11:23 . 2011-12-14 11:23 266048 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\SettingCenter.exe
+ 2011-12-14 11:22 . 2011-12-14 11:22 171328 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\RescueCenter.exe
+ 2011-12-14 11:23 . 2011-12-14 11:23 130880 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\Report.exe
+ 2011-12-14 11:22 . 2011-12-14 11:22 142656 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\RepairWizard.exe
+ 2011-12-14 11:22 . 2011-12-14 11:22 157504 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\RegWiz.exe
+ 2011-12-14 11:22 . 2011-12-14 11:22 302400 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\RegistryEditor.exe
+ 2011-12-14 11:22 . 2011-12-14 11:22 126272 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\RegistryDefrag.exe
+ 2011-12-14 11:22 . 2011-12-14 11:22 288064 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\RegistryCleaner.exe
+ 2011-12-14 11:22 . 2011-12-14 11:22 327488 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\ProgramDeactivator.exe
+ 2011-12-14 11:22 . 2011-12-14 11:22 352576 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\ProcessManager.exe
+ 2011-12-14 11:23 . 2011-12-14 11:23 565568 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\PerformanceOptimizer.exe
+ 2011-12-14 11:22 . 2011-12-14 11:22 102208 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\OneClickStarter.exe
+ 2011-12-14 11:22 . 2011-12-14 11:22 546624 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\OneClick.exe
+ 2011-12-14 11:23 . 2011-12-14 11:23 177472 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\MsStyles.dll
+ 2011-12-14 11:23 . 2011-12-14 11:23 266560 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\EnergyOptimizer.exe
+ 2011-12-14 11:22 . 2011-12-14 11:22 213312 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\DriveDefrag.exe
+ 2011-12-14 11:21 . 2011-12-14 11:21 412480 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\DiskExplorer.exe
+ 2011-12-14 11:21 . 2011-12-14 11:21 123712 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\DiskDoctor.exe
+ 2010-09-30 16:15 . 2010-09-30 16:15 356872 c:\windows\Installer\$PatchCache$\Managed\AA06C4D56E48A1E4A8869679D083B71E\10.0.1000\ProductInfo.dat
+ 2011-09-01 11:52 . 2011-09-01 11:52 399360 c:\windows\assembly\NativeImages_v4.0.30319_32\XamlBuildTask\4daf91c66e01c3dd92b239feacaa8245\XamlBuildTask.ni.dll
+ 2011-09-01 11:20 . 2011-09-01 11:20 353792 c:\windows\assembly\NativeImages_v4.0.30319_32\WsatConfig\3c0d21e75c9a48aba6fba3ddff0fcf39\WsatConfig.ni.exe
+ 2011-09-01 11:52 . 2011-09-01 11:52 245760 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\cc063533b04f9420d1aa571a36d1fabd\WindowsFormsIntegration.ni.dll
+ 2011-09-01 11:22 . 2011-09-01 11:22 195584 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\5786f917a7b62d63ca8dd5b47aaf9610\UIAutomationTypes.ni.dll
+ 2011-09-01 11:52 . 2011-09-01 11:52 481792 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\ece129234f9ba9ad856d0e77e4849137\UIAutomationClient.ni.dll
+ 2011-09-01 11:21 . 2011-09-01 11:21 391680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8eca92a64c232f34b5b559625b022369\System.Xml.Linq.ni.dll
+ 2011-09-01 11:22 . 2011-09-01 11:22 187904 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\18419dd13ced512c5f8dc15a79a601eb\System.Windows.Input.Manipulations.ni.dll
+ 2011-09-01 11:51 . 2011-09-01 11:51 192512 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\4cb0c81cca997d9fbecda9a1824f2fdb\System.Windows.Forms.DataVisualization.Design.ni. dll
+ 2011-09-01 11:22 . 2011-09-01 11:22 218624 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.RegularE#\770e21411a66352a12b5d3f1e47e972e\System.Web.RegularExpressions.ni.dll
+ 2011-09-01 11:50 . 2011-09-01 11:50 858112 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\2e2096834f67f11a362be1e5c0da4d54\System.Web.Extensions.Design.ni.dll
+ 2011-09-01 11:49 . 2011-09-01 11:49 332288 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\0d511c8f1da06cc18f2da9b593042841\System.Web.Entity.ni.dll
+ 2011-09-01 11:50 . 2011-09-01 11:50 296448 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity.D#\c69974f79eb0c96357fbf031df6d8ed0\System.Web.Entity.Design.ni.dll
+ 2011-09-01 11:49 . 2011-09-01 11:49 705536 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\a1d43a413800a3fa024cba9161c34c44\System.Web.DynamicData.ni.dll
+ 2011-09-01 11:29 . 2011-09-01 11:29 256512 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\8fbe244f1f9ad9ce887c125bae44a50b\System.Web.DataVisualization.Design.ni.dll
+ 2011-09-01 11:21 . 2011-09-01 11:21 645632 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\dd9dbf82e44454689976a49a9e4ddb6d\System.Transactions.ni.dll
+ 2011-09-01 11:22 . 2011-09-01 11:22 220672 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\6e7f1bdc845816dfc797f8002b76b5e8\System.ServiceProcess.ni.dll
+ 2011-09-01 11:26 . 2011-09-01 11:26 421888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\9e32918462a2d0c786fbf21a873cc358\System.ServiceModel.Activation.ni.dll
+ 2011-09-01 11:28 . 2011-09-01 11:28 365056 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\76a5d670ce969c0c65a905b7303d4bbf\System.ServiceModel.Routing.ni.dll
+ 2011-09-01 09:32 . 2011-09-01 09:32 721920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\09a97525ae5583cc2685e2c39a3078bd\System.Security.ni.dll
+ 2011-09-01 11:20 . 2011-09-01 11:20 310272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\d0ff3383438d688a0118d0fa19ed1dc4\System.Runtime.Serialization.Formatters.Soap.ni.d ll
+ 2011-09-01 11:21 . 2011-09-01 11:21 767488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\dc1f0dbf1d3ba856eccec90b62b55d79\System.Runtime.Remoting.ni.dll
+ 2011-09-01 11:22 . 2011-09-01 11:22 239616 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Cach#\565496636c549f7f72fff7db554685b6\System.Runtime.Caching.ni.dll
+ 2011-09-01 09:30 . 2011-09-01 09:30 144896 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\b07f0d26a34ad53fc369248f289d1126\System.Numerics.ni.dll
+ 2011-09-01 11:27 . 2011-09-01 11:27 651264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\dd5c866d2462dd913ed0a0287396aa50\System.Net.ni.dll
+ 2011-09-01 11:26 . 2011-09-01 11:26 625152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\3ab3e80af8e5e95a5a62092cc9293c91\System.Messaging.ni.dll
+ 2011-09-01 11:27 . 2011-09-01 11:27 392704 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\8b5fe7aff54a7aed07287257a9b8e420\System.Management.Instrumentation.ni.dll
+ 2011-09-01 11:27 . 2011-09-01 11:27 405504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\150da10324f2811a48da58d3496bbe10\System.IO.Log.ni.dll
+ 2011-09-01 11:26 . 2011-09-01 11:26 228352 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\386f41f744eedacd1517c8a15750a48b\System.IdentityModel.Selectors.ni.dll
+ 2011-09-01 11:21 . 2011-09-01 11:21 230912 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\8b6e9d6171aad3561263ce2cd05c57df\System.EnterpriseServices.Wrapper.dll
+ 2011-09-01 11:21 . 2011-09-01 11:21 784896 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\8b6e9d6171aad3561263ce2cd05c57df\System.EnterpriseServices.ni.dll
+ 2011-09-01 09:32 . 2011-09-01 09:32 373248 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\1331ee3a7146218388537aa7e41303af\System.Dynamic.ni.dll
+ 2011-09-01 09:35 . 2011-09-01 09:35 223744 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing.Desi#\8f9993d3eb4cd33d1452155f79b23d65\System.Drawing.Design.ni.dll
+ 2011-09-01 11:22 . 2011-09-01 11:22 461824 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\7f4419b6f829a2485d83b3c3e7b26a97\System.DirectoryServices.Protocols.ni.dll
+ 2011-09-01 11:27 . 2011-09-01 11:27 911872 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\46a7f51ef1a9d917598b96f7a758a459\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-09-01 11:27 . 2011-09-01 11:27 112128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\36342e6024e2844502d0bdaa9d30971a\System.Device.ni.dll
+ 2011-09-01 11:26 . 2011-09-01 11:26 499712 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\ec884cc78d6c5bb67bc2c819b1f00ee5\System.Data.Services.Design.ni.dll
+ 2011-09-01 11:23 . 2011-09-01 11:23 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\caecc65b5c0ede0fe0d55b9f48ada80f\System.Data.DataSetExtensions.ni.dll
+ 2011-09-01 09:32 . 2011-09-01 09:32 973312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ac18c2dcd06bd2a0589bac94ccae5716\System.Configuration.ni.dll
+ 2011-09-01 11:22 . 2011-09-01 11:22 145920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\aea1d325200e1a7b1ee7ec86fba33db4\System.Configuration.Install.ni.dll
+ 2011-09-01 11:23 . 2011-09-01 11:23 193536 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\7d8e51e92fede804332703770695afdb\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-09-01 09:32 . 2011-09-01 09:32 690176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\4a518b841f06ee4f07320159cf918a2c\System.ComponentModel.Composition.ni.dll
+ 2011-09-01 11:23 . 2011-09-01 11:23 613888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\767e70aec1ffb52f95c2b07c08fa0781\System.AddIn.ni.dll
+ 2011-09-01 11:23 . 2011-09-01 11:23 402944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\8594d07d18330843968d649ed6ef6166\System.Activities.DurableInstancing.ni.dll
+ 2011-09-01 11:20 . 2011-09-01 11:20 316928 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\38f0d77629891e7808424103aaef0728\SMSvcHost.ni.exe
+ 2011-09-01 11:21 . 2011-09-01 11:21 142336 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\4d2a51c03b27e615ff9f1c430f2014ba\SMDiagnostics.ni.dll
+ 2011-09-01 09:30 . 2011-09-01 09:30 283648 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\f5e029e2215c95ab38a1eefef7b32ac9\PresentationFramework.Classic.ni.dll
+ 2011-09-01 09:32 . 2011-09-01 09:32 450048 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3555f5f74c56fa92c0ab7a635af91bfa\PresentationFramework.Aero.ni.dll
+ 2011-09-01 09:32 . 2011-09-01 09:32 327168 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\040571d65dc822e5df020d5e084f4b45\PresentationFramework.Royale.ni.dll
+ 2011-09-01 09:30 . 2011-09-01 09:30 656896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\016f9a150fce0e0a4c93532d8fa4c749\PresentationFramework.Luna.ni.dll
+ 2011-09-01 11:14 . 2011-09-01 11:14 273920 c:\windows\assembly\NativeImages_v4.0.30319_32\MSBuild\aa25092606e5e9826db7a7bd0adb9b2b\MSBuild.ni.exe
+ 2011-09-01 11:21 . 2011-09-01 11:21 219136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\edcde6e8ccca7996c2e1ad40bd0f2758\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2011-09-01 11:20 . 2011-09-01 11:20 418304 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\5f595338c63c2fdb5a171760c29d5bcf\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-09-01 11:20 . 2011-09-01 11:20 629248 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Uti#\b384b96460ad28697e8990e56b0234d8\Microsoft.Build.Utilities.v4.0.ni.dll
+ 2011-09-01 11:14 . 2011-09-01 11:14 257536 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Fra#\11ef4be6ee227fce3725d6df534297a4\Microsoft.Build.Framework.ni.dll
+ 2011-09-01 11:20 . 2011-09-01 11:20 135680 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Con#\837fa037ca302e7432ea9913ae453e70\Microsoft.Build.Conversion.v4.0.ni.dll
+ 2011-09-01 11:20 . 2011-09-01 11:20 193024 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\d2574c8ae333ff959be2e0d83121ad10\CustomMarshalers.ni.dll
+ 2011-09-01 11:14 . 2011-09-01 11:14 471040 c:\windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\51819c709096229ee187a7feee395d9f\ComSvcConfig.ni.exe
+ 2011-09-01 11:14 . 2011-09-01 11:14 842752 c:\windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\03bf63d8ea6622a32b9a3fc6851801a9\AspNetMMCExt.ni.dll
+ 2011-04-06 18:13 . 2011-04-06 18:13 188528 c:\windows\assembly\GAC_MSIL\Google.GData.Client\1.7.0.1__04a59ca9b0273830\Google.GData.Client.dll
+ 2012-04-30 06:21 . 2012-04-30 06:21 118784 c:\windows\assembly\GAC_MSIL\cli_uretypes\1.0.8.0__ce2cb7e279207b9e\cli_uretypes.dll
+ 2012-04-30 06:21 . 2012-04-30 06:21 909312 c:\windows\assembly\GAC_MSIL\cli_oootypes\1.0.8.0__ce2cb7e279207b9e\cli_oootypes.dll
+ 2011-04-06 18:13 . 2011-04-06 18:13 726456 c:\windows\assembly\GAC_32\NMSDVDNet\1.0.1007.2002__2ff9184220f553d5\NMSDVDNet.dll
- 2010-08-03 16:24 . 2010-08-03 16:24 726456 c:\windows\assembly\GAC_32\NMSDVDNet\1.0.1007.2002__2ff9184220f553d5\NMSDVDNet.dll
+ 2011-01-11 08:59 . 2011-01-11 08:59 3780936 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfc90u.dll
+ 2011-01-11 08:59 . 2011-01-11 08:59 3766088 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfc90.dll
+ 2011-01-10 20:50 . 2011-01-10 20:50 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfc80u.dll
+ 2011-01-10 20:50 . 2011-01-10 20:50 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfc80.dll
+ 2012-01-19 18:47 . 2004-05-04 07:53 1645320 c:\windows\system32\Visagesoft\gdiplus.dll
+ 2008-03-26 15:08 . 2011-01-14 18:32 2286080 c:\windows\system32\TUKernel.exe
+ 2011-11-15 16:57 . 2011-11-15 16:57 2463744 c:\windows\system32\SlotMaximizerBe.dll
+ 2012-07-02 19:10 . 2011-12-06 02:29 3307776 c:\windows\system32\ReinstallBackups\0043\DriverFiles\B129753\ativvaxx.dll
+ 2012-07-02 19:10 . 2011-12-06 03:19 7376896 c:\windows\system32\ReinstallBackups\0043\DriverFiles\B129753\aticaldd.dll
+ 2012-07-02 19:10 . 2011-12-06 02:49 5334656 c:\windows\system32\ReinstallBackups\0043\DriverFiles\B129753\ati3duag.dll
+ 2012-07-02 19:10 . 2011-12-06 03:42 7490560 c:\windows\system32\ReinstallBackups\0043\DriverFiles\B129753\ati2mtag.sys
+ 2012-03-11 16:07 . 2006-05-16 17:04 2879488 c:\windows\system32\ReinstallBackups\0042\DriverFiles\SkyTel.exe
+ 2012-03-11 16:07 . 2006-11-13 12:07 1183744 c:\windows\system32\ReinstallBackups\0042\DriverFiles\RtlUpd.exe
+ 2012-03-11 16:07 . 2006-05-04 15:35 9709568 c:\windows\system32\ReinstallBackups\0042\DriverFiles\RTLCPL.EXE
+ 2012-03-11 16:07 . 2006-11-15 13:34 4225920 c:\windows\system32\ReinstallBackups\0042\DriverFiles\RtkHDAud.sys
+ 2012-03-11 16:07 . 2006-10-11 16:42 2157568 c:\windows\system32\ReinstallBackups\0042\DriverFiles\MicCal.exe
+ 2012-03-11 16:07 . 2006-05-04 15:26 2808832 c:\windows\system32\ReinstallBackups\0042\DriverFiles\ALCWZRD.EXE
+ 2009-04-07 14:39 . 2011-03-04 19:44 2095600 c:\windows\system32\pxsfs.dll
+ 2005-09-22 22:21 . 2011-08-03 11:49 4210816 c:\windows\system32\nv4_disp.dll
+ 2012-04-28 12:10 . 2007-06-06 23:00 1128128 c:\windows\system32\NMSDVDXU.dll
+ 2012-04-28 12:10 . 2007-06-06 23:00 1103552 c:\windows\system32\NMSDVDX.dll
+ 2006-05-01 10:37 . 2000-06-12 23:00 1046288 c:\windows\system32\MSJET35.DLL
+ 2011-02-19 22:03 . 2011-02-19 22:03 4422992 c:\windows\system32\mfc100u.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03 4397384 c:\windows\system32\mfc100.dll
+ 2012-07-16 04:38 . 2012-07-16 04:38 9459912 c:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
+ 2012-06-28 15:48 . 2012-01-15 17:40 1112288 c:\windows\system32\DRVSTORE\zeus_1283762158262ED421CE28A24CFC29018AE5B0F0\x86\WdfCoInstaller01007.dll
+ 2011-11-05 08:37 . 2009-08-13 21:40 1112288 c:\windows\system32\DRVSTORE\xusb21_0EC413ACC59D625240DD4FD73E5D586003F09393\x86\WdfCoInstaller01007.dll
+ 2012-06-28 15:48 . 2012-01-15 17:40 1112288 c:\windows\system32\DRVSTORE\ste8500_C5365E86AD16BCA0C46BAC8265B0C57C7598C833\x86\WdfCoInstaller01007.dll
+ 2012-06-28 15:47 . 2012-01-15 17:40 1112288 c:\windows\system32\DRVSTORE\sa0102adb_B9C7ECBA2DA9E0A33DC1D80969D4C0FA08174A12\i386\WdfCoInstaller01007.dll
+ 2012-06-28 15:48 . 2012-01-15 17:40 1112288 c:\windows\system32\DRVSTORE\sa0102adb_6B80C2E8586795E98C47F8FC9EA550361B9095DE\i386\WdfCoInstaller01007.dll
+ 2012-06-28 15:48 . 2012-01-15 17:40 1112288 c:\windows\system32\DRVSTORE\pnx6513_4F315AA11954B91EF014015EBDF8EEAE2F31CC8D\x86\WdfCoInstaller01007.dll
+ 2012-06-28 15:48 . 2012-01-15 17:40 1112288 c:\windows\system32\DRVSTORE\pnx4910_A5AA9D360CFAC6085FD76F7289F827094FDCDBA9\x86\WdfCoInstaller01007.dll
+ 2012-06-28 15:48 . 2012-01-15 17:40 1112288 c:\windows\system32\DRVSTORE\omap3430_8868D88B07B45D82FC6928CD6D65F6F08211771E\x86\WdfCoInstaller01007.dll
+ 2012-04-28 09:29 . 2011-08-10 14:39 1461992 c:\windows\system32\DRVSTORE\nuidfltr_E43E90E372F0A2F8BC202108BA821FE6CFC086E0\wdfcoinstaller01009.dll
+ 2012-06-28 15:48 . 2012-01-15 17:40 1112288 c:\windows\system32\DRVSTORE\ggsemc_69474B299F8096A4E4CB4CE6EB0E19FC32D18E55\x86\WdfCoInstaller01007.dll
+ 2012-04-28 09:29 . 2011-08-10 14:39 1461992 c:\windows\system32\DRVSTORE\dc3du_39E47C72985BACB24FE918E6F37284425E557DA1\WdfCoInstaller01009.dll
+ 2012-07-02 19:10 . 2012-06-11 16:50 1835558 c:\windows\system32\DRVSTORE\CX141405_2DFBF2E57FDFFA308C58FBEE75326DD43CF4065D\B140419\ativvaxx.dll
+ 2012-07-02 19:10 . 2012-06-11 17:38 8459596 c:\windows\system32\DRVSTORE\CX141405_2DFBF2E57FDFFA308C58FBEE75326DD43CF4065D\B140419\atioglxx.dll
+ 2012-07-02 19:10 . 2012-06-11 17:10 2457592 c:\windows\system32\DRVSTORE\CX141405_2DFBF2E57FDFFA308C58FBEE75326DD43CF4065D\B140419\ati3duag.dll
+ 2012-07-02 19:10 . 2012-06-11 18:57 4433750 c:\windows\system32\DRVSTORE\CX141405_2DFBF2E57FDFFA308C58FBEE75326DD43CF4065D\B140419\ati2mtag.sys
+ 2012-07-02 14:39 . 2012-05-23 01:27 1835528 c:\windows\system32\DRVSTORE\CX139737_6CED53E4302B689D15AAA27726CAFB621DBDE3A4\B139213\ativvaxx.dll
+ 2012-07-02 14:39 . 2012-05-23 02:14 8459597 c:\windows\system32\DRVSTORE\CX139737_6CED53E4302B689D15AAA27726CAFB621DBDE3A4\B139213\atioglxx.dll
+ 2012-07-02 14:39 . 2012-05-23 01:49 2456830 c:\windows\system32\DRVSTORE\CX139737_6CED53E4302B689D15AAA27726CAFB621DBDE3A4\B139213\ati3duag.dll
+ 2012-07-02 14:39 . 2012-05-23 03:13 4433071 c:\windows\system32\DRVSTORE\CX139737_6CED53E4302B689D15AAA27726CAFB621DBDE3A4\B139213\ati2mtag.sys
+ 2012-02-04 09:14 . 2011-12-06 02:29 1633224 c:\windows\system32\DRVSTORE\CX132103_19CCC5E312006EE735A1627DB1DD4A60ABAE0F50\B129753\ativvaxx.dll
+ 2012-02-04 09:14 . 2011-12-06 03:07 8397733 c:\windows\system32\DRVSTORE\CX132103_19CCC5E312006EE735A1627DB1DD4A60ABAE0F50\B129753\atioglxx.dll
+ 2012-02-04 09:14 . 2011-12-06 03:19 3199863 c:\windows\system32\DRVSTORE\CX132103_19CCC5E312006EE735A1627DB1DD4A60ABAE0F50\B129753\aticaldd.dll
+ 2012-02-04 09:14 . 2011-12-06 02:49 2821108 c:\windows\system32\DRVSTORE\CX132103_19CCC5E312006EE735A1627DB1DD4A60ABAE0F50\B129753\ati3duag.dll
+ 2012-02-04 09:14 . 2011-12-06 03:42 4992367 c:\windows\system32\DRVSTORE\CX132103_19CCC5E312006EE735A1627DB1DD4A60ABAE0F50\B129753\ati2mtag.sys
+ 2011-12-28 19:02 . 2011-01-26 22:27 1276886 c:\windows\system32\DRVSTORE\CX113662_CDE1B1CDD7D29A047CD158502AD05F7B4339882B\B112566\ativvaxx.dll
+ 2011-12-28 19:02 . 2011-01-26 23:05 7545980 c:\windows\system32\DRVSTORE\CX113662_CDE1B1CDD7D29A047CD158502AD05F7B4339882B\B112566\atioglxx.dll
+ 2011-12-28 19:02 . 2011-01-26 22:59 2191513 c:\windows\system32\DRVSTORE\CX113662_CDE1B1CDD7D29A047CD158502AD05F7B4339882B\B112566\aticaldd.dll
+ 2011-12-28 19:02 . 2011-01-26 22:42 2115945 c:\windows\system32\DRVSTORE\CX113662_CDE1B1CDD7D29A047CD158502AD05F7B4339882B\B112566\ati3duag.dll
+ 2011-12-28 19:02 . 2011-01-26 23:34 4256714 c:\windows\system32\DRVSTORE\CX113662_CDE1B1CDD7D29A047CD158502AD05F7B4339882B\B112566\ati2mtag.sys
+ 2012-06-28 15:48 . 2012-01-15 17:40 1112288 c:\windows\system32\DRVSTORE\android_wi_FBB7F129888AF22EA0EC84E8DF3E9D3E94F4DBC6\i386\WdfCoInstaller01007.dll
+ 2012-06-28 15:48 . 2012-01-15 17:40 1461992 c:\windows\system32\DRVSTORE\android_wi_D9EDE73877A0CD581B33FA5A0E014893C9B73185\i386\WdfCoInstaller01009.dll
+ 2012-06-28 15:48 . 2012-01-15 17:40 1112288 c:\windows\system32\DRVSTORE\android_wi_34D57B2130A4CDA74F361B132C8A47FBC6D66D47\i386\WdfCoInstaller01007.dll
+ 2012-06-28 15:48 . 2012-01-15 17:40 1112288 c:\windows\system32\DRVSTORE\android_us_214A9477F8D7526BE9A5C9EA4868C3CCEF8358E9\i386\wdfcoinstaller01007.dll
+ 2005-10-09 09:27 . 2011-12-13 17:27 7069288 c:\windows\system32\drivers\RtkHDAud.sys
+ 2012-03-11 16:06 . 2009-11-18 06:17 1395800 c:\windows\system32\drivers\Monfilt.sys
+ 2012-03-11 16:06 . 2009-11-18 06:16 1691480 c:\windows\system32\drivers\Ambfilt.sys
+ 2005-09-22 22:21 . 2011-08-03 11:49 4210816 c:\windows\system32\dllcache\nv4_disp.dll
+ 2011-12-28 19:02 . 2011-12-06 02:29 3307776 c:\windows\system32\dllcache\ativvaxx.dll
+ 2011-12-28 19:02 . 2011-12-06 02:49 5334656 c:\windows\system32\dllcache\ati3duag.dll
+ 2011-12-28 19:02 . 2011-12-06 03:42 7490560 c:\windows\system32\dllcache\ati2mtag.sys
+ 2006-09-26 16:51 . 2010-11-03 17:15 1833576 c:\windows\SkyTel.exe
+ 2006-09-26 16:51 . 2011-08-29 15:20 1493608 c:\windows\RtlUpd.exe
+ 2005-10-09 09:27 . 2011-12-13 10:01 1698408 c:\windows\RtlExUpd.dll
+ 2005-10-09 09:27 . 2010-11-03 17:15 9721960 c:\windows\RTLCPL.EXE
+ 2011-01-05 21:15 . 2010-08-19 20:07 1126912 c:\windows\Resources\Themes\Arysta\Shell\NormalColor\shellstyle.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 1663320 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 1303896 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsBase.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 6346600 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 3545952 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationCore.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 2650464 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\NlsLexicons0009.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 4881752 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\NlsData0009.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 2199880 c:\windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
+ 2010-03-18 11:16 . 2010-03-18 11:16 2207568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.XML.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 1587064 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Workflow.ComponentModel.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 1070960 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Workflow.Activities.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 4982120 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 1711496 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.DataVisualization.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 1836904 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Extensions.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 5174608 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 1697144 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.DataVisualization.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 6067048 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 1026936 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 3481928 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 5078360 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Design.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 4464480 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Entity.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 2970968 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 1339736 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Core.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 1462648 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.Presentation.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 1199968 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.dll
+ 2010-03-18 20:26 . 2010-03-18 20:26 1163264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\netfx_core_x86.msi
+ 2010-03-18 11:16 . 2010-03-18 11:16 5196112 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 1141592 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 2989456 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 1064816 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll
+ 2010-03-18 14:47 . 2010-03-18 14:47 1327968 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.dll
+ 2010-03-18 11:16 . 2010-03-18 11:16 1972552 c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
+ 2010-03-18 11:16 . 2010-03-18 11:16 6730056 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 3481928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-09-01 09:34 . 2011-09-01 09:34 1587064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.ComponentModel\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2011-09-01 09:34 . 2011-09-01 09:34 1070960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 4982120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualizatio n.dll
+ 2011-09-01 09:34 . 2011-09-01 09:34 1836904 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2011-09-01 09:34 . 2011-09-01 09:34 1697144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2011-09-01 09:34 . 2011-09-01 09:34 5078360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2011-09-01 09:34 . 2011-09-01 09:34 1327968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll
+ 2011-09-01 09:34 . 2011-09-01 09:34 1064816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll
+ 2011-09-01 09:34 . 2011-09-01 09:34 5174608 c:\windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 5196112 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-09-01 09:29 . 2011-09-01 09:29 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Co mpiler.dll
+ 2005-10-09 09:27 . 2010-11-03 17:14 2180712 c:\windows\MicCal.exe
+ 2012-02-06 12:21 . 2012-02-06 12:21 3458560 c:\windows\Installer\c1eaf.msp
+ 2012-02-09 10:06 . 2012-02-09 10:06 1063424 c:\windows\Installer\c1cd5.msp
+ 2012-02-06 12:22 . 2012-02-06 12:22 1866240 c:\windows\Installer\c1cd4.msp
+ 2012-04-28 09:29 . 2012-04-28 09:29 1289728 c:\windows\Installer\b892e.msi
+ 2012-07-02 19:10 . 2012-07-02 19:10 1720832 c:\windows\Installer\7a806.msi
+ 2012-07-03 04:56 . 2012-07-03 04:56 1720832 c:\windows\Installer\723a1.msi
+ 2012-04-05 10:51 . 2012-04-05 10:51 1063424 c:\windows\Installer\6b8e9.msp
+ 2012-05-29 11:21 . 2012-05-29 11:21 1152512 c:\windows\Installer\621f3.msp
+ 2012-05-29 11:21 . 2012-05-29 11:21 1066496 c:\windows\Installer\62101.msp
+ 2012-07-02 14:42 . 2012-07-02 14:42 1130496 c:\windows\Installer\3e8963.msi
+ 2010-12-14 14:49 . 2010-12-14 14:49 1153536 c:\windows\Installer\3a2cb.msp
+ 2010-10-26 14:42 . 2010-10-26 14:42 1027072 c:\windows\Installer\3a2c9.msp
+ 2012-04-30 06:23 . 2012-04-30 06:23 4273152 c:\windows\Installer\28e836.msi
+ 2011-03-04 15:25 . 2011-03-04 15:25 1094656 c:\windows\Installer\1bd9ef.msp
+ 2011-02-25 12:25 . 2011-02-25 12:25 7968256 c:\windows\Installer\1435cb.msp
+ 2011-09-01 09:29 . 2011-09-01 09:29 1160192 c:\windows\Installer\11a5f4.msi
+ 2011-05-28 18:41 . 2011-05-28 18:41 4845568 c:\windows\Installer\10aa9d.msi
+ 2011-12-14 11:16 . 2011-12-14 11:16 1036920 c:\windows\Installer\$PatchCache$\Managed\EFC620ECEF37DEF4D9F5C2D8D45B210B\12.0.2160\ProductInfo.dat
+ 2011-12-14 11:22 . 2011-12-14 11:22 1187136 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\SilentUpdater.exe
+ 2011-12-14 11:22 . 2011-12-14 11:22 1116480 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\Integrator.exe
+ 2011-09-01 09:31 . 2011-09-01 09:31 3779072 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\d17606e813f01376bd0def23726ecc62\WindowsBase.ni.dll
+ 2011-09-01 11:52 . 2011-09-01 11:52 1055744 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\5904383f7c86f1374a14198872dfa7d8\UIAutomationClientsideProviders.ni.dll
+ 2011-09-01 09:30 . 2011-09-01 09:30 9000960 c:\windows\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll
+ 2011-09-01 09:32 . 2011-09-01 09:32 5571584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e997d0200c25f7db6bd32313d50b729d\System.Xml.ni.dll
+ 2011-09-01 11:14 . 2011-09-01 11:14 1776640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\035910922f160d304fb834aae41f45a6\System.Xaml.ni.dll
+ 2011-09-01 11:51 . 2011-09-01 11:51 1203712 c:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\ad9facc364268611cc4ca65f77caeddd\System.WorkflowServices.ni.dll
+ 2011-09-01 11:51 . 2011-09-01 11:51 1956352 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Run#\be049b8fe1bf23daab7e76159a7e00dd\System.Workflow.Runtime.ni.dll
+ 2011-09-01 11:51 . 2011-09-01 11:51 4428800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Com#\467bcaca5f4d2914922f62772ea4ea7d\System.Workflow.ComponentModel.ni.dll
+ 2011-09-01 11:51 . 2011-09-01 11:51 2839552 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Act#\544e73a3f3f2daea050f03e4c94e9a6d\System.Workflow.Activities.ni.dll
+ 2011-09-01 11:50 . 2011-09-01 11:50 4496384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\9cf13572472dc2efe8f3b7c2ab6198d3\System.Windows.Forms.DataVisualization.ni.dll
+ 2011-09-01 11:22 . 2011-09-01 11:22 1864704 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\149f2dcb9c9706e592d1980a945850c2\System.Web.Services.ni.dll
+ 2011-09-01 11:50 . 2011-09-01 11:50 2324992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\c7b1290bb35d3e3c53d20e5928c9fa73\System.Web.Mobile.ni.dll
+ 2011-09-01 11:26 . 2011-09-01 11:26 3078144 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\0f643b7bd4525c3165733f6988bdbfe2\System.Web.Extensions.ni.dll
+ 2011-09-01 11:28 . 2011-09-01 11:28 4429312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\9df99ed350ef0a43fbcc1b9e586f1c7f\System.Web.DataVisualization.ni.dll
+ 2011-09-01 11:28 . 2011-09-01 11:28 1992192 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\61a931da70f8078539a51cef3888d02d\System.Speech.ni.dll
+ 2011-09-01 11:28 . 2011-09-01 11:28 1127424 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\dbf07cb14b4dcc210cdf8b5d90a12a56\System.ServiceModel.Discovery.ni.dll
+ 2011-09-01 11:26 . 2011-09-01 11:26 1388032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\52481fccddb053768631c640d5059d4b\System.ServiceModel.Activities.ni.dll
+ 2011-09-01 11:25 . 2011-09-01 11:25 1046528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\51c60db370e050d9cdcac17060aaac53\System.ServiceModel.Web.ni.dll
+ 2011-09-01 11:21 . 2011-09-01 11:21 2625024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\e9f8a45b1063d6c6a62718c88a5623d1\System.Runtime.Serialization.ni.dll
+ 2011-09-01 11:21 . 2011-09-01 11:21 1011200 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\f3989d3e9cb8904e4edf23ede5adb6c1\System.Runtime.DurableInstancing.ni.dll
+ 2011-09-01 11:22 . 2011-09-01 11:22 1047040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\eb9369fc9393d29afe51e45cb49aa4be\System.Printing.ni.dll
+ 2011-09-01 11:26 . 2011-09-01 11:26 1159168 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\6a6f4be744ed5bc5273cbcf0fcf303e3\System.Management.ni.dll
+ 2011-09-01 11:26 . 2011-09-01 11:26 1065984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\9eac876f58a3ebca8878b8654efdc817\System.IdentityModel.ni.dll
+ 2011-09-01 09:31 . 2011-09-01 09:31 1651200 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\dd57bc19f5807c6dbe8f88d4a23277f6\System.Drawing.ni.dll
+ 2011-09-01 11:21 . 2011-09-01 11:21 1151488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\5166bf93ac5239837c9c92b58d183ea6\System.DirectoryServices.ni.dll
+ 2011-09-01 11:20 . 2011-09-01 11:20 1872384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\90fd7fc9fbf5f4eed9135996b515a38a\System.Deployment.ni.dll
+ 2011-09-01 09:31 . 2011-09-01 09:31 6754816 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\92cccedc7cda413ff6fc6492cb256b58\System.Data.ni.dll
+ 2011-09-01 09:32 . 2011-09-01 09:32 2538496 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\1fdd0961d8d07ef4d1fcaf30f0050c0a\System.Data.SqlXml.ni.dll
+ 2011-09-01 11:25 . 2011-09-01 11:25 2008576 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Services\62f067f8572551df931b3ee6493383d7\System.Data.Services.ni.dll
+ 2011-09-01 11:26 . 2011-09-01 11:26 1332736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\685c7df1332a74aaa899f2bdb3beabc3\System.Data.Services.Client.ni.dll
+ 2011-09-01 11:22 . 2011-09-01 11:22 1183744 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.OracleC#\db33744fb49e77c7233adb50f07fe62a\System.Data.OracleClient.ni.dll
+ 2011-09-01 09:31 . 2011-09-01 09:31 2499072 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\87a713cee613d08ee04ae9483a9d4716\System.Data.Linq.ni.dll
+ 2011-09-01 11:25 . 2011-09-01 11:25 1398272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity.#\7bab044e648dfea461b73dc898150539\System.Data.Entity.Design.ni.dll
+ 2011-09-01 09:31 . 2011-09-01 09:31 7025664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\713647b987b140a17e3c4ffe4c721f85\System.Core.ni.dll
+ 2011-09-01 11:22 . 2011-09-01 11:22 4103168 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\931ad0783c03deb967760d5c2387274a\System.Activities.ni.dll
+ 2011-09-01 11:23 . 2011-09-01 11:23 3691520 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\a57e34a36f38a007aa24f1bd07a167ab\System.Activities.Presentation.ni.dll
+ 2011-09-01 11:23 . 2011-09-01 11:23 1506304 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\607df7a11c3334146664bc74130bc38f\System.Activities.Core.Presentation.ni.dll
+ 2011-09-01 11:22 . 2011-09-01 11:22 2842624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\42f0e1a4e3081c50503d74ebc0540a60\ReachFramework.ni.dll
+ 2011-09-01 11:21 . 2011-09-01 11:21 1622528 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\15578874ee1464dc6a3545d4be842e59\PresentationUI.ni.dll
+ 2011-09-01 11:21 . 2011-09-01 11:21 1467904 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationBuildTa#\d0e67f49781c157069bc3298454354bd\PresentationBuildTasks.ni.dll
+ 2011-09-01 11:20 . 2011-09-01 11:20 1819648 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\e8ab3b63bade82c3522613f2b1240c0d\Microsoft.VisualBasic.ni.dll
+ 2011-09-01 11:21 . 2011-09-01 11:21 1135104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\6f82f181d36fcd0e1fd5f09a22e0b8db\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2011-09-01 11:21 . 2011-09-01 11:21 1167872 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\2eef2f34c0295f1fe5d6d4441f9e790b\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2011-09-01 11:20 . 2011-09-01 11:20 1079808 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\9952f66fc592ffc21b024803c8c955fd\Microsoft.Transactions.Bridge.ni.dll
+ 2011-09-01 11:26 . 2011-09-01 11:26 2441728 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\08b2c2639708ab20748653185d6b67be\Microsoft.JScript.ni.dll
+ 2011-09-01 09:32 . 2011-09-01 09:32 1612288 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\05503f37aef5261d80ccca19f8078679\Microsoft.CSharp.ni.dll
+ 2011-09-01 11:14 . 2011-09-01 11:14 4226560 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build\3bfb841477d28ca866b91211f50199bb\Microsoft.Build.ni.dll
+ 2011-09-01 11:20 . 2011-09-01 11:20 2850816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Tas#\8973265600edd2135ecf5e369a087dfb\Microsoft.Build.Tasks.v4.0.ni.dll
+ 2011-09-01 11:20 . 2011-09-01 11:20 1914368 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Eng#\7cfd4a64a95807ee7cb6ae50cfabd93c\Microsoft.Build.Engine.ni.dll
+ 2005-10-09 09:27 . 2010-11-03 17:13 2815592 c:\windows\ALCWZRD.EXE
+ 2012-07-02 19:10 . 2011-12-06 03:07 19357696 c:\windows\system32\ReinstallBackups\0043\DriverFiles\B129753\atioglxx.dll
+ 2012-03-11 16:07 . 2006-11-14 16:21 16270848 c:\windows\system32\ReinstallBackups\0042\DriverFiles\RTHDCPL.EXE
+ 2005-10-09 06:02 . 2011-05-11 13:20 42829768 c:\windows\system32\MRT.exe
+ 2005-09-22 22:21 . 2011-08-03 11:49 12542592 c:\windows\system32\drivers\nv4_mini.sys
+ 2005-09-22 22:21 . 2011-08-03 11:49 12542592 c:\windows\system32\dllcache\nv4_mini.sys
+ 2011-12-05 21:03 . 2011-12-05 21:03 14499328 c:\windows\system32\amdocl.dll
+ 2005-10-09 09:27 . 2011-12-05 14:49 20065384 c:\windows\RTHDCPL.EXE
+ 2011-04-21 12:39 . 2011-04-21 12:39 20314624 c:\windows\Installer\a5cfcc6.msp
+ 2011-10-13 16:05 . 2011-10-13 16:05 20333568 c:\windows\Installer\84d0b.msp
+ 2012-05-10 12:10 . 2012-05-10 12:10 23771136 c:\windows\Installer\6c766.msp
+ 2011-07-02 17:42 . 2011-07-02 17:42 14856192 c:\windows\Installer\5539f.msi
+ 2011-06-16 14:17 . 2011-06-16 14:17 20333056 c:\windows\Installer\5158e.msp
+ 2011-02-17 12:59 . 2011-02-17 12:59 20308992 c:\windows\Installer\4129569.msp
+ 2011-12-18 06:15 . 2011-12-18 06:15 23622656 c:\windows\Installer\392fdf.msp
+ 2011-12-14 11:24 . 2011-12-14 11:24 17888313 c:\windows\Installer\$PatchCache$\Managed\AEC463235587C3A46B47358D9E9B9763\12.0.2160\TUData.dat
+ 2011-09-01 09:32 . 2011-09-01 09:32 13006336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\17e020ae92d7fab33bcc1c98b25019d0\System.Windows.Forms.ni.dll
+ 2011-09-01 11:22 . 2011-09-01 11:22 11912704 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\a70842538614699d690561ef5f43598b\System.Web.ni.dll
+ 2011-09-01 11:26 . 2011-09-01 11:26 17919488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\250b525aa8c17327216e102569c0d766\System.ServiceModel.ni.dll
+ 2011-09-01 09:35 . 2011-09-01 09:35 10847744 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Design\95a46d4775428acf5dd84f12aaa9f06f\System.Design.ni.dll
+ 2011-09-01 11:25 . 2011-09-01 11:25 13273600 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\642a7b3d47828fb0070a55cfeb58f42b\System.Data.Entity.ni.dll
+ 2011-09-01 09:32 . 2011-09-01 09:32 17629184 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7f91eecda3ff7ce478146b6458580c98\PresentationFramework.ni.dll
+ 2011-09-01 09:31 . 2011-09-01 09:31 11057664 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\3963e9ce8d44f50e8367e92a8e3e42e6\PresentationCore.ni.dll
+ 2011-09-01 09:30 . 2011-09-01 09:30 14415872 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\programme\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"RocketDock"="c:\programme\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMS"="c:\programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 98304]
"Start WingMan Profiler"="c:\programme\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 153672]
"MedionVFD"="c:\programme\Medion Info Display\MdionLCM.exe" [2005-11-17 172032]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2007-05-29 520192]
"RTHDCPL"="RTHDCPL.EXE" [2011-12-05 20065384]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-17 252296]
"IntelliPoint"="c:\programme\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"SDTray"="c:\programme\Spybot - Search & Destroy 2\SDTray.exe" [2012-07-04 3921432]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Ralink Wireless Utility.lnk - c:\programme\RALINK\Common\RaUI.exe [2012-7-24 1531904]
Secunia PSI Tray.lnk - c:\programme\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 1 (0x1)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"HideShutdownScripts"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ToggleCommentPosition"= 1 (0x1)
"NoStrCmpLogical"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWinKeys"= 01000000
"NoSMBalloonTip"= 0 (0x0)
"NoNetworkConnections"= 01000000
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
2005-09-26 13:54 49152 ----a-w- c:\programme\Softex\OmniPass\OPXPGina.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[BU]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\programme\Windows Media Player\WMPNSCFG.exe
"Google Update"="c:\dokumente und einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" /c
"1und1Agent"=c:\programme\Internetradio Player\ps_agent.exe
"NVIDIA nTune"="c:\programme\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Samsung PanelMgr"=c:\windows\Samsung\PanelMgr\SSMMgr.exe /autorun
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"itype"="c:\programme\Microsoft IntelliType Pro\itype.exe"
"RemoteControl"="c:\programme\Home Cinema\PowerDVD\PDVDServ.exe"
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"PTBSync"=c:\programme\PTBSync\PTBSync.exe /Start
"ThreatFire"=c:\programme\ThreatFire\TFTray.exe
"Windows7FirewallControl"=c:\programme\Windows7FirewallControl\Windows7FirewallControl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Home Cinema\\PowerCinema\\PowerCinema.exe"=
"c:\\Programme\\Home Cinema\\PowerCinema\\PCMService.exe"=
"c:\\Programme\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Programme\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Programme\\Samsung\\Samsung New PC Studio\\NPSDMPPlayer.exe"=
"c:\\Programme\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Programme\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Programme\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Programme\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1533:UDP"= 1533:UDP:Windows Media Format SDK (ps_olect.exe)
"1532:UDP"= 1532:UDP:Windows Media Format SDK (ps_olect.exe)
"1534:UDP"= 1534:UDP:Windows Media Format SDK (ps_olect.exe)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [05.07.2006 14:46 63352]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [15.01.2010 00:45 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [15.01.2010 00:46 59664]
R0 WDMCAPI;ISDN PCI CAPI;c:\windows\system32\drivers\WDMCAPI.sys [09.10.2005 12:04 730880]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [26.02.2011 18:25 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [03.04.2008 13:13 353688]
R1 Windows7FirewallControl;Windows7FirewallControl;c:\programme\Windows7FirewallControl\Windows7FirewallControl.sys [02.12.2011 22:23 19072]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03.04.2008 13:13 21256]
R2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [05.07.2010 14:39 84608]
R2 PortTalk;PortTalk;c:\windows\system32\drivers\ptbtalk.sys [27.10.2007 21:27 3567]
R2 Poweroff;Poweroff;c:\windows\system32\poweroff.exe [18.12.2005 19:10 172032]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\programme\Spybot - Search & Destroy 2\SDFSSvc.exe [08.07.2012 13:46 1188896]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\programme\Spybot - Search & Destroy 2\SDUpdSvc.exe [08.07.2012 13:46 1395736]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\programme\Secunia\PSI\PSIA.exe --start-service --> c:\programme\Secunia\PSI\PSIA.exe --start-service [?]
R2 Secunia Update Agent;Secunia Update Agent;c:\programme\Secunia\PSI\sua.exe --start-service --> c:\programme\Secunia\PSI\sua.exe --start-service [?]
R2 ThreatFire;ThreatFire;c:\programme\ThreatFire\TFService.exe service --> c:\programme\ThreatFire\TFService.exe service [?]
R2 WinRing0_1_2_0;WinRing0 driver;c:\windows\system32\drivers\ptbring0.sys [02.01.2010 08:25 14416]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [18.10.2005 15:01 826112]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [28.12.2011 21:11 101904]
R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [05.10.2005 17:45 69248]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [01.09.2010 10:30 15544]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [15.01.2010 00:46 33552]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [12.12.2011 20:31 10064]
S0 dhdxyi;dhdxyi; [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [29.05.2012 13:09 1528672]
S2 Windows7FirewallService;Windows7FirewallService;c:\programme\Windows7FirewallControl\Windows7FirewallService.exe [02.12.2011 22:23 397312]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11.03.2012 18:06 1691480]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [09.02.2007 20:04 14336]
S3 dsltestSp5;dsltestSp5 NDIS Protocol Driver;c:\windows\system32\drivers\DslTestSp5.sys [25.11.2009 18:42 26816]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [27.10.2009 18:49 36608]
S3 HDPrfDrv;HDPrfDrv;c:\windows\system32\HDPrfDrv-1.sys [06.11.2009 06:32 7296]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [27.04.2012 15:36 113120]
S3 QCPro;Logitech QuickCam Pro USB(PID_D001);c:\windows\system32\drivers\p35u.sys [28.05.2011 20:42 116448]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [09.10.2010 11:06 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [09.10.2010 11:06 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [09.10.2010 11:06 123648]
S3 WDMWANMP;NDIS WAN miniport;c:\windows\system32\drivers\wdmwanmp.sys [09.10.2005 12:04 26112]
S4 DokanMounter;DokanMounter;c:\programme\Dokan\DokanLibrary\mounter.exe [05.07.2010 14:39 22016]
S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [27.10.2009 18:49 238952]
S4 rseb;rseb; [x]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.12.2008 10:02 717296]
S4 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{9C450606-ED24-4958-92BA-B8940C99D441}]
2009-03-04 15:32 8192 ----a-w- c:\programme\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-20 c:\windows\Tasks\avast! Emergency Update.job
- c:\programme\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-02 16:21]
.
2012-07-11 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\programme\Spybot - Search & Destroy 2\SDUpdate.exe [2012-07-08 10:41]
.
2012-07-20 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\programme\Spybot - Search & Destroy 2\SDImmunize.exe [2012-07-08 10:40]
.
2012-07-09 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\programme\Spybot - Search & Destroy 2\SDScan.exe [2012-07-08 10:40]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
IE: Alles mit FDM herunterladen - file://c:\programme\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\programme\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\programme\Free Download Manager\dllink.htm
IE: Save YouTube Video as MP3 - c:\programme\Gemeinsame Dateien\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: Videos mit FDM herunterladen - file://c:\programme\Free Download Manager\dlfvideo.htm
TCP: Interfaces\{0F2A0C21-95A8-49D2-A281-77F75A6D8BF8}: NameServer = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\
FF - prefs.js: browser.search.selectedEngine - google.de PWS
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: network.proxy.http - 140.232.156.143
FF - prefs.js: network.proxy.http_port - 8909
FF - prefs.js: network.proxy.type - 0
.
.
------- Dateityp-Verknüpfung -------
.
txtfile=c:\windows\NOTEPAD.EXE %1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-!SASWinLogon - (no file)
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-Canon ScanGear Toolbox CS - c:\windows\IsUn0407.exe
AddRemove-Canon ScanGear Toolbox FAU - c:\windows\IsUn0407.exe
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
AddRemove-Print Artist 2004 - c:\windows\IsUn0407.exe
AddRemove-Tweak-XP Pro 4 - c:\windows\iun6002.exe
AddRemove-xp-AntiSpy - c:\programme\xp-AntiSpy\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-07-25 07:25
Windows 5.1.2600 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
C:\avast! sandbox
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2258962752-1167673804-3329230130-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="E83C792702BB0C48C9B33DC6829A35B902F48F0F6A40E87DBF45AF93F7E9872DFCD03532AA5E6166C1F5B1A8E9827EEBA920224776FAB6E243B 32DAE30601B15BD82B39EAB7CAFC564DE33D316A4ED1FE92FF5F66815279F079B901B6C6823A8E24736C911169E90D71E59A79188924B77A8959DE7BD4C9CE87DF9960EF9D4E41B3893D31 90BABF3B784CC4519984DEE7837A0FA4D090CC8C0FD9E262D723C498412339FB7A0A49E10084B109A21D08B89AA4B97A66CA097D263C60F1412B758B73492D5150130C6E3C22AB13D57A7A 737F5DCBB3644977FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452BA7FD 869164D67945D575E7D6A3B9808A35D603C60586167597AEA3B4077BD2970FD6495E7464E1D509819CA2AD3C8F189C700A78108EA8626EE6E36C485D6E5428293B9AD99374802C34DBC2BC 1BB2C410846B384BC60FC2796682853AB02C985911AF53F49CF88FDF0D39E1CA6F973838DFB22487F40E7A43997F2632047E12C6C4FEE5153C47E847E3974106773197FEF80785B40DF69D 9C8513D24F87EC09E7C980CCE97134DCB6B18064E4E6CEF5769C6FE0450E927F5D67AF076B156FDB84EF377D6598E9B7CDE24DF52097B522156D3C23867D9491A19113C702950B4CB8FF0A 03CC25E96B22120514C270E9CE5BA4195A61E7F80DEEC22125BA3C2029A1734BB04DE7CEC001EE6EF1F9F62AEA4B9BF8DAF74017BCECF502734C8D60ADDDA753E691F38526A67E31262CB0 DEC4E208F81674BD6F1E964D5F6AC2389F140F501635C57337FE9B11BD5626975414B5A8890946ACD9B22727B3E2BA22E65E32A392B7DBF65AE6C5620999D975718F2F9931B37FA06385E6 4A280481B6992DC5B8F59A4F5199F52511C04C75E43E094B52E46FC0D7587F9493C8252C236ACB0108C73DB78ED17EFC44D79C9261C1272676D7ACB12E3D044D4D0504A35E16A5D75CE466 1ACD45C0F7484293D3B99A2420C76663C60ED5D00DBFA36E5720D06525A0460275A17BA6DCA27037251C8902E46027A9AB28579E4DAEB488D5EAE3E74B3F11355304D02BA52AD39EC7C88D A535C606B67A5EDF71CF0645AE0BE115599987078C53B67069CBE264664B58B0844377233563F422EC65F3D0830C0CF928F46EBE906F2A71DAC62B165445B5B200865AF8ED1E2ECF6F78F6 1AF80F15F40171AE4875A2E25A5F6380616AC2ED3AF9799A07EF3DBAFAD3489CF720DC7842DE21AEEB338A84AFCFC5B6C9C6F55A34760A765C80F581F36787E9BB7C019D7AC1B6EB316C98 4D587340EC00317D6CDFA460B30F5A76BA475B3C0ED29C02048145BE06D19EDC45BAC053576925BA2AC641EE146D2F50C7B5449C57FB4DEFB17BD3563EC6CB7D241D8"
.
[HKEY_LOCAL_MACHINE\software\Xanthic\{1246792F-C12E-81AE-FE96-35D2FC917677}*_]
"fr"="078D5C7159515F"
"lr"="078D6D555F515C"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1120)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\programme\ThreatFire\TFNI.dll
c:\programme\ThreatFire\TFMon.dll
c:\programme\ThreatFire\TFRK.dll
c:\programme\ThreatFire\TFWAH.dll
.
- - - - - - - > 'lsass.exe'(1200)
c:\windows\system32\wdigest.dll
c:\programme\ThreatFire\TFWAH.dll
.
Zeit der Fertigstellung: 2012-07-25 07:40:12
ComboFix-quarantined-files.txt 2012-07-25 05:40
ComboFix2.txt 2011-01-04 18:29
ComboFix3.txt 2011-01-04 18:18
ComboFix4.txt 2010-11-17 16:28
ComboFix5.txt 2012-07-25 04:50
.
Vor Suchlauf: 36 Verzeichnis(se), 45.982.412.800 Bytes frei
Nach Suchlauf: 38 Verzeichnis(se), 46.042.681.344 Bytes frei
.
- - End Of File - - 0160B6CFCACE8504D31A0675EF14661D

cosinus 25.07.2012 11:18
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.


Code:
File::
c:\windows\system32\REN2F.tmp
c:\windows\system32\REN2E.tmp

Driver::
dhdxyi
rseb
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Polarbär 25.07.2012 19:10
Hallo Arne hier das Logfile :abklatsch:
Combofix Logfile:
Code:
ComboFix 12-07-25.04 - Roman 25.07.2012  19:12:15.23.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.49.1031.18.2046.1304 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Roman\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Roman\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: R-Firewall *Disabled* {E2DA7C08-BEAC-4E18-AE35-F72D585DDFF5}
.
FILE ::
"c:\windows\system32\REN2E.tmp"
"c:\windows\system32\REN2F.tmp"
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DHDXYI
-------\Service_dhdxyi
-------\Service_rseb
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-06-25 bis 2012-07-25  ))))))))))))))))))))))))))))))
.
.
2012-07-24 04:37 . 2009-02-12 07:55        241408        ----a-w-        c:\windows\system32\drivers\rt2500usb.sys
2012-07-24 04:37 . 2012-07-24 04:37        --------        d-----w-        c:\programme\RALINK
2012-07-23 08:07 . 2012-07-23 08:07        --------        d-----w-        c:\dokumente und einstellungen\Roman\Startmen³
2012-07-16 04:38 . 2012-07-16 04:38        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-16 04:38 . 2012-07-16 04:38        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-07-08 11:46 . 2009-01-25 11:14        15224        ----a-w-        c:\windows\system32\sdnclean.exe
2012-07-08 11:46 . 2012-07-11 18:37        --------        d-----w-        c:\programme\Spybot - Search & Destroy 2
2012-07-03 12:15 . 2012-07-03 12:15        --------        d-----w-        c:\programme\AMD
2012-07-02 19:08 . 2012-07-03 04:56        --------        d-----w-        c:\programme\ATI
2012-07-02 18:51 . 2012-07-17 12:04        --------        d-----w-        C:\AMD
2012-06-26 19:06 . 2012-06-26 19:06        --------        d-----w-        c:\programme\Oracle
2012-06-26 19:05 . 2012-05-04 17:29        143872        ----a-w-        c:\windows\system32\javacpl.cpl
2012-06-26 19:05 . 2012-06-26 19:05        --------        d-----w-        c:\programme\Java
2012-06-26 14:01 . 2012-06-26 14:01        0        ----a-w-        c:\windows\system32\REN2F.tmp
2012-06-26 14:01 . 2012-06-26 14:01        0        ----a-w-        c:\windows\system32\REN2E.tmp
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-24 04:37 . 2007-10-27 17:23        21361        ----a-w-        c:\windows\system32\drivers\AegisP.sys
2012-07-03 16:21 . 2007-11-29 20:21        54232        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2011-02-26 16:25        721000        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2008-04-03 11:13        353688        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2008-04-03 11:13        21256        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2007-11-29 20:21        35928        ----a-w-        c:\windows\system32\drivers\aswRdr.sys
2012-07-03 16:21 . 2007-11-29 20:21        97608        ----a-w-        c:\windows\system32\drivers\aswmon2.sys
2012-07-03 16:21 . 2007-11-29 20:21        89624        ----a-w-        c:\windows\system32\drivers\aswmon.sys
2012-07-03 16:21 . 2007-11-29 20:21        25256        ----a-w-        c:\windows\system32\drivers\aavmker4.sys
2012-07-03 16:21 . 2010-07-01 04:52        41224        ----a-w-        c:\windows\avastSS.scr
2012-07-03 16:21 . 2007-11-29 20:21        227648        ----a-w-        c:\windows\system32\aswBoot.exe
2012-07-03 11:46 . 2010-11-17 16:39        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-06-30 04:50 . 2010-01-02 06:25        14416        ----a-w-        c:\windows\system32\drivers\ptbring0.sys
2012-06-11 18:57 . 2011-12-28 19:02        6629888        ----a-w-        c:\windows\system32\drivers\ati2mtag.sys
2012-06-11 17:38 . 2011-12-28 19:02        19587072        ----a-w-        c:\windows\system32\atioglxx.dll
2012-06-11 17:15 . 2011-12-28 19:02        307200        ----a-w-        c:\windows\system32\atiiiexx.dll
2012-06-11 17:13 . 2011-12-28 19:02        442368        ----a-w-        c:\windows\system32\ATIDEMGX.dll
2012-06-11 17:12 . 2011-12-28 19:02        305664        ----a-w-        c:\windows\system32\ati2dvag.dll
2012-06-11 17:10 . 2011-12-28 19:02        4579904        ----a-w-        c:\windows\system32\ati3duag.dll
2012-06-11 16:51 . 2011-12-28 19:02        212992        ----a-w-        c:\windows\system32\atipdlxx.dll
2012-06-11 16:51 . 2011-12-28 19:02        163840        ----a-w-        c:\windows\system32\Oemdspif.dll
2012-06-11 16:51 . 2011-12-28 19:02        26112        ----a-w-        c:\windows\system32\Ati2mdxx.exe
2012-06-11 16:51 . 2011-12-28 19:02        43520        ----a-w-        c:\windows\system32\ati2edxx.dll
2012-06-11 16:51 . 2011-12-28 19:02        192512        ----a-w-        c:\windows\system32\ati2evxx.dll
2012-06-11 16:50 . 2011-12-28 19:02        3565440        ----a-w-        c:\windows\system32\ativvaxx.dll
2012-06-11 16:49 . 2011-12-28 19:02        643072        ----a-w-        c:\windows\system32\ati2evxx.exe
2012-06-11 16:48 . 2011-12-28 19:02        53248        ----a-w-        c:\windows\system32\ATIDDC.DLL
2012-06-11 16:45 . 2011-12-28 19:02        163840        ----a-w-        c:\windows\system32\atiapfxx.exe
2012-06-11 16:40 . 2011-12-28 19:02        835584        ----a-w-        c:\windows\system32\atikvmag.dll
2012-06-11 16:36 . 2011-12-28 19:02        638976        ----a-w-        c:\windows\system32\atiok3x2.dll
2012-06-11 16:35 . 2011-12-28 19:02        241664        ----a-w-        c:\windows\system32\atiadlxx.dll
2012-06-11 16:35 . 2011-12-28 19:02        17408        ----a-w-        c:\windows\system32\atitvo32.dll
2012-06-11 16:33 . 2011-12-28 19:02        53248        ----a-w-        c:\windows\system32\drivers\ati2erec.dll
2012-06-11 16:28 . 2011-12-28 19:02        675840        ----a-w-        c:\windows\system32\ati2cqag.dll
2012-06-11 16:25 . 2011-12-28 19:02        65024        ----a-w-        c:\windows\system32\atimpc32.dll
2012-06-11 16:25 . 2011-12-28 19:02        65024        ----a-w-        c:\windows\system32\amdpcom32.dll
2012-06-09 15:07 . 2012-06-09 15:04        45320        ----a-w-        c:\windows\system32\certsentry.dll
2012-06-09 15:02 . 2012-06-09 15:02        348160        ----a-w-        c:\windows\system32\msvcr71.dll
2012-06-09 15:02 . 2012-06-09 15:02        1060864        ----a-w-        c:\windows\system32\mfc71.dll
2012-06-08 13:22 . 2012-06-08 13:23        143872        ----a-w-        c:\windows\system32javacpl.cpl
2012-06-08 13:22 . 2012-06-08 13:22        0        ----a-w-        c:\windows\system32\REN16.tmp
2012-06-08 13:22 . 2012-06-08 13:22        0        ----a-w-        c:\windows\system32\REN15.tmp
2012-05-29 11:09 . 2011-12-29 19:10        31584        ----a-w-        c:\windows\system32\TURegOpt.exe
2012-05-29 11:09 . 2012-06-08 10:07        29024        ----a-w-        c:\windows\system32\uxtuneup.dll
2012-05-04 17:29 . 2010-04-21 17:33        687504        ----a-w-        c:\windows\system32\deployJava1.dll
2012-07-18 18:49 . 2011-12-02 17:07        136672        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll
2006-05-03 09:06        163328        --sh--r-        c:\windows\system32\flvDX.dll
2007-02-21 10:47        31232        --sh--r-        c:\windows\system32\msfDX.dll
2008-03-16 12:30        216064        --sh--r-        c:\windows\system32\nbDX.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-08-25 . 3ADCE4790F591BF160A94F6F08039577 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\TCPIP.SYS
[-] 2009-08-25 . 3ADCE4790F591BF160A94F6F08039577 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2006-06-13 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
.
[-] 2007-06-13 . E4B6C25FBAC8336CE8991F729B5A1415 . 1200640 . . [6.00.2900.3156] . . c:\windows\Explorer.exe
[-] 2007-06-13 . E4B6C25FBAC8336CE8991F729B5A1415 . 1200640 . . [6.00.2900.3156] . . c:\windows\system32\dllcache\explorer.exe
.
[-] 2009-03-08 . 9653723D3466889709D390B42AD5ABB2 . 412512 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
.
(((((((((((((((((((((((((((((  SnapShot_2012-07-25_05.26.07  )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-25 17:38 . 2012-07-25 17:38        16384              c:\windows\temp\Perflib_Perfdata_7d4.dat
+ 2012-07-25 17:02 . 2012-07-25 17:02        16384              c:\windows\temp\Perflib_Perfdata_72c.dat
+ 2012-07-25 16:44 . 2012-07-25 16:44        16384              c:\windows\temp\Perflib_Perfdata_310.dat
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21        121528        ----a-w-        c:\programme\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"RocketDock"="c:\programme\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMS"="c:\programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 98304]
"Start WingMan Profiler"="c:\programme\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 153672]
"MedionVFD"="c:\programme\Medion Info Display\MdionLCM.exe" [2005-11-17 172032]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2007-05-29 520192]
"RTHDCPL"="RTHDCPL.EXE" [2011-12-05 20065384]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-17 252296]
"IntelliPoint"="c:\programme\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"SDTray"="c:\programme\Spybot - Search & Destroy 2\SDTray.exe" [2012-07-04 3921432]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Ralink Wireless Utility.lnk - c:\programme\RALINK\Common\RaUI.exe [2012-7-24 1531904]
Secunia PSI Tray.lnk - c:\programme\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 1 (0x1)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"HideShutdownScripts"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ToggleCommentPosition"= 1 (0x1)
"NoStrCmpLogical"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWinKeys"= 01000000
"NoSMBalloonTip"= 0 (0x0)
"NoNetworkConnections"= 01000000
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
 [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
2005-09-26 13:54        49152        ----a-w-        c:\programme\Softex\OmniPass\OPXPGina.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
 [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDWinLogon]
 [BU]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\programme\Windows Media Player\WMPNSCFG.exe
"Google Update"="c:\dokumente und einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" /c
"1und1Agent"=c:\programme\Internetradio Player\ps_agent.exe
"NVIDIA nTune"="c:\programme\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Samsung PanelMgr"=c:\windows\Samsung\PanelMgr\SSMMgr.exe /autorun
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"itype"="c:\programme\Microsoft IntelliType Pro\itype.exe"
"RemoteControl"="c:\programme\Home Cinema\PowerDVD\PDVDServ.exe"
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"PTBSync"=c:\programme\PTBSync\PTBSync.exe /Start
"ThreatFire"=c:\programme\ThreatFire\TFTray.exe
"Windows7FirewallControl"=c:\programme\Windows7FirewallControl\Windows7FirewallControl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Home Cinema\\PowerCinema\\PowerCinema.exe"=
"c:\\Programme\\Home Cinema\\PowerCinema\\PCMService.exe"=
"c:\\Programme\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Programme\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Programme\\Samsung\\Samsung New PC Studio\\NPSDMPPlayer.exe"=
"c:\\Programme\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Programme\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Programme\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Programme\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1533:UDP"= 1533:UDP:Windows Media Format SDK (ps_olect.exe)
"1532:UDP"= 1532:UDP:Windows Media Format SDK (ps_olect.exe)
"1534:UDP"= 1534:UDP:Windows Media Format SDK (ps_olect.exe)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [05.07.2006 14:46 63352]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [15.01.2010 00:45 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [15.01.2010 00:46 59664]
R0 WDMCAPI;ISDN PCI CAPI;c:\windows\system32\drivers\WDMCAPI.sys [09.10.2005 12:04 730880]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [26.02.2011 18:25 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [03.04.2008 13:13 353688]
R1 Windows7FirewallControl;Windows7FirewallControl;c:\programme\Windows7FirewallControl\Windows7FirewallControl.sys [02.12.2011 22:23 19072]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03.04.2008 13:13 21256]
R2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [05.07.2010 14:39 84608]
R2 PortTalk;PortTalk;c:\windows\system32\drivers\ptbtalk.sys [27.10.2007 21:27 3567]
R2 Poweroff;Poweroff;c:\windows\system32\poweroff.exe [18.12.2005 19:10 172032]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\programme\Spybot - Search & Destroy 2\SDFSSvc.exe [08.07.2012 13:46 1188896]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\programme\Spybot - Search & Destroy 2\SDUpdSvc.exe [08.07.2012 13:46 1395736]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\programme\Secunia\PSI\PSIA.exe --start-service --> c:\programme\Secunia\PSI\PSIA.exe --start-service [?]
R2 Secunia Update Agent;Secunia Update Agent;c:\programme\Secunia\PSI\sua.exe --start-service --> c:\programme\Secunia\PSI\sua.exe --start-service [?]
R2 ThreatFire;ThreatFire;c:\programme\ThreatFire\TFService.exe service --> c:\programme\ThreatFire\TFService.exe service [?]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [29.05.2012 13:09 1528672]
R2 Windows7FirewallService;Windows7FirewallService;c:\programme\Windows7FirewallControl\Windows7FirewallService.exe [02.12.2011 22:23 397312]
R2 WinRing0_1_2_0;WinRing0 driver;c:\windows\system32\drivers\ptbring0.sys [02.01.2010 08:25 14416]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [18.10.2005 15:01 826112]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [28.12.2011 21:11 101904]
R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [05.10.2005 17:45 69248]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [01.09.2010 10:30 15544]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [15.01.2010 00:46 33552]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [12.12.2011 20:31 10064]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11.03.2012 18:06 1691480]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [09.02.2007 20:04 14336]
S3 dsltestSp5;dsltestSp5 NDIS Protocol Driver;c:\windows\system32\drivers\DslTestSp5.sys [25.11.2009 18:42 26816]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [27.10.2009 18:49 36608]
S3 HDPrfDrv;HDPrfDrv;c:\windows\system32\HDPrfDrv-1.sys [06.11.2009 06:32 7296]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [27.04.2012 15:36 113120]
S3 QCPro;Logitech QuickCam Pro USB(PID_D001);c:\windows\system32\drivers\p35u.sys [28.05.2011 20:42 116448]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [09.10.2010 11:06 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [09.10.2010 11:06 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [09.10.2010 11:06 123648]
S3 WDMWANMP;NDIS WAN miniport;c:\windows\system32\drivers\wdmwanmp.sys [09.10.2005 12:04 26112]
S4 DokanMounter;DokanMounter;c:\programme\Dokan\DokanLibrary\mounter.exe [05.07.2010 14:39 22016]
S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [27.10.2009 18:49 238952]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.12.2008 10:02 717296]
S4 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{9C450606-ED24-4958-92BA-B8940C99D441}]
2009-03-04 15:32        8192        ----a-w-        c:\programme\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-25 c:\windows\Tasks\avast! Emergency Update.job
- c:\programme\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-02 16:21]
.
2012-07-11 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\programme\Spybot - Search & Destroy 2\SDUpdate.exe [2012-07-08 10:41]
.
2012-07-25 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\programme\Spybot - Search & Destroy 2\SDImmunize.exe [2012-07-08 10:40]
.
2012-07-09 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\programme\Spybot - Search & Destroy 2\SDScan.exe [2012-07-08 10:40]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
IE: Alles mit FDM herunterladen - file://c:\programme\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\programme\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\programme\Free Download Manager\dllink.htm
IE: Save YouTube Video as MP3 - c:\programme\Gemeinsame Dateien\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: Videos mit FDM herunterladen - file://c:\programme\Free Download Manager\dlfvideo.htm
TCP: Interfaces\{0F2A0C21-95A8-49D2-A281-77F75A6D8BF8}: NameServer = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\
FF - prefs.js: browser.search.selectedEngine - google.de PWS
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: network.proxy.http - 140.232.156.143
FF - prefs.js: network.proxy.http_port - 8909
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-07-25 19:39
Windows 5.1.2600 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2258962752-1167673804-3329230130-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="E83C792702BB0C48C9B33DC6829A35B902F48F0F6A40E87DBF45AF93F7E9872DFCD03532AA5E6166C1F5B1A8E9827EEBA920224776FAB6E243B32DAE30601B15BD82B39EAB7CAFC564DE33D316A4ED1FE92FF5F66815279F079B901B6C6823A8E24736C911169E90D71E59A79188924B77A8959DE7BD4C9CE87DF9960EF9D4E41B3893D3190BABF3B784CC4519984DEE7837A0FA4D090CC8C0FD9E262D723C498412339FB7A0A49E10084B109A21D08B89AA4B97A66CA097D263C60F1412B758B73492D5150130C6E3C22AB13D57A7A737F5DCBB3644977FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452BA7FD869164D67945D575E7D6A3B9808A35D603C60586167597AEA3B4077BD2970FD6495E7464E1D509819CA2AD3C8F189C700A78108EA8626EE6E36C485D6E5428293B9AD99374802C34DBC2BC1BB2C410846B384BC60FC2796682853AB02C985911AF53F49CF88FDF0D39E1CA6F973838DFB22487F40E7A43997F2632047E12C6C4FEE5153C47E847E3974106773197FEF80785B40DF69D9C8513D24F87EC09E7C980CCE97134DCB6B18064E4E6CEF5769C6FE0450E927F5D67AF076B156FDB84EF377D6598E9B7CDE24DF52097B522156D3C23867D9491A19113C702950B4CB8FF0A03CC25E96B22120514C270E9CE5BA4195A61E7F80DEEC22125BA3C2029A1734BB04DE7CEC001EE6EF1F9F62AEA4B9BF8DAF74017BCECF502734C8D60ADDDA753E691F38526A67E31262CB0DEC4E208F81674BD6F1E964D5F6AC2389F140F501635C57337FE9B11BD5626975414B5A8890946ACD9B22727B3E2BA22E65E32A392B7DBF65AE6C5620999D975718F2F9931B37FA06385E64A280481B6992DC5B8F59A4F5199F52511C04C75E43E094B52E46FC0D7587F9493C8252C236ACB0108C73DB78ED17EFC44D79C9261C1272676D7ACB12E3D044D4D0504A35E16A5D75CE4661ACD45C0F7484293D3B99A2420C76663C60ED5D00DBFA36E5720D06525A0460275A17BA6DCA27037251C8902E46027A9AB28579E4DAEB488D5EAE3E74B3F11355304D02BA52AD39EC7C88DA535C606B67A5EDF71CF0645AE0BE115599987078C53B67069CBE264664B58B0844377233563F422EC65F3D0830C0CF928F46EBE906F2A71DAC62B165445B5B200865AF8ED1E2ECF6F78F61AF80F15F40171AE4875A2E25A5F6380616AC2ED3AF9799A07EF3DBAFAD3489CF720DC7842DE21AEEB338A84AFCFC5B6C9C6F55A34760A765C80F581F36787E9BB7C019D7AC1B6EB316C984D587340EC00317D6CDFA460B30F5A76BA475B3C0ED29C02048145BE06D19EDC45BAC053576925BA2AC641EE146D2F50C7B5449C57FB4DEFB17BD3563EC6CB7D241D8"
.
[HKEY_LOCAL_MACHINE\software\Xanthic\{1246792F-C12E-81AE-FE96-35D2FC917677}*_]
"fr"="078D5C7159515F"
"lr"="078D6D555F515C"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1124)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\programme\ThreatFire\TFNI.dll
c:\programme\ThreatFire\TFMon.dll
c:\programme\ThreatFire\TFRK.dll
c:\programme\ThreatFire\TFWAH.dll
.
- - - - - - - > 'lsass.exe'(1204)
c:\windows\system32\wdigest.dll
c:\programme\ThreatFire\TFWAH.dll
.
- - - - - - - > 'explorer.exe'(2100)
c:\windows\system32\SHDOCVW.dll
c:\programme\ThreatFire\TfWah.dll
c:\programme\RocketDock\RocketDock.dll
c:\windows\system32\msi.dll
c:\programme\ThreatFire\TFNI.dll
c:\programme\ThreatFire\TFMon.dll
c:\programme\ThreatFire\TFRK.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programme\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\programme\FolderSize\FolderSizeSvc.exe
c:\programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\programme\Secunia\PSI\PSIA.exe
c:\programme\ThreatFire\TFService.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\ALCFDRTM.EXE
c:\programme\Secunia\PSI\sua.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-25  19:57:19 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-25 17:57
ComboFix2.txt  2012-07-25 05:40
ComboFix3.txt  2011-01-04 18:29
ComboFix4.txt  2011-01-04 18:18
ComboFix5.txt  2012-07-25 17:07
.
Vor Suchlauf: 36 Verzeichnis(se), 45.873.291.264 Bytes frei
Nach Suchlauf: 38 Verzeichnis(se), 45.913.927.680 Bytes frei
.
- - End Of File - - D0382A3D3310C782BEFF4B567655175F
--- --- ---

cosinus 26.07.2012 12:36
Code:
FW: R-Firewall *Disabled* {E2DA7C08-BEAC-4E18-AE35-F72D585DDFF5}
Was willst du denn damit?! :wtf:
Nimm doch lieber die sinnvollere Windows-Firewall, mehr braucht es wirklich nicht oder willst du dein System unnötig aufblähen?
Oder ist die schon deinstalliert?

Polarbär 26.07.2012 16:48
Hallo Arne

R-Firewall = Windows7 FirewallControl?
habe die Windows7 FirewallControl nur drauf da die mir zeigt welche Programme auf Netz zugreifen und ich evtl. Speeren kann. Oder soll ich das anders machen?
Windows-Firewall läuft sonst auch.

cosinus 26.07.2012 22:12
Nein, R-Firewall ist etwas anderes! => R-Firewall, Download bei heise
Man sollte das wirklich nicht mit diesen Dingen übertreiben, man kann sich ungeahnte Probleme und neue Sicherheitslöcher einhanndeln! Belass es bei der normalen Windows-Firewall und gut!

Polarbär 28.07.2012 07:56
o.K.:daumenhoc

cosinus 28.07.2012 22:20
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Polarbär 29.07.2012 09:37
1.Teil erledigt

Zitat:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-29 07:35:31
-----------------------------
07:35:31.703 OS Version: Windows 5.1.2600 Service Pack 2
07:35:31.703 Number of processors: 2 586 0x404
07:35:31.703 ComputerName: PALME UserName: Roman
07:35:32.484 Initialize success
07:35:36.234 AVAST engine defs: 12072801
07:35:44.921 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
07:35:44.921 Disk 0 Vendor: ST3250823AS 3.03 Size: 238475MB BusType: 3
07:35:44.921 Disk 0 MBR read successfully
07:35:44.937 Disk 0 MBR scan
07:35:44.937 Disk 0 unknown MBR code
07:35:44.937 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 119208 MB offset 63
07:35:44.953 Disk 0 Partition - 00 0F Extended LBA 119263 MB offset 244139805
07:35:44.984 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 110501 MB offset 244139868
07:35:44.984 Disk 0 Partition - 00 05 Extended 8762 MB offset 470447460
07:35:45.015 Disk 0 Partition 3 00 0B FAT32 MSWIN4.1 8761 MB offset 470447523
07:35:45.031 Disk 0 scanning sectors +488392065
07:35:45.093 Disk 0 scanning C:\WINDOWS\system32\drivers
07:35:54.687 Service scanning
07:36:07.937 Modules scanning
07:36:13.796 Disk 0 trace - called modules:
07:36:13.828 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys >>UNKNOWN [0x8a7d09d8]<<
07:36:13.828 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a77eab8]
07:36:13.843 3 CLASSPNP.SYS[f74c805b] -> nt!IofCallDriver -> \Device\0000008b[0x8a7335b0]
07:36:13.859 5 ACPI.sys[f735d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8a72cd98]
07:36:13.875 \Driver\atapi[0x8a77f628] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> prosync1.sys[0xf798d661]
07:36:14.218 AVAST engine scan C:\WINDOWS
07:36:22.453 AVAST engine scan C:\WINDOWS\system32
07:38:48.343 AVAST engine scan C:\WINDOWS\system32\drivers
07:39:12.968 AVAST engine scan C:\Dokumente und Einstellungen\Roman
07:46:40.125 File: C:\Dokumente und Einstellungen\Roman\Desktop\sonstiges\minefiled\minefield-4.0-2011031913.en-US.win32-tete009-sse2-pgo\tmemutil.dll **INFECTED** Win32:Fraudo [Trj]
07:54:13.843 AVAST engine scan C:\Dokumente und Einstellungen\All Users
07:57:21.109 Scan finished successfully
08:01:55.609 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Roman\Desktop\MBR.dat"
08:01:55.625 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Roman\Desktop\aswMBR.txt"
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 10:34:04 on 29.07.2012

OS: Windows XP Home Edition Service Pack 2 (Build 2600)
Default Browser: Mozilla Corporation Firefox 14.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - ? - C:\WINDOWS\system32\sdnclean.exe

[Common]
-----( %SystemRoot%\Tasks )-----
"Scan the system (Spybot - Search & Destroy).job" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDScan.exe
"avast! Emergency Update.job" - "AVAST Software" - C:\Programme\Alwil Software\Avast5\AvastEmUpdate.exe
"Check for updates (Spybot - Search & Destroy).job" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe
"Refresh immunization (Spybot - Search & Destroy).job" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDImmunize.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"cttune.cpl" - ? - C:\WINDOWS\system32\cttune.cpl
"ddbaccpl.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddbaccpl.cpl
"ddbacctm.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddbacctm.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Oracle Corporation" - C:\WINDOWS\system32\javacpl.cpl
"QTW32.CPL" - "Apple Computer, Inc." - C:\WINDOWS\system32\QTW32.CPL
"scurecpl.cpl" - "Softex, Inc" - C:\WINDOWS\system32\scurecpl.cpl
"wuaucpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\wuaucpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"ColorManagement" - "Microsoft Corporation" - C:\Programme\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\ColorMgmt.cpl
"Folder Size" - "Brio" - C:\Programme\FolderSize\FolderSize.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QT Lite\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"A4Tech PS/2 Port Mouse Driver" (Amps2prt) - "A4Tech Co.,Ltd." - C:\WINDOWS\System32\DRIVERS\Amps2prt.sys
"AEGIS Protocol (IEEE 802.1x) v3.7.5.0" (AegisP) - "Cisco Systems, Inc." - C:\WINDOWS\System32\DRIVERS\AegisP.sys
"aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswFsBlk.sys
"aswRdr" (aswRdr) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswRdr.sys
"aswSnx" (aswSnx) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSnx.sys
"aswSP" (aswSP) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSP.sys
"ati2mtag" (ati2mtag) - "ATI Technologies Inc." - C:\WINDOWS\System32\DRIVERS\ati2mtag.sys
"ATITool Overclocking Utility" (ATITool) - ? - C:\WINDOWS\System32\DRIVERS\ATITool.sys
"avast! Asynchronous Virus Monitor" (Aavmker4) - "AVAST Software" - C:\WINDOWS\system32\drivers\Aavmker4.sys
"avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswTdi.sys
"avast! Standard Shield Support" (aswMon2) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswMon2.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"CrystalSysInfo" (CrystalSysInfo) - ? - C:\Programme\MediaCoder\SysInfo.sys  (File not found)
"DgiVecp" (DgiVecp) - "Samsung Electronics Co., Ltd." - C:\WINDOWS\system32\Drivers\DgiVecp.sys
"Dokan" (Dokan) - "Windows (R) Win 7 DDK provider" - C:\WINDOWS\system32\drivers\dokan.sys
"dsltestSp5 NDIS Protocol Driver" (dsltestSp5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\System32\Drivers\dsltestSp5.sys
"FsUsbExDisk" (FsUsbExDisk) - ? - C:\WINDOWS\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)
"GEARAspiWDM" (GEARAspiWDM) - "GEAR Software Inc." - C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
"giveio" (giveio) - ? - C:\WINDOWS\System32\giveio.sys  (File found, but it contains no detailed information)
"HDPrfDrv" (HDPrfDrv) - "Matthias Withopf" - C:\WINDOWS\system32\HDPrfDrv-1.sys
"ISDN PCI CAPI" (WDMCAPI) - ? - C:\WINDOWS\System32\DRIVERS\WDMCAPI.sys  (File signed by Microsoft | File found, but it contains no detailed information)
"mbmiodrvr" (mbmiodrvr) - "cansoft@livewiredev.com" - C:\WINDOWS\system32\mbmiodrvr.sys
"MxlW2k" (MxlW2k) - "MusicMatch, Inc." - C:\WINDOWS\system32\drivers\MxlW2k.sys
"NDIS WAN miniport" (WDMWANMP) - ? - C:\WINDOWS\System32\DRIVERS\wdmwanmp.sys  (File signed by Microsoft | File found, but it contains no detailed information)
"NPPTNT2" (NPPTNT2) - "INCA Internet Co., Ltd." - C:\WINDOWS\system32\npptNT2.sys
"nv" (nv) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
"NVR0Dev" (NVR0Dev) - "NVidia Corp." - C:\WINDOWS\nvoclock.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PortTalk" (PortTalk) - "Beyond Logic hxxp://www.beyondlogic.org" - C:\WINDOWS\system32\Drivers\PtbTalk.sys
"PSI" (PSI) - "Secunia" - C:\WINDOWS\System32\DRIVERS\psi_mf.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"RT2500 USB Wireless LAN Driver" (RT2500USB) - "Ralink Technology Inc." - C:\WINDOWS\System32\DRIVERS\rt2500usb.sys
"StarForce Protection Environment Driver (version 1.x.a)" (sfdrv01a) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfdrv01a.sys
"StarForce Protection Environment Driver v6" (prodrv06) - "Protection Technology" - C:\WINDOWS\System32\drivers\prodrv06.sys
"StarForce Protection Helper Driver" (sfhlp01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp01.sys
"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfhlp02.sys
"StarForce Protection Helper Driver v2" (prohlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\prohlp02.sys
"StarForce Protection Synchronization Driver (version 4.x)" (sfsync04) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfsync04.sys
"StarForce Protection Synchronization Driver v1" (prosync1) - "Protection Technology" - C:\WINDOWS\System32\drivers\prosync1.sys
"StarForce Protection VFS Driver (version 2.x)" (sfvfs02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfvfs02.sys
"TCP/IP-Protokolltreiber" (Tcpip) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\tcpip.sys
"TfFsMon" (TfFsMon) - "PC Tools" - C:\WINDOWS\System32\drivers\TfFsMon.sys
"TfNetMon" (TfNetMon) - "PC Tools" - C:\WINDOWS\system32\drivers\TfNetMon.sys
"TfSysMon" (TfSysMon) - "PC Tools" - C:\WINDOWS\System32\drivers\TfSysMon.sys
"Tunebite High-Speed Dubbing" (tbhsd) - "RapidSolution Software AG" - C:\WINDOWS\System32\drivers\tbhsd.sys
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
"VMware Virtual Ethernet Adapter Driver" (VMnetAdapter) - ? - C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys  (File not found)
"Windows7FirewallControl" (Windows7FirewallControl) - ? - C:\Programme\Windows7FirewallControl\Windows7FirewallControl.sys  (File found, but it contains no detailed information)
"WinRing0 driver" (WinRing0_1_2_0) - "OpenLibSys.org" - C:\WINDOWS\system32\Drivers\ptbring0.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
{89820200-ECBD-11cf-8B85-00AA005B4340} "Windows Desktop-Update" - "Microsoft Corporation" - regsvr32.exe /s /n /i:U shell32.dll
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{04DAAD08-70EF-450E-834A-DCFAF9B48748} "{04DAAD08-70EF-450E-834A-DCFAF9B48748}" - "Brio" - C:\Programme\FolderSize\FolderSizeColumn.dll
{0D2E74C4-3C34-11d2-A27E-00C04FC30871} "{0D2E74C4-3C34-11d2-A27E-00C04FC30871}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{24F14F01-7B1C-11d1-838f-0000F80461CF} "{24F14F01-7B1C-11d1-838f-0000F80461CF}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{24F14F02-7B1C-11d1-838f-0000F80461CF} "{24F14F02-7B1C-11d1-838f-0000F80461CF}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{66742402-F9B9-11D1-A202-0000F81FEDEE} "{66742402-F9B9-11D1-A202-0000F81FEDEE}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - "The Document Foundation" - C:\Programme\LibreOffice 3.4\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{733AC4CB-F1A4-11d0-B951-00A0C90312E1} "WebView MIME Filter" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "URL Exec Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\shell32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{1B96FAD8-1C10-416E-8027-6EFF94045F6F} "FoxitPDFPreviewHandlerHost Class" - "Foxit Corporation" - C:\Programme\Foxit Software\Foxit Reader\Shell Extensions\FoxitPrevhost.exe
{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2} "IntelliType Pro Key Settings Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliType Pro\itcplkey.dll
{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB} "IntelliType Pro Scrolling Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliType Pro\itcplwhl.dll
{1825D0FA-5B0C-4e20-A929-3EFD15B6DF71} "IntelliType Pro Touchpad Control Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliType Pro\itcpltp.dll
{A2569D1F-4E06-43EC-9825-0088B471BE47} "IntelliType Pro Wireless Control Panel Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliType Pro\itcplwir.dll
{97FA8AA2-EE77-4FF2-9449-424D8924EF21} "IntelliType Pro Zooming Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliType Pro\itcplzm.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - "The Document Foundation" - C:\Programme\LibreOffice 3.4\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - "The Document Foundation" - C:\Programme\LibreOffice 3.4\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - "The Document Foundation" - C:\Programme\LibreOffice 3.4\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - "The Document Foundation" - C:\Programme\LibreOffice 3.4\Basis\program\shlxthdl\shlxthdl.dll
{BDAA6E01-669F-4783-8831-1648CEB8A16C} "Phoenix Backup Context Menu Shell Extension" - ? -  (File not found | COM-object registry key not found)
{44176360-2BBF-4EC1-93CE-384B8681A0BC} "Spybot-S&D Explorer Integration" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDECon32.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2012\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2012\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll
DefragglerShellExtension "{4380C993-0C43-4E02-9A7A-0D40B6EA7590}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{7849596a-48ea-486e-8937-a2a3009f31a9} "PostBootReminder object" - "Microsoft Corporation" - C:\WINDOWS\system32\shell32.dll
{fbeb8a05-beee-4442-804e-409d6c4515e9} "ShellFolder for CD Burning" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{4D5C8C25-D075-11D0-B416-00C04FB90376} "&Tipps und Tricks" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{EFA24E64-B078-11D0-89E4-00C04FC9E26E} "Explorer-Band" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} "File Search Explorer Band" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{EFA24E62-B078-11D0-89E4-00C04FC9E26E} "History Band" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Links" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
<binary data> "{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} "MUWebControl Class" - "Microsoft Corporation" - C:\WINDOWS\system32\muweb.dll / hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1244713437203
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} "Office Update Installation Engine" - "Microsoft Corporation" - C:\WINDOWS\opuc.dll / hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\legitcheckcontrol.dll / hxxp://go.microsoft.com/fwlink/?linkid=39204
{6414512B-B978-451D-A0D8-FCFDF33E833C} "WUWebControl Class" - "Microsoft Corporation" - C:\WINDOWS\system32\wuweb.dll / hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194093786750
{166B1BCA-3F9C-11CF-8075-444553540000} "{166B1BCA-3F9C-11CF-8075-444553540000}" - ? -  (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "{8AD9C840-044E-11D1-B3E9-00805F499D93}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "{D27CDB6E-AE6D-11CF-96B8-444553540000}" - ? -  (File not found | COM-object registry key not found) /
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) /
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC} "ClsidExtension" - ? -  (File not found | COM-object registry key not found)
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "avast! WebRep" - "AVAST Software" - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll
{2B171655-A69C-5c18-B693-6CB5DC269D41} "FVD Suite Toolbar" - "www.flashvideodownloader.org/fvd-suite/" - C:\Programme\FVD Suite\addons\IE\FVDToolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep" - "AVAST Software" - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll
{7C7A8947-5935-4430-AC0E-E7D04697414E} "Buyertools" - ? - C:\PROGRA~1\Buyertools Reminder\IEButtonBuyertoolsInterface.dll  (File found, but it contains no detailed information)
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
{1536BA74-8625-4240-99B0-BE65883689C8} "Mediaplayer" - ? - C:\Programme\Mediapiraten\Mediapiraten\IEButtonMPInterface.dll  (File found, but it contains no detailed information)
{2B171655-A69C-5c18-B693-6CB5DC269D44} "Open FVD Suite Toolbar" - "www.flashvideodownloader.org/fvd-suite/" - C:\Programme\FVD Suite\addons\IE\FVDToolbar.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "{E7E6F031-17CE-4C07-BC86-EABFE594F69C}" - ? -  (File not found | COM-object registry key not found)

[Known DLLs]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs )-----
"shell32" - "Microsoft Corporation" - C:\WINDOWS\system32\shell32.dll
"url" - "Microsoft Corporation" - C:\WINDOWS\system32\url.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"Ralink Wireless Utility.lnk" - "Ralink Technology, Corp." - C:\Programme\RALINK\Common\RaUI.exe  (Shortcut exists | File exists)
"Secunia PSI Tray.lnk" - "Secunia" - C:\Programme\Secunia\PSI\psi_tray.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Roman\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"RocketDock" - ? - "C:\Programme\RocketDock\RocketDock.exe"  (File found, but it contains no detailed information)
"SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"Shell" - "Microsoft Corporation" - C:\WINDOWS\Explorer.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"IntelliPoint" - "Microsoft Corporation" - "C:\Programme\Microsoft IntelliPoint\ipoint.exe"
"MedionVFD" - "Dritek System Inc." - "C:\Programme\Medion Info Display\MdionLCM.exe"
"Samsung PanelMgr" - ? - C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
"SDTray" - "Safer-Networking Ltd." - "C:\Programme\Spybot - Search & Destroy 2\SDTray.exe"
"Start WingMan Profiler" - "Logitech Inc." - C:\Programme\Logitech\Gaming Software\LWEMon.exe /noui
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"1und1 Fax Monitor" - "1&1 Internet AG" - C:\WINDOWS\system32\UI1&1MON.DLL
"Canon BJ Language Monitor S820" - "CANON INC." - C:\WINDOWS\system32\CNMLM3k.DLL
"FRITZ!fax Color Monitor" - ? - FritzVistaColorMon.dll  (File not found)
"FRITZ!fax Color Port Monitor" - "AVM Berlin GmbH" - C:\WINDOWS\system32\FritzColorPort.dll
"FRITZ!fax Port Monitor" - "AVM Berlin GmbH" - C:\WINDOWS\system32\FritzPort.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Ati HotKey Poller" (Ati HotKey Poller) - "ATI Technologies Inc." - C:\WINDOWS\system32\Ati2evxx.exe
"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Programme\Alwil Software\Avast5\AvastSvc.exe
"CyberLink Background Capture Service (CBCS)" (CLCapSvc) - ? - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
"CyberLink Media Library Service" (CyberLink Media Library Service) - "Cyberlink" - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Programme\CyberLink\Shared Files\RichVideo.exe
"CyberLink Task Scheduler (CTS)" (CLSched) - ? - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
"Folder Size" (FolderSize) - "Brio" - C:\Programme\FolderSize\FolderSizeSvc.exe
"Java Quick Starter" (JavaQuickStarterService) - "Oracle Corporation" - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
"Poweroff" (Poweroff) - "Jorgen Bosman" - C:\WINDOWS\system32\poweroff.exe
"Secunia PSI Agent" (Secunia PSI Agent) - "Secunia" - C:\Programme\Secunia\PSI\PSIA.exe
"Secunia Update Agent" (Secunia Update Agent) - "Secunia" - C:\Programme\Secunia\PSI\sua.exe
"Spybot-S&D 2 Scanner Service" (SDScannerService) - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
"Spybot-S&D 2 Updating Service" (SDUpdateService) - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
"ThreatFire" (ThreatFire) - "PC Tools" - C:\Programme\ThreatFire\TFService.exe
"TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows7FirewallService" (Windows7FirewallService) - "Sphinx Software" - C:\Programme\Windows7FirewallControl\Windows7FirewallService.exe
"X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"AtiExtEvent" - "ATI Technologies Inc." - C:\WINDOWS\system32\Ati2evxx.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/QUOTE]

Polarbär 29.07.2012 14:23
Gmer 1:teil

Zitat:
gmer 1.0.15.15641 - hxxp://www.gmer.net
rootkit scan 2012-07-29 14:54:42
windows 5.1.2600 service pack 2 harddisk0\dr0 -> \device\ide\idedevicep1t0l0-17 st3250823as rev.3.03
running: U43koo52.exe; driver: C:\dokume~1\roman\lokale~1\temp\ugtdapoc.sys


---- system - gmer 1.0.15 ----

ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwaddbootentry [0xabc4e536]
ssdt \systemroot\system32\drivers\aswsp.sys (avast! Self protection module/avast software) zwallocatevirtualmemory [0xabd1f7ba]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwassignprocesstojobobject [0xabc4ef52]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwclose [0xabc8ec31]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwcreateevent [0xabc59d7a]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwcreateeventpair [0xabc59dc6]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwcreateiocompletion [0xabc59f48]
ssdt tfsysmon.sys (threatfire system monitor/pc tools) zwcreatekey [0xf72bea1c]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwcreatemutant [0xabc59ce8]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwcreatesection [0xabc59e0a]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwcreatesemaphore [0xabc59d30]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwcreatethread [0xabc4f146]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwcreatetimer [0xabc59f02]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwdebugactiveprocess [0xabc4f8ca]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwdeletebootentry [0xabc4e584]
ssdt tfsysmon.sys (threatfire system monitor/pc tools) zwdeletekey [0xf72bec10]
ssdt tfsysmon.sys (threatfire system monitor/pc tools) zwdeletevaluekey [0xf72becb6]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwduplicateobject [0xabc52f36]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwenumeratekey [0xabc8f162]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwenumeratevaluekey [0xabc8efcd]
ssdt \systemroot\system32\drivers\aswsp.sys (avast! Self protection module/avast software) zwfreevirtualmemory [0xabd1f89e]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwloaddriver [0xabc4e1ec]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwmodifybootentry [0xabc4e5d2]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwnotifychangekey [0xabc532a8]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwnotifychangemultiplekeys [0xabc50292]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwopenevent [0xabc59da4]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwopeneventpair [0xabc59de8]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwopeniocompletion [0xabc59f6c]
ssdt tfsysmon.sys (threatfire system monitor/pc tools) zwopenkey [0xf72be90c]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwopenmutant [0xabc59d0e]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwopenprocess [0xabc52aac]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwopensection [0xabc59e8c]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwopensemaphore [0xabc59d58]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwopenthread [0xabc52cde]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwopentimer [0xabc59f26]
ssdt \systemroot\system32\drivers\aswsp.sys (avast! Self protection module/avast software) zwprotectvirtualmemory [0xabd1fa1e]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwquerykey [0xabc8ee48]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwqueryobject [0xabc5015e]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwqueryvaluekey [0xabc8ec9a]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwqueueapcthread [0xabc4fd08]
ssdt \systemroot\system32\drivers\aswsp.sys (avast! Self protection module/avast software) zwrenamekey [0xabd2b338]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwrestorekey [0xabc8dc58]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwsetbootentryorder [0xabc4e620]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwsetbootoptions [0xabc4e66e]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwsetcontextthread [0xabc4f74a]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwsetsysteminformation [0xabc4e276]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwsetsystempowerstate [0xabc4e426]
ssdt tfsysmon.sys (threatfire system monitor/pc tools) zwsetvaluekey [0xf72bee52]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwshutdownsystem [0xabc4e3cc]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwsuspendprocess [0xabc4fa2c]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwsuspendthread [0xabc4fb88]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwsystemdebugcontrol [0xabc4e496]
ssdt tfsysmon.sys (threatfire system monitor/pc tools) zwterminateprocess [0xf72c0b30]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwterminatethread [0xabc4f5ca]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwvdmcontrol [0xabc4e6bc]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwwritevirtualmemory [0xabc4ef96]

code \systemroot\system32\drivers\aswsp.sys (avast! Self protection module/avast software) zwcreateprocessex [0xabd37744]
code \systemroot\system32\drivers\aswsp.sys (avast! Self protection module/avast software) obinsertobject
code \systemroot\system32\drivers\aswsp.sys (avast! Self protection module/avast software) obmaketemporaryobject

---- kernel code sections - gmer 1.0.15 ----

.text ntkrnlpa.exe!zwcallbackreturn + 2c6c 805044d8 4 bytes jmp 8084f72b
.text ntkrnlpa.exe!zwcallbackreturn + 2c74 805044e0 4 bytes [e8, 9c, c5, ab]
.text ntkrnlpa.exe!zwcallbackreturn + 2da4 80504610 8 bytes [0c, e9, 2b, f7, 0e, 9d, c5, ...]
.text ntkrnlpa.exe!zwcallbackreturn + 2f14 80504780 12 bytes [20, e6, c4, ab, 6e, e6, c4, ...]
.text ntkrnlpa.exe!zwcallbackreturn + 2f89 805047f5 7 bytes [e2, c4, ab, 26, e4, c4, ab]
.text ...
Page ntkrnlpa.exe!zwreplywaitreceiveportex + 5ec 805a533e 4 bytes call abc50943 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
page ntkrnlpa.exe!obmaketemporaryobject 805bb35a 5 bytes jmp abd3461c \systemroot\system32\drivers\aswsp.sys (avast! Self protection module/avast software)
page ntkrnlpa.exe!obinsertobject 805c1c90 5 bytes jmp abd360fe \systemroot\system32\drivers\aswsp.sys (avast! Self protection module/avast software)
page ntkrnlpa.exe!zwcreateprocessex 805cfe96 7 bytes jmp abd37748 \systemroot\system32\drivers\aswsp.sys (avast! Self protection module/avast software)
.xreloc c:\windows\system32\drivers\sfsync04.sys unknown last section [0xf7345000, 0xc5e, 0x40000040]
.text c:\windows\system32\drivers\ati2mtag.sys section is writeable [0xf62f3000, 0xe5cae, 0xe8000020]
.text win32k.sys!engfreeusermem + 674 bf809b45 4 bytes jmp abc548c0 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!engfreeusermem + 35d0 bf80caa1 4 bytes jmp abc547b0 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!engdeletesurface + 45 bf80fbc0 4 bytes jmp abc5476a \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!brushobj_pvallocrbrush + 11f0 bf81c962 4 bytes jmp abc53e1c \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!engpaint + 4ef bf8255ed 4 bytes jmp abc53538 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!engunmapfontfilefd + 1e5f bf8341a1 4 bytes jmp abc54a2a \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!engunmapfontfilefd + 237d bf8346bf 5 bytes jmp abc54670 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!engunmapfontfilefd + 4564 bf8368a6 4 bytes jmp abc54c32 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!engunmapfontfilefd + ee3f bf841181 4 bytes jmp abc535a8 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!fontobj_pxogetxform + de42 bf85ad4e 5 bytes jmp abc533fc \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!engmuldiv + b5f2 bf8670a0 4 bytes jmp abc53e04 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!xlateobj_ixlate + 3474 bf87111b 4 bytes jmp abc53992 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!xlateobj_ixlate + 34ff bf8711a6 5 bytes jmp abc53c58 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!engstretchblt + 35c1 bf87593b 4 bytes jmp abc547fa \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!enggetcurrentcodepage + 35fb bf894195 4 bytes jmp abc53a52 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!enggetcurrentcodepage + 411e bf894cb8 4 bytes jmp abc53c12 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!enggetlasterror + 1606 bf8b1ef6 4 bytes jmp abc53ef6 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!enggradientfill + 3aa1 bf8b6854 4 bytes jmp abc54972 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!engstretchbltrop + 33f7 bf8ba1a0 5 bytes jmp abc53ede \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!engstretchbltrop + 34b7 bf8ba260 4 bytes jmp abc533e4 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!engstretchbltrop + 8a22 bf8bf7cb 4 bytes jmp abc54b90 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!engalphablend + 3e8 bf8c333c 5 bytes jmp abc536b8 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!engfillpath + 1517 bf8eb97d 4 bytes jmp abc53790 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!engfillpath + 1797 bf8ebbfd 5 bytes jmp abc538bc \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!engfillpath + b223 bf8f5689 4 bytes jmp abc53e34 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!pathobj_bclosefigure + 19ef bf8f9a43 4 bytes jmp abc532de \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!engcreateclip + 19c1 bf913245 5 bytes jmp abc534d4 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!engcreateclip + 2595 bf913e19 4 bytes jmp abc53664 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!engcreateclip + 4ef4 bf916778 5 bytes jmp abc53d72 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!engplgblt + 18ec bf94468a 5 bytes jmp abc54ae8 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)

---- user code sections - gmer 1.0.15 ----

.text c:\programme\rocketdock\rocketdock.exe[192] ntdll.dll!ntloaddriver 7c91d46e 3 bytes [ff, 25, 1e]
.text c:\programme\rocketdock\rocketdock.exe[192] ntdll.dll!ntloaddriver + 4 7c91d472 2 bytes [22, 71]
.text c:\programme\rocketdock\rocketdock.exe[192] ntdll.dll!ntsuspendprocess 7c91de2e 3 bytes [ff, 25, 1e]
.text c:\programme\rocketdock\rocketdock.exe[192] ntdll.dll!ntsuspendprocess + 4 7c91de32 2 bytes [3a, 71]
.text c:\programme\rocketdock\rocketdock.exe[192] ntdll.dll!rtldossearchpath_u + 1d1 7c926ada 1 byte [62]
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!deviceiocontrol 7c801629 3 bytes [ff, 25, 1e]
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!deviceiocontrol + 4 7c80162d 2 bytes [aa, 70]
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!createfilea 7c801a28 6 bytes jmp 70de000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!virtualprotectex 7c801a61 6 bytes jmp 7126000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!virtualprotect 7c801ad4 6 bytes jmp 70d2000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!loadlibraryexw 7c801af5 6 bytes jmp 716b000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!loadlibrarya 7c801d7b 6 bytes jmp 715f000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!terminateprocess 7c801e1a 6 bytes jmp 7165000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!writeprocessmemory 7c802213 6 bytes jmp 7162000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!createprocessw 7c802336 6 bytes jmp 7150000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!createprocessa 7c80236b 6 bytes jmp 7153000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!virtualalloc 7c809aa1 6 bytes jmp 70d5000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!multibytetowidechar 7c809c48 6 bytes jmp 707e000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!loadresource 7c80a005 6 bytes jmp 70c0000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!widechartomultibyte 7c80a124 6 bytes jmp 705d000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!getprocaddress 7c80adf0 6 bytes jmp 7114000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!loadlibraryw 7c80ae9b 6 bytes jmp 715c000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!createmutexw 7c80e907 6 bytes jmp 7087000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!createmutexa 7c80e98f 6 bytes jmp 708a000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!openmutexw 7c80e9e5 6 bytes jmp 7081000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!openmutexa 7c80ea6b 6 bytes jmp 7084000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!getvolumeinformationw 7c80fa35 6 bytes jmp 710e000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!createremotethread 7c81047c 3 bytes [ff, 25, 1e]
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!createremotethread + 4 7c810480 2 bytes [6d, 71]
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!createthread 7c810687 6 bytes jmp 70d8000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!createfilew 7c8107b0 6 bytes jmp 70e1000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!writefile 7c810dd7 6 bytes jmp 709c000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!terminatethread 7c81caeb 6 bytes jmp 7138000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!movefilew 7c821211 6 bytes jmp 7057000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!createdirectorya 7c82175c 6 bytes jmp 70a2000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!getvolumeinformationa 7c821b55 6 bytes jmp 7111000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!copyfileexw 7c827ae2 6 bytes jmp 70b4000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!copyfilea 7c82869e 6 bytes jmp 70bd000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!copyfilew 7c82f82b 6 bytes jmp 70ba000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!openprocess 7c830999 6 bytes jmp 704e000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!deletefilea 7c831e8d 6 bytes jmp 706f000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!deletefilew 7c831f13 6 bytes jmp 706c000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!createdirectoryw 7c8323b2 6 bytes jmp 709f000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!movefileexw 7c83563b 6 bytes jmp 7051000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!movefilea 7c835e6f 6 bytes jmp 705a000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!debugactiveprocess 7c85af93 6 bytes jmp 7135000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!movefileexa 7c85e333 6 bytes jmp 7054000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!copyfileexa 7c85f234 6 bytes jmp 70b7000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!winexec 7c8622b5 6 bytes jmp 7141000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!setthreadcontext 7c8639b1 6 bytes jmp 7099000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!createtoolhelp32snapshot 7c865a27 6 bytes jmp 70db000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!getbinarytypew + 80 7c868b34 1 byte [62]
.text c:\programme\rocketdock\rocketdock.exe[192] user32.dll!setwindowtextw 7e36bc36 6 bytes jmp 7060000a
.text c:\programme\rocketdock\rocketdock.exe[192] user32.dll!getkeystate 7e36c505 6 bytes jmp 7132000a
.text c:\programme\rocketdock\rocketdock.exe[192] user32.dll!getwindowtextw 7e36cdb6 6 bytes jmp 70c6000a
.text c:\programme\rocketdock\rocketdock.exe[192] user32.dll!drawtextw 7e36d7c2 6 bytes jmp 7078000a
.text c:\programme\rocketdock\rocketdock.exe[192] user32.dll!showwindow 7e36d8a4 3 bytes [ff, 25, 1e]
.text c:\programme\rocketdock\rocketdock.exe[192] user32.dll!showwindow + 4 7e36d8a8 2 bytes [c2, 70]
.text c:\programme\rocketdock\rocketdock.exe[192] user32.dll!getkeyboardstate 7e36ef29 3 bytes [ff, 25, 1e]
.text c:\programme\rocketdock\rocketdock.exe[192] user32.dll!getkeyboardstate + 4 7e36ef2d 2 bytes [2b, 71]
.text c:\programme\rocketdock\rocketdock.exe[192] user32.dll!getasynckeystate 7e36f3b3 6 bytes jmp 712f000a
.text c:\programme\rocketdock\rocketdock.exe[192] user32.dll!createwindowexw 7e36fc25 6 bytes jmp 7072000a
.text c:\programme\rocketdock\rocketdock.exe[192] user32.dll!createwindowexa 7e36ff33 6 bytes jmp 7075000a
.text c:\programme\rocketdock\rocketdock.exe[192] user32.dll!setwindowshookexw 7e37ddb5 6 bytes jmp 7156000a
.text c:\programme\rocketdock\rocketdock.exe[192] user32.dll!setwindowtexta 7e37f52b 6 bytes jmp 7063000a
.text c:\programme\rocketdock\rocketdock.exe[192] user32.dll!setwindowshookexa 7e3811d1 6 bytes jmp 7159000a
.text c:\programme\rocketdock\rocketdock.exe[192] user32.dll!setwineventhook 7e3817b7 6 bytes jmp 711a000a
.text c:\programme\rocketdock\rocketdock.exe[192] user32.dll!getwindowtexta 7e38212b 6 bytes jmp 70c9000a
.text c:\programme\rocketdock\rocketdock.exe[192] user32.dll!drawtexta 7e38c6ca 6 bytes jmp 707b000a
.text c:\programme\rocketdock\rocketdock.exe[192] user32.dll!ddeconnect 7e3a7f93 6 bytes jmp 7129000a
.text c:\programme\rocketdock\rocketdock.exe[192] user32.dll!endtask 7e3a9e75 6 bytes jmp 713e000a
.text c:\programme\rocketdock\rocketdock.exe[192] user32.dll!registerrawinputdevices 7e3bcbd4 3 bytes [ff, 25, 1e]
.text c:\programme\rocketdock\rocketdock.exe[192] user32.dll!registerrawinputdevices + 4 7e3bcbd8 2 bytes [16, 71]
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!regopenkeyexw 77da6aaf 6 bytes jmp 70f6000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!regqueryvalueexw 77da6fff 6 bytes jmp 70e4000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!regcreatekeyexw 77da776c 6 bytes jmp 7108000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!regopenkeyexa 77da7852 6 bytes jmp 70f9000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!regopenkeyw 77da7946 6 bytes jmp 70fc000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!openprocesstoken 77da798b 6 bytes jmp 7096000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!regqueryvalueexa 77da7abb 6 bytes jmp 70e7000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!regsetvalueexw 77dad747 6 bytes jmp 70f0000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!regqueryvaluew 77dad85a 6 bytes jmp 70ea000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!regcreatekeyexa 77dae9d4 6 bytes jmp 710b000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!regsetvalueexa 77daeac7 6 bytes jmp 70f3000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!regopenkeya 77daefa8 6 bytes jmp 70ff000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!adjusttokenprivileges 77daefec 6 bytes jmp 708d000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!regdeletekeya 77db4288 6 bytes jmp 7069000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!regdeletekeyw 77db5583 6 bytes jmp 7066000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!openscmanagerw 77db6f3d 6 bytes jmp 70cc000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!openscmanagera 77dc6996 6 bytes jmp 70cf000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!lookupprivilegevaluew 77dcb8c7 6 bytes jmp 7090000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!regcreatekeyw 77dcba3d 6 bytes jmp 7102000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!regqueryvaluea 77dcbb75 4 bytes jmp ec001e25
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!regqueryvaluea + 5 77dcbb7a 1 byte [70]
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!regcreatekeya 77dcbcdb 6 bytes jmp 7105000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!lookupprivilegevaluea 77dcc220 6 bytes jmp 7093000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!lsaremoveaccountrights 77deab91 6 bytes jmp 7168000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!createservicea 77e07359 6 bytes jmp 7120000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!createservicew 77e074f1 6 bytes jmp 711d000a
.text c:\programme\rocketdock\rocketdock.exe[192] shell32.dll!shellexecuteexw 7e6b25d3 6 bytes jmp 7144000a
.text c:\programme\rocketdock\rocketdock.exe[192] shell32.dll!shell_notifyicon 7e6d18be 6 bytes jmp 70b1000a
.text c:\programme\rocketdock\rocketdock.exe[192] shell32.dll!shell_notifyiconw 7e6d62a5 6 bytes jmp 70ae000a
.text c:\programme\rocketdock\rocketdock.exe[192] shell32.dll!shellexecuteex 7e6f0e95 6 bytes jmp 7147000a
.text c:\programme\rocketdock\rocketdock.exe[192] shell32.dll!shellexecutea 7e6f11c0 6 bytes jmp 714d000a
.text c:\programme\rocketdock\rocketdock.exe[192] shell32.dll!shellexecutew 7e7659d0 6 bytes jmp 714a000a
.text c:\programme\rocketdock\rocketdock.exe[192] wininet.dll!internetconnecta 408cdeae 6 bytes jmp 704b000a
.text c:\programme\rocketdock\rocketdock.exe[192] wininet.dll!internetopenurla 408df3a4 6 bytes jmp 70a8000a
.text c:\programme\rocketdock\rocketdock.exe[192] wininet.dll!internetopenurlw 40926ddf 6 bytes jmp 70a5000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] ntdll.dll!ntloaddriver 7c91d46e 3 bytes [ff, 25, 1e]
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] ntdll.dll!ntloaddriver + 4 7c91d472 2 bytes [22, 71]
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] ntdll.dll!ntsuspendprocess 7c91de2e 3 bytes [ff, 25, 1e]
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] ntdll.dll!ntsuspendprocess + 4 7c91de32 2 bytes [3a, 71]
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] ntdll.dll!rtldossearchpath_u + 1d1 7c926ada 1 byte [62]
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!deviceiocontrol 7c801629 3 bytes [ff, 25, 1e]
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!deviceiocontrol + 4 7c80162d 2 bytes [aa, 70]
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!createfilea 7c801a28 6 bytes jmp 70de000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!virtualprotectex 7c801a61 6 bytes jmp 7126000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!virtualprotect 7c801ad4 6 bytes jmp 70d2000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!loadlibraryexw 7c801af5 6 bytes jmp 716b000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!loadlibrarya 7c801d7b 6 bytes jmp 715f000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!terminateprocess 7c801e1a 6 bytes jmp 7165000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!writeprocessmemory 7c802213 6 bytes jmp 7162000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!createprocessw 7c802336 6 bytes jmp 7150000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!createprocessa 7c80236b 6 bytes jmp 7153000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!virtualalloc 7c809aa1 6 bytes jmp 70d5000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!multibytetowidechar 7c809c48 6 bytes jmp 7084000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!loadresource 7c80a005 6 bytes jmp 70c0000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!widechartomultibyte 7c80a124 6 bytes jmp 7063000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!getprocaddress 7c80adf0 6 bytes jmp 7114000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!loadlibraryw 7c80ae9b 6 bytes jmp 715c000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!createmutexw 7c80e907 6 bytes jmp 708d000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!createmutexa 7c80e98f 6 bytes jmp 7090000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!openmutexw 7c80e9e5 6 bytes jmp 7087000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!openmutexa 7c80ea6b 6 bytes jmp 708a000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!getvolumeinformationw 7c80fa35 6 bytes jmp 710e000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!createremotethread 7c81047c 3 bytes [ff, 25, 1e]
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!createremotethread + 4 7c810480 2 bytes [6d, 71]
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!createthread 7c810687 6 bytes jmp 70d8000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!createfilew 7c8107b0 6 bytes jmp 70e1000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!writefile 7c810dd7 6 bytes jmp 70a2000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!terminatethread 7c81caeb 6 bytes jmp 7138000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!movefilew 7c821211 6 bytes jmp 705d000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!createdirectorya 7c82175c 6 bytes jmp 70a8000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!getvolumeinformationa 7c821b55 6 bytes jmp 7111000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!copyfileexw 7c827ae2 6 bytes jmp 70b4000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!copyfilea 7c82869e 6 bytes jmp 70bd000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!copyfilew 7c82f82b 6 bytes jmp 70ba000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!openprocess 7c830999 6 bytes jmp 7054000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!deletefilea 7c831e8d 6 bytes jmp 7075000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!deletefilew 7c831f13 6 bytes jmp 7072000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!createdirectoryw 7c8323b2 6 bytes jmp 70a5000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!movefileexw 7c83563b 6 bytes jmp 7057000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!movefilea 7c835e6f 6 bytes jmp 7060000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!debugactiveprocess 7c85af93 6 bytes jmp 7135000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!movefileexa 7c85e333 6 bytes jmp 705a000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!copyfileexa 7c85f234 6 bytes jmp 70b7000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!winexec 7c8622b5 6 bytes jmp 7141000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!setthreadcontext 7c8639b1 6 bytes jmp 709f000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!createtoolhelp32snapshot 7c865a27 6 bytes jmp 70db000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!getbinarytypew + 80 7c868b34 1 byte [62]
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!regopenkeyexw 77da6aaf 6 bytes jmp 70f6000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!regqueryvalueexw 77da6fff 6 bytes jmp 70e4000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!regcreatekeyexw 77da776c 6 bytes jmp 7108000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!regopenkeyexa 77da7852 6 bytes jmp 70f9000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!regopenkeyw 77da7946 6 bytes jmp 70fc000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!openprocesstoken 77da798b 6 bytes jmp 709c000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!regqueryvalueexa 77da7abb 6 bytes jmp 70e7000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!regsetvalueexw 77dad747 6 bytes jmp 70f0000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!regqueryvaluew 77dad85a 6 bytes jmp 70ea000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!regcreatekeyexa 77dae9d4 6 bytes jmp 710b000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!regsetvalueexa 77daeac7 6 bytes jmp 70f3000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!regopenkeya 77daefa8 6 bytes jmp 70ff000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!adjusttokenprivileges 77daefec 6 bytes jmp 7093000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!regdeletekeya 77db4288 6 bytes jmp 706f000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!regdeletekeyw 77db5583 6 bytes jmp 706c000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!openscmanagerw 77db6f3d 6 bytes jmp 70cc000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!openscmanagera 77dc6996 6 bytes jmp 70cf000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!lookupprivilegevaluew 77dcb8c7 6 bytes jmp 7096000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!regcreatekeyw 77dcba3d 6 bytes jmp 7102000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!regqueryvaluea 77dcbb75 4 bytes jmp ec001e25
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!regqueryvaluea + 5 77dcbb7a 1 byte [70]
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!regcreatekeya 77dcbcdb 6 bytes jmp 7105000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!lookupprivilegevaluea 77dcc220 6 bytes jmp 7099000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!lsaremoveaccountrights 77deab91 6 bytes jmp 7168000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!createservicea 77e07359 6 bytes jmp 7120000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!createservicew 77e074f1 6 bytes jmp 711d000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] user32.dll!setwindowtextw 7e36bc36 6 bytes jmp 7066000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] user32.dll!getkeystate 7e36c505 6 bytes jmp 7132000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] user32.dll!getwindowtextw 7e36cdb6 6 bytes jmp 70c6000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] user32.dll!drawtextw 7e36d7c2 6 bytes jmp 707e000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] user32.dll!showwindow 7e36d8a4 3 bytes [ff, 25, 1e]
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] user32.dll!showwindow + 4 7e36d8a8 2 bytes [c2, 70]
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] user32.dll!getkeyboardstate 7e36ef29 3 bytes [ff, 25, 1e]
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] user32.dll!getkeyboardstate + 4 7e36ef2d 2 bytes [2b, 71]
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] user32.dll!getasynckeystate 7e36f3b3 6 bytes jmp 712f000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] user32.dll!createwindowexw 7e36fc25 6 bytes jmp 7078000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] user32.dll!createwindowexa 7e36ff33 6 bytes jmp 707b000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] user32.dll!setwindowshookexw 7e37ddb5 6 bytes jmp 7156000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] user32.dll!setwindowtexta 7e37f52b 6 bytes jmp 7069000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] user32.dll!setwindowshookexa 7e3811d1 6 bytes jmp 7159000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] user32.dll!setwineventhook 7e3817b7 6 bytes jmp 711a000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] user32.dll!getwindowtexta 7e38212b 6 bytes jmp 70c9000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] user32.dll!drawtexta 7e38c6ca 6 bytes jmp 7081000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] user32.dll!ddeconnect 7e3a7f93 6 bytes jmp 7129000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] user32.dll!endtask 7e3a9e75 6 bytes jmp 713e000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] user32.dll!registerrawinputdevices 7e3bcbd4 3 bytes [ff, 25, 1e]
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] user32.dll!registerrawinputdevices + 4 7e3bcbd8 2 bytes [16, 71]
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] shell32.dll!shellexecuteexw 7e6b25d3 6 bytes jmp 7144000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] shell32.dll!shell_notifyicon 7e6d18be 6 bytes jmp 70b1000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] shell32.dll!shell_notifyiconw 7e6d62a5 6 bytes jmp 70ae000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] shell32.dll!shellexecuteex 7e6f0e95 6 bytes jmp 7147000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] shell32.dll!shellexecutea 7e6f11c0 6 bytes jmp 714d000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] shell32.dll!shellexecutew 7e7659d0 6 bytes jmp 714a000a
.text c:\windows\explorer.exe[332] ntdll.dll!ntloaddriver 7c91d46e 3 bytes [ff, 25, 1e]
.text c:\windows\explorer.exe[332] ntdll.dll!ntloaddriver + 4 7c91d472 2 bytes [22, 71]
.text c:\windows\explorer.exe[332] ntdll.dll!ntsuspendprocess 7c91de2e 3 bytes [ff, 25, 1e]
.text c:\windows\explorer.exe[332] ntdll.dll!ntsuspendprocess + 4 7c91de32 2 bytes [3a, 71]
.text c:\windows\explorer.exe[332] ntdll.dll!rtldossearchpath_u + 1d1 7c926ada 1 byte [62]
.text c:\windows\explorer.exe[332] kernel32.dll!deviceiocontrol 7c801629 3 bytes [ff, 25, 1e]
.text c:\windows\explorer.exe[332] kernel32.dll!deviceiocontrol + 4 7c80162d 2 bytes [aa, 70]
.text c:\windows\explorer.exe[332] kernel32.dll!createfilea 7c801a28 6 bytes jmp 70de000a
.text c:\windows\explorer.exe[332] kernel32.dll!virtualprotectex 7c801a61 6 bytes jmp 7126000a
.text c:\windows\explorer.exe[332] kernel32.dll!virtualprotect 7c801ad4 6 bytes jmp 70d2000a
.text c:\windows\explorer.exe[332] kernel32.dll!loadlibraryexw 7c801af5 6 bytes jmp 716b000a
.text c:\windows\explorer.exe[332] kernel32.dll!loadlibrarya 7c801d7b 6 bytes jmp 715f000a
.text c:\windows\explorer.exe[332] kernel32.dll!terminateprocess 7c801e1a 6 bytes jmp 7165000a
.text c:\windows\explorer.exe[332] kernel32.dll!writeprocessmemory 7c802213 6 bytes jmp 7162000a
.text c:\windows\explorer.exe[332] kernel32.dll!createprocessw 7c802336 6 bytes jmp 7150000a
.text c:\windows\explorer.exe[332] kernel32.dll!createprocessa 7c80236b 6 bytes jmp 7153000a
.text c:\windows\explorer.exe[332] kernel32.dll!virtualalloc 7c809aa1 6 bytes jmp 70d5000a
.text c:\windows\explorer.exe[332] kernel32.dll!multibytetowidechar 7c809c48 6 bytes jmp 707e000a
.text c:\windows\explorer.exe[332] kernel32.dll!loadresource 7c80a005 6 bytes jmp 70c0000a
.text c:\windows\explorer.exe[332] kernel32.dll!widechartomultibyte 7c80a124 6 bytes jmp 705d000a
.text c:\windows\explorer.exe[332] kernel32.dll!getprocaddress 7c80adf0 6 bytes jmp 7114000a
.text c:\windows\explorer.exe[332] kernel32.dll!loadlibraryw 7c80ae9b 6 bytes jmp 715c000a
.text c:\windows\explorer.exe[332] kernel32.dll!createmutexw 7c80e907 6 bytes jmp 7087000a
.text c:\windows\explorer.exe[332] kernel32.dll!createmutexa 7c80e98f 6 bytes jmp 708a000a
.text c:\windows\explorer.exe[332] kernel32.dll!openmutexw 7c80e9e5 6 bytes jmp 7081000a
.text c:\windows\explorer.exe[332] kernel32.dll!openmutexa 7c80ea6b 6 bytes jmp 7084000a
.text c:\windows\explorer.exe[332] kernel32.dll!getvolumeinformationw 7c80fa35 6 bytes jmp 710e000a
.text c:\windows\explorer.exe[332] kernel32.dll!createremotethread 7c81047c 3 bytes [ff, 25, 1e]
.text c:\windows\explorer.exe[332] kernel32.dll!createremotethread + 4 7c810480 2 bytes [6d, 71]
.text c:\windows\explorer.exe[332] kernel32.dll!createthread 7c810687 6 bytes jmp 70d8000a
.text c:\windows\explorer.exe[332] kernel32.dll!createfilew 7c8107b0 6 bytes jmp 70e1000a
.text c:\windows\explorer.exe[332] kernel32.dll!writefile 7c810dd7 6 bytes jmp 709c000a
.text c:\windows\explorer.exe[332] kernel32.dll!terminatethread 7c81caeb 6 bytes jmp 7138000a
.text c:\windows\explorer.exe[332] kernel32.dll!movefilew 7c821211 6 bytes jmp 7057000a
.text c:\windows\explorer.exe[332] kernel32.dll!createdirectorya 7c82175c 6 bytes jmp 70a2000a
.text c:\windows\explorer.exe[332] kernel32.dll!getvolumeinformationa 7c821b55 6 bytes jmp 7111000a
.text c:\windows\explorer.exe[332] kernel32.dll!copyfileexw 7c827ae2 6 bytes jmp 70b4000a
.text c:\windows\explorer.exe[332] kernel32.dll!copyfilea 7c82869e 6 bytes jmp 70bd000a
.text c:\windows\explorer.exe[332] kernel32.dll!copyfilew 7c82f82b 6 bytes jmp 70ba000a
.text c:\windows\explorer.exe[332] kernel32.dll!openprocess 7c830999 6 bytes jmp 704e000a
.text c:\windows\explorer.exe[332] kernel32.dll!deletefilea 7c831e8d 6 bytes jmp 706f000a
.text c:\windows\explorer.exe[332] kernel32.dll!deletefilew 7c831f13 6 bytes jmp 706c000a
.text c:\windows\explorer.exe[332] kernel32.dll!createdirectoryw 7c8323b2 6 bytes jmp 709f000a
.text c:\windows\explorer.exe[332] kernel32.dll!movefileexw 7c83563b 6 bytes jmp 7051000a
.text c:\windows\explorer.exe[332] kernel32.dll!movefilea 7c835e6f 6 bytes jmp 705a000a
.text c:\windows\explorer.exe[332] kernel32.dll!debugactiveprocess 7c85af93 6 bytes jmp 7135000a
.text c:\windows\explorer.exe[332] kernel32.dll!movefileexa 7c85e333 6 bytes jmp 7054000a
.text c:\windows\explorer.exe[332] kernel32.dll!copyfileexa 7c85f234 6 bytes jmp 70b7000a
.text c:\windows\explorer.exe[332] kernel32.dll!winexec 7c8622b5 6 bytes jmp 7141000a
.text c:\windows\explorer.exe[332] kernel32.dll!setthreadcontext 7c8639b1 6 bytes jmp 7099000a
.text c:\windows\explorer.exe[332] kernel32.dll!createtoolhelp32snapshot 7c865a27 6 bytes jmp 70db000a
.text c:\windows\explorer.exe[332] kernel32.dll!getbinarytypew + 80 7c868b34 1 byte [62]
.text c:\windows\explorer.exe[332] advapi32.dll!regopenkeyexw 77da6aaf 6 bytes jmp 70f6000a
.text c:\windows\explorer.exe[332] advapi32.dll!regqueryvalueexw 77da6fff 6 bytes jmp 70e4000a
.text c:\windows\explorer.exe[332] advapi32.dll!regcreatekeyexw 77da776c 6 bytes jmp 7108000a
.text c:\windows\explorer.exe[332] advapi32.dll!regopenkeyexa 77da7852 6 bytes jmp 70f9000a
.text c:\windows\explorer.exe[332] advapi32.dll!regopenkeyw 77da7946 6 bytes jmp 70fc000a
.text c:\windows\explorer.exe[332] advapi32.dll!openprocesstoken 77da798b 6 bytes jmp 7096000a
.text c:\windows\explorer.exe[332] advapi32.dll!regqueryvalueexa 77da7abb 6 bytes jmp 70e7000a
.text c:\windows\explorer.exe[332] advapi32.dll!regsetvalueexw 77dad747 6 bytes jmp 70f0000a
.text c:\windows\explorer.exe[332] advapi32.dll!regqueryvaluew 77dad85a 6 bytes jmp 70ea000a
.text c:\windows\explorer.exe[332] advapi32.dll!regcreatekeyexa 77dae9d4 6 bytes jmp 710b000a
.text c:\windows\explorer.exe[332] advapi32.dll!regsetvalueexa 77daeac7 6 bytes jmp 70f3000a
.text c:\windows\explorer.exe[332] advapi32.dll!regopenkeya 77daefa8 6 bytes jmp 70ff000a
.text c:\windows\explorer.exe[332] advapi32.dll!adjusttokenprivileges 77daefec 6 bytes jmp 708d000a
.text c:\windows\explorer.exe[332] advapi32.dll!regdeletekeya 77db4288 6 bytes jmp 7069000a
.text c:\windows\explorer.exe[332] advapi32.dll!regdeletekeyw 77db5583 6 bytes jmp 7066000a
.text c:\windows\explorer.exe[332] advapi32.dll!openscmanagerw 77db6f3d 6 bytes jmp 70cc000a
.text c:\windows\explorer.exe[332] advapi32.dll!openscmanagera 77dc6996 6 bytes jmp 70cf000a
.text c:\windows\explorer.exe[332] advapi32.dll!lookupprivilegevaluew 77dcb8c7 6 bytes jmp 7090000a
.text c:\windows\explorer.exe[332] advapi32.dll!regcreatekeyw 77dcba3d 6 bytes jmp 7102000a
.text c:\windows\explorer.exe[332] advapi32.dll!regqueryvaluea 77dcbb75 4 bytes jmp ec001e25
.text c:\windows\explorer.exe[332] advapi32.dll!regqueryvaluea + 5 77dcbb7a 1 byte [70]
.text c:\windows\explorer.exe[332] advapi32.dll!regcreatekeya 77dcbcdb 6 bytes jmp 7105000a
.text c:\windows\explorer.exe[332] advapi32.dll!lookupprivilegevaluea 77dcc220 6 bytes jmp 7093000a
.text c:\windows\explorer.exe[332] advapi32.dll!lsaremoveaccountrights 77deab91 6 bytes jmp 7168000a
.text c:\windows\explorer.exe[332] advapi32.dll!createservicea 77e07359 6 bytes jmp 7120000a
.text c:\windows\explorer.exe[332] advapi32.dll!createservicew 77e074f1 6 bytes jmp 711d000a
.text c:\windows\explorer.exe[332] user32.dll!setwindowtextw 7e36bc36 6 bytes jmp 7060000a
.text c:\windows\explorer.exe[332] user32.dll!getkeystate 7e36c505 6 bytes jmp 7132000a
.text c:\windows\explorer.exe[332] user32.dll!getwindowtextw 7e36cdb6 6 bytes jmp 70c6000a
.text c:\windows\explorer.exe[332] user32.dll!drawtextw 7e36d7c2 6 bytes jmp 7078000a
.text c:\windows\explorer.exe[332] user32.dll!showwindow 7e36d8a4 3 bytes [ff, 25, 1e]
.text c:\windows\explorer.exe[332] user32.dll!showwindow + 4 7e36d8a8 2 bytes [c2, 70]
.text c:\windows\explorer.exe[332] user32.dll!getkeyboardstate 7e36ef29 3 bytes [ff, 25, 1e]
.text c:\windows\explorer.exe[332] user32.dll!getkeyboardstate + 4 7e36ef2d 2 bytes [2b, 71]
.text c:\windows\explorer.exe[332] user32.dll!getasynckeystate 7e36f3b3 6 bytes jmp 712f000a
.text c:\windows\explorer.exe[332] user32.dll!createwindowexw 7e36fc25 6 bytes jmp 7072000a
.text c:\windows\explorer.exe[332] user32.dll!createwindowexa 7e36ff33 6 bytes jmp 7075000a
.text c:\windows\explorer.exe[332] user32.dll!setwindowshookexw 7e37ddb5 6 bytes jmp 7156000a
.text c:\windows\explorer.exe[332] user32.dll!setwindowtexta 7e37f52b 6 bytes jmp 7063000a
.text c:\windows\explorer.exe[332] user32.dll!setwindowshookexa 7e3811d1 6 bytes jmp 7159000a
.text c:\windows\explorer.exe[332] user32.dll!setwineventhook 7e3817b7 6 bytes jmp 711a000a
.text c:\windows\explorer.exe[332] user32.dll!getwindowtexta 7e38212b 6 bytes jmp 70c9000a
.text c:\windows\explorer.exe[332] user32.dll!drawtexta 7e38c6ca 6 bytes jmp 707b000a
.text c:\windows\explorer.exe[332] user32.dll!ddeconnect 7e3a7f93 6 bytes jmp 7129000a
.text c:\windows\explorer.exe[332] user32.dll!endtask 7e3a9e75 6 bytes jmp 713e000a
.text c:\windows\explorer.exe[332] user32.dll!registerrawinputdevices 7e3bcbd4 3 bytes [ff, 25, 1e]
.text c:\windows\explorer.exe[332] user32.dll!registerrawinputdevices + 4 7e3bcbd8 2 bytes [16, 71]
.text c:\windows\explorer.exe[332] wininet.dll!internetconnecta 408cdeae 6 bytes jmp 704b000a
.text c:\windows\explorer.exe[332] wininet.dll!internetopenurla 408df3a4 6 bytes jmp 70a8000a
.text c:\windows\explorer.exe[332] wininet.dll!internetopenurlw 40926ddf 6 bytes jmp 70a5000a
.text c:\windows\explorer.exe[332] shell32.dll!shellexecuteexw 7e6b25d3 6 bytes jmp 7144000a
.text c:\windows\explorer.exe[332] shell32.dll!shell_notifyicon 7e6d18be 6 bytes jmp 70b1000a
.text c:\windows\explorer.exe[332] shell32.dll!shell_notifyiconw 7e6d62a5 6 bytes jmp 70ae000a
.text c:\windows\explorer.exe[332] shell32.dll!shellexecuteex 7e6f0e95 6 bytes jmp 7147000a
.text c:\windows\explorer.exe[332] shell32.dll!shellexecutea 7e6f11c0 6 bytes jmp 714d000a
.text c:\windows\explorer.exe[332] shell32.dll!shellexecutew 7e7659d0 6 bytes jmp 714a000a
.text c:\windows\system32\poweroff.exe[592] ntdll.dll!ntloaddriver 7c91d46e 3 bytes [ff, 25, 1e]

Polarbär 29.07.2012 14:26
GMER 2:Teil
Zitat:
.text C:\WINDOWS\system32\poweroff.exe[592] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\poweroff.exe[592] ntdll.dll!NtSuspendProcess 7C91DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\poweroff.exe[592] ntdll.dll!NtSuspendProcess + 4 7C91DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\poweroff.exe[592] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!DeviceIoControl 7C801629 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!DeviceIoControl + 4 7C80162D 2 Bytes [AA, 70]
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!VirtualAlloc 7C809AA1 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!MultiByteToWideChar 7C809C48 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!LoadResource 7C80A005 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!WideCharToMultiByte 7C80A124 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!GetProcAddress 7C80ADF0 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!LoadLibraryW 7C80AE9B 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!CreateMutexW 7C80E907 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!CreateMutexA 7C80E98F 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!OpenMutexW 7C80E9E5 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!OpenMutexA 7C80EA6B 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!GetVolumeInformationW 7C80FA35 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!CreateRemoteThread 7C81047C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!CreateRemoteThread + 4 7C810480 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!CreateThread 7C810687 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!CreateFileW 7C8107B0 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!WriteFile 7C810DD7 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!TerminateThread 7C81CAEB 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!MoveFileW 7C821211 6 Bytes JMP 705D000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!CreateDirectoryA 7C82175C 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!GetVolumeInformationA 7C821B55 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!CopyFileExW 7C827AE2 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!CopyFileA 7C82869E 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!CopyFileW 7C82F82B 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!OpenProcess 7C830999 6 Bytes JMP 7054000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!DeleteFileA 7C831E8D 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!DeleteFileW 7C831F13 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!CreateDirectoryW 7C8323B2 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!MoveFileExW 7C83563B 6 Bytes JMP 7057000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!MoveFileA 7C835E6F 6 Bytes JMP 7060000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!DebugActiveProcess 7C85AF93 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!MoveFileExA 7C85E333 6 Bytes JMP 705A000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!CopyFileExA 7C85F234 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!WinExec 7C8622B5 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!SetThreadContext 7C8639B1 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!CreateToolhelp32Snapshot 7C865A27 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\WINDOWS\system32\poweroff.exe[592] USER32.dll!SetWindowTextW 7E36BC36 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\poweroff.exe[592] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\poweroff.exe[592] USER32.dll!GetWindowTextW 7E36CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\poweroff.exe[592] USER32.dll!DrawTextW 7E36D7C2 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\poweroff.exe[592] USER32.dll!ShowWindow 7E36D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\poweroff.exe[592] USER32.dll!ShowWindow + 4 7E36D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\poweroff.exe[592] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\poweroff.exe[592] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\poweroff.exe[592] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\poweroff.exe[592] USER32.dll!CreateWindowExW 7E36FC25 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\poweroff.exe[592] USER32.dll!CreateWindowExA 7E36FF33 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\poweroff.exe[592] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\poweroff.exe[592] USER32.dll!SetWindowTextA 7E37F52B 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\poweroff.exe[592] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\poweroff.exe[592] USER32.dll!SetWinEventHook 7E3817B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\poweroff.exe[592] USER32.dll!GetWindowTextA 7E38212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\poweroff.exe[592] USER32.dll!DrawTextA 7E38C6CA 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\poweroff.exe[592] USER32.dll!DdeConnect 7E3A7F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\poweroff.exe[592] USER32.dll!EndTask 7E3A9E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\poweroff.exe[592] USER32.dll!RegisterRawInputDevices 7E3BCBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\poweroff.exe[592] USER32.dll!RegisterRawInputDevices + 4 7E3BCBD8 2 Bytes [16, 71]
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!RegQueryValueExW 77DA6FFF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!RegCreateKeyExW 77DA776C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!RegOpenKeyExA 77DA7852 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!RegOpenKeyW 77DA7946 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!OpenProcessToken 77DA798B 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!RegQueryValueExA 77DA7ABB 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!RegSetValueExW 77DAD747 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!RegQueryValueW 77DAD85A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!RegSetValueExA 77DAEAC7 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!AdjustTokenPrivileges 77DAEFEC 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!RegDeleteKeyA 77DB4288 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!RegDeleteKeyW 77DB5583 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!OpenSCManagerW 77DB6F3D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!OpenSCManagerA 77DC6996 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!LookupPrivilegeValueW 77DCB8C7 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!RegQueryValueA 77DCBB75 4 Bytes JMP EC001E25
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!RegQueryValueA + 5 77DCBB7A 1 Byte [70]
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!LookupPrivilegeValueA 77DCC220 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!LsaRemoveAccountRights 77DEAB91 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!CreateServiceA 77E07359 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!CreateServiceW 77E074F1 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\poweroff.exe[592] SHELL32.dll!ShellExecuteExW 7E6B25D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\poweroff.exe[592] SHELL32.dll!Shell_NotifyIcon 7E6D18BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\poweroff.exe[592] SHELL32.dll!Shell_NotifyIconW 7E6D62A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\poweroff.exe[592] SHELL32.dll!ShellExecuteEx 7E6F0E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\poweroff.exe[592] SHELL32.dll!ShellExecuteA 7E6F11C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\poweroff.exe[592] SHELL32.dll!ShellExecuteW 7E7659D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\System32\smss.exe[600] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ntdll.dll!NtLoadDriver 7C91D46E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [22, 71]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ntdll.dll!NtSuspendProcess 7C91DE2E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ntdll.dll!NtSuspendProcess + 4 7C91DE32 2 Bytes [3A, 71]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!DeviceIoControl 7C801629 3 Bytes [FF, 25, 1E]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!DeviceIoControl + 4 7C80162D 2 Bytes [AA, 70]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!VirtualAlloc 7C809AA1 6 Bytes JMP 70D5000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!MultiByteToWideChar 7C809C48 6 Bytes JMP 707E000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!LoadResource 7C80A005 6 Bytes JMP 70C0000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!WideCharToMultiByte 7C80A124 6 Bytes JMP 705D000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!GetProcAddress 7C80ADF0 6 Bytes JMP 7114000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!LoadLibraryW 7C80AE9B 6 Bytes JMP 715C000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!CreateMutexW 7C80E907 6 Bytes JMP 7087000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!CreateMutexA 7C80E98F 6 Bytes JMP 708A000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!OpenMutexW 7C80E9E5 6 Bytes JMP 7081000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!OpenMutexA 7C80EA6B 6 Bytes JMP 7084000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!GetVolumeInformationW 7C80FA35 6 Bytes JMP 710E000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!CreateRemoteThread 7C81047C 3 Bytes [FF, 25, 1E]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!CreateRemoteThread + 4 7C810480 2 Bytes [6D, 71]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!CreateThread 7C810687 6 Bytes JMP 70D8000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!CreateFileW 7C8107B0 6 Bytes JMP 70E1000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!WriteFile 7C810DD7 6 Bytes JMP 709C000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!TerminateThread 7C81CAEB 6 Bytes JMP 7138000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!MoveFileW 7C821211 6 Bytes JMP 7057000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!CreateDirectoryA 7C82175C 6 Bytes JMP 70A2000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!GetVolumeInformationA 7C821B55 6 Bytes JMP 7111000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!CopyFileExW 7C827AE2 6 Bytes JMP 70B4000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!CopyFileA 7C82869E 6 Bytes JMP 70BD000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!CopyFileW 7C82F82B 6 Bytes JMP 70BA000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!OpenProcess 7C830999 6 Bytes JMP 704E000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!DeleteFileA 7C831E8D 6 Bytes JMP 706F000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!DeleteFileW 7C831F13 6 Bytes JMP 706C000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!CreateDirectoryW 7C8323B2 6 Bytes JMP 709F000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!MoveFileExW 7C83563B 6 Bytes JMP 7051000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!MoveFileA 7C835E6F 6 Bytes JMP 705A000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!DebugActiveProcess 7C85AF93 6 Bytes JMP 7135000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!MoveFileExA 7C85E333 6 Bytes JMP 7054000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!CopyFileExA 7C85F234 6 Bytes JMP 70B7000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!WinExec 7C8622B5 6 Bytes JMP 7141000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!SetThreadContext 7C8639B1 6 Bytes JMP 7099000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!CreateToolhelp32Snapshot 7C865A27 6 Bytes JMP 70DB000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 6 Bytes JMP 70F6000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!RegQueryValueExW 77DA6FFF 6 Bytes JMP 70E4000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!RegCreateKeyExW 77DA776C 6 Bytes JMP 7108000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!RegOpenKeyExA 77DA7852 6 Bytes JMP 70F9000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!RegOpenKeyW 77DA7946 6 Bytes JMP 70FC000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!OpenProcessToken 77DA798B 6 Bytes JMP 7096000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!RegQueryValueExA 77DA7ABB 6 Bytes JMP 70E7000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!RegSetValueExW 77DAD747 6 Bytes JMP 70F0000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!RegQueryValueW 77DAD85A 6 Bytes JMP 70EA000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 6 Bytes JMP 710B000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!RegSetValueExA 77DAEAC7 6 Bytes JMP 70F3000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 6 Bytes JMP 70FF000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!AdjustTokenPrivileges 77DAEFEC 6 Bytes JMP 708D000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!RegDeleteKeyA 77DB4288 6 Bytes JMP 7069000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!RegDeleteKeyW 77DB5583 6 Bytes JMP 7066000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!OpenSCManagerW 77DB6F3D 6 Bytes JMP 70CC000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!OpenSCManagerA 77DC6996 6 Bytes JMP 70CF000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!LookupPrivilegeValueW 77DCB8C7 6 Bytes JMP 7090000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 6 Bytes JMP 7102000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!RegQueryValueA 77DCBB75 4 Bytes JMP EC001E25
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!RegQueryValueA + 5 77DCBB7A 1 Byte [70]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 6 Bytes JMP 7105000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!LookupPrivilegeValueA 77DCC220 6 Bytes JMP 7093000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!LsaRemoveAccountRights 77DEAB91 6 Bytes JMP 7168000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!CreateServiceA 77E07359 6 Bytes JMP 7120000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!CreateServiceW 77E074F1 6 Bytes JMP 711D000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] USER32.dll!SetWindowTextW 7E36BC36 6 Bytes JMP 7060000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 7132000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] USER32.dll!GetWindowTextW 7E36CDB6 6 Bytes JMP 70C6000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] USER32.dll!DrawTextW 7E36D7C2 6 Bytes JMP 7078000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] USER32.dll!ShowWindow 7E36D8A4 3 Bytes [FF, 25, 1E]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] USER32.dll!ShowWindow + 4 7E36D8A8 2 Bytes [C2, 70]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [2B, 71]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 712F000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] USER32.dll!CreateWindowExW 7E36FC25 6 Bytes JMP 7072000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] USER32.dll!CreateWindowExA 7E36FF33 6 Bytes JMP 7075000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 7156000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] USER32.dll!SetWindowTextA 7E37F52B 6 Bytes JMP 7063000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 7159000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] USER32.dll!SetWinEventHook 7E3817B7 6 Bytes JMP 711A000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] USER32.dll!GetWindowTextA 7E38212B 6 Bytes JMP 70C9000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] USER32.dll!DrawTextA 7E38C6CA 6 Bytes JMP 707B000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] USER32.dll!DdeConnect 7E3A7F93 6 Bytes JMP 7129000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] USER32.dll!EndTask 7E3A9E75 6 Bytes JMP 713E000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] USER32.dll!RegisterRawInputDevices 7E3BCBD4 3 Bytes [FF, 25, 1E]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] USER32.dll!RegisterRawInputDevices + 4 7E3BCBD8 2 Bytes [16, 71]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] shell32.dll!ShellExecuteExW 7E6B25D3 6 Bytes JMP 7144000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] shell32.dll!Shell_NotifyIcon 7E6D18BE 6 Bytes JMP 70B1000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] shell32.dll!Shell_NotifyIconW 7E6D62A5 6 Bytes JMP 70AE000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] shell32.dll!ShellExecuteEx 7E6F0E95 6 Bytes JMP 7147000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] shell32.dll!ShellExecuteA 7E6F11C0 6 Bytes JMP 714D000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] shell32.dll!ShellExecuteW 7E7659D0 6 Bytes JMP 714A000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] wininet.dll!InternetConnectA 408CDEAE 6 Bytes JMP 704B000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] wininet.dll!InternetOpenUrlA 408DF3A4 6 Bytes JMP 70A8000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] wininet.dll!InternetOpenUrlW 40926DDF 6 Bytes JMP 70A5000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ntdll.dll!NtLoadDriver 7C91D46E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [22, 71]
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ntdll.dll!NtSuspendProcess 7C91DE2E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ntdll.dll!NtSuspendProcess + 4 7C91DE32 2 Bytes [3A, 71]
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!DeviceIoControl 7C801629 3 Bytes [FF, 25, 1E]
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!DeviceIoControl + 4 7C80162D 2 Bytes [AA, 70]
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!VirtualAlloc 7C809AA1 6 Bytes JMP 70D5000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!MultiByteToWideChar 7C809C48 6 Bytes JMP 7084000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!LoadResource 7C80A005 6 Bytes JMP 70C0000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!WideCharToMultiByte 7C80A124 6 Bytes JMP 7063000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!GetProcAddress 7C80ADF0 6 Bytes JMP 7114000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!LoadLibraryW 7C80AE9B 6 Bytes JMP 715C000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!CreateMutexW 7C80E907 6 Bytes JMP 708D000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!CreateMutexA 7C80E98F 6 Bytes JMP 7090000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!OpenMutexW 7C80E9E5 6 Bytes JMP 7087000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!OpenMutexA 7C80EA6B 6 Bytes JMP 708A000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!GetVolumeInformationW 7C80FA35 6 Bytes JMP 710E000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!CreateRemoteThread 7C81047C 3 Bytes [FF, 25, 1E]
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!CreateRemoteThread + 4 7C810480 2 Bytes [6D, 71]
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!CreateThread 7C810687 6 Bytes JMP 70D8000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!CreateFileW 7C8107B0 6 Bytes JMP 70E1000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!WriteFile 7C810DD7 6 Bytes JMP 70A2000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!TerminateThread 7C81CAEB 6 Bytes JMP 7138000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!MoveFileW 7C821211 6 Bytes JMP 705D000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!CreateDirectoryA 7C82175C 6 Bytes JMP 70A8000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!GetVolumeInformationA 7C821B55 6 Bytes JMP 7111000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!CopyFileExW 7C827AE2 6 Bytes JMP 70B4000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!CopyFileA 7C82869E 6 Bytes JMP 70BD000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!CopyFileW 7C82F82B 6 Bytes JMP 70BA000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!OpenProcess 7C830999 6 Bytes JMP 7054000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!DeleteFileA 7C831E8D 6 Bytes JMP 7075000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!DeleteFileW 7C831F13 6 Bytes JMP 7072000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!CreateDirectoryW 7C8323B2 6 Bytes JMP 70A5000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!MoveFileExW 7C83563B 6 Bytes JMP 7057000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!MoveFileA 7C835E6F 6 Bytes JMP 7060000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!DebugActiveProcess 7C85AF93 6 Bytes JMP 7135000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!MoveFileExA 7C85E333 6 Bytes JMP 705A000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!CopyFileExA 7C85F234 6 Bytes JMP 70B7000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!WinExec 7C8622B5 6 Bytes JMP 7141000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!SetThreadContext 7C8639B1 6 Bytes JMP 709F000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!CreateToolhelp32Snapshot 7C865A27 6 Bytes JMP 70DB000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] USER32.dll!SetWindowTextW 7E36BC36 6 Bytes JMP 7066000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 7132000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] USER32.dll!GetWindowTextW 7E36CDB6 6 Bytes JMP 70C6000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] USER32.dll!DrawTextW 7E36D7C2 6 Bytes JMP 707E000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] USER32.dll!ShowWindow 7E36D8A4 3 Bytes [FF, 25, 1E]
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] USER32.dll!ShowWindow + 4 7E36D8A8 2 Bytes [C2, 70]
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E]
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [2B, 71]
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 712F000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] USER32.dll!CreateWindowExW 7E36FC25 6 Bytes JMP 7078000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] USER32.dll!CreateWindowExA 7E36FF33 6 Bytes JMP 707B000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 7156000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] USER32.dll!SetWindowTextA 7E37F52B 6 Bytes JMP 7069000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 7159000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] USER32.dll!SetWinEventHook 7E3817B7 6 Bytes JMP 711A000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] USER32.dll!GetWindowTextA 7E38212B 6 Bytes JMP 70C9000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] USER32.dll!DrawTextA 7E38C6CA 6 Bytes JMP 7081000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] USER32.dll!DdeConnect 7E3A7F93 6 Bytes JMP 7129000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] USER32.dll!EndTask 7E3A9E75 6 Bytes JMP 713E000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] USER32.dll!RegisterRawInputDevices 7E3BCBD4 3 Bytes [FF, 25, 1E]
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] USER32.dll!RegisterRawInputDevices + 4 7E3BCBD8 2 Bytes [16, 71]
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 6 Bytes JMP 70F6000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!RegQueryValueExW 77DA6FFF 6 Bytes JMP 70E4000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!RegCreateKeyExW 77DA776C 6 Bytes JMP 7108000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!RegOpenKeyExA 77DA7852 6 Bytes JMP 70F9000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!RegOpenKeyW 77DA7946 6 Bytes JMP 70FC000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!OpenProcessToken 77DA798B 6 Bytes JMP 709C000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!RegQueryValueExA 77DA7ABB 6 Bytes JMP 70E7000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!RegSetValueExW 77DAD747 6 Bytes JMP 70F0000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!RegQueryValueW 77DAD85A 6 Bytes JMP 70EA000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 6 Bytes JMP 710B000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!RegSetValueExA 77DAEAC7 6 Bytes JMP 70F3000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 6 Bytes JMP 70FF000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!AdjustTokenPrivileges 77DAEFEC 6 Bytes JMP 7093000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!RegDeleteKeyA 77DB4288 6 Bytes JMP 706F000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!RegDeleteKeyW 77DB5583 6 Bytes JMP 706C000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!OpenSCManagerW 77DB6F3D 6 Bytes JMP 70CC000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!OpenSCManagerA 77DC6996 6 Bytes JMP 70CF000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!LookupPrivilegeValueW 77DCB8C7 6 Bytes JMP 7096000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 6 Bytes JMP 7102000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!RegQueryValueA 77DCBB75 4 Bytes JMP EC001E25
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!RegQueryValueA + 5 77DCBB7A 1 Byte [70]
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 6 Bytes JMP 7105000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!LookupPrivilegeValueA 77DCC220 6 Bytes JMP 7099000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!LsaRemoveAccountRights 77DEAB91 6 Bytes JMP 7168000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!CreateServiceA 77E07359 6 Bytes JMP 7120000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!CreateServiceW 77E074F1 6 Bytes JMP 711D000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] SHELL32.dll!ShellExecuteExW 7E6B25D3 6 Bytes JMP 7144000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] SHELL32.dll!Shell_NotifyIcon 7E6D18BE 6 Bytes JMP 70B1000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] SHELL32.dll!Shell_NotifyIconW 7E6D62A5 6 Bytes JMP 70AE000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] SHELL32.dll!ShellExecuteEx 7E6F0E95 6 Bytes JMP 7147000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] SHELL32.dll!ShellExecuteA 7E6F11C0 6 Bytes JMP 714D000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] SHELL32.dll!ShellExecuteW 7E7659D0 6 Bytes JMP 714A000A
.text C:\Dokumente und Einstellungen\Roman\Desktop\u43koo52.exe[792] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\Dokumente und Einstellungen\Roman\Desktop\u43koo52.exe[792] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ntdll.dll!NtLoadDriver 7C91D46E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [22, 71]
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ntdll.dll!NtSuspendProcess 7C91DE2E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ntdll.dll!NtSuspendProcess + 4 7C91DE32 2 Bytes [3A, 71]
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!DeviceIoControl 7C801629 3 Bytes [FF, 25, 1E]
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!DeviceIoControl + 4 7C80162D 2 Bytes [AA, 70]
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!VirtualAlloc 7C809AA1 6 Bytes JMP 70D5000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!MultiByteToWideChar 7C809C48 6 Bytes JMP 7084000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!LoadResource 7C80A005 6 Bytes JMP 70C0000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!WideCharToMultiByte 7C80A124 6 Bytes JMP 7063000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!GetProcAddress 7C80ADF0 6 Bytes JMP 7114000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!LoadLibraryW 7C80AE9B 6 Bytes JMP 715C000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!CreateMutexW 7C80E907 6 Bytes JMP 708D000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!CreateMutexA 7C80E98F 6 Bytes JMP 7090000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!OpenMutexW 7C80E9E5 6 Bytes JMP 7087000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!OpenMutexA 7C80EA6B 6 Bytes JMP 708A000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!GetVolumeInformationW 7C80FA35 6 Bytes JMP 710E000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!CreateRemoteThread 7C81047C 3 Bytes [FF, 25, 1E]
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!CreateRemoteThread + 4 7C810480 2 Bytes [6D, 71]
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!CreateThread 7C810687 6 Bytes JMP 70D8000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!CreateFileW 7C8107B0 6 Bytes JMP 70E1000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!WriteFile 7C810DD7 6 Bytes JMP 70A2000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!TerminateThread 7C81CAEB 6 Bytes JMP 7138000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!MoveFileW 7C821211 6 Bytes JMP 705D000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!CreateDirectoryA 7C82175C 6 Bytes JMP 70A8000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!GetVolumeInformationA 7C821B55 6 Bytes JMP 7111000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!CopyFileExW 7C827AE2 6 Bytes JMP 70B4000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!CopyFileA 7C82869E 6 Bytes JMP 70BD000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!CopyFileW 7C82F82B 6 Bytes JMP 70BA000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!OpenProcess 7C830999 6 Bytes JMP 7054000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!DeleteFileA 7C831E8D 6 Bytes JMP 7075000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!DeleteFileW 7C831F13 6 Bytes JMP 7072000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!CreateDirectoryW 7C8323B2 6 Bytes JMP 70A5000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!MoveFileExW 7C83563B 6 Bytes JMP 7057000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!MoveFileA 7C835E6F 6 Bytes JMP 7060000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!DebugActiveProcess 7C85AF93 6 Bytes JMP 7135000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!MoveFileExA 7C85E333 6 Bytes JMP 705A000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!CopyFileExA 7C85F234 6 Bytes JMP 70B7000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!WinExec 7C8622B5 6 Bytes JMP 7141000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!SetThreadContext 7C8639B1 6 Bytes JMP 709F000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!CreateToolhelp32Snapshot 7C865A27 6 Bytes JMP 70DB000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] USER32.dll!SetWindowTextW 7E36BC36 6 Bytes JMP 7066000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 7132000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] USER32.dll!GetWindowTextW 7E36CDB6 6 Bytes JMP 70C6000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] USER32.dll!DrawTextW 7E36D7C2 6 Bytes JMP 707E000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] USER32.dll!ShowWindow 7E36D8A4 3 Bytes [FF, 25, 1E]
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] USER32.dll!ShowWindow + 4 7E36D8A8 2 Bytes [C2, 70]
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E]
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [2B, 71]
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 712F000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] USER32.dll!CreateWindowExW 7E36FC25 6 Bytes JMP 7078000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] USER32.dll!CreateWindowExA 7E36FF33 6 Bytes JMP 707B000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 7156000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] USER32.dll!SetWindowTextA 7E37F52B 6 Bytes JMP 7069000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 7159000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] USER32.dll!SetWinEventHook 7E3817B7 6 Bytes JMP 711A000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] USER32.dll!GetWindowTextA 7E38212B 6 Bytes JMP 70C9000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] USER32.dll!DrawTextA 7E38C6CA 6 Bytes JMP 7081000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] USER32.dll!DdeConnect 7E3A7F93 6 Bytes JMP 7129000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] USER32.dll!EndTask 7E3A9E75 6 Bytes JMP 713E000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] USER32.dll!RegisterRawInputDevices 7E3BCBD4 3 Bytes [FF, 25, 1E]
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] USER32.dll!RegisterRawInputDevices + 4 7E3BCBD8 2 Bytes [16, 71]
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 6 Bytes JMP 70F6000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!RegQueryValueExW 77DA6FFF 6 Bytes JMP 70E4000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!RegCreateKeyExW 77DA776C 6 Bytes JMP 7108000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!RegOpenKeyExA 77DA7852 6 Bytes JMP 70F9000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!RegOpenKeyW 77DA7946 6 Bytes JMP 70FC000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!OpenProcessToken 77DA798B 6 Bytes JMP 709C000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!RegQueryValueExA 77DA7ABB 6 Bytes JMP 70E7000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!RegSetValueExW 77DAD747 6 Bytes JMP 70F0000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!RegQueryValueW 77DAD85A 6 Bytes JMP 70EA000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 6 Bytes JMP 710B000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!RegSetValueExA 77DAEAC7 6 Bytes JMP 70F3000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 6 Bytes JMP 70FF000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!AdjustTokenPrivileges 77DAEFEC 6 Bytes JMP 7093000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!RegDeleteKeyA 77DB4288 6 Bytes JMP 706F000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!RegDeleteKeyW 77DB5583 6 Bytes JMP 706C000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!OpenSCManagerW 77DB6F3D 6 Bytes JMP 70CC000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!OpenSCManagerA 77DC6996 6 Bytes JMP 70CF000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!LookupPrivilegeValueW 77DCB8C7 6 Bytes JMP 7096000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 6 Bytes JMP 7102000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!RegQueryValueA 77DCBB75 4 Bytes JMP EC001E25
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!RegQueryValueA + 5 77DCBB7A 1 Byte [70]
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 6 Bytes JMP 7105000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!LookupPrivilegeValueA 77DCC220 6 Bytes JMP 7099000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!LsaRemoveAccountRights 77DEAB91 6 Bytes JMP 7168000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!CreateServiceA 77E07359 6 Bytes JMP 7120000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!CreateServiceW 77E074F1 6 Bytes JMP 711D000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] SHELL32.dll!ShellExecuteExW 7E6B25D3 6 Bytes JMP 7144000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] SHELL32.dll!Shell_NotifyIcon 7E6D18BE 6 Bytes JMP 70B1000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] SHELL32.dll!Shell_NotifyIconW 7E6D62A5 6 Bytes JMP 70AE000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] SHELL32.dll!ShellExecuteEx 7E6F0E95 6 Bytes JMP 7147000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] SHELL32.dll!ShellExecuteA 7E6F11C0 6 Bytes JMP 714D000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] SHELL32.dll!ShellExecuteW 7E7659D0 6 Bytes JMP 714A000A
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] ntdll.dll!NtLoadDriver 7C91D46E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [22, 71]
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] ntdll.dll!NtSuspendProcess 7C91DE2E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] ntdll.dll!NtSuspendProcess + 4 7C91DE32 2 Bytes [3A, 71]
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] kernel32.dll!DeviceIoControl 7C801629 3 Bytes [FF, 25, 1E]
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] kernel32.dll!DeviceIoControl + 4 7C80162D 2 Bytes [AA, 70]
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] kernel32.dll!VirtualAlloc 7C809AA1 6 Bytes JMP 70D5000A
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] kernel32.dll!MultiByteToWideChar 7C809C48 6 Bytes JMP 7084000A
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] kernel32.dll!LoadResource 7C80A005 6 Bytes JMP 70C0000A
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] kernel32.dll!WideCharToMultiByte 7C80A124 6 Bytes JMP 7063000A
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] kernel32.dll!GetProcAddress 7C80ADF0 6 Bytes JMP 7114000A
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] kernel32.dll!LoadLibraryW 7C80AE9B 6 Bytes JMP 715C000A
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] kernel32.dll!CreateMutexW 7C80E907 6 Bytes JMP 708D000A
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] kernel32.dll!CreateMutexA 7C80E98F 6 Bytes JMP 7090000A
.text

Polarbär 29.07.2012 14:27
Gmer 3:teil
Zitat:
c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!openmutexw 7c80e9e5 6 bytes jmp 7087000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!openmutexa 7c80ea6b 6 bytes jmp 708a000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!getvolumeinformationw 7c80fa35 6 bytes jmp 710e000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!createremotethread 7c81047c 3 bytes [ff, 25, 1e]
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!createremotethread + 4 7c810480 2 bytes [6d, 71]
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!createthread 7c810687 6 bytes jmp 70d8000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!createfilew 7c8107b0 6 bytes jmp 70e1000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!writefile 7c810dd7 6 bytes jmp 70a2000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!terminatethread 7c81caeb 6 bytes jmp 7138000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!movefilew 7c821211 6 bytes jmp 705d000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!createdirectorya 7c82175c 6 bytes jmp 70a8000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!getvolumeinformationa 7c821b55 6 bytes jmp 7111000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!copyfileexw 7c827ae2 6 bytes jmp 70b4000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!copyfilea 7c82869e 6 bytes jmp 70bd000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!copyfilew 7c82f82b 6 bytes jmp 70ba000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!openprocess 7c830999 6 bytes jmp 7054000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!deletefilea 7c831e8d 6 bytes jmp 7075000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!deletefilew 7c831f13 6 bytes jmp 7072000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!createdirectoryw 7c8323b2 6 bytes jmp 70a5000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!movefileexw 7c83563b 6 bytes jmp 7057000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!movefilea 7c835e6f 6 bytes jmp 7060000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!debugactiveprocess 7c85af93 6 bytes jmp 7135000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!movefileexa 7c85e333 6 bytes jmp 705a000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!copyfileexa 7c85f234 6 bytes jmp 70b7000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!winexec 7c8622b5 6 bytes jmp 7141000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!setthreadcontext 7c8639b1 6 bytes jmp 709f000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!createtoolhelp32snapshot 7c865a27 6 bytes jmp 70db000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!getbinarytypew + 80 7c868b34 1 byte [62]
.text c:\programme\medion info display\mdionlcm.exe[812] user32.dll!setwindowtextw 7e36bc36 6 bytes jmp 7066000a
.text c:\programme\medion info display\mdionlcm.exe[812] user32.dll!getkeystate 7e36c505 6 bytes jmp 7132000a
.text c:\programme\medion info display\mdionlcm.exe[812] user32.dll!getwindowtextw 7e36cdb6 6 bytes jmp 70c6000a
.text c:\programme\medion info display\mdionlcm.exe[812] user32.dll!drawtextw 7e36d7c2 6 bytes jmp 707e000a
.text c:\programme\medion info display\mdionlcm.exe[812] user32.dll!showwindow 7e36d8a4 3 bytes [ff, 25, 1e]
.text c:\programme\medion info display\mdionlcm.exe[812] user32.dll!showwindow + 4 7e36d8a8 2 bytes [c2, 70]
.text c:\programme\medion info display\mdionlcm.exe[812] user32.dll!getkeyboardstate 7e36ef29 3 bytes [ff, 25, 1e]
.text c:\programme\medion info display\mdionlcm.exe[812] user32.dll!getkeyboardstate + 4 7e36ef2d 2 bytes [2b, 71]
.text c:\programme\medion info display\mdionlcm.exe[812] user32.dll!getasynckeystate 7e36f3b3 6 bytes jmp 712f000a
.text c:\programme\medion info display\mdionlcm.exe[812] user32.dll!createwindowexw 7e36fc25 6 bytes jmp 7078000a
.text c:\programme\medion info display\mdionlcm.exe[812] user32.dll!createwindowexa 7e36ff33 6 bytes jmp 707b000a
.text c:\programme\medion info display\mdionlcm.exe[812] user32.dll!setwindowshookexw 7e37ddb5 6 bytes jmp 7156000a
.text c:\programme\medion info display\mdionlcm.exe[812] user32.dll!setwindowtexta 7e37f52b 6 bytes jmp 7069000a
.text c:\programme\medion info display\mdionlcm.exe[812] user32.dll!setwindowshookexa 7e3811d1 6 bytes jmp 7159000a
.text c:\programme\medion info display\mdionlcm.exe[812] user32.dll!setwineventhook 7e3817b7 6 bytes jmp 711a000a
.text c:\programme\medion info display\mdionlcm.exe[812] user32.dll!getwindowtexta 7e38212b 6 bytes jmp 70c9000a
.text c:\programme\medion info display\mdionlcm.exe[812] user32.dll!drawtexta 7e38c6ca 6 bytes jmp 7081000a
.text c:\programme\medion info display\mdionlcm.exe[812] user32.dll!ddeconnect 7e3a7f93 6 bytes jmp 7129000a
.text c:\programme\medion info display\mdionlcm.exe[812] user32.dll!endtask 7e3a9e75 6 bytes jmp 713e000a
.text c:\programme\medion info display\mdionlcm.exe[812] user32.dll!registerrawinputdevices 7e3bcbd4 3 bytes [ff, 25, 1e]
.text c:\programme\medion info display\mdionlcm.exe[812] user32.dll!registerrawinputdevices + 4 7e3bcbd8 2 bytes [16, 71]
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!regopenkeyexw 77da6aaf 6 bytes jmp 70f6000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!regqueryvalueexw 77da6fff 6 bytes jmp 70e4000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!regcreatekeyexw 77da776c 6 bytes jmp 7108000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!regopenkeyexa 77da7852 6 bytes jmp 70f9000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!regopenkeyw 77da7946 6 bytes jmp 70fc000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!openprocesstoken 77da798b 6 bytes jmp 709c000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!regqueryvalueexa 77da7abb 6 bytes jmp 70e7000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!regsetvalueexw 77dad747 6 bytes jmp 70f0000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!regqueryvaluew 77dad85a 6 bytes jmp 70ea000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!regcreatekeyexa 77dae9d4 6 bytes jmp 710b000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!regsetvalueexa 77daeac7 6 bytes jmp 70f3000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!regopenkeya 77daefa8 6 bytes jmp 70ff000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!adjusttokenprivileges 77daefec 6 bytes jmp 7093000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!regdeletekeya 77db4288 6 bytes jmp 706f000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!regdeletekeyw 77db5583 6 bytes jmp 706c000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!openscmanagerw 77db6f3d 6 bytes jmp 70cc000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!openscmanagera 77dc6996 6 bytes jmp 70cf000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!lookupprivilegevaluew 77dcb8c7 6 bytes jmp 7096000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!regcreatekeyw 77dcba3d 6 bytes jmp 7102000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!regqueryvaluea 77dcbb75 4 bytes jmp ec001e25
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!regqueryvaluea + 5 77dcbb7a 1 byte [70]
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!regcreatekeya 77dcbcdb 6 bytes jmp 7105000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!lookupprivilegevaluea 77dcc220 6 bytes jmp 7099000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!lsaremoveaccountrights 77deab91 6 bytes jmp 7168000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!createservicea 77e07359 6 bytes jmp 7120000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!createservicew 77e074f1 6 bytes jmp 711d000a
.text c:\programme\medion info display\mdionlcm.exe[812] shell32.dll!shellexecuteexw 7e6b25d3 6 bytes jmp 7144000a
.text c:\programme\medion info display\mdionlcm.exe[812] shell32.dll!shell_notifyicon 7e6d18be 6 bytes jmp 70b1000a
.text c:\programme\medion info display\mdionlcm.exe[812] shell32.dll!shell_notifyiconw 7e6d62a5 6 bytes jmp 70ae000a
.text c:\programme\medion info display\mdionlcm.exe[812] shell32.dll!shellexecuteex 7e6f0e95 6 bytes jmp 7147000a
.text c:\programme\medion info display\mdionlcm.exe[812] shell32.dll!shellexecutea 7e6f11c0 6 bytes jmp 714d000a
.text c:\programme\medion info display\mdionlcm.exe[812] shell32.dll!shellexecutew 7e7659d0 6 bytes jmp 714a000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] ntdll.dll!ntloaddriver 7c91d46e 3 bytes [ff, 25, 1e]
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] ntdll.dll!ntloaddriver + 4 7c91d472 2 bytes [22, 71]
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] ntdll.dll!ntsuspendprocess 7c91de2e 3 bytes [ff, 25, 1e]
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] ntdll.dll!ntsuspendprocess + 4 7c91de32 2 bytes [3a, 71]
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] ntdll.dll!rtldossearchpath_u + 1d1 7c926ada 1 byte [62]
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!deviceiocontrol 7c801629 3 bytes [ff, 25, 1e]
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!deviceiocontrol + 4 7c80162d 2 bytes [aa, 70]
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!createfilea 7c801a28 6 bytes jmp 70de000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!virtualprotectex 7c801a61 6 bytes jmp 7126000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!virtualprotect 7c801ad4 6 bytes jmp 70d2000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!loadlibraryexw 7c801af5 6 bytes jmp 716b000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!loadlibrarya 7c801d7b 6 bytes jmp 715f000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!terminateprocess 7c801e1a 6 bytes jmp 7165000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!writeprocessmemory 7c802213 6 bytes jmp 7162000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!createprocessw 7c802336 6 bytes jmp 7150000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!createprocessa 7c80236b 6 bytes jmp 7153000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!virtualalloc 7c809aa1 6 bytes jmp 70d5000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!multibytetowidechar 7c809c48 6 bytes jmp 7084000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!loadresource 7c80a005 6 bytes jmp 70c0000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!widechartomultibyte 7c80a124 6 bytes jmp 7063000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!getprocaddress 7c80adf0 6 bytes jmp 7114000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!loadlibraryw 7c80ae9b 6 bytes jmp 715c000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!createmutexw 7c80e907 6 bytes jmp 708d000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!createmutexa 7c80e98f 6 bytes jmp 7090000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!openmutexw 7c80e9e5 6 bytes jmp 7087000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!openmutexa 7c80ea6b 6 bytes jmp 708a000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!getvolumeinformationw 7c80fa35 6 bytes jmp 710e000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!createremotethread 7c81047c 3 bytes [ff, 25, 1e]
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!createremotethread + 4 7c810480 2 bytes [6d, 71]
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!createthread 7c810687 6 bytes jmp 70d8000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!createfilew 7c8107b0 6 bytes jmp 70e1000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!writefile 7c810dd7 6 bytes jmp 70a2000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!terminatethread 7c81caeb 6 bytes jmp 7138000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!movefilew 7c821211 6 bytes jmp 705d000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!createdirectorya 7c82175c 6 bytes jmp 70a8000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!getvolumeinformationa 7c821b55 6 bytes jmp 7111000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!copyfileexw 7c827ae2 6 bytes jmp 70b4000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!copyfilea 7c82869e 6 bytes jmp 70bd000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!copyfilew 7c82f82b 6 bytes jmp 70ba000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!openprocess 7c830999 6 bytes jmp 7054000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!deletefilea 7c831e8d 6 bytes jmp 7075000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!deletefilew 7c831f13 6 bytes jmp 7072000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!createdirectoryw 7c8323b2 6 bytes jmp 70a5000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!movefileexw 7c83563b 6 bytes jmp 7057000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!movefilea 7c835e6f 6 bytes jmp 7060000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!debugactiveprocess 7c85af93 6 bytes jmp 7135000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!movefileexa 7c85e333 6 bytes jmp 705a000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!copyfileexa 7c85f234 6 bytes jmp 70b7000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!winexec 7c8622b5 6 bytes jmp 7141000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!setthreadcontext 7c8639b1 6 bytes jmp 709f000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!createtoolhelp32snapshot 7c865a27 6 bytes jmp 70db000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!getbinarytypew + 80 7c868b34 1 byte [62]
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!regopenkeyexw 77da6aaf 6 bytes jmp 70f6000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!regqueryvalueexw 77da6fff 6 bytes jmp 70e4000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!regcreatekeyexw 77da776c 6 bytes jmp 7108000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!regopenkeyexa 77da7852 6 bytes jmp 70f9000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!regopenkeyw 77da7946 6 bytes jmp 70fc000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!openprocesstoken 77da798b 6 bytes jmp 709c000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!regqueryvalueexa 77da7abb 6 bytes jmp 70e7000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!regsetvalueexw 77dad747 6 bytes jmp 70f0000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!regqueryvaluew 77dad85a 6 bytes jmp 70ea000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!regcreatekeyexa 77dae9d4 6 bytes jmp 710b000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!regsetvalueexa 77daeac7 6 bytes jmp 70f3000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!regopenkeya 77daefa8 6 bytes jmp 70ff000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!adjusttokenprivileges 77daefec 6 bytes jmp 7093000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!regdeletekeya 77db4288 6 bytes jmp 706f000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!regdeletekeyw 77db5583 6 bytes jmp 706c000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!openscmanagerw 77db6f3d 6 bytes jmp 70cc000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!openscmanagera 77dc6996 6 bytes jmp 70cf000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!lookupprivilegevaluew 77dcb8c7 6 bytes jmp 7096000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!regcreatekeyw 77dcba3d 6 bytes jmp 7102000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!regqueryvaluea 77dcbb75 4 bytes jmp ec001e25
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!regqueryvaluea + 5 77dcbb7a 1 byte [70]
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!regcreatekeya 77dcbcdb 6 bytes jmp 7105000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!lookupprivilegevaluea 77dcc220 6 bytes jmp 7099000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!lsaremoveaccountrights 77deab91 6 bytes jmp 7168000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!createservicea 77e07359 6 bytes jmp 7120000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!createservicew 77e074f1 6 bytes jmp 711d000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] user32.dll!setwindowtextw 7e36bc36 6 bytes jmp 7066000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] user32.dll!getkeystate 7e36c505 6 bytes jmp 7132000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] user32.dll!getwindowtextw 7e36cdb6 6 bytes jmp 70c6000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] user32.dll!drawtextw 7e36d7c2 6 bytes jmp 707e000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] user32.dll!showwindow 7e36d8a4 3 bytes [ff, 25, 1e]
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] user32.dll!showwindow + 4 7e36d8a8 2 bytes [c2, 70]
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] user32.dll!getkeyboardstate 7e36ef29 3 bytes [ff, 25, 1e]
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] user32.dll!getkeyboardstate + 4 7e36ef2d 2 bytes [2b, 71]
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] user32.dll!getasynckeystate 7e36f3b3 6 bytes jmp 712f000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] user32.dll!createwindowexw 7e36fc25 6 bytes jmp 7078000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] user32.dll!createwindowexa 7e36ff33 6 bytes jmp 707b000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] user32.dll!setwindowshookexw 7e37ddb5 6 bytes jmp 7156000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] user32.dll!setwindowtexta 7e37f52b 6 bytes jmp 7069000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] user32.dll!setwindowshookexa 7e3811d1 6 bytes jmp 7159000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] user32.dll!setwineventhook 7e3817b7 6 bytes jmp 711a000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] user32.dll!getwindowtexta 7e38212b 6 bytes jmp 70c9000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] user32.dll!drawtexta 7e38c6ca 6 bytes jmp 7081000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] user32.dll!ddeconnect 7e3a7f93 6 bytes jmp 7129000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] user32.dll!endtask 7e3a9e75 6 bytes jmp 713e000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] user32.dll!registerrawinputdevices 7e3bcbd4 3 bytes [ff, 25, 1e]
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] user32.dll!registerrawinputdevices + 4 7e3bcbd8 2 bytes [16, 71]
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] shell32.dll!shellexecuteexw 7e6b25d3 6 bytes jmp 7144000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] shell32.dll!shell_notifyicon 7e6d18be 6 bytes jmp 70b1000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] shell32.dll!shell_notifyiconw 7e6d62a5 6 bytes jmp 70ae000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] shell32.dll!shellexecuteex 7e6f0e95 6 bytes jmp 7147000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] shell32.dll!shellexecutea 7e6f11c0 6 bytes jmp 714d000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] shell32.dll!shellexecutew 7e7659d0 6 bytes jmp 714a000a
.text c:\windows\rthdcpl.exe[828] ntdll.dll!ntloaddriver 7c91d46e 3 bytes [ff, 25, 1e]
.text c:\windows\rthdcpl.exe[828] ntdll.dll!ntloaddriver + 4 7c91d472 2 bytes [22, 71]
.text c:\windows\rthdcpl.exe[828] ntdll.dll!ntsuspendprocess 7c91de2e 3 bytes [ff, 25, 1e]
.text c:\windows\rthdcpl.exe[828] ntdll.dll!ntsuspendprocess + 4 7c91de32 2 bytes [3a, 71]
.text c:\windows\rthdcpl.exe[828] ntdll.dll!rtldossearchpath_u + 1d1 7c926ada 1 byte [62]
.text c:\windows\rthdcpl.exe[828] kernel32.dll!deviceiocontrol 7c801629 3 bytes [ff, 25, 1e]
.text c:\windows\rthdcpl.exe[828] kernel32.dll!deviceiocontrol + 4 7c80162d 2 bytes [aa, 70]
.text c:\windows\rthdcpl.exe[828] kernel32.dll!createfilea 7c801a28 6 bytes jmp 70de000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!virtualprotectex 7c801a61 6 bytes jmp 7126000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!virtualprotect 7c801ad4 6 bytes jmp 70d2000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!loadlibraryexw 7c801af5 6 bytes jmp 716b000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!loadlibrarya 7c801d7b 6 bytes jmp 715f000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!terminateprocess 7c801e1a 6 bytes jmp 7165000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!writeprocessmemory 7c802213 6 bytes jmp 7162000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!createprocessw 7c802336 6 bytes jmp 7150000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!createprocessa 7c80236b 6 bytes jmp 7153000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!virtualalloc 7c809aa1 6 bytes jmp 70d5000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!multibytetowidechar 7c809c48 6 bytes jmp 7084000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!loadresource 7c80a005 6 bytes jmp 70c0000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!widechartomultibyte 7c80a124 6 bytes jmp 7063000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!getprocaddress 7c80adf0 6 bytes jmp 7114000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!loadlibraryw 7c80ae9b 6 bytes jmp 715c000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!createmutexw 7c80e907 6 bytes jmp 708d000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!createmutexa 7c80e98f 6 bytes jmp 7090000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!openmutexw 7c80e9e5 6 bytes jmp 7087000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!openmutexa 7c80ea6b 6 bytes jmp 708a000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!getvolumeinformationw 7c80fa35 6 bytes jmp 710e000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!createremotethread 7c81047c 3 bytes [ff, 25, 1e]
.text c:\windows\rthdcpl.exe[828] kernel32.dll!createremotethread + 4 7c810480 2 bytes [6d, 71]
.text c:\windows\rthdcpl.exe[828] kernel32.dll!createthread 7c810687 6 bytes jmp 70d8000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!createfilew 7c8107b0 6 bytes jmp 70e1000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!writefile 7c810dd7 6 bytes jmp 70a2000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!terminatethread 7c81caeb 6 bytes jmp 7138000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!movefilew 7c821211 6 bytes jmp 705d000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!createdirectorya 7c82175c 6 bytes jmp 70a8000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!getvolumeinformationa 7c821b55 6 bytes jmp 7111000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!copyfileexw 7c827ae2 6 bytes jmp 70b4000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!copyfilea 7c82869e 6 bytes jmp 70bd000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!copyfilew 7c82f82b 6 bytes jmp 70ba000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!openprocess 7c830999 6 bytes jmp 7054000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!deletefilea 7c831e8d 6 bytes jmp 7075000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!deletefilew 7c831f13 6 bytes jmp 7072000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!createdirectoryw 7c8323b2 6 bytes jmp 70a5000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!movefileexw 7c83563b 6 bytes jmp 7057000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!movefilea 7c835e6f 6 bytes jmp 7060000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!debugactiveprocess 7c85af93 6 bytes jmp 7135000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!movefileexa 7c85e333 6 bytes jmp 705a000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!copyfileexa 7c85f234 6 bytes jmp 70b7000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!winexec 7c8622b5 6 bytes jmp 7141000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!setthreadcontext 7c8639b1 6 bytes jmp 709f000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!createtoolhelp32snapshot 7c865a27 6 bytes jmp 70db000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!getbinarytypew + 80 7c868b34 1 byte [62]
.text c:\windows\rthdcpl.exe[828] user32.dll!setwindowtextw 7e36bc36 6 bytes jmp 7066000a
.text c:\windows\rthdcpl.exe[828] user32.dll!getkeystate 7e36c505 6 bytes jmp 7132000a
.text c:\windows\rthdcpl.exe[828] user32.dll!getwindowtextw 7e36cdb6 6 bytes jmp 70c6000a
.text c:\windows\rthdcpl.exe[828] user32.dll!drawtextw 7e36d7c2 6 bytes jmp 707e000a
.text c:\windows\rthdcpl.exe[828] user32.dll!showwindow 7e36d8a4 3 bytes [ff, 25, 1e]
.text c:\windows\rthdcpl.exe[828] user32.dll!showwindow + 4 7e36d8a8 2 bytes [c2, 70]
.text c:\windows\rthdcpl.exe[828] user32.dll!getkeyboardstate 7e36ef29 3 bytes [ff, 25, 1e]
.text c:\windows\rthdcpl.exe[828] user32.dll!getkeyboardstate + 4 7e36ef2d 2 bytes [2b, 71]
.text c:\windows\rthdcpl.exe[828] user32.dll!getasynckeystate 7e36f3b3 6 bytes jmp 712f000a
.text c:\windows\rthdcpl.exe[828] user32.dll!createwindowexw 7e36fc25 6 bytes jmp 7078000a
.text c:\windows\rthdcpl.exe[828] user32.dll!createwindowexa 7e36ff33 6 bytes jmp 707b000a
.text c:\windows\rthdcpl.exe[828] user32.dll!setwindowshookexw 7e37ddb5 6 bytes jmp 7156000a
.text c:\windows\rthdcpl.exe[828] user32.dll!setwindowtexta 7e37f52b 6 bytes jmp 7069000a
.text c:\windows\rthdcpl.exe[828] user32.dll!setwindowshookexa 7e3811d1 6 bytes jmp 7159000a
.text c:\windows\rthdcpl.exe[828] user32.dll!setwineventhook 7e3817b7 6 bytes jmp 711a000a
.text c:\windows\rthdcpl.exe[828] user32.dll!getwindowtexta 7e38212b 6 bytes jmp 70c9000a
.text c:\windows\rthdcpl.exe[828] user32.dll!drawtexta 7e38c6ca 6 bytes jmp 7081000a
.text c:\windows\rthdcpl.exe[828] user32.dll!ddeconnect 7e3a7f93 6 bytes jmp 7129000a
.text c:\windows\rthdcpl.exe[828] user32.dll!endtask 7e3a9e75 6 bytes jmp 713e000a
.text c:\windows\rthdcpl.exe[828] user32.dll!registerrawinputdevices 7e3bcbd4 3 bytes [ff, 25, 1e]
.text c:\windows\rthdcpl.exe[828] user32.dll!registerrawinputdevices + 4 7e3bcbd8 2 bytes [16, 71]
.text c:\windows\rthdcpl.exe[828] advapi32.dll!regopenkeyexw 77da6aaf 6 bytes jmp 70f6000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!regqueryvalueexw 77da6fff 6 bytes jmp 70e4000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!regcreatekeyexw 77da776c 6 bytes jmp 7108000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!regopenkeyexa 77da7852 6 bytes jmp 70f9000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!regopenkeyw 77da7946 6 bytes jmp 70fc000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!openprocesstoken 77da798b 6 bytes jmp 709c000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!regqueryvalueexa 77da7abb 6 bytes jmp 70e7000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!regsetvalueexw 77dad747 6 bytes jmp 70f0000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!regqueryvaluew 77dad85a 6 bytes jmp 70ea000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!regcreatekeyexa 77dae9d4 6 bytes jmp 710b000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!regsetvalueexa 77daeac7 6 bytes jmp 70f3000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!regopenkeya 77daefa8 6 bytes jmp 70ff000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!adjusttokenprivileges 77daefec 6 bytes jmp 7093000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!regdeletekeya 77db4288 6 bytes jmp 706f000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!regdeletekeyw 77db5583 6 bytes jmp 706c000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!openscmanagerw 77db6f3d 6 bytes jmp 70cc000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!openscmanagera 77dc6996 6 bytes jmp 70cf000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!lookupprivilegevaluew 77dcb8c7 6 bytes jmp 7096000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!regcreatekeyw 77dcba3d 6 bytes jmp 7102000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!regqueryvaluea 77dcbb75 4 bytes jmp ec001e25
.text c:\windows\rthdcpl.exe[828] advapi32.dll!regqueryvaluea + 5 77dcbb7a 1 byte [70]
.text c:\windows\rthdcpl.exe[828] advapi32.dll!regcreatekeya 77dcbcdb 6 bytes jmp 7105000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!lookupprivilegevaluea 77dcc220 6 bytes jmp 7099000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!lsaremoveaccountrights 77deab91 6 bytes jmp 7168000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!createservicea 77e07359 6 bytes jmp 7120000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!createservicew 77e074f1 6 bytes jmp 711d000a
.text c:\windows\rthdcpl.exe[828] shell32.dll!shellexecuteexw 7e6b25d3 6 bytes jmp 7144000a
.text c:\windows\rthdcpl.exe[828] shell32.dll!shell_notifyicon 7e6d18be 6 bytes jmp 70b1000a
.text c:\windows\rthdcpl.exe[828] shell32.dll!shell_notifyiconw 7e6d62a5 6 bytes jmp 70ae000a
.text c:\windows\rthdcpl.exe[828] shell32.dll!shellexecuteex 7e6f0e95 6 bytes jmp 7147000a
.text c:\windows\rthdcpl.exe[828] shell32.dll!shellexecutea 7e6f11c0 6 bytes jmp 714d000a
.text c:\windows\rthdcpl.exe[828] shell32.dll!shellexecutew 7e7659d0 6 bytes jmp 714a000a

Polarbär 29.07.2012 14:29
Gmer 4.teil
Zitat:
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] ntdll.dll!ntloaddriver 7c91d46e 3 bytes [ff, 25, 1e]
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] ntdll.dll!ntloaddriver + 4 7c91d472 2 bytes [22, 71]
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] ntdll.dll!ntsuspendprocess 7c91de2e 3 bytes [ff, 25, 1e]
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] ntdll.dll!ntsuspendprocess + 4 7c91de32 2 bytes [3a, 71]
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] ntdll.dll!rtldossearchpath_u + 1d1 7c926ada 1 byte [62]
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!deviceiocontrol 7c801629 3 bytes [ff, 25, 1e]
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!deviceiocontrol + 4 7c80162d 2 bytes [aa, 70]
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!createfilea 7c801a28 6 bytes jmp 70de000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!virtualprotectex 7c801a61 6 bytes jmp 7126000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!virtualprotect 7c801ad4 6 bytes jmp 70d2000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!loadlibraryexw 7c801af5 6 bytes jmp 716b000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!loadlibrarya 7c801d7b 6 bytes jmp 715f000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!terminateprocess 7c801e1a 6 bytes jmp 7165000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!writeprocessmemory 7c802213 6 bytes jmp 7162000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!createprocessw 7c802336 6 bytes jmp 7150000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!createprocessa 7c80236b 6 bytes jmp 7153000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!virtualalloc 7c809aa1 6 bytes jmp 70d5000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!multibytetowidechar 7c809c48 6 bytes jmp 707e000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!loadresource 7c80a005 6 bytes jmp 70c0000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!widechartomultibyte 7c80a124 6 bytes jmp 705d000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!getprocaddress 7c80adf0 6 bytes jmp 7114000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!loadlibraryw 7c80ae9b 6 bytes jmp 715c000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!createmutexw 7c80e907 6 bytes jmp 7087000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!createmutexa 7c80e98f 6 bytes jmp 708a000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!openmutexw 7c80e9e5 6 bytes jmp 7081000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!openmutexa 7c80ea6b 6 bytes jmp 7084000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!getvolumeinformationw 7c80fa35 6 bytes jmp 710e000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!createremotethread 7c81047c 3 bytes [ff, 25, 1e]
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!createremotethread + 4 7c810480 2 bytes [6d, 71]
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!createthread 7c810687 6 bytes jmp 70d8000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!createfilew 7c8107b0 6 bytes jmp 70e1000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!writefile 7c810dd7 6 bytes jmp 709c000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!terminatethread 7c81caeb 6 bytes jmp 7138000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!movefilew 7c821211 6 bytes jmp 7057000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!createdirectorya 7c82175c 6 bytes jmp 70a2000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!getvolumeinformationa 7c821b55 6 bytes jmp 7111000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!copyfileexw 7c827ae2 6 bytes jmp 70b4000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!copyfilea 7c82869e 6 bytes jmp 70bd000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!copyfilew 7c82f82b 6 bytes jmp 70ba000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!openprocess 7c830999 6 bytes jmp 704e000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!deletefilea 7c831e8d 6 bytes jmp 706f000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!deletefilew 7c831f13 6 bytes jmp 706c000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!createdirectoryw 7c8323b2 6 bytes jmp 709f000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!movefileexw 7c83563b 6 bytes jmp 7051000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!movefilea 7c835e6f 6 bytes jmp 705a000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!debugactiveprocess 7c85af93 6 bytes jmp 7135000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!movefileexa 7c85e333 6 bytes jmp 7054000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!copyfileexa 7c85f234 6 bytes jmp 70b7000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!winexec 7c8622b5 6 bytes jmp 7141000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!setthreadcontext 7c8639b1 6 bytes jmp 7099000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!createtoolhelp32snapshot 7c865a27 6 bytes jmp 70db000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!getbinarytypew + 80 7c868b34 1 byte [62]
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!regopenkeyexw 77da6aaf 6 bytes jmp 70f6000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!regqueryvalueexw 77da6fff 6 bytes jmp 70e4000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!regcreatekeyexw 77da776c 6 bytes jmp 7108000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!regopenkeyexa 77da7852 6 bytes jmp 70f9000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!regopenkeyw 77da7946 6 bytes jmp 70fc000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!openprocesstoken 77da798b 6 bytes jmp 7096000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!regqueryvalueexa 77da7abb 6 bytes jmp 70e7000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!regsetvalueexw 77dad747 6 bytes jmp 70f0000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!regqueryvaluew 77dad85a 6 bytes jmp 70ea000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!regcreatekeyexa 77dae9d4 6 bytes jmp 710b000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!regsetvalueexa 77daeac7 6 bytes jmp 70f3000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!regopenkeya 77daefa8 6 bytes jmp 70ff000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!adjusttokenprivileges 77daefec 6 bytes jmp 708d000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!regdeletekeya 77db4288 6 bytes jmp 7069000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!regdeletekeyw 77db5583 6 bytes jmp 7066000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!openscmanagerw 77db6f3d 6 bytes jmp 70cc000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!openscmanagera 77dc6996 6 bytes jmp 70cf000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!lookupprivilegevaluew 77dcb8c7 6 bytes jmp 7090000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!regcreatekeyw 77dcba3d 6 bytes jmp 7102000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!regqueryvaluea 77dcbb75 4 bytes jmp ec001e25
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!regqueryvaluea + 5 77dcbb7a 1 byte [70]
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!regcreatekeya 77dcbcdb 6 bytes jmp 7105000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!lookupprivilegevaluea 77dcc220 6 bytes jmp 7093000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!lsaremoveaccountrights 77deab91 6 bytes jmp 7168000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!createservicea 77e07359 6 bytes jmp 7120000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!createservicew 77e074f1 6 bytes jmp 711d000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] user32.dll!setwindowtextw 7e36bc36 6 bytes jmp 7060000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] user32.dll!getkeystate 7e36c505 6 bytes jmp 7132000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] user32.dll!getwindowtextw 7e36cdb6 6 bytes jmp 70c6000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] user32.dll!drawtextw 7e36d7c2 6 bytes jmp 7078000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] user32.dll!showwindow 7e36d8a4 3 bytes [ff, 25, 1e]
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] user32.dll!showwindow + 4 7e36d8a8 2 bytes [c2, 70]
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] user32.dll!getkeyboardstate 7e36ef29 3 bytes [ff, 25, 1e]
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] user32.dll!getkeyboardstate + 4 7e36ef2d 2 bytes [2b, 71]
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] user32.dll!getasynckeystate 7e36f3b3 6 bytes jmp 712f000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] user32.dll!createwindowexw 7e36fc25 6 bytes jmp 7072000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] user32.dll!createwindowexa 7e36ff33 6 bytes jmp 7075000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] user32.dll!setwindowshookexw 7e37ddb5 6 bytes jmp 7156000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] user32.dll!setwindowtexta 7e37f52b 6 bytes jmp 7063000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] user32.dll!setwindowshookexa 7e3811d1 6 bytes jmp 7159000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] user32.dll!setwineventhook 7e3817b7 6 bytes jmp 711a000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] user32.dll!getwindowtexta 7e38212b 6 bytes jmp 70c9000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] user32.dll!drawtexta 7e38c6ca 6 bytes jmp 707b000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] user32.dll!ddeconnect 7e3a7f93 6 bytes jmp 7129000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] user32.dll!endtask 7e3a9e75 6 bytes jmp 713e000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] user32.dll!registerrawinputdevices 7e3bcbd4 3 bytes [ff, 25, 1e]
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] user32.dll!registerrawinputdevices + 4 7e3bcbd8 2 bytes [16, 71]
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] wininet.dll!internetconnecta 408cdeae 6 bytes jmp 704b000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] wininet.dll!internetopenurla 408df3a4 6 bytes jmp 70a8000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] wininet.dll!internetopenurlw 40926ddf 6 bytes jmp 70a5000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] shell32.dll!shellexecuteexw 7e6b25d3 6 bytes jmp 7144000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] shell32.dll!shell_notifyicon 7e6d18be 6 bytes jmp 70b1000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] shell32.dll!shell_notifyiconw 7e6d62a5 6 bytes jmp 70ae000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] shell32.dll!shellexecuteex 7e6f0e95 6 bytes jmp 7147000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] shell32.dll!shellexecutea 7e6f11c0 6 bytes jmp 714d000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] shell32.dll!shellexecutew 7e7659d0 6 bytes jmp 714a000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] ntdll.dll!ntloaddriver 7c91d46e 3 bytes [ff, 25, 1e]
.text c:\programme\microsoft intellipoint\ipoint.exe[872] ntdll.dll!ntloaddriver + 4 7c91d472 2 bytes [22, 71]
.text c:\programme\microsoft intellipoint\ipoint.exe[872] ntdll.dll!ntsuspendprocess 7c91de2e 3 bytes [ff, 25, 1e]
.text c:\programme\microsoft intellipoint\ipoint.exe[872] ntdll.dll!ntsuspendprocess + 4 7c91de32 2 bytes [3a, 71]
.text c:\programme\microsoft intellipoint\ipoint.exe[872] ntdll.dll!rtldossearchpath_u + 1d1 7c926ada 1 byte [62]
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!deviceiocontrol 7c801629 3 bytes [ff, 25, 1e]
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!deviceiocontrol + 4 7c80162d 2 bytes [aa, 70]
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!createfilea 7c801a28 6 bytes jmp 70de000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!virtualprotectex 7c801a61 6 bytes jmp 7126000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!virtualprotect 7c801ad4 6 bytes jmp 70d2000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!loadlibraryexw 7c801af5 6 bytes jmp 716b000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!loadlibrarya 7c801d7b 6 bytes jmp 715f000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!terminateprocess 7c801e1a 6 bytes jmp 7165000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!writeprocessmemory 7c802213 6 bytes jmp 7162000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!createprocessw 7c802336 6 bytes jmp 7150000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!createprocessa 7c80236b 6 bytes jmp 7153000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!virtualalloc 7c809aa1 6 bytes jmp 70d5000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!multibytetowidechar 7c809c48 6 bytes jmp 707e000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!loadresource 7c80a005 6 bytes jmp 70c0000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!widechartomultibyte 7c80a124 6 bytes jmp 705d000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!getprocaddress 7c80adf0 6 bytes jmp 7114000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!loadlibraryw 7c80ae9b 6 bytes jmp 715c000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!createmutexw 7c80e907 6 bytes jmp 7087000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!createmutexa 7c80e98f 6 bytes jmp 708a000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!openmutexw 7c80e9e5 6 bytes jmp 7081000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!openmutexa 7c80ea6b 6 bytes jmp 7084000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!getvolumeinformationw 7c80fa35 6 bytes jmp 710e000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!createremotethread 7c81047c 3 bytes [ff, 25, 1e]
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!createremotethread + 4 7c810480 2 bytes [6d, 71]
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!createthread 7c810687 6 bytes jmp 70d8000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!createfilew 7c8107b0 6 bytes jmp 70e1000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!writefile 7c810dd7 6 bytes jmp 709c000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!terminatethread 7c81caeb 6 bytes jmp 7138000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!movefilew 7c821211 6 bytes jmp 7057000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!createdirectorya 7c82175c 6 bytes jmp 70a2000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!getvolumeinformationa 7c821b55 6 bytes jmp 7111000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!copyfileexw 7c827ae2 6 bytes jmp 70b4000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!copyfilea 7c82869e 6 bytes jmp 70bd000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!copyfilew 7c82f82b 6 bytes jmp 70ba000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!openprocess 7c830999 6 bytes jmp 704e000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!deletefilea 7c831e8d 6 bytes jmp 706f000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!deletefilew 7c831f13 6 bytes jmp 706c000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!createdirectoryw 7c8323b2 6 bytes jmp 709f000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!movefileexw 7c83563b 6 bytes jmp 7051000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!movefilea 7c835e6f 6 bytes jmp 705a000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!debugactiveprocess 7c85af93 6 bytes jmp 7135000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!movefileexa 7c85e333 6 bytes jmp 7054000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!copyfileexa 7c85f234 6 bytes jmp 70b7000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!winexec 7c8622b5 6 bytes jmp 7141000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!setthreadcontext 7c8639b1 6 bytes jmp 7099000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!createtoolhelp32snapshot 7c865a27 6 bytes jmp 70db000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!getbinarytypew + 80 7c868b34 1 byte [62]
.text c:\programme\microsoft intellipoint\ipoint.exe[872] user32.dll!setwindowtextw 7e36bc36 6 bytes jmp 7060000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] user32.dll!getkeystate 7e36c505 6 bytes jmp 7132000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] user32.dll!getwindowtextw 7e36cdb6 6 bytes jmp 70c6000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] user32.dll!drawtextw 7e36d7c2 6 bytes jmp 7078000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] user32.dll!showwindow 7e36d8a4 3 bytes [ff, 25, 1e]
.text c:\programme\microsoft intellipoint\ipoint.exe[872] user32.dll!showwindow + 4 7e36d8a8 2 bytes [c2, 70]
.text c:\programme\microsoft intellipoint\ipoint.exe[872] user32.dll!getkeyboardstate 7e36ef29 3 bytes [ff, 25, 1e]
.text c:\programme\microsoft intellipoint\ipoint.exe[872] user32.dll!getkeyboardstate + 4 7e36ef2d 2 bytes [2b, 71]
.text c:\programme\microsoft intellipoint\ipoint.exe[872] user32.dll!getasynckeystate 7e36f3b3 6 bytes jmp 712f000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] user32.dll!createwindowexw 7e36fc25 6 bytes jmp 7072000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] user32.dll!createwindowexa 7e36ff33 6 bytes jmp 7075000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] user32.dll!setwindowshookexw 7e37ddb5 6 bytes jmp 7156000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] user32.dll!setwindowtexta 7e37f52b 6 bytes jmp 7063000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] user32.dll!setwindowshookexa 7e3811d1 6 bytes jmp 7159000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] user32.dll!setwineventhook 7e3817b7 6 bytes jmp 711a000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] user32.dll!getwindowtexta 7e38212b 6 bytes jmp 70c9000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] user32.dll!drawtexta 7e38c6ca 6 bytes jmp 707b000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] user32.dll!ddeconnect 7e3a7f93 6 bytes jmp 7129000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] user32.dll!endtask 7e3a9e75 6 bytes jmp 713e000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] user32.dll!registerrawinputdevices 7e3bcbd4 3 bytes [ff, 25, 1e]
.text c:\programme\microsoft intellipoint\ipoint.exe[872] user32.dll!registerrawinputdevices + 4 7e3bcbd8 2 bytes [16, 71]
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!regopenkeyexw 77da6aaf 6 bytes jmp 70f6000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!regqueryvalueexw 77da6fff 6 bytes jmp 70e4000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!regcreatekeyexw 77da776c 6 bytes jmp 7108000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!regopenkeyexa 77da7852 6 bytes jmp 70f9000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!regopenkeyw 77da7946 6 bytes jmp 70fc000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!openprocesstoken 77da798b 6 bytes jmp 7096000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!regqueryvalueexa 77da7abb 6 bytes jmp 70e7000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!regsetvalueexw 77dad747 6 bytes jmp 70f0000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!regqueryvaluew 77dad85a 6 bytes jmp 70ea000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!regcreatekeyexa 77dae9d4 6 bytes jmp 710b000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!regsetvalueexa 77daeac7 6 bytes jmp 70f3000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!regopenkeya 77daefa8 6 bytes jmp 70ff000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!adjusttokenprivileges 77daefec 6 bytes jmp 708d000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!regdeletekeya 77db4288 6 bytes jmp 7069000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!regdeletekeyw 77db5583 6 bytes jmp 7066000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!openscmanagerw 77db6f3d 6 bytes jmp 70cc000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!openscmanagera 77dc6996 6 bytes jmp 70cf000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!lookupprivilegevaluew 77dcb8c7 6 bytes jmp 7090000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!regcreatekeyw 77dcba3d 6 bytes jmp 7102000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!regqueryvaluea 77dcbb75 4 bytes jmp ec001e25
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!regqueryvaluea + 5 77dcbb7a 1 byte [70]
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!regcreatekeya 77dcbcdb 6 bytes jmp 7105000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!lookupprivilegevaluea 77dcc220 6 bytes jmp 7093000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!lsaremoveaccountrights 77deab91 6 bytes jmp 7168000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!createservicea 77e07359 6 bytes jmp 7120000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!createservicew 77e074f1 6 bytes jmp 711d000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] shell32.dll!shellexecuteexw 7e6b25d3 6 bytes jmp 7144000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] shell32.dll!shell_notifyicon 7e6d18be 6 bytes jmp 70b1000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] shell32.dll!shell_notifyiconw 7e6d62a5 6 bytes jmp 70ae000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] shell32.dll!shellexecuteex 7e6f0e95 6 bytes jmp 7147000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] shell32.dll!shellexecutea 7e6f11c0 6 bytes jmp 714d000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] shell32.dll!shellexecutew 7e7659d0 6 bytes jmp 714a000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] wininet.dll!internetconnecta 408cdeae 6 bytes jmp 704b000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] wininet.dll!internetopenurla 408df3a4 6 bytes jmp 70a8000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] wininet.dll!internetopenurlw 40926ddf 6 bytes jmp 70a5000a
.text c:\programme\secunia\psi\psia.exe[1004] ntdll.dll!ntloaddriver 7c91d46e 3 bytes [ff, 25, 1e]
.text c:\programme\secunia\psi\psia.exe[1004] ntdll.dll!ntloaddriver + 4 7c91d472 2 bytes [22, 71]
.text c:\programme\secunia\psi\psia.exe[1004] ntdll.dll!ntsuspendprocess 7c91de2e 3 bytes [ff, 25, 1e]
.text c:\programme\secunia\psi\psia.exe[1004] ntdll.dll!ntsuspendprocess + 4 7c91de32 2 bytes [3a, 71]
.text c:\programme\secunia\psi\psia.exe[1004] ntdll.dll!rtldossearchpath_u + 1d1 7c926ada 1 byte [62]
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!deviceiocontrol 7c801629 3 bytes [ff, 25, 1e]
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!deviceiocontrol + 4 7c80162d 2 bytes [aa, 70]
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!createfilea 7c801a28 6 bytes jmp 70de000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!virtualprotectex 7c801a61 6 bytes jmp 7126000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!virtualprotect 7c801ad4 6 bytes jmp 70d2000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!loadlibraryexw 7c801af5 6 bytes jmp 716b000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!loadlibrarya 7c801d7b 6 bytes jmp 715f000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!terminateprocess 7c801e1a 6 bytes jmp 7165000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!writeprocessmemory 7c802213 6 bytes jmp 7162000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!createprocessw 7c802336 6 bytes jmp 7150000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!createprocessa 7c80236b 6 bytes jmp 7153000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!virtualalloc 7c809aa1 6 bytes jmp 70d5000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!multibytetowidechar 7c809c48 6 bytes jmp 707e000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!loadresource 7c80a005 6 bytes jmp 70c0000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!widechartomultibyte 7c80a124 6 bytes jmp 705d000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!getprocaddress 7c80adf0 6 bytes jmp 7114000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!loadlibraryw 7c80ae9b 6 bytes jmp 715c000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!createmutexw 7c80e907 6 bytes jmp 7087000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!createmutexa 7c80e98f 6 bytes jmp 708a000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!openmutexw 7c80e9e5 6 bytes jmp 7081000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!openmutexa 7c80ea6b 6 bytes jmp 7084000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!getvolumeinformationw 7c80fa35 6 bytes jmp 710e000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!createremotethread 7c81047c 3 bytes [ff, 25, 1e]
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!createremotethread + 4 7c810480 2 bytes [6d, 71]
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!createthread 7c810687 6 bytes jmp 70d8000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!createfilew 7c8107b0 6 bytes jmp 70e1000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!writefile 7c810dd7 6 bytes jmp 709c000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!terminatethread 7c81caeb 6 bytes jmp 7138000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!movefilew 7c821211 6 bytes jmp 7057000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!createdirectorya 7c82175c 6 bytes jmp 70a2000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!getvolumeinformationa 7c821b55 6 bytes jmp 7111000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!copyfileexw 7c827ae2 6 bytes jmp 70b4000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!copyfilea 7c82869e 6 bytes jmp 70bd000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!copyfilew 7c82f82b 6 bytes jmp 70ba000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!openprocess 7c830999 6 bytes jmp 704e000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!deletefilea 7c831e8d 6 bytes jmp 706f000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!deletefilew 7c831f13 6 bytes jmp 706c000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!createdirectoryw 7c8323b2 6 bytes jmp 709f000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!movefileexw 7c83563b 6 bytes jmp 7051000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!movefilea 7c835e6f 6 bytes jmp 705a000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!debugactiveprocess 7c85af93 6 bytes jmp 7135000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!movefileexa 7c85e333 6 bytes jmp 7054000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!copyfileexa 7c85f234 6 bytes jmp 70b7000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!winexec 7c8622b5 6 bytes jmp 7141000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!setthreadcontext 7c8639b1 6 bytes jmp 7099000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!createtoolhelp32snapshot 7c865a27 6 bytes jmp 70db000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!getbinarytypew + 80 7c868b34 1 byte [62]
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!regopenkeyexw 77da6aaf 6 bytes jmp 70f6000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!regqueryvalueexw 77da6fff 6 bytes jmp 70e4000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!regcreatekeyexw 77da776c 6 bytes jmp 7108000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!regopenkeyexa 77da7852 6 bytes jmp 70f9000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!regopenkeyw 77da7946 6 bytes jmp 70fc000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!openprocesstoken 77da798b 6 bytes jmp 7096000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!regqueryvalueexa 77da7abb 6 bytes jmp 70e7000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!regsetvalueexw 77dad747 6 bytes jmp 70f0000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!regqueryvaluew 77dad85a 6 bytes jmp 70ea000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!regcreatekeyexa 77dae9d4 6 bytes jmp 710b000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!regsetvalueexa 77daeac7 6 bytes jmp 70f3000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!regopenkeya 77daefa8 6 bytes jmp 70ff000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!adjusttokenprivileges 77daefec 6 bytes jmp 708d000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!regdeletekeya 77db4288 6 bytes jmp 7069000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!regdeletekeyw 77db5583 6 bytes jmp 7066000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!openscmanagerw 77db6f3d 6 bytes jmp 70cc000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!openscmanagera 77dc6996 6 bytes jmp 70cf000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!lookupprivilegevaluew 77dcb8c7 6 bytes jmp 7090000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!regcreatekeyw 77dcba3d 6 bytes jmp 7102000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!regqueryvaluea 77dcbb75 4 bytes jmp ec001e25
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!regqueryvaluea + 5 77dcbb7a 1 byte [70]
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!regcreatekeya 77dcbcdb 6 bytes jmp 7105000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!lookupprivilegevaluea 77dcc220 6 bytes jmp 7093000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!lsaremoveaccountrights 77deab91 6 bytes jmp 7168000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!createservicea 77e07359 6 bytes jmp 7120000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!createservicew 77e074f1 6 bytes jmp 711d000a
.text c:\programme\secunia\psi\psia.exe[1004] user32.dll!setwindowtextw 7e36bc36 6 bytes jmp 7060000a
.text c:\programme\secunia\psi\psia.exe[1004] user32.dll!getkeystate 7e36c505 6 bytes jmp 7132000a
.text c:\programme\secunia\psi\psia.exe[1004] user32.dll!getwindowtextw 7e36cdb6 6 bytes jmp 70c6000a
.text c:\programme\secunia\psi\psia.exe[1004] user32.dll!drawtextw 7e36d7c2 6 bytes jmp 7078000a
.text c:\programme\secunia\psi\psia.exe[1004] user32.dll!showwindow 7e36d8a4 3 bytes [ff, 25, 1e]
.text c:\programme\secunia\psi\psia.exe[1004] user32.dll!showwindow + 4 7e36d8a8 2 bytes [c2, 70]
.text c:\programme\secunia\psi\psia.exe[1004] user32.dll!getkeyboardstate 7e36ef29 3 bytes [ff, 25, 1e]
.text c:\programme\secunia\psi\psia.exe[1004] user32.dll!getkeyboardstate + 4 7e36ef2d 2 bytes [2b, 71]
.text c:\programme\secunia\psi\psia.exe[1004] user32.dll!getasynckeystate 7e36f3b3 6 bytes jmp 712f000a
.text c:\programme\secunia\psi\psia.exe[1004] user32.dll!createwindowexw 7e36fc25 6 bytes jmp 7072000a
.text c:\programme\secunia\psi\psia.exe[1004] user32.dll!createwindowexa 7e36ff33 6 bytes jmp 7075000a
.text c:\programme\secunia\psi\psia.exe[1004] user32.dll!setwindowshookexw 7e37ddb5 6 bytes jmp 7156000a
.text c:\programme\secunia\psi\psia.exe[1004] user32.dll!setwindowtexta 7e37f52b 6 bytes jmp 7063000a
.text c:\programme\secunia\psi\psia.exe[1004] user32.dll!setwindowshookexa 7e3811d1 6 bytes jmp 7159000a
.text c:\programme\secunia\psi\psia.exe[1004] user32.dll!setwineventhook 7e3817b7 6 bytes jmp 711a000a
.text c:\programme\secunia\psi\psia.exe[1004] user32.dll!getwindowtexta 7e38212b 6 bytes jmp 70c9000a
.text c:\programme\secunia\psi\psia.exe[1004] user32.dll!drawtexta 7e38c6ca 6 bytes jmp 707b000a
.text c:\programme\secunia\psi\psia.exe[1004] user32.dll!ddeconnect 7e3a7f93 6 bytes jmp 7129000a
.text c:\programme\secunia\psi\psia.exe[1004] user32.dll!endtask 7e3a9e75 6 bytes jmp 713e000a
.text c:\programme\secunia\psi\psia.exe[1004] user32.dll!registerrawinputdevices 7e3bcbd4 3 bytes [ff, 25, 1e]
.text c:\programme\secunia\psi\psia.exe[1004] user32.dll!registerrawinputdevices + 4 7e3bcbd8 2 bytes [16, 71]
.text c:\programme\secunia\psi\psia.exe[1004] wininet.dll!internetconnecta 408cdeae 6 bytes jmp 704b000a
.text c:\programme\secunia\psi\psia.exe[1004] wininet.dll!internetopenurla 408df3a4 6 bytes jmp 70a8000a
.text c:\programme\secunia\psi\psia.exe[1004] wininet.dll!internetopenurlw 40926ddf 6 bytes jmp 70a5000a
.text c:\programme\secunia\psi\psia.exe[1004] shell32.dll!shellexecuteexw 7e6b25d3 6 bytes jmp 7144000a
.text c:\programme\secunia\psi\psia.exe[1004] shell32.dll!shell_notifyicon 7e6d18be 6 bytes jmp 70b1000a
.text c:\programme\secunia\psi\psia.exe[1004] shell32.dll!shell_notifyiconw 7e6d62a5 6 bytes jmp 70ae000a
.text c:\programme\secunia\psi\psia.exe[1004] shell32.dll!shellexecuteex 7e6f0e95 6 bytes jmp 7147000a
.text c:\programme\secunia\psi\psia.exe[1004] shell32.dll!shellexecutea 7e6f11c0 6 bytes jmp 714d000a
.text c:\programme\secunia\psi\psia.exe[1004] shell32.dll!shellexecutew 7e7659d0 6 bytes jmp 714a000a
.text c:\windows\system32\csrss.exe[1016] ntdll.dll!rtldossearchpath_u + 1d1 7c926ada 1 byte [62]
.text c:\windows\system32\csrss.exe[1016] kernel32.dll!getbinarytypew + 80 7c868b34 1 byte [62]
.text c:\programme\alwil software\avast5\avastui.exe[1092] ntdll.dll!rtldossearchpath_u + 1d1 7c926ada 1 byte [62]
.text c:\programme\alwil software\avast5\avastui.exe[1092] kernel32.dll!getbinarytypew + 80 7c868b34 1 byte [62]
.text c:\windows\system32\winlogon.exe[1120] ntdll.dll!rtldossearchpath_u + 1d1 7c926ada 1 byte [62]
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!deviceiocontrol 7c801629 3 bytes [ff, 25, 1e]
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!deviceiocontrol + 4 7c80162d 2 bytes [01, 71]
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!createfilea 7c801a28 6 bytes jmp 7135000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!virtualprotect 7c801ad4 6 bytes jmp 7129000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!loadlibraryexw 7c801af5 6 bytes jmp 716b000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!virtualalloc 7c809aa1 6 bytes jmp 712c000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!multibytetowidechar 7c809c48 6 bytes jmp 70db000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!loadresource 7c80a005 6 bytes jmp 7117000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!widechartomultibyte 7c80a124 6 bytes jmp 70ba000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!getprocaddress 7c80adf0 6 bytes jmp 716e000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!createmutexw 7c80e907 6 bytes jmp 70e4000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!createmutexa 7c80e98f 6 bytes jmp 70e7000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!openmutexw 7c80e9e5 6 bytes jmp 70de000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!openmutexa 7c80ea6b 6 bytes jmp 70e1000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!getvolumeinformationw 7c80fa35 6 bytes jmp 7165000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!createthread 7c810687 6 bytes jmp 712f000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!createfilew 7c8107b0 6 bytes jmp 7138000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!writefile 7c810dd7 6 bytes jmp 70f9000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!movefilew 7c821211 6 bytes jmp 70b4000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!createdirectorya 7c82175c 6 bytes jmp 70ff000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!getvolumeinformationa 7c821b55 6 bytes jmp 7168000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!copyfileexw 7c827ae2 6 bytes jmp 710b000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!copyfilea 7c82869e 6 bytes jmp 7114000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!copyfilew 7c82f82b 6 bytes jmp 7111000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!openprocess 7c830999 6 bytes jmp 70ab000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!deletefilea 7c831e8d 6 bytes jmp 70cc000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!deletefilew 7c831f13 6 bytes jmp 70c9000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!createdirectoryw 7c8323b2 6 bytes jmp 70fc000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!movefileexw 7c83563b 6 bytes jmp 70ae000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!movefilea 7c835e6f 6 bytes jmp 70b7000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!movefileexa 7c85e333 6 bytes jmp 70b1000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!copyfileexa 7c85f234 6 bytes jmp 710e000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!setthreadcontext 7c8639b1 6 bytes jmp 70f6000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!createtoolhelp32snapshot 7c865a27 6 bytes jmp 7132000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!getbinarytypew + 80 7c868b34 1 byte [62]
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!regopenkeyexw 77da6aaf 6 bytes jmp 714d000a
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!regqueryvalueexw 77da6fff 6 bytes jmp 713b000a
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!regcreatekeyexw 77da776c 6 bytes jmp 715f000a
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!regopenkeyexa 77da7852 6 bytes jmp 7150000a
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!regopenkeyw 77da7946 6 bytes jmp 7153000a
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!openprocesstoken 77da798b 6 bytes jmp 70f3000a
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!regqueryvalueexa 77da7abb 6 bytes jmp 713e000a
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!regsetvalueexw 77dad747 6 bytes jmp 7147000a
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!regqueryvaluew 77dad85a 6 bytes jmp 7141000a
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!regcreatekeyexa 77dae9d4 6 bytes jmp 7162000a
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!regsetvalueexa 77daeac7 6 bytes jmp 714a000a
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!regopenkeya 77daefa8 6 bytes jmp 7156000a
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!adjusttokenprivileges 77daefec 6 bytes jmp 70ea000a
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!regdeletekeya 77db4288 6 bytes jmp 70c6000a
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!regdeletekeyw 77db5583 6 bytes jmp 70c3000a
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!openscmanagerw 77db6f3d 6 bytes jmp 7123000a
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!openscmanagera 77dc6996 6 bytes jmp 7126000a
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!lookupprivilegevaluew 77dcb8c7 4 bytes jmp ec001e25
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!lookupprivilegevaluew + 5 77dcb8cc 1 byte [70]
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!regcreatekeyw 77dcba3d 6 bytes jmp 7159000a
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!regqueryvaluea 77dcbb75 6 bytes jmp 7144000a
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!regcreatekeya 77dcbcdb 6 bytes jmp 715c000a
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!lookupprivilegevaluea 77dcc220 6 bytes jmp 70f0000a
.text c:\windows\system32\winlogon.exe[1120] user32.dll!setwindowtextw 7e36bc36 6 bytes jmp 70bd000a
.text c:\windows\system32\winlogon.exe[1120] user32.dll!getwindowtextw 7e36cdb6 6 bytes jmp 711d000a
.text c:\windows\system32\winlogon.exe[1120] user32.dll!drawtextw 7e36d7c2 6 bytes jmp 70d5000a
.text c:\windows\system32\winlogon.exe[1120] user32.dll!showwindow 7e36d8a4 3 bytes [ff, 25, 1e]
.text c:\windows\system32\winlogon.exe[1120] user32.dll!showwindow + 4 7e36d8a8 2 bytes [19, 71]
.text c:\windows\system32\winlogon.exe[1120] user32.dll!createwindowexw 7e36fc25 6 bytes jmp 70cf000a
.text c:\windows\system32\winlogon.exe[1120] user32.dll!createwindowexa 7e36ff33 6 bytes jmp 70d2000a
.text c:\windows\system32\winlogon.exe[1120] user32.dll!setwindowtexta 7e37f52b 6 bytes jmp 70c0000a
.text c:\windows\system32\winlogon.exe[1120] user32.dll!getwindowtexta 7e38212b 6 bytes jmp 7120000a
.text c:\windows\system32\winlogon.exe[1120] user32.dll!drawtexta 7e38c6ca 6 bytes jmp 70d8000a
.text c:\windows\system32\winlogon.exe[1120] shell32.dll!shell_notifyicon 7e6d18be 6 bytes jmp 7108000a
.text c:\windows\system32\winlogon.exe[1120] shell32.dll!shell_notifyiconw 7e6d62a5 6 bytes jmp 7105000a
.text c:\windows\system32\services.exe[1180] ntdll.dll!ntloaddriver 7c91d46e 3 bytes [ff, 25, 1e]
.text c:\windows\system32\services.exe[1180] ntdll.dll!ntloaddriver + 4 7c91d472 2 bytes [22, 71]
.text c:\windows\system32\services.exe[1180] ntdll.dll!ntsuspendprocess 7c91de2e 3 bytes [ff, 25, 1e]
.text c:\windows\system32\services.exe[1180] ntdll.dll!ntsuspendprocess + 4 7c91de32 2 bytes [3a, 71]
.text c:\windows\system32\services.exe[1180] ntdll.dll!rtldossearchpath_u + 1d1 7c926ada 1 byte [62]
.text c:\windows\system32\services.exe[1180] kernel32.dll!deviceiocontrol 7c801629 3 bytes [ff, 25, 1e]
.text c:\windows\system32\services.exe[1180] kernel32.dll!deviceiocontrol + 4 7c80162d 2 bytes [aa, 70]
.text c:\windows\system32\services.exe[1180] kernel32.dll!createfilea 7c801a28 6 bytes jmp 70de000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!virtualprotectex 7c801a61 6 bytes jmp 7126000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!virtualprotect 7c801ad4 6 bytes jmp 70d2000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!loadlibraryexw 7c801af5 6 bytes jmp 716b000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!loadlibrarya 7c801d7b 6 bytes jmp 715f000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!terminateprocess 7c801e1a 6 bytes jmp 7165000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!writeprocessmemory 7c802213 6 bytes jmp 7162000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!createprocessw 7c802336 6 bytes jmp 7150000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!createprocessa 7c80236b 6 bytes jmp 7153000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!virtualalloc 7c809aa1 6 bytes jmp 70d5000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!multibytetowidechar 7c809c48 6 bytes jmp 7084000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!loadresource 7c80a005 6 bytes jmp 70c0000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!widechartomultibyte 7c80a124 6 bytes jmp 7063000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!getprocaddress 7c80adf0 6 bytes jmp 7114000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!loadlibraryw 7c80ae9b 6 bytes jmp 715c000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!createmutexw 7c80e907 6 bytes jmp 708d000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!createmutexa 7c80e98f 6 bytes jmp 7090000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!openmutexw 7c80e9e5 6 bytes jmp 7087000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!openmutexa 7c80ea6b 6 bytes jmp 708a000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!getvolumeinformationw 7c80fa35 6 bytes jmp 710e000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!createremotethread 7c81047c 3 bytes [ff, 25, 1e]
.text c:\windows\system32\services.exe[1180] kernel32.dll!createremotethread + 4 7c810480 2 bytes [6d, 71]
.text c:\windows\system32\services.exe[1180] kernel32.dll!createthread 7c810687 6 bytes jmp 70d8000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!createfilew 7c8107b0 6 bytes jmp 70e1000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!writefile 7c810dd7 6 bytes jmp 70a2000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!terminatethread 7c81caeb 6 bytes jmp 7138000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!movefilew 7c821211 6 bytes jmp 705d000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!createdirectorya 7c82175c 6 bytes jmp 70a8000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!getvolumeinformationa 7c821b55 6 bytes jmp 7111000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!copyfileexw 7c827ae2 6 bytes jmp 70b4000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!copyfilea 7c82869e 6 bytes jmp 70bd000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!copyfilew 7c82f82b 6 bytes jmp 70ba000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!openprocess 7c830999 6 bytes jmp 7054000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!deletefilea 7c831e8d 6 bytes jmp 7075000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!deletefilew 7c831f13 6 bytes jmp 7072000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!createdirectoryw 7c8323b2 6 bytes jmp 70a5000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!movefileexw 7c83563b 6 bytes jmp 7057000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!movefilea 7c835e6f 6 bytes jmp 7060000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!debugactiveprocess 7c85af93 6 bytes jmp 7135000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!movefileexa 7c85e333 6 bytes jmp 705a000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!copyfileexa 7c85f234 6 bytes jmp 70b7000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!winexec 7c8622b5 6 bytes jmp 7141000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!setthreadcontext 7c8639b1 6 bytes jmp 709f000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!createtoolhelp32snapshot 7c865a27 6 bytes jmp 70db000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!getbinarytypew + 80 7c868b34 1 byte [62]
.text c:\windows\system32\services.exe[1180] advapi32.dll!regopenkeyexw 77da6aaf 6 bytes jmp 70f6000a
.text c:\windows\system32\services.exe[1180] advapi32.dll!regqueryvalueexw 77da6fff 6 bytes jmp 70e4000a
.text c:\windows\system32\services.exe[1180] advapi32.dll!regcreatekeyexw 77da776c 6 bytes jmp 7108000a
.text c:\windows\system32\services.exe[1180] advapi32.dll!regopenkeyexa 77da7852 6 bytes jmp 70f9000a
.text c:\windows\system32\services.exe[1180] advapi32.dll!regopenkeyw 77da7946 6 bytes jmp 70fc000a
.text c:\windows\system32\services.exe[1180] advapi32.dll!openprocesstoken 77da798b 6 bytes jmp 709c000a
.text c:\windows\system32\services.exe[1180] advapi32.dll!regqueryvalueexa 77da7abb 6 bytes jmp 70e7000a
.text c:\windows\system32\services.exe[1180] advapi32.dll!regsetvalueexw 77dad747 6 bytes jmp 70f0000a
.text c:\windows\system32\services.exe[1180] advapi32.dll!regqueryvaluew 77dad85a 6 bytes jmp 70ea000a
.text c:\windows\system32\services.exe[1180] advapi32.dll!regcreatekeyexa 77dae9d4 6 bytes jmp 710b000a
.text c:\windows\system32\services.exe[1180] advapi32.dll!regsetvalueexa 77daeac7 6 bytes jmp 70f3000a
.text c:\windows\system32\services.exe[1180] advapi32.dll!regopenkeya 77daefa8 6 bytes jmp 70ff000a
.text c:\windows\system32\services.exe[1180] advapi32.dll!adjusttokenprivileges 77daefec 6 bytes jmp 7093000a
.text c:\windows\system32\services.exe[1180] advapi32.dll!regdeletekeya 77db4288 6 bytes jmp 706f000a
.text c:\windows\system32\services.exe[1180] advapi32.dll!regdeletekeyw 77db5583 6 bytes jmp 706c000a
.text c:\windows\system32\services.exe[1180] advapi32.dll!openscmanagerw 77db6f3d 6 bytes jmp 70cc000a
.text c:\windows\system32\services.exe[1180] advapi32.dll!openscmanagera 77dc6996 6 bytes jmp 70cf000a
.text c:\windows\system32\services.exe[1180] advapi32.dll!lookupprivilegevaluew 77dcb8c7 6 bytes jmp 7096000a
.text c:\windows\system32\services.exe[1180] advapi32.dll!regcreatekeyw 77dcba3d 6 bytes jmp 7102000a
.text c:\windows\system32\services.exe[1180] advapi32.dll!regqueryvaluea 77dcbb75 4 bytes jmp ec001e25
.text c:\windows\system32\services.exe[1180] advapi32.dll!regqueryvaluea + 5 77dcbb7a 1 byte [70]
.text c:\windows\system32\services.exe[1180] advapi32.dll!regcreatekeya 77dcbcdb 6 bytes jmp 7105000a

Polarbär 29.07.2012 14:35
GMER 5.Teil
Zitat:
.text C:\WINDOWS\system32\services.exe[1180] ADVAPI32.dll!LookupPrivilegeValueA 77DCC220 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\services.exe[1180] ADVAPI32.dll!LsaRemoveAccountRights 77DEAB91 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\services.exe[1180] ADVAPI32.dll!CreateServiceA 77E07359 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\services.exe[1180] ADVAPI32.dll!CreateServiceW 77E074F1 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\services.exe[1180] USER32.dll!SetWindowTextW 7E36BC36 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\services.exe[1180] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\services.exe[1180] USER32.dll!GetWindowTextW 7E36CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\services.exe[1180] USER32.dll!DrawTextW 7E36D7C2 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\services.exe[1180] USER32.dll!ShowWindow 7E36D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1180] USER32.dll!ShowWindow + 4 7E36D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\services.exe[1180] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1180] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\services.exe[1180] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\services.exe[1180] USER32.dll!CreateWindowExW 7E36FC25 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\services.exe[1180] USER32.dll!CreateWindowExA 7E36FF33 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\services.exe[1180] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\services.exe[1180] USER32.dll!SetWindowTextA 7E37F52B 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\services.exe[1180] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\services.exe[1180] USER32.dll!SetWinEventHook 7E3817B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\services.exe[1180] USER32.dll!GetWindowTextA 7E38212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\services.exe[1180] USER32.dll!DrawTextA 7E38C6CA 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\services.exe[1180] USER32.dll!DdeConnect 7E3A7F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\services.exe[1180] USER32.dll!EndTask 7E3A9E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\services.exe[1180] USER32.dll!RegisterRawInputDevices 7E3BCBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1180] USER32.dll!RegisterRawInputDevices + 4 7E3BCBD8 2 Bytes [16, 71]
.text C:\WINDOWS\system32\services.exe[1180] SHELL32.dll!ShellExecuteExW 7E6B25D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\services.exe[1180] SHELL32.dll!Shell_NotifyIcon 7E6D18BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\services.exe[1180] SHELL32.dll!Shell_NotifyIconW 7E6D62A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\services.exe[1180] SHELL32.dll!ShellExecuteEx 7E6F0E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\services.exe[1180] SHELL32.dll!ShellExecuteA 7E6F11C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\services.exe[1180] SHELL32.dll!ShellExecuteW 7E7659D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\lsass.exe[1200] ntdll.dll!NtLoadDriver 7C91D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1200] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\lsass.exe[1200] ntdll.dll!NtSuspendProcess 7C91DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1200] ntdll.dll!NtSuspendProcess + 4 7C91DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\lsass.exe[1200] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!DeviceIoControl 7C801629 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!DeviceIoControl + 4 7C80162D 2 Bytes [AA, 70]
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!VirtualAlloc 7C809AA1 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!MultiByteToWideChar 7C809C48 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!LoadResource 7C80A005 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!WideCharToMultiByte 7C80A124 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!GetProcAddress 7C80ADF0 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!LoadLibraryW 7C80AE9B 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!CreateMutexW 7C80E907 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!CreateMutexA 7C80E98F 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!OpenMutexW 7C80E9E5 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!OpenMutexA 7C80EA6B 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!GetVolumeInformationW 7C80FA35 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!CreateRemoteThread 7C81047C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!CreateRemoteThread + 4 7C810480 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!CreateThread 7C810687 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!CreateFileW 7C8107B0 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!WriteFile 7C810DD7 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!TerminateThread 7C81CAEB 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!MoveFileW 7C821211 6 Bytes JMP 705D000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!CreateDirectoryA 7C82175C 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!GetVolumeInformationA 7C821B55 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!CopyFileExW 7C827AE2 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!CopyFileA 7C82869E 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!CopyFileW 7C82F82B 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!OpenProcess 7C830999 6 Bytes JMP 7054000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!DeleteFileA 7C831E8D 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!DeleteFileW 7C831F13 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!CreateDirectoryW 7C8323B2 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!MoveFileExW 7C83563B 6 Bytes JMP 7057000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!MoveFileA 7C835E6F 6 Bytes JMP 7060000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!DebugActiveProcess 7C85AF93 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!MoveFileExA 7C85E333 6 Bytes JMP 705A000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!CopyFileExA 7C85F234 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!WinExec 7C8622B5 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!SetThreadContext 7C8639B1 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!CreateToolhelp32Snapshot 7C865A27 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!RegQueryValueExW 77DA6FFF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!RegCreateKeyExW 77DA776C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!RegOpenKeyExA 77DA7852 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!RegOpenKeyW 77DA7946 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!OpenProcessToken 77DA798B 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!RegQueryValueExA 77DA7ABB 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!RegSetValueExW 77DAD747 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!RegQueryValueW 77DAD85A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!RegSetValueExA 77DAEAC7 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!AdjustTokenPrivileges 77DAEFEC 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!RegDeleteKeyA 77DB4288 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!RegDeleteKeyW 77DB5583 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!OpenSCManagerW 77DB6F3D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!OpenSCManagerA 77DC6996 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!LookupPrivilegeValueW 77DCB8C7 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!RegQueryValueA 77DCBB75 4 Bytes JMP EC001E25
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!RegQueryValueA + 5 77DCBB7A 1 Byte [70]
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!LookupPrivilegeValueA 77DCC220 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!LsaRemoveAccountRights 77DEAB91 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!CreateServiceA 77E07359 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!CreateServiceW 77E074F1 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!SetWindowTextW 7E36BC36 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!GetWindowTextW 7E36CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!DrawTextW 7E36D7C2 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!ShowWindow 7E36D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!ShowWindow + 4 7E36D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!CreateWindowExW 7E36FC25 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!CreateWindowExA 7E36FF33 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!SetWindowTextA 7E37F52B 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!SetWinEventHook 7E3817B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!GetWindowTextA 7E38212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!DrawTextA 7E38C6CA 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!DdeConnect 7E3A7F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!EndTask 7E3A9E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!RegisterRawInputDevices 7E3BCBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!RegisterRawInputDevices + 4 7E3BCBD8 2 Bytes [16, 71]
.text C:\WINDOWS\system32\lsass.exe[1200] SHELL32.dll!ShellExecuteExW 7E6B25D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\lsass.exe[1200] SHELL32.dll!Shell_NotifyIcon 7E6D18BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\lsass.exe[1200] SHELL32.dll!Shell_NotifyIconW 7E6D62A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\lsass.exe[1200] SHELL32.dll!ShellExecuteEx 7E6F0E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\lsass.exe[1200] SHELL32.dll!ShellExecuteA 7E6F11C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\lsass.exe[1200] SHELL32.dll!ShellExecuteW 7E7659D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\System32\svchost.exe[1268] ntdll.dll!NtLoadDriver 7C91D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1268] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [22, 71]
.text C:\WINDOWS\System32\svchost.exe[1268] ntdll.dll!NtSuspendProcess 7C91DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1268] ntdll.dll!NtSuspendProcess + 4 7C91DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\System32\svchost.exe[1268] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!DeviceIoControl 7C801629 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!DeviceIoControl + 4 7C80162D 2 Bytes [AA, 70]
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!VirtualAlloc 7C809AA1 6 Bytes JMP 70D5000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!MultiByteToWideChar 7C809C48 6 Bytes JMP 7084000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!LoadResource 7C80A005 6 Bytes JMP 70C0000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!WideCharToMultiByte 7C80A124 6 Bytes JMP 7063000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!GetProcAddress 7C80ADF0 6 Bytes JMP 7114000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!LoadLibraryW 7C80AE9B 6 Bytes JMP 715C000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!CreateMutexW 7C80E907 6 Bytes JMP 708D000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!CreateMutexA 7C80E98F 6 Bytes JMP 7090000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!OpenMutexW 7C80E9E5 6 Bytes JMP 7087000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!OpenMutexA 7C80EA6B 6 Bytes JMP 708A000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!GetVolumeInformationW 7C80FA35 6 Bytes JMP 710E000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!CreateRemoteThread 7C81047C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!CreateRemoteThread + 4 7C810480 2 Bytes [6D, 71]
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!CreateThread 7C810687 6 Bytes JMP 70D8000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!CreateFileW 7C8107B0 6 Bytes JMP 70E1000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!WriteFile 7C810DD7 6 Bytes JMP 70A2000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!TerminateThread 7C81CAEB 6 Bytes JMP 7138000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!MoveFileW 7C821211 6 Bytes JMP 705D000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!CreateDirectoryA 7C82175C 6 Bytes JMP 70A8000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!GetVolumeInformationA 7C821B55 6 Bytes JMP 7111000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!CopyFileExW 7C827AE2 6 Bytes JMP 70B4000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!CopyFileA 7C82869E 6 Bytes JMP 70BD000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!CopyFileW 7C82F82B 6 Bytes JMP 70BA000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!OpenProcess 7C830999 6 Bytes JMP 7054000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!DeleteFileA 7C831E8D 6 Bytes JMP 7075000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!DeleteFileW 7C831F13 6 Bytes JMP 7072000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!CreateDirectoryW 7C8323B2 6 Bytes JMP 70A5000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!MoveFileExW 7C83563B 6 Bytes JMP 7057000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!MoveFileA 7C835E6F 6 Bytes JMP 7060000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!DebugActiveProcess 7C85AF93 6 Bytes JMP 7135000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!MoveFileExA 7C85E333 6 Bytes JMP 705A000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!CopyFileExA 7C85F234 6 Bytes JMP 70B7000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!WinExec 7C8622B5 6 Bytes JMP 7141000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!SetThreadContext 7C8639B1 6 Bytes JMP 709F000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!CreateToolhelp32Snapshot 7C865A27 6 Bytes JMP 70DB000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 6 Bytes JMP 70F6000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!RegQueryValueExW 77DA6FFF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExW 77DA776C 6 Bytes JMP 7108000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExA 77DA7852 6 Bytes JMP 70F9000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyW 77DA7946 6 Bytes JMP 70FC000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!OpenProcessToken 77DA798B 6 Bytes JMP 709C000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!RegQueryValueExA 77DA7ABB 6 Bytes JMP 70E7000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!RegSetValueExW 77DAD747 6 Bytes JMP 70F0000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!RegQueryValueW 77DAD85A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 6 Bytes JMP 710B000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!RegSetValueExA 77DAEAC7 6 Bytes JMP 70F3000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 6 Bytes JMP 70FF000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!AdjustTokenPrivileges 77DAEFEC 6 Bytes JMP 7093000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!RegDeleteKeyA 77DB4288 6 Bytes JMP 706F000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!RegDeleteKeyW 77DB5583 6 Bytes JMP 706C000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!OpenSCManagerW 77DB6F3D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!OpenSCManagerA 77DC6996 6 Bytes JMP 70CF000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!LookupPrivilegeValueW 77DCB8C7 6 Bytes JMP 7096000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 6 Bytes JMP 7102000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!RegQueryValueA 77DCBB75 4 Bytes JMP EC001E25
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!RegQueryValueA + 5 77DCBB7A 1 Byte [70]
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 6 Bytes JMP 7105000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!LookupPrivilegeValueA 77DCC220 6 Bytes JMP 7099000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!LsaRemoveAccountRights 77DEAB91 6 Bytes JMP 7168000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!CreateServiceA 77E07359 6 Bytes JMP 7120000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!CreateServiceW 77E074F1 6 Bytes JMP 711D000A
.text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!SetWindowTextW 7E36BC36 6 Bytes JMP 7066000A
.text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!GetWindowTextW 7E36CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!DrawTextW 7E36D7C2 6 Bytes JMP 707E000A
.text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!ShowWindow 7E36D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!ShowWindow + 4 7E36D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!CreateWindowExW 7E36FC25 6 Bytes JMP 7078000A
.text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!CreateWindowExA 7E36FF33 6 Bytes JMP 707B000A
.text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!SetWindowTextA 7E37F52B 6 Bytes JMP 7069000A
.text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!SetWinEventHook 7E3817B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!GetWindowTextA 7E38212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!DrawTextA 7E38C6CA 6 Bytes JMP 7081000A
.text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!DdeConnect 7E3A7F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!EndTask 7E3A9E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!RegisterRawInputDevices 7E3BCBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!RegisterRawInputDevices + 4 7E3BCBD8 2 Bytes [16, 71]
.text C:\WINDOWS\System32\svchost.exe[1268] SHELL32.dll!ShellExecuteExW 7E6B25D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\System32\svchost.exe[1268] SHELL32.dll!Shell_NotifyIcon 7E6D18BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\System32\svchost.exe[1268] SHELL32.dll!Shell_NotifyIconW 7E6D62A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\System32\svchost.exe[1268] SHELL32.dll!ShellExecuteEx 7E6F0E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\System32\svchost.exe[1268] SHELL32.dll!ShellExecuteA 7E6F11C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\System32\svchost.exe[1268] SHELL32.dll!ShellExecuteW 7E7659D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ntdll.dll!NtLoadDriver 7C91D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ntdll.dll!NtSuspendProcess 7C91DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ntdll.dll!NtSuspendProcess + 4 7C91DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!DeviceIoControl 7C801629 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!DeviceIoControl + 4 7C80162D 2 Bytes [AA, 70]
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!VirtualAlloc 7C809AA1 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!MultiByteToWideChar 7C809C48 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!LoadResource 7C80A005 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!WideCharToMultiByte 7C80A124 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!GetProcAddress 7C80ADF0 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!LoadLibraryW 7C80AE9B 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!CreateMutexW 7C80E907 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!CreateMutexA 7C80E98F 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!OpenMutexW 7C80E9E5 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!OpenMutexA 7C80EA6B 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!GetVolumeInformationW 7C80FA35 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!CreateRemoteThread 7C81047C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!CreateRemoteThread + 4 7C810480 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!CreateThread 7C810687 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!CreateFileW 7C8107B0 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!WriteFile 7C810DD7 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!TerminateThread 7C81CAEB 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!MoveFileW 7C821211 6 Bytes JMP 705D000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!CreateDirectoryA 7C82175C 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!GetVolumeInformationA 7C821B55 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!CopyFileExW 7C827AE2 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!CopyFileA 7C82869E 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!CopyFileW 7C82F82B 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!OpenProcess 7C830999 6 Bytes JMP 7054000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!DeleteFileA 7C831E8D 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!DeleteFileW 7C831F13 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!CreateDirectoryW 7C8323B2 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!MoveFileExW 7C83563B 6 Bytes JMP 7057000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!MoveFileA 7C835E6F 6 Bytes JMP 7060000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!DebugActiveProcess 7C85AF93 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!MoveFileExA 7C85E333 6 Bytes JMP 705A000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!CopyFileExA 7C85F234 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!WinExec 7C8622B5 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!SetThreadContext 7C8639B1 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!CreateToolhelp32Snapshot 7C865A27 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] USER32.dll!SetWindowTextW 7E36BC36 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] USER32.dll!GetWindowTextW 7E36CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] USER32.dll!DrawTextW 7E36D7C2 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] USER32.dll!ShowWindow 7E36D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] USER32.dll!ShowWindow + 4 7E36D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] USER32.dll!CreateWindowExW 7E36FC25 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] USER32.dll!CreateWindowExA 7E36FF33 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] USER32.dll!SetWindowTextA 7E37F52B 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] USER32.dll!SetWinEventHook 7E3817B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] USER32.dll!GetWindowTextA 7E38212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] USER32.dll!DrawTextA 7E38C6CA 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] USER32.dll!DdeConnect 7E3A7F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] USER32.dll!EndTask 7E3A9E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] USER32.dll!RegisterRawInputDevices 7E3BCBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] USER32.dll!RegisterRawInputDevices + 4 7E3BCBD8 2 Bytes [16, 71]
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!RegQueryValueExW 77DA6FFF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!RegCreateKeyExW 77DA776C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!RegOpenKeyExA 77DA7852 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!RegOpenKeyW 77DA7946 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!OpenProcessToken 77DA798B 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!RegQueryValueExA 77DA7ABB 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!RegSetValueExW 77DAD747 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!RegQueryValueW 77DAD85A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!RegSetValueExA 77DAEAC7 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!AdjustTokenPrivileges 77DAEFEC 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!RegDeleteKeyA 77DB4288 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!RegDeleteKeyW 77DB5583 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!OpenSCManagerW 77DB6F3D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!OpenSCManagerA 77DC6996 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!LookupPrivilegeValueW 77DCB8C7 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!RegQueryValueA 77DCBB75 4 Bytes JMP EC001E25
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!RegQueryValueA + 5 77DCBB7A 1 Byte [70]
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!LookupPrivilegeValueA 77DCC220 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!LsaRemoveAccountRights 77DEAB91 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!CreateServiceA 77E07359 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!CreateServiceW 77E074F1 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] SHELL32.dll!ShellExecuteExW 7E6B25D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] SHELL32.dll!Shell_NotifyIcon 7E6D18BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] SHELL32.dll!Shell_NotifyIconW 7E6D62A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] SHELL32.dll!ShellExecuteEx 7E6F0E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] SHELL32.dll!ShellExecuteA 7E6F11C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] SHELL32.dll!ShellExecuteW 7E7659D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtLoadDriver 7C91D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtSuspendProcess 7C91DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtSuspendProcess + 4 7C91DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!DeviceIoControl 7C801629 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!DeviceIoControl + 4 7C80162D 2 Bytes [AA, 70]
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!VirtualAlloc 7C809AA1 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!MultiByteToWideChar 7C809C48 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadResource 7C80A005 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!WideCharToMultiByte 7C80A124 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!GetProcAddress 7C80ADF0 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryW 7C80AE9B 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateMutexW 7C80E907 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateMutexA 7C80E98F 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!OpenMutexW 7C80E9E5 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!OpenMutexA 7C80EA6B 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!GetVolumeInformationW 7C80FA35 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateRemoteThread 7C81047C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateRemoteThread + 4 7C810480 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateThread 7C810687 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateFileW 7C8107B0 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!WriteFile 7C810DD7 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!TerminateThread 7C81CAEB 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!MoveFileW 7C821211 6 Bytes JMP 705D000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateDirectoryA 7C82175C 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!GetVolumeInformationA 7C821B55 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CopyFileExW 7C827AE2 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CopyFileA 7C82869E 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CopyFileW 7C82F82B 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!OpenProcess 7C830999 6 Bytes JMP 7054000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!DeleteFileA 7C831E8D 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!DeleteFileW 7C831F13 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateDirectoryW 7C8323B2 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!MoveFileExW 7C83563B 6 Bytes JMP 7057000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!MoveFileA 7C835E6F 6 Bytes JMP 7060000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!DebugActiveProcess 7C85AF93 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!MoveFileExA 7C85E333 6 Bytes JMP 705A000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CopyFileExA 7C85F234 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!WinExec 7C8622B5 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!SetThreadContext 7C8639B1 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateToolhelp32Snapshot 7C865A27 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegQueryValueExW 77DA6FFF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExW 77DA776C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExA 77DA7852 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyW 77DA7946 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!OpenProcessToken 77DA798B 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegQueryValueExA 77DA7ABB 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegSetValueExW 77DAD747 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegQueryValueW 77DAD85A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegSetValueExA 77DAEAC7 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!AdjustTokenPrivileges 77DAEFEC 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegDeleteKeyA 77DB4288 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegDeleteKeyW 77DB5583 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!OpenSCManagerW 77DB6F3D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!OpenSCManagerA 77DC6996 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!LookupPrivilegeValueW 77DCB8C7 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegQueryValueA 77DCBB75 4 Bytes JMP EC001E25
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegQueryValueA + 5 77DCBB7A 1 Byte [70]
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!LookupPrivilegeValueA 77DCC220 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!LsaRemoveAccountRights 77DEAB91 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!CreateServiceA 77E07359 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!CreateServiceW 77E074F1 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!SetWindowTextW 7E36BC36 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!GetWindowTextW 7E36CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!DrawTextW 7E36D7C2 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!ShowWindow 7E36D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!ShowWindow + 4 7E36D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!CreateWindowExW 7E36FC25 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!CreateWindowExA 7E36FF33 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!SetWindowTextA 7E37F52B 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!SetWinEventHook 7E3817B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!GetWindowTextA 7E38212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!DrawTextA 7E38C6CA 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!DdeConnect 7E3A7F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!EndTask 7E3A9E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!RegisterRawInputDevices 7E3BCBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!RegisterRawInputDevices + 4 7E3BCBD8 2 Bytes [16, 71]
.text C:\WINDOWS\system32\svchost.exe[1400] SHELL32.dll!ShellExecuteExW 7E6B25D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\svchost.exe[1400] SHELL32.dll!Shell_NotifyIcon 7E6D18BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\svchost.exe[1400] SHELL32.dll!Shell_NotifyIconW 7E6D62A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\svchost.exe[1400] SHELL32.dll!ShellExecuteEx 7E6F0E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\svchost.exe[1400] SHELL32.dll!ShellExecuteA 7E6F11C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\svchost.exe[1400] SHELL32.dll!ShellExecuteW 7E7659D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\svchost.exe[1472] ntdll.dll!NtLoadDriver 7C91D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1472] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\svchost.exe[1472] ntdll.dll!NtSuspendProcess 7C91DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1472] ntdll.dll!NtSuspendProcess + 4 7C91DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\svchost.exe[1472] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!DeviceIoControl 7C801629 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!DeviceIoControl + 4 7C80162D 2 Bytes [AA, 70]
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!VirtualAlloc 7C809AA1 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!MultiByteToWideChar 7C809C48 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!LoadResource 7C80A005 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!WideCharToMultiByte 7C80A124 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!GetProcAddress 7C80ADF0 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!LoadLibraryW 7C80AE9B 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateMutexW 7C80E907 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateMutexA 7C80E98F 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!OpenMutexW 7C80E9E5 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!OpenMutexA 7C80EA6B 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!GetVolumeInformationW 7C80FA35 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateRemoteThread 7C81047C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateRemoteThread + 4 7C810480 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateThread 7C810687 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateFileW 7C8107B0 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!WriteFile 7C810DD7 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!TerminateThread 7C81CAEB 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!MoveFileW 7C821211 6 Bytes JMP 705D000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateDirectoryA 7C82175C 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!GetVolumeInformationA 7C821B55 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CopyFileExW 7C827AE2 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CopyFileA 7C82869E 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CopyFileW 7C82F82B 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!OpenProcess 7C830999 6 Bytes JMP 7054000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!DeleteFileA 7C831E8D 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!DeleteFileW 7C831F13 6 Bytes JMP 7072000A
.text

Polarbär 29.07.2012 14:37
GMER Teil 6
Zitat:
C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateDirectoryW 7C8323B2 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!MoveFileExW 7C83563B 6 Bytes JMP 7057000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!MoveFileA 7C835E6F 6 Bytes JMP 7060000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!DebugActiveProcess 7C85AF93 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!MoveFileExA 7C85E333 6 Bytes JMP 705A000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CopyFileExA 7C85F234 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!WinExec 7C8622B5 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!SetThreadContext 7C8639B1 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateToolhelp32Snapshot 7C865A27 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!RegisterRawInputDevices 7E3BCBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!RegisterRawInputDevices + 4 7E3BCBD8 2 Bytes [16, 71]
.text C:\WINDOWS\system32\svchost.exe[1472] SHELL32.dll!ShellExecuteExW 7E6B25D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\svchost.exe[1472] SHELL32.dll!Shell_NotifyIcon 7E6D18BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\svchost.exe[1472] SHELL32.dll!Shell_NotifyIconW 7E6D62A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\svchost.exe[1472] SHELL32.dll!ShellExecuteEx 7E6F0E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\svchost.exe[1472] SHELL32.dll!ShellExecuteA 7E6F11C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\svchost.exe[1472] SHELL32.dll!ShellExecuteW 7E7659D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\System32\svchost.exe[1508] ntdll.dll!NtLoadDriver 7C91D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1508] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [22, 71]
.text C:\WINDOWS\System32\svchost.exe[1508] ntdll.dll!NtSuspendProcess 7C91DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1508] ntdll.dll!NtSuspendProcess + 4 7C91DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\System32\svchost.exe[1508] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!DeviceIoControl 7C801629 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!DeviceIoControl + 4 7C80162D 2 Bytes [A9, 70]
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D1000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!VirtualAlloc 7C809AA1 6 Bytes JMP 70D4000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!MultiByteToWideChar 7C809C48 6 Bytes JMP 707D000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!LoadResource 7C80A005 6 Bytes JMP 70BF000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!WideCharToMultiByte 7C80A124 6 Bytes JMP 705C000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!GetProcAddress 7C80ADF0 6 Bytes JMP 7114000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!LoadLibraryW 7C80AE9B 6 Bytes JMP 715C000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreateMutexW 7C80E907 6 Bytes JMP 7086000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreateMutexA 7C80E98F 6 Bytes JMP 7089000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!OpenMutexW 7C80E9E5 6 Bytes JMP 7080000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!OpenMutexA 7C80EA6B 6 Bytes JMP 7083000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!GetVolumeInformationW 7C80FA35 6 Bytes JMP 710E000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreateRemoteThread 7C81047C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreateRemoteThread + 4 7C810480 2 Bytes [6D, 71]
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreateThread 7C810687 6 Bytes JMP 70D7000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreateFileW 7C8107B0 6 Bytes JMP 70E1000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!WriteFile 7C810DD7 6 Bytes JMP 709B000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!TerminateThread 7C81CAEB 6 Bytes JMP 7138000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!MoveFileW 7C821211 6 Bytes JMP 7056000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreateDirectoryA 7C82175C 6 Bytes JMP 70A1000A
C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!RegQueryValueExW 77DA6FFF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!RegCreateKeyExW 77DA776C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!RegOpenKeyExA 77DA7852 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!RegOpenKeyW 77DA7946 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!OpenProcessToken 77DA798B 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!RegQueryValueExA 77DA7ABB 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!RegSetValueExW 77DAD747 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!RegQueryValueW 77DAD85A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!RegSetValueExA 77DAEAC7 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!AdjustTokenPrivileges 77DAEFEC 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!RegDeleteKeyA 77DB4288 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!RegDeleteKeyW 77DB5583 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!OpenSCManagerW 77DB6F3D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!OpenSCManagerA 77DC6996 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!LookupPrivilegeValueW 77DCB8C7 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!RegQueryValueA 77DCBB75 4 Bytes JMP EC001E25
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!RegQueryValueA + 5 77DCBB7A 1 Byte [70]
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!LookupPrivilegeValueA 77DCC220 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!LsaRemoveAccountRights 77DEAB91 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!CreateServiceA 77E07359 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!CreateServiceW 77E074F1 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!SetWindowTextW 7E36BC36 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!GetWindowTextW 7E36CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!DrawTextW 7E36D7C2 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!ShowWindow 7E36D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!ShowWindow + 4 7E36D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!CreateWindowExW 7E36FC25 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!CreateWindowExA 7E36FF33 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!SetWindowTextA 7E37F52B 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!SetWinEventHook 7E3817B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!GetWindowTextA 7E38212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!DrawTextA 7E38C6CA 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!DdeConnect 7E3A7F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!EndTask 7E3A9E75 6 Bytes JMP 713E000A
.text
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!GetVolumeInformationA 7C821B55 6 Bytes JMP 7111000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CopyFileExW 7C827AE2 6 Bytes JMP 70B3000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CopyFileA 7C82869E 6 Bytes JMP 70BC000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CopyFileW 7C82F82B 6 Bytes JMP 70B9000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!OpenProcess 7C830999 6 Bytes JMP 704D000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!DeleteFileA 7C831E8D 6 Bytes JMP 706E000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!DeleteFileW 7C831F13 6 Bytes JMP 706B000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreateDirectoryW 7C8323B2 6 Bytes JMP 709E000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!MoveFileExW 7C83563B 6 Bytes JMP 7050000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!MoveFileA 7C835E6F 6 Bytes JMP 7059000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!DebugActiveProcess 7C85AF93 6 Bytes JMP 7135000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!MoveFileExA 7C85E333 6 Bytes JMP 7053000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CopyFileExA 7C85F234 6 Bytes JMP 70B6000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!WinExec 7C8622B5 6 Bytes JMP 7141000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!SetThreadContext 7C8639B1 6 Bytes JMP 7098000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreateToolhelp32Snapshot 7C865A27 6 Bytes JMP 70DA000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 6 Bytes JMP 70F6000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegQueryValueExW 77DA6FFF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyExW 77DA776C 6 Bytes JMP 7108000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegOpenKeyExA 77DA7852 6 Bytes JMP 70F9000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegOpenKeyW 77DA7946 6 Bytes JMP 70FC000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!OpenProcessToken 77DA798B 6 Bytes JMP 7095000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegQueryValueExA 77DA7ABB 6 Bytes JMP 70E7000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegSetValueExW 77DAD747 6 Bytes JMP 70F0000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegQueryValueW 77DAD85A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyExA .text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegSetValueExA 77DAEAC7 6 Bytes JMP 70F3000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 6 Bytes JMP 70FF000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!AdjustTokenPrivileges 77DAEFEC 6 Bytes JMP 708C000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegDeleteKeyA 77DB4288 6 Bytes JMP 7068000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegDeleteKeyW 77DB5583 6 Bytes JMP 7065000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!OpenSCManagerW 77DB6F3D 6 Bytes JMP 70CB000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!OpenSCManagerA 77DC6996 6 Bytes JMP 70CE000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!LookupPrivilegeValueW 77DCB8C7 6 Bytes JMP 708F000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 6 Bytes JMP 7102000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegQueryValueA 77DCBB75 4 Bytes JMP EC001E25
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegQueryValueA + 5 77DCBB7A 1 Byte [70]
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 6 Bytes JMP 7105000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!LookupPrivilegeValueA 77DCC220 6 Bytes JMP 7092000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!LsaRemoveAccountRights 77DEAB91 6 Bytes JMP 7168000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!CreateServiceA 77E07359 6 Bytes JMP 7120000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!CreateServiceW 77E074F1 6 Bytes JMP 711D000A
.text C:\WINDOWS\System32\svchost.exe[1508] USER32.dll!SetWindowTextW 7E36BC36 6 Bytes JMP 705F000A
.text C:\WINDOWS\System32\svchost.exe[1508] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\System32\svchost.exe[1508] USER32.dll!GetWindowTextW 7E36CDB6 6 Bytes JMP 70C5000A
.text C:\WINDOWS\System32\svchost.exe[1508] USER32.dll!DrawTextW 7E36D7C2 6 Bytes JMP 7077000A
.text C:\WINDOWS\System32\svchost.exe[1508] USER32.dll!ShowWindow 7E36D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1508] USER32.dll!ShowWindow + 4 7E36D8A8 2 Bytes [C1, 70]
.text C:\WINDOWS\System32\svchost.exe[1508] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1508] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\System32\svchost.exe[1508] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\System32\svchost.exe[1508] USER32.dll!CreateWindowExW 7E36FC25 6 Bytes JMP 7071000A
.text C:\WINDOWS\System32\svchost.exe[1508] USER32.dll!CreateWindowExA 7E36FF33 6 Bytes JMP 7074000A
.text C:\WINDOWS\System32\svchost.exe[1508] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\System32\svchost.exe[1508] USER32.dll!SetWindowTextA 7E37F52B 6 Bytes JMP 7062000A
.text C:\WINDOWS\System32\svchost.exe[1508] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\System32\svchost.exe[1508] USER32.dll!SetWinEventHook 7E3817B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\System32\svchost.exe[1508] USER32.dll!GetWindowTextA 7E38212B 6 Bytes JMP 70C8000A
.text C:\WINDOWS\System32\svchost.exe[1508] USER32.dll!DrawTextA 7E38C6CA 6 Bytes JMP 707A000A
.text C:\WINDOWS\System32\svchost.exe[1508] USER32.dll!DdeConnect 7E3A7F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\System32\svchost.exe[1508] USER32.dll!EndTask 7E3A9E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\System32\svchost.exe[1508] USER32.dll!RegisterRawInputDevices 7E3BCBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1508] USER32.dll!RegisterRawInputDevices + 4 7E3BCBD8 2 Bytes [16, 71]
.text C:\WINDOWS\System32\svchost.exe[1508] SHELL32.dll!ShellExecuteExW 7E6B25D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\System32\svchost.exe[1508] SHELL32.dll!Shell_NotifyIcon 7E6D18BE 6 Bytes JMP 70B0000A
.text C:\WINDOWS\System32\svchost.exe[1508] SHELL32.dll!Shell_NotifyIconW 7E6D62A5 6 Bytes JMP 70AD000A
.text C:\WINDOWS\System32\svchost.exe[1508] SHELL32.dll!ShellExecuteEx 7E6F0E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\System32\svchost.exe[1508] SHELL32.dll!ShellExecuteA 7E6F11C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\System32\svchost.exe[1508] SHELL32.dll!ShellExecuteW 7E7659D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\System32\svchost.exe[1508] WININET.dll!InternetConnectA 408CDEAE 6 Bytes JMP 704A000A
.text C:\WINDOWS\System32\svchost.exe[1508] WININET.dll!InternetOpenUrlA 408DF3A4 6 Bytes JMP 70A7000A
.text C:\WINDOWS\System32\svchost.exe[1508] WININET.dll!InternetOpenUrlW 40926DDF 6 Bytes JMP 70A4000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ntdll.dll!NtLoadDriver 7C91D46E 3 Bytes [FF, 25, 1E]
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [22, 71]
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ntdll.dll!NtSuspendProcess 7C91DE2E 3 Bytes [FF, 25, 1E]
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ntdll.dll!NtSuspendProcess + 4 7C91DE32 2 Bytes [3A, 71]
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!DeviceIoControl 7C801629 3 Bytes [FF, 25, 1E]
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!DeviceIoControl + 4 7C80162D 2 Bytes [AA, 70]
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!VirtualAlloc 7C809AA1 6 Bytes JMP 70D5000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!MultiByteToWideChar 7C809C48 6 Bytes JMP 7084000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!LoadResource 7C80A005 6 Bytes JMP 70C0000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!WideCharToMultiByte 7C80A124 6 Bytes JMP 7063000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!GetProcAddress 7C80ADF0 6 Bytes JMP 7114000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!LoadLibraryW 7C80AE9B 6 Bytes JMP 715C000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!CreateMutexW 7C80E907 6 Bytes JMP 708D000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!CreateMutexA 7C80E98F 6 Bytes JMP 7090000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!OpenMutexW 7C80E9E5 6 Bytes JMP 7087000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!OpenMutexA 7C80EA6B 6 Bytes JMP 708A000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!GetVolumeInformationW 7C80FA35 6 Bytes JMP 710E000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!CreateRemoteThread 7C81047C 3 Bytes [FF, 25, 1E]
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!CreateRemoteThread + 4 7C810480 2 Bytes [6D, 71]
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!CreateThread 7C810687 6 Bytes JMP 70D8000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!CreateFileW 7C8107B0 6 Bytes JMP 70E1000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!WriteFile 7C810DD7 6 Bytes JMP 70A2000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!TerminateThread 7C81CAEB 6 Bytes JMP 7138000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!MoveFileW 7C821211 6 Bytes JMP 705D000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!CreateDirectoryA 7C82175C 6 Bytes JMP 70A8000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!GetVolumeInformationA 7C821B55 6 Bytes JMP 7111000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!CopyFileExW 7C827AE2 6 Bytes JMP 70B4000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!CopyFileA 7C82869E 6 Bytes JMP 70BD000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!CopyFileW 7C82F82B 6 Bytes JMP 70BA000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!OpenProcess 7C830999 6 Bytes JMP 7054000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!DeleteFileA 7C831E8D 6 Bytes JMP 7075000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!DeleteFileW 7C831F13 6 Bytes JMP 7072000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!CreateDirectoryW 7C8323B2 6 Bytes JMP 70A5000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!MoveFileExW 7C83563B 6 Bytes JMP 7057000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!MoveFileA 7C835E6F 6 Bytes JMP 7060000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!DebugActiveProcess 7C85AF93 6 Bytes JMP 7135000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!MoveFileExA 7C85E333 6 Bytes JMP 705A000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!CopyFileExA 7C85F234 6 Bytes JMP 70B7000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!WinExec 7C8622B5 6 Bytes JMP 7141000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!SetThreadContext 7C8639B1 6 Bytes JMP 709F000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!CreateToolhelp32Snapshot 7C865A27 6 Bytes JMP 70DB000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 6 Bytes JMP 70F6000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!RegQueryValueExW 77DA6FFF 6 Bytes JMP 70E4000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!RegCreateKeyExW 77DA776C 6 Bytes JMP 7108000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!RegOpenKeyExA 77DA7852 6 Bytes JMP 70F9000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!RegOpenKeyW 77DA7946 6 Bytes JMP 70FC000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!OpenProcessToken 77DA798B 6 Bytes JMP 709C000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!RegQueryValueExA 77DA7ABB 6 Bytes JMP 70E7000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!RegSetValueExW 77DAD747 6 Bytes JMP 70F0000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!RegQueryValueW 77DAD85A 6 Bytes JMP 70EA000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 6 Bytes JMP 710B000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!RegSetValueExA 77DAEAC7 6 Bytes JMP 70F3000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 6 Bytes JMP 70FF000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!AdjustTokenPrivileges 77DAEFEC 6 Bytes JMP 7093000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!RegDeleteKeyA 77DB4288 6 Bytes JMP 706F000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!RegDeleteKeyW 77DB5583 6 Bytes JMP 706C000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!OpenSCManagerW 77DB6F3D 6 Bytes JMP 70CC000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!OpenSCManagerA 77DC6996 6 Bytes JMP 70CF000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!LookupPrivilegeValueW 77DCB8C7 6 Bytes JMP 7096000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 6 Bytes JMP 7102000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!RegQueryValueA 77DCBB75 4 Bytes JMP EC001E25
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!RegQueryValueA + 5 77DCBB7A 1 Byte [70]
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 6 Bytes JMP 7105000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!LookupPrivilegeValueA 77DCC220 6 Bytes JMP 7099000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!LsaRemoveAccountRights 77DEAB91 6 Bytes JMP 7168000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!CreateServiceA 77E07359 6 Bytes JMP 7120000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!CreateServiceW 77E074F1 6 Bytes JMP 711D000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] USER32.dll!SetWindowTextW 7E36BC36 6 Bytes JMP 7066000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 7132000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] USER32.dll!GetWindowTextW 7E36CDB6 6 Bytes JMP 70C6000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] USER32.dll!DrawTextW 7E36D7C2 6 Bytes JMP 707E000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] USER32.dll!ShowWindow 7E36D8A4 3 Bytes [FF, 25, 1E]
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] USER32.dll!ShowWindow + 4 7E36D8A8 2 Bytes [C2, 70]
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E]
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [2B, 71]
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 712F000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] USER32.dll!CreateWindowExW 7E36FC25 6 Bytes JMP 7078000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] USER32.dll!CreateWindowExA 7E36FF33 6 Bytes JMP 707B000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 7156000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] USER32.dll!SetWindowTextA 7E37F52B 6 Bytes JMP 7069000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 7159000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] USER32.dll!SetWinEventHook 7E3817B7 6 Bytes JMP 711A000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] USER32.dll!GetWindowTextA 7E38212B 6 Bytes JMP 70C9000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] USER32.dll!DrawTextA 7E38C6CA 6 Bytes JMP 7081000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] USER32.dll!DdeConnect 7E3A7F93 6 Bytes JMP 7129000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] USER32.dll!EndTask 7E3A9E75 6 Bytes JMP 713E000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] USER32.dll!RegisterRawInputDevices 7E3BCBD4 3 Bytes [FF, 25, 1E]
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] USER32.dll!RegisterRawInputDevices + 4 7E3BCBD8 2 Bytes [16, 71]
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] SHELL32.dll!ShellExecuteExW 7E6B25D3 6 Bytes JMP 7144000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] SHELL32.dll!Shell_NotifyIcon 7E6D18BE 6 Bytes JMP 70B1000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] SHELL32.dll!Shell_NotifyIconW 7E6D62A5 6 Bytes JMP 70AE000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] SHELL32.dll!ShellExecuteEx 7E6F0E95 6 Bytes JMP 7147000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] SHELL32.dll!ShellExecuteA 7E6F11C0 6 Bytes JMP 714D000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] SHELL32.dll!ShellExecuteW 7E7659D0 6 Bytes

Polarbär 29.07.2012 14:39
GMER Teil 7
Zitat:
JMP 714A000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ntdll.dll!NtLoadDriver 7C91D46E 3 Bytes [FF, 25, 1E]
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [22, 71]
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ntdll.dll!NtSuspendProcess 7C91DE2E 3 Bytes [FF, 25, 1E]
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ntdll.dll!NtSuspendProcess + 4 7C91DE32 2 Bytes [3A, 71]
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!DeviceIoControl 7C801629 3 Bytes [FF, 25, 1E]
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!DeviceIoControl + 4 7C80162D 2 Bytes [AA, 70]
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!VirtualAlloc 7C809AA1 6 Bytes JMP 70D5000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!MultiByteToWideChar 7C809C48 6 Bytes JMP 7084000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!LoadResource 7C80A005 6 Bytes JMP 70C0000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!WideCharToMultiByte 7C80A124 6 Bytes JMP 7063000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!GetProcAddress 7C80ADF0 6 Bytes JMP 7114000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!LoadLibraryW 7C80AE9B 6 Bytes JMP 715C000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!CreateMutexW 7C80E907 6 Bytes JMP 708D000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!CreateMutexA 7C80E98F 6 Bytes JMP 7090000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!OpenMutexW 7C80E9E5 6 Bytes JMP 7087000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!OpenMutexA 7C80EA6B 6 Bytes JMP 708A000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!GetVolumeInformationW 7C80FA35 6 Bytes JMP 710E000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!CreateRemoteThread 7C81047C 3 Bytes [FF, 25, 1E]
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!CreateRemoteThread + 4 7C810480 2 Bytes [6D, 71]
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!CreateThread 7C810687 6 Bytes JMP 70D8000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!CreateFileW 7C8107B0 6 Bytes JMP 70E1000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!WriteFile 7C810DD7 6 Bytes JMP 70A2000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!TerminateThread 7C81CAEB 6 Bytes JMP 7138000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!MoveFileW 7C821211 6 Bytes JMP 705D000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!CreateDirectoryA 7C82175C 6 Bytes JMP 70A8000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!GetVolumeInformationA 7C821B55 6 Bytes JMP 7111000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!CopyFileExW 7C827AE2 6 Bytes JMP 70B4000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!CopyFileA 7C82869E 6 Bytes JMP 70BD000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!CopyFileW 7C82F82B 6 Bytes JMP 70BA000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!OpenProcess 7C830999 6 Bytes JMP 7054000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!DeleteFileA 7C831E8D 6 Bytes JMP 7075000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!DeleteFileW 7C831F13 6 Bytes JMP 7072000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!CreateDirectoryW 7C8323B2 6 Bytes JMP 70A5000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!MoveFileExW 7C83563B 6 Bytes JMP 7057000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!MoveFileA 7C835E6F 6 Bytes JMP 7060000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!DebugActiveProcess 7C85AF93 6 Bytes JMP 7135000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!MoveFileExA 7C85E333 6 Bytes JMP 705A000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!CopyFileExA 7C85F234 6 Bytes JMP 70B7000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!WinExec 7C8622B5 6 Bytes JMP 7141000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!SetThreadContext 7C8639B1 6 Bytes JMP 709F000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!CreateToolhelp32Snapshot 7C865A27 6 Bytes JMP 70DB000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 6 Bytes JMP 70F6000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!RegQueryValueExW 77DA6FFF 6 Bytes JMP 70E4000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!RegCreateKeyExW 77DA776C 6 Bytes JMP 7108000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!RegOpenKeyExA 77DA7852 6 Bytes JMP 70F9000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!RegOpenKeyW 77DA7946 6 Bytes JMP 70FC000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!OpenProcessToken 77DA798B 6 Bytes JMP 709C000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!RegQueryValueExA 77DA7ABB 6 Bytes JMP 70E7000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!RegSetValueExW 77DAD747 6 Bytes JMP 70F0000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!RegQueryValueW 77DAD85A 6 Bytes JMP 70EA000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 6 Bytes JMP 710B000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!RegSetValueExA 77DAEAC7 6 Bytes JMP 70F3000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 6 Bytes JMP 70FF000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!AdjustTokenPrivileges 77DAEFEC 6 Bytes JMP 7093000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!RegDeleteKeyA 77DB4288 6 Bytes JMP 706F000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!RegDeleteKeyW 77DB5583 6 Bytes JMP 706C000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!OpenSCManagerW 77DB6F3D 6 Bytes JMP 70CC000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!OpenSCManagerA 77DC6996 6 Bytes JMP 70CF000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!LookupPrivilegeValueW 77DCB8C7 6 Bytes JMP 7096000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 6 Bytes JMP 7102000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!RegQueryValueA 77DCBB75 4 Bytes JMP EC001E25
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!RegQueryValueA + 5 77DCBB7A 1 Byte [70]
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 6 Bytes JMP 7105000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!LookupPrivilegeValueA 77DCC220 6 Bytes JMP 7099000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!LsaRemoveAccountRights 77DEAB91 6 Bytes JMP 7168000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!CreateServiceA 77E07359 6 Bytes JMP 7120000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!CreateServiceW 77E074F1 6 Bytes JMP 711D000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] USER32.dll!SetWindowTextW 7E36BC36 6 Bytes JMP 7066000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 7132000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] USER32.dll!GetWindowTextW 7E36CDB6 6 Bytes JMP 70C6000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] USER32.dll!DrawTextW 7E36D7C2 6 Bytes JMP 707E000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] USER32.dll!ShowWindow 7E36D8A4 3 Bytes [FF, 25, 1E]
.text C:\Programme\RALINK\Common\RaUI.exe[1708] USER32.dll!ShowWindow + 4 7E36D8A8 2 Bytes [C2, 70]
.text C:\Programme\RALINK\Common\RaUI.exe[1708] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E]
.text C:\Programme\RALINK\Common\RaUI.exe[1708] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [2B, 71]
.text C:\Programme\RALINK\Common\RaUI.exe[1708] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 712F000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] USER32.dll!CreateWindowExW 7E36FC25 6 Bytes JMP 7078000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] USER32.dll!CreateWindowExA 7E36FF33 6 Bytes JMP 707B000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 7156000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] USER32.dll!SetWindowTextA 7E37F52B 6 Bytes JMP 7069000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 7159000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] USER32.dll!SetWinEventHook 7E3817B7 6 Bytes JMP 711A000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] USER32.dll!GetWindowTextA 7E38212B 6 Bytes JMP 70C9000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] USER32.dll!DrawTextA 7E38C6CA 6 Bytes JMP 7081000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] USER32.dll!DdeConnect 7E3A7F93 6 Bytes JMP 7129000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] USER32.dll!EndTask 7E3A9E75 6 Bytes JMP 713E000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] USER32.dll!RegisterRawInputDevices 7E3BCBD4 3 Bytes [FF, 25, 1E]
.text C:\Programme\RALINK\Common\RaUI.exe[1708] USER32.dll!RegisterRawInputDevices + 4 7E3BCBD8 2 Bytes [16, 71]
.text C:\Programme\RALINK\Common\RaUI.exe[1708] SHELL32.dll!ShellExecuteExW 7E6B25D3 6 Bytes JMP 7144000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] SHELL32.dll!Shell_NotifyIcon 7E6D18BE 6 Bytes JMP 70B1000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] SHELL32.dll!Shell_NotifyIconW 7E6D62A5 6 Bytes JMP 70AE000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] SHELL32.dll!ShellExecuteEx 7E6F0E95 6 Bytes JMP 7147000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] SHELL32.dll!ShellExecuteA 7E6F11C0 6 Bytes JMP 714D000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] SHELL32.dll!ShellExecuteW 7E7659D0 6 Bytes JMP 714A000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ntdll.dll!NtLoadDriver 7C91D46E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [22, 71]
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ntdll.dll!NtSuspendProcess 7C91DE2E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ntdll.dll!NtSuspendProcess + 4 7C91DE32 2 Bytes [3A, 71]
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!DeviceIoControl 7C801629 3 Bytes [FF, 25, 1E]
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!DeviceIoControl + 4 7C80162D 2 Bytes [AA, 70]
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!VirtualAlloc 7C809AA1 6 Bytes JMP 70D5000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!MultiByteToWideChar 7C809C48 6 Bytes JMP 7084000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!LoadResource 7C80A005 6 Bytes JMP 70C0000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!WideCharToMultiByte 7C80A124 6 Bytes JMP 7063000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!GetProcAddress 7C80ADF0 6 Bytes JMP 7114000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!LoadLibraryW 7C80AE9B 6 Bytes JMP 715C000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!CreateMutexW 7C80E907 6 Bytes JMP 708D000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!CreateMutexA 7C80E98F 6 Bytes JMP 7090000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!OpenMutexW 7C80E9E5 6 Bytes JMP 7087000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!OpenMutexA 7C80EA6B 6 Bytes JMP 708A000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!GetVolumeInformationW 7C80FA35 6 Bytes JMP 710E000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!CreateRemoteThread 7C81047C 3 Bytes [FF, 25, 1E]
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!CreateRemoteThread + 4 7C810480 2 Bytes [6D, 71]
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!CreateThread 7C810687 6 Bytes JMP 70D8000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!CreateFileW 7C8107B0 6 Bytes JMP 70E1000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!WriteFile 7C810DD7 6 Bytes JMP 70A2000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!TerminateThread 7C81CAEB 6 Bytes JMP 7138000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!MoveFileW 7C821211 6 Bytes JMP 705D000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!CreateDirectoryA 7C82175C 6 Bytes JMP 70A8000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!GetVolumeInformationA 7C821B55 6 Bytes JMP 7111000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!CopyFileExW 7C827AE2 6 Bytes JMP 70B4000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!CopyFileA 7C82869E 6 Bytes JMP 70BD000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!CopyFileW 7C82F82B 6 Bytes JMP 70BA000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!OpenProcess 7C830999 6 Bytes JMP 7054000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!DeleteFileA 7C831E8D 6 Bytes JMP 7075000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!DeleteFileW 7C831F13 6 Bytes JMP 7072000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!CreateDirectoryW 7C8323B2 6 Bytes JMP 70A5000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!MoveFileExW 7C83563B 6 Bytes JMP 7057000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!MoveFileA 7C835E6F 6 Bytes JMP 7060000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!DebugActiveProcess 7C85AF93 6 Bytes JMP 7135000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!MoveFileExA 7C85E333 6 Bytes JMP 705A000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!CopyFileExA 7C85F234 6 Bytes JMP 70B7000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!WinExec 7C8622B5 6 Bytes JMP 7141000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!SetThreadContext 7C8639B1 6 Bytes JMP 709F000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!CreateToolhelp32Snapshot 7C865A27 6 Bytes JMP 70DB000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] USER32.dll!SetWindowTextW 7E36BC36 6 Bytes JMP 7066000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 7132000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] USER32.dll!GetWindowTextW 7E36CDB6 6 Bytes JMP 70C6000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] USER32.dll!DrawTextW 7E36D7C2 6 Bytes JMP 707E000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] USER32.dll!ShowWindow 7E36D8A4 3 Bytes [FF, 25, 1E]
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] USER32.dll!ShowWindow + 4 7E36D8A8 2 Bytes [C2, 70]
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E]
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [2B, 71]
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 712F000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] USER32.dll!CreateWindowExW 7E36FC25 6 Bytes JMP 7078000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] USER32.dll!CreateWindowExA 7E36FF33 6 Bytes JMP 707B000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 7156000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] USER32.dll!SetWindowTextA 7E37F52B 6 Bytes JMP 7069000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 7159000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] USER32.dll!SetWinEventHook 7E3817B7 6 Bytes JMP 711A000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] USER32.dll!GetWindowTextA 7E38212B 6 Bytes JMP 70C9000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] USER32.dll!DrawTextA 7E38C6CA 6 Bytes JMP 7081000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] USER32.dll!DdeConnect 7E3A7F93 6 Bytes JMP 7129000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] USER32.dll!EndTask 7E3A9E75 6 Bytes JMP 713E000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] USER32.dll!RegisterRawInputDevices 7E3BCBD4 3 Bytes [FF, 25, 1E]
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] USER32.dll!RegisterRawInputDevices + 4 7E3BCBD8 2 Bytes [16, 71]
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 6 Bytes JMP 70F6000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!RegQueryValueExW 77DA6FFF 6 Bytes JMP 70E4000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!RegCreateKeyExW 77DA776C 6 Bytes JMP 7108000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!RegOpenKeyExA 77DA7852 6 Bytes JMP 70F9000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!RegOpenKeyW 77DA7946 6 Bytes JMP 70FC000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!OpenProcessToken 77DA798B 6 Bytes JMP 709C000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!RegQueryValueExA 77DA7ABB 6 Bytes JMP 70E7000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!RegSetValueExW 77DAD747 6 Bytes JMP 70F0000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!RegQueryValueW 77DAD85A 6 Bytes JMP 70EA000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 6 Bytes JMP 710B000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!RegSetValueExA 77DAEAC7 6 Bytes JMP 70F3000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 6 Bytes JMP 70FF000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!AdjustTokenPrivileges 77DAEFEC 6 Bytes JMP 7093000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!RegDeleteKeyA 77DB4288 6 Bytes JMP 706F000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!RegDeleteKeyW 77DB5583 6 Bytes JMP 706C000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!OpenSCManagerW 77DB6F3D 6 Bytes JMP 70CC000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!OpenSCManagerA 77DC6996 6 Bytes JMP 70CF000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!LookupPrivilegeValueW 77DCB8C7 6 Bytes JMP 7096000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 6 Bytes JMP 7102000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!RegQueryValueA 77DCBB75 4 Bytes JMP EC001E25
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!RegQueryValueA + 5 77DCBB7A 1 Byte [70]
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 6 Bytes JMP 7105000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!LookupPrivilegeValueA 77DCC220 6 Bytes JMP 7099000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!LsaRemoveAccountRights 77DEAB91 6 Bytes JMP 7168000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!CreateServiceA 77E07359 6 Bytes JMP 7120000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!CreateServiceW 77E074F1 6 Bytes JMP 711D000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] SHELL32.dll!ShellExecuteExW 7E6B25D3 6 Bytes JMP 7144000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] SHELL32.dll!Shell_NotifyIcon 7E6D18BE 6 Bytes JMP 70B1000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] SHELL32.dll!Shell_NotifyIconW 7E6D62A5 6 Bytes JMP 70AE000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] SHELL32.dll!ShellExecuteEx 7E6F0E95 6 Bytes JMP 7147000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] SHELL32.dll!ShellExecuteA 7E6F11C0 6 Bytes JMP 714D000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] SHELL32.dll!ShellExecuteW 7E7659D0 6 Bytes JMP 714A000A
.text C:\Programme\Alwil Software\Avast5\AvastSvc.exe[1908] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\Programme\Alwil Software\Avast5\AvastSvc.exe[1908] kernel32.dll!SetUnhandledExceptionFilter 7C844915 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Programme\Alwil Software\Avast5\AvastSvc.exe[1908] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ntdll.dll!NtLoadDriver 7C91D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ntdll.dll!NtSuspendProcess 7C91DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ntdll.dll!NtSuspendProcess + 4 7C91DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!DeviceIoControl 7C801629 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!DeviceIoControl + 4 7C80162D 2 Bytes [AA, 70]
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!VirtualAlloc 7C809AA1 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!MultiByteToWideChar 7C809C48 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!LoadResource 7C80A005 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!WideCharToMultiByte 7C80A124 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!GetProcAddress 7C80ADF0 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!LoadLibraryW 7C80AE9B 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!CreateMutexW 7C80E907 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!CreateMutexA 7C80E98F 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!OpenMutexW 7C80E9E5 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!OpenMutexA 7C80EA6B 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!GetVolumeInformationW 7C80FA35 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!CreateRemoteThread 7C81047C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!CreateRemoteThread + 4 7C810480 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!CreateThread 7C810687 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!CreateFileW 7C8107B0 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!WriteFile 7C810DD7 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!TerminateThread 7C81CAEB 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!MoveFileW 7C821211 6 Bytes JMP 705D000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!CreateDirectoryA 7C82175C 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!GetVolumeInformationA 7C821B55 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!CopyFileExW 7C827AE2 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!CopyFileA 7C82869E 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!CopyFileW 7C82F82B 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!OpenProcess 7C830999 6 Bytes JMP 7054000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!DeleteFileA 7C831E8D 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!DeleteFileW 7C831F13 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!CreateDirectoryW 7C8323B2 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!MoveFileExW 7C83563B 6 Bytes JMP 7057000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!MoveFileA 7C835E6F 6 Bytes JMP 7060000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!DebugActiveProcess 7C85AF93 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!MoveFileExA 7C85E333 6 Bytes JMP 705A000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!CopyFileExA 7C85F234 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!WinExec 7C8622B5 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!SetThreadContext 7C8639B1 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!CreateToolhelp32Snapshot 7C865A27 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!SetWindowTextW 7E36BC36 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!GetWindowTextW 7E36CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!DrawTextW 7E36D7C2 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!ShowWindow 7E36D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!ShowWindow + 4 7E36D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!CreateWindowExW 7E36FC25 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!CreateWindowExA 7E36FF33 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!SetWindowTextA 7E37F52B 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!SetWinEventHook 7E3817B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!GetWindowTextA 7E38212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!DrawTextA 7E38C6CA 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!DdeConnect 7E3A7F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!EndTask 7E3A9E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!RegisterRawInputDevices 7E3BCBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!RegisterRawInputDevices + 4 7E3BCBD8 2 Bytes [16, 71]
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!RegQueryValueExW 77DA6FFF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!RegCreateKeyExW 77DA776C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!RegOpenKeyExA 77DA7852 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!RegOpenKeyW 77DA7946 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!OpenProcessToken 77DA798B 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!RegQueryValueExA 77DA7ABB 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!RegSetValueExW 77DAD747 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!RegQueryValueW 77DAD85A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!RegSetValueExA 77DAEAC7 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!AdjustTokenPrivileges 77DAEFEC 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!RegDeleteKeyA 77DB4288 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!RegDeleteKeyW 77DB5583 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!OpenSCManagerW 77DB6F3D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!OpenSCManagerA 77DC6996 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!LookupPrivilegeValueW 77DCB8C7 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!RegQueryValueA 77DCBB75 4 Bytes JMP EC001E25
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!RegQueryValueA + 5 77DCBB7A 1 Byte [70]
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!LookupPrivilegeValueA 77DCC220 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!LsaRemoveAccountRights 77DEAB91 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!CreateServiceA 77E07359 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!CreateServiceW 77E074F1 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] SHELL32.dll!ShellExecuteExW 7E6B25D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] SHELL32.dll!Shell_NotifyIcon 7E6D18BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] SHELL32.dll!Shell_NotifyIconW 7E6D62A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] SHELL32.dll!ShellExecuteEx 7E6F0E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] SHELL32.dll!ShellExecuteA 7E6F11C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] SHELL32.dll!ShellExecuteW 7E7659D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ntdll.dll!NtLoadDriver 7C91D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[2028] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\spoolsv.exe[2028] ntdll.dll!NtSuspendProcess 7C91DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[2028] ntdll.dll!NtSuspendProcess + 4 7C91DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\spoolsv.exe[2028] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!DeviceIoControl 7C801629 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!DeviceIoControl + 4 7C80162D 2 Bytes [AA, 70]
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!VirtualAlloc 7C809AA1 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!MultiByteToWideChar 7C809C48 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!LoadResource 7C80A005 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!WideCharToMultiByte 7C80A124 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!GetProcAddress 7C80ADF0 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!LoadLibraryW 7C80AE9B 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!CreateMutexW 7C80E907 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!CreateMutexA 7C80E98F 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!OpenMutexW 7C80E9E5 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!OpenMutexA 7C80EA6B 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!GetVolumeInformationW 7C80FA35 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!CreateRemoteThread 7C81047C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!CreateRemoteThread + 4 7C810480 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!CreateThread 7C810687 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!CreateFileW 7C8107B0 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!WriteFile 7C810DD7 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!TerminateThread 7C81CAEB 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!MoveFileW 7C821211 6 Bytes JMP 705D000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!CreateDirectoryA 7C82175C 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!GetVolumeInformationA 7C821B55 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!CopyFileExW 7C827AE2 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!CopyFileA 7C82869E 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!CopyFileW 7C82F82B 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!OpenProcess 7C830999 6 Bytes JMP 7054000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!DeleteFileA 7C831E8D 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!DeleteFileW 7C831F13 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!CreateDirectoryW 7C8323B2 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!MoveFileExW 7C83563B 6 Bytes JMP 7057000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!MoveFileA 7C835E6F 6 Bytes JMP 7060000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!DebugActiveProcess 7C85AF93 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!MoveFileExA 7C85E333 6 Bytes JMP 705A000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!CopyFileExA 7C85F234 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!WinExec 7C8622B5 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!SetThreadContext 7C8639B1 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!CreateToolhelp32Snapshot 7C865A27 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!RegQueryValueExW 77DA6FFF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!RegCreateKeyExW 77DA776C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!RegOpenKeyExA 77DA7852 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!RegOpenKeyW 77DA7946 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!OpenProcessToken 77DA798B 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!RegQueryValueExA 77DA7ABB 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!RegSetValueExW 77DAD747 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!RegQueryValueW 77DAD85A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!RegSetValueExA 77DAEAC7 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!AdjustTokenPrivileges 77DAEFEC 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!RegDeleteKeyA 77DB4288 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!RegDeleteKeyW 77DB5583 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!OpenSCManagerW 77DB6F3D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!OpenSCManagerA 77DC6996 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!LookupPrivilegeValueW 77DCB8C7 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!RegQueryValueA 77DCBB75 4 Bytes JMP EC001E25
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!RegQueryValueA + 5 77DCBB7A 1 Byte [70]
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!LookupPrivilegeValueA 77DCC220 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!LsaRemoveAccountRights 77DEAB91 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!CreateServiceA 77E07359 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!CreateServiceW 77E074F1 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!SetWindowTextW 7E36BC36 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!GetWindowTextW 7E36CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!DrawTextW 7E36D7C2 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!ShowWindow 7E36D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!ShowWindow + 4 7E36D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!CreateWindowExW 7E36FC25 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!CreateWindowExA 7E36FF33 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!SetWindowTextA 7E37F52B 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!SetWinEventHook 7E3817B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!GetWindowTextA 7E38212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!DrawTextA 7E38C6CA 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!DdeConnect 7E3A7F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!EndTask 7E3A9E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!RegisterRawInputDevices 7E3BCBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!RegisterRawInputDevices + 4 7E3BCBD8 2 Bytes [16, 71]
.text C:\WINDOWS\system32\spoolsv.exe[2028] SHELL32.dll!ShellExecuteExW 7E6B25D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] SHELL32.dll!Shell_NotifyIcon 7E6D18BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] SHELL32.dll!Shell_NotifyIconW 7E6D62A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] SHELL32.dll!ShellExecuteEx 7E6F0E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] SHELL32.dll!ShellExecuteA 7E6F11C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] SHELL32.dll!ShellExecuteW 7E7659D0 6 Bytes JMP 714A000A

Polarbär 29.07.2012 14:40
GMER Teil 8
Zitat:
.text C:\Programme\ThreatFire\TFService.exe[2128] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\Programme\ThreatFire\TFService.exe[2128] kernel32.dll!CreateRemoteThread + 174 7C8105F0 4 Bytes JMP 716F0000
.text C:\Programme\ThreatFire\TFService.exe[2128] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ntdll.dll!NtLoadDriver 7C91D46E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [22, 71]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ntdll.dll!NtSuspendProcess 7C91DE2E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ntdll.dll!NtSuspendProcess + 4 7C91DE32 2 Bytes [3A, 71]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!DeviceIoControl 7C801629 3 Bytes [FF, 25, 1E]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!DeviceIoControl + 4 7C80162D 2 Bytes [AA, 70]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!VirtualAlloc 7C809AA1 6 Bytes JMP 70D5000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!MultiByteToWideChar 7C809C48 6 Bytes JMP 707E000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!LoadResource 7C80A005 6 Bytes JMP 70C0000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!WideCharToMultiByte 7C80A124 6 Bytes JMP 705D000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!GetProcAddress 7C80ADF0 6 Bytes JMP 7114000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!LoadLibraryW 7C80AE9B 6 Bytes JMP 715C000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!CreateMutexW 7C80E907 6 Bytes JMP 7087000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!CreateMutexA 7C80E98F 6 Bytes JMP 708A000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!OpenMutexW 7C80E9E5 6 Bytes JMP 7081000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!OpenMutexA 7C80EA6B 6 Bytes JMP 7084000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!GetVolumeInformationW 7C80FA35 6 Bytes JMP 710E000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!CreateRemoteThread 7C81047C 3 Bytes [FF, 25, 1E]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!CreateRemoteThread + 4 7C810480 2 Bytes [6D, 71]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!CreateThread 7C810687 6 Bytes JMP 70D8000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!CreateFileW 7C8107B0 6 Bytes JMP 70E1000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!WriteFile 7C810DD7 6 Bytes JMP 709C000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!TerminateThread 7C81CAEB 6 Bytes JMP 7138000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!MoveFileW 7C821211 6 Bytes JMP 7057000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!CreateDirectoryA 7C82175C 6 Bytes JMP 70A2000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!GetVolumeInformationA 7C821B55 6 Bytes JMP 7111000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!CopyFileExW 7C827AE2 6 Bytes JMP 70B4000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!CopyFileA 7C82869E 6 Bytes JMP 70BD000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!CopyFileW 7C82F82B 6 Bytes JMP 70BA000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!OpenProcess 7C830999 6 Bytes JMP 704E000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!DeleteFileA 7C831E8D 6 Bytes JMP 706F000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!DeleteFileW 7C831F13 6 Bytes JMP 706C000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!CreateDirectoryW 7C8323B2 6 Bytes JMP 709F000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!MoveFileExW 7C83563B 6 Bytes JMP 7051000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!MoveFileA 7C835E6F 6 Bytes JMP 705A000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!DebugActiveProcess 7C85AF93 6 Bytes JMP 7135000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!MoveFileExA 7C85E333 6 Bytes JMP 7054000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!CopyFileExA 7C85F234 6 Bytes JMP 70B7000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!WinExec 7C8622B5 6 Bytes JMP 7141000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!SetThreadContext 7C8639B1 6 Bytes JMP 7099000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!CreateToolhelp32Snapshot 7C865A27 6 Bytes JMP 70DB000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 6 Bytes JMP 70F6000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!RegQueryValueExW 77DA6FFF 6 Bytes JMP 70E4000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!RegCreateKeyExW 77DA776C 6 Bytes JMP 7108000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!RegOpenKeyExA 77DA7852 6 Bytes JMP 70F9000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!RegOpenKeyW 77DA7946 6 Bytes JMP 70FC000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!OpenProcessToken 77DA798B 6 Bytes JMP 7096000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!RegQueryValueExA 77DA7ABB 6 Bytes JMP 70E7000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!RegSetValueExW 77DAD747 6 Bytes JMP 70F0000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!RegQueryValueW 77DAD85A 6 Bytes JMP 70EA000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 6 Bytes JMP 710B000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!RegSetValueExA 77DAEAC7 6 Bytes JMP 70F3000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 6 Bytes JMP 70FF000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!AdjustTokenPrivileges 77DAEFEC 6 Bytes JMP 708D000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!RegDeleteKeyA 77DB4288 6 Bytes JMP 7069000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!RegDeleteKeyW 77DB5583 6 Bytes JMP 7066000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!OpenSCManagerW 77DB6F3D 6 Bytes JMP 70CC000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!OpenSCManagerA 77DC6996 6 Bytes JMP 70CF000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!LookupPrivilegeValueW 77DCB8C7 6 Bytes JMP 7090000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 6 Bytes JMP 7102000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!RegQueryValueA 77DCBB75 4 Bytes JMP EC001E25
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!RegQueryValueA + 5 77DCBB7A 1 Byte [70]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 6 Bytes JMP 7105000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!LookupPrivilegeValueA 77DCC220 6 Bytes JMP 7093000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!LsaRemoveAccountRights 77DEAB91 6 Bytes JMP 7168000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!CreateServiceA 77E07359 6 Bytes JMP 7120000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!CreateServiceW 77E074F1 6 Bytes JMP 711D000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] USER32.dll!SetWindowTextW 7E36BC36 6 Bytes JMP 7060000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 7132000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] USER32.dll!GetWindowTextW 7E36CDB6 6 Bytes JMP 70C6000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] USER32.dll!DrawTextW 7E36D7C2 6 Bytes JMP 7078000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] USER32.dll!ShowWindow 7E36D8A4 3 Bytes [FF, 25, 1E]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] USER32.dll!ShowWindow + 4 7E36D8A8 2 Bytes [C2, 70]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [2B, 71]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 712F000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] USER32.dll!CreateWindowExW 7E36FC25 6 Bytes JMP 7072000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] USER32.dll!CreateWindowExA 7E36FF33 6 Bytes JMP 7075000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 7156000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] USER32.dll!SetWindowTextA 7E37F52B 6 Bytes JMP 7063000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 7159000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] USER32.dll!SetWinEventHook 7E3817B7 6 Bytes JMP 711A000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] USER32.dll!GetWindowTextA 7E38212B 6 Bytes JMP 70C9000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] USER32.dll!DrawTextA 7E38C6CA 6 Bytes JMP 707B000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] USER32.dll!DdeConnect 7E3A7F93 6 Bytes JMP 7129000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] USER32.dll!EndTask 7E3A9E75 6 Bytes JMP 713E000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] USER32.dll!RegisterRawInputDevices 7E3BCBD4 3 Bytes [FF, 25, 1E]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] USER32.dll!RegisterRawInputDevices + 4 7E3BCBD8 2 Bytes [16, 71]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] shell32.dll!ShellExecuteExW 7E6B25D3 6 Bytes JMP 7144000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] shell32.dll!Shell_NotifyIcon 7E6D18BE 6 Bytes JMP 70B1000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] shell32.dll!Shell_NotifyIconW 7E6D62A5 6 Bytes JMP 70AE000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] shell32.dll!ShellExecuteEx 7E6F0E95 6 Bytes JMP 7147000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] shell32.dll!ShellExecuteA 7E6F11C0 6 Bytes JMP 714D000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] shell32.dll!ShellExecuteW 7E7659D0 6 Bytes JMP 714A000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] wininet.dll!InternetConnectA 408CDEAE 6 Bytes JMP 704B000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] wininet.dll!InternetOpenUrlA 408DF3A4 6 Bytes JMP 70A8000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] wininet.dll!InternetOpenUrlW 40926DDF 6 Bytes JMP 70A5000A
.text C:\WINDOWS\System32\alg.exe[2544] ntdll.dll!NtLoadDriver 7C91D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2544] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [22, 71]
.text C:\WINDOWS\System32\alg.exe[2544] ntdll.dll!NtSuspendProcess 7C91DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2544] ntdll.dll!NtSuspendProcess + 4 7C91DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\System32\alg.exe[2544] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!DeviceIoControl 7C801629 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!DeviceIoControl + 4 7C80162D 2 Bytes [AA, 70]
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!VirtualAlloc 7C809AA1 6 Bytes JMP 70D5000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!MultiByteToWideChar 7C809C48 6 Bytes JMP 7084000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!LoadResource 7C80A005 6 Bytes JMP 70C0000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!WideCharToMultiByte 7C80A124 6 Bytes JMP 7063000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!GetProcAddress 7C80ADF0 6 Bytes JMP 7114000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!LoadLibraryW 7C80AE9B 6 Bytes JMP 715C000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!CreateMutexW 7C80E907 6 Bytes JMP 708D000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!CreateMutexA 7C80E98F 6 Bytes JMP 7090000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!OpenMutexW 7C80E9E5 6 Bytes JMP 7087000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!OpenMutexA 7C80EA6B 6 Bytes JMP 708A000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!GetVolumeInformationW 7C80FA35 6 Bytes JMP 710E000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!CreateRemoteThread 7C81047C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!CreateRemoteThread + 4 7C810480 2 Bytes [6D, 71]
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!CreateThread 7C810687 6 Bytes JMP 70D8000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!CreateFileW 7C8107B0 6 Bytes JMP 70E1000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!WriteFile 7C810DD7 6 Bytes JMP 70A2000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!TerminateThread 7C81CAEB 6 Bytes JMP 7138000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!MoveFileW 7C821211 6 Bytes JMP 705D000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!CreateDirectoryA 7C82175C 6 Bytes JMP 70A8000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!GetVolumeInformationA 7C821B55 6 Bytes JMP 7111000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!CopyFileExW 7C827AE2 6 Bytes JMP 70B4000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!CopyFileA 7C82869E 6 Bytes JMP 70BD000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!CopyFileW 7C82F82B 6 Bytes JMP 70BA000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!OpenProcess 7C830999 6 Bytes JMP 7054000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!DeleteFileA 7C831E8D 6 Bytes JMP 7075000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!DeleteFileW 7C831F13 6 Bytes JMP 7072000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!CreateDirectoryW 7C8323B2 6 Bytes JMP 70A5000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!MoveFileExW 7C83563B 6 Bytes JMP 7057000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!MoveFileA 7C835E6F 6 Bytes JMP 7060000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!DebugActiveProcess 7C85AF93 6 Bytes JMP 7135000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!MoveFileExA 7C85E333 6 Bytes JMP 705A000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!CopyFileExA 7C85F234 6 Bytes JMP 70B7000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!WinExec 7C8622B5 6 Bytes JMP 7141000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!SetThreadContext 7C8639B1 6 Bytes JMP 709F000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!CreateToolhelp32Snapshot 7C865A27 6 Bytes JMP 70DB000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2544] USER32.dll!SetWindowTextW 7E36BC36 6 Bytes JMP 7066000A
.text C:\WINDOWS\System32\alg.exe[2544] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\System32\alg.exe[2544] USER32.dll!GetWindowTextW 7E36CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\System32\alg.exe[2544] USER32.dll!DrawTextW 7E36D7C2 6 Bytes JMP 707E000A
.text C:\WINDOWS\System32\alg.exe[2544] USER32.dll!ShowWindow 7E36D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2544] USER32.dll!ShowWindow + 4 7E36D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\System32\alg.exe[2544] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2544] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\System32\alg.exe[2544] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\System32\alg.exe[2544] USER32.dll!CreateWindowExW 7E36FC25 6 Bytes JMP 7078000A
.text C:\WINDOWS\System32\alg.exe[2544] USER32.dll!CreateWindowExA 7E36FF33 6 Bytes JMP 707B000A
.text C:\WINDOWS\System32\alg.exe[2544] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\System32\alg.exe[2544] USER32.dll!SetWindowTextA 7E37F52B 6 Bytes JMP 7069000A
.text C:\WINDOWS\System32\alg.exe[2544] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\System32\alg.exe[2544] USER32.dll!SetWinEventHook 7E3817B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\System32\alg.exe[2544] USER32.dll!GetWindowTextA 7E38212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\System32\alg.exe[2544] USER32.dll!DrawTextA 7E38C6CA 6 Bytes JMP 7081000A
.text C:\WINDOWS\System32\alg.exe[2544] USER32.dll!DdeConnect 7E3A7F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\System32\alg.exe[2544] USER32.dll!EndTask 7E3A9E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\System32\alg.exe[2544] USER32.dll!RegisterRawInputDevices 7E3BCBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2544] USER32.dll!RegisterRawInputDevices + 4 7E3BCBD8 2 Bytes [16, 71]
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 6 Bytes JMP 70F6000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!RegQueryValueExW 77DA6FFF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!RegCreateKeyExW 77DA776C 6 Bytes JMP 7108000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!RegOpenKeyExA 77DA7852 6 Bytes JMP 70F9000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!RegOpenKeyW 77DA7946 6 Bytes JMP 70FC000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!OpenProcessToken 77DA798B 6 Bytes JMP 709C000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!RegQueryValueExA 77DA7ABB 6 Bytes JMP 70E7000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!RegSetValueExW 77DAD747 6 Bytes JMP 70F0000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!RegQueryValueW 77DAD85A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 6 Bytes JMP 710B000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!RegSetValueExA 77DAEAC7 6 Bytes JMP 70F3000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 6 Bytes JMP 70FF000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!AdjustTokenPrivileges 77DAEFEC 6 Bytes JMP 7093000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!RegDeleteKeyA 77DB4288 6 Bytes JMP 706F000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!RegDeleteKeyW 77DB5583 6 Bytes JMP 706C000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!OpenSCManagerW 77DB6F3D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!OpenSCManagerA 77DC6996 6 Bytes JMP 70CF000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!LookupPrivilegeValueW 77DCB8C7 6 Bytes JMP 7096000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 6 Bytes JMP 7102000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!RegQueryValueA 77DCBB75 4 Bytes JMP EC001E25
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!RegQueryValueA + 5 77DCBB7A 1 Byte [70]
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 6 Bytes JMP 7105000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!LookupPrivilegeValueA 77DCC220 6 Bytes JMP 7099000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!LsaRemoveAccountRights 77DEAB91 6 Bytes JMP 7168000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!CreateServiceA 77E07359 6 Bytes JMP 7120000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!CreateServiceW 77E074F1 6 Bytes JMP 711D000A
.text C:\WINDOWS\System32\alg.exe[2544] SHELL32.dll!ShellExecuteExW 7E6B25D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\System32\alg.exe[2544] SHELL32.dll!Shell_NotifyIcon 7E6D18BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\System32\alg.exe[2544] SHELL32.dll!Shell_NotifyIconW 7E6D62A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\System32\alg.exe[2544] SHELL32.dll!ShellExecuteEx 7E6F0E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\System32\alg.exe[2544] SHELL32.dll!ShellExecuteA 7E6F11C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\System32\alg.exe[2544] SHELL32.dll!ShellExecuteW 7E7659D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\svchost.exe[3204] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ntdll.dll!NtLoadDriver 7C91D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [22, 71]
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ntdll.dll!NtSuspendProcess 7C91DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ntdll.dll!NtSuspendProcess + 4 7C91DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!DeviceIoControl 7C801629 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!DeviceIoControl + 4 7C80162D 2 Bytes [AA, 70]
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!VirtualAlloc 7C809AA1 6 Bytes JMP 70D5000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!MultiByteToWideChar 7C809C48 6 Bytes JMP 7084000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!LoadResource 7C80A005 6 Bytes JMP 70C0000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!WideCharToMultiByte 7C80A124 6 Bytes JMP 7063000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!GetProcAddress 7C80ADF0 6 Bytes JMP 7114000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!LoadLibraryW 7C80AE9B 6 Bytes JMP 715C000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!CreateMutexW 7C80E907 6 Bytes JMP 708D000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!CreateMutexA 7C80E98F 6 Bytes JMP 7090000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!OpenMutexW 7C80E9E5 6 Bytes JMP 7087000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!OpenMutexA 7C80EA6B 6 Bytes JMP 708A000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!GetVolumeInformationW 7C80FA35 6 Bytes JMP 710E000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!CreateRemoteThread 7C81047C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!CreateRemoteThread + 4 7C810480 2 Bytes [6D, 71]
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!CreateThread 7C810687 6 Bytes JMP 70D8000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!CreateFileW 7C8107B0 6 Bytes JMP 70E1000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!WriteFile 7C810DD7 6 Bytes JMP 70A2000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!TerminateThread 7C81CAEB 6 Bytes JMP 7138000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!MoveFileW 7C821211 6 Bytes JMP 705D000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!CreateDirectoryA 7C82175C 6 Bytes JMP 70A8000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!GetVolumeInformationA 7C821B55 6 Bytes JMP 7111000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!CopyFileExW 7C827AE2 6 Bytes JMP 70B4000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!CopyFileA 7C82869E 6 Bytes JMP 70BD000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!CopyFileW 7C82F82B 6 Bytes JMP 70BA000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!OpenProcess 7C830999 6 Bytes JMP 7054000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!DeleteFileA 7C831E8D 6 Bytes JMP 7075000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!DeleteFileW 7C831F13 6 Bytes JMP 7072000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!CreateDirectoryW 7C8323B2 6 Bytes JMP 70A5000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!MoveFileExW 7C83563B 6 Bytes JMP 7057000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!MoveFileA 7C835E6F 6 Bytes JMP 7060000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!DebugActiveProcess 7C85AF93 6 Bytes JMP 7135000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!MoveFileExA 7C85E333 6 Bytes JMP 705A000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!CopyFileExA 7C85F234 6 Bytes JMP 70B7000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!WinExec 7C8622B5 6 Bytes JMP 7141000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!SetThreadContext 7C8639B1 6 Bytes JMP 709F000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!CreateToolhelp32Snapshot 7C865A27 6 Bytes JMP 70DB000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\WINDOWS\ALCFDRTM.EXE[3548] USER32.dll!SetWindowTextW 7E36BC36 6 Bytes JMP 7066000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] USER32.dll!GetWindowTextW 7E36CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] USER32.dll!DrawTextW 7E36D7C2 6 Bytes JMP 707E000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] USER32.dll!ShowWindow 7E36D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ALCFDRTM.EXE[3548] USER32.dll!ShowWindow + 4 7E36D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\ALCFDRTM.EXE[3548] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ALCFDRTM.EXE[3548] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\ALCFDRTM.EXE[3548] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] USER32.dll!CreateWindowExW 7E36FC25 6 Bytes JMP 7078000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] USER32.dll!CreateWindowExA 7E36FF33 6 Bytes JMP 707B000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] USER32.dll!SetWindowTextA 7E37F52B 6 Bytes JMP 7069000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] USER32.dll!SetWinEventHook 7E3817B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] USER32.dll!GetWindowTextA 7E38212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] USER32.dll!DrawTextA 7E38C6CA 6 Bytes JMP 7081000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] USER32.dll!DdeConnect 7E3A7F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] USER32.dll!EndTask 7E3A9E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] USER32.dll!RegisterRawInputDevices 7E3BCBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ALCFDRTM.EXE[3548] USER32.dll!RegisterRawInputDevices + 4 7E3BCBD8 2 Bytes [16, 71]
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 6 Bytes JMP 70F6000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!RegQueryValueExW 77DA6FFF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!RegCreateKeyExW 77DA776C 6 Bytes JMP 7108000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!RegOpenKeyExA 77DA7852 6 Bytes JMP 70F9000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!RegOpenKeyW 77DA7946 6 Bytes JMP 70FC000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!OpenProcessToken 77DA798B 6 Bytes JMP 709C000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!RegQueryValueExA 77DA7ABB 6 Bytes JMP 70E7000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!RegSetValueExW 77DAD747 6 Bytes JMP 70F0000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!RegQueryValueW 77DAD85A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 6 Bytes JMP 710B000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!RegSetValueExA 77DAEAC7 6 Bytes JMP 70F3000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 6 Bytes JMP 70FF000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!AdjustTokenPrivileges 77DAEFEC 6 Bytes JMP 7093000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!RegDeleteKeyA 77DB4288 6 Bytes JMP 706F000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!RegDeleteKeyW 77DB5583 6 Bytes JMP 706C000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!OpenSCManagerW 77DB6F3D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!OpenSCManagerA 77DC6996 6 Bytes JMP 70CF000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!LookupPrivilegeValueW 77DCB8C7 6 Bytes JMP 7096000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 6 Bytes JMP 7102000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!RegQueryValueA 77DCBB75 4 Bytes JMP EC001E25
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!RegQueryValueA + 5 77DCBB7A 1 Byte [70]
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 6 Bytes JMP 7105000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!LookupPrivilegeValueA 77DCC220 6 Bytes JMP 7099000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!LsaRemoveAccountRights 77DEAB91 6 Bytes JMP 7168000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!CreateServiceA 77E07359 6 Bytes JMP 7120000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!CreateServiceW 77E074F1 6 Bytes JMP 711D000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] SHELL32.dll!ShellExecuteExW 7E6B25D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] SHELL32.dll!Shell_NotifyIcon 7E6D18BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] SHELL32.dll!Shell_NotifyIconW 7E6D62A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] SHELL32.dll!ShellExecuteEx 7E6F0E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] SHELL32.dll!ShellExecuteA 7E6F11C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] SHELL32.dll!ShellExecuteW 7E7659D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ntdll.dll!NtLoadDriver 7C91D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ntdll.dll!NtSuspendProcess 7C91DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ntdll.dll!NtSuspendProcess + 4 7C91DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!DeviceIoControl 7C801629 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!DeviceIoControl + 4 7C80162D 2 Bytes [AA, 70]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!VirtualAlloc 7C809AA1 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!MultiByteToWideChar 7C809C48 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!LoadResource 7C80A005 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!WideCharToMultiByte 7C80A124 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!GetProcAddress 7C80ADF0 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!LoadLibraryW 7C80AE9B 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!CreateMutexW 7C80E907 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!CreateMutexA 7C80E98F 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!OpenMutexW 7C80E9E5 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!OpenMutexA 7C80EA6B 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!GetVolumeInformationW 7C80FA35 6 Bytes JMP 710E000A

Polarbär 29.07.2012 14:41
GMER Teil9
Zitat:
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!CreateRemoteThread 7C81047C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!CreateRemoteThread + 4 7C810480 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!CreateThread 7C810687 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!CreateFileW 7C8107B0 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!WriteFile 7C810DD7 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!TerminateThread 7C81CAEB 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!MoveFileW 7C821211 6 Bytes JMP 705D000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!CreateDirectoryA 7C82175C 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!GetVolumeInformationA 7C821B55 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!CopyFileExW 7C827AE2 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!CopyFileA 7C82869E 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!CopyFileW 7C82F82B 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!OpenProcess 7C830999 6 Bytes JMP 7054000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!DeleteFileA 7C831E8D 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!DeleteFileW 7C831F13 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!CreateDirectoryW 7C8323B2 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!MoveFileExW 7C83563B 6 Bytes JMP 7057000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!MoveFileA 7C835E6F 6 Bytes JMP 7060000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!DebugActiveProcess 7C85AF93 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!MoveFileExA 7C85E333 6 Bytes JMP 705A000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!CopyFileExA 7C85F234 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!WinExec 7C8622B5 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!SetThreadContext 7C8639B1 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!CreateToolhelp32Snapshot 7C865A27 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!RegQueryValueExW 77DA6FFF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!RegCreateKeyExW 77DA776C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!RegOpenKeyExA 77DA7852 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!RegOpenKeyW 77DA7946 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!OpenProcessToken 77DA798B 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!RegQueryValueExA 77DA7ABB 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!RegSetValueExW 77DAD747 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!RegQueryValueW 77DAD85A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!RegSetValueExA 77DAEAC7 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!AdjustTokenPrivileges 77DAEFEC 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!RegDeleteKeyA 77DB4288 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!RegDeleteKeyW 77DB5583 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!OpenSCManagerW 77DB6F3D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!OpenSCManagerA 77DC6996 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!LookupPrivilegeValueW 77DCB8C7 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!RegQueryValueA 77DCBB75 4 Bytes JMP EC001E25
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!RegQueryValueA + 5 77DCBB7A 1 Byte [70]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!LookupPrivilegeValueA 77DCC220 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!LsaRemoveAccountRights 77DEAB91 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!CreateServiceA 77E07359 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!CreateServiceW 77E074F1 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] USER32.dll!SetWindowTextW 7E36BC36 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] USER32.dll!GetWindowTextW 7E36CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] USER32.dll!DrawTextW 7E36D7C2 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] USER32.dll!ShowWindow 7E36D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] USER32.dll!ShowWindow + 4 7E36D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] USER32.dll!CreateWindowExW 7E36FC25 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] USER32.dll!CreateWindowExA 7E36FF33 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] USER32.dll!SetWindowTextA 7E37F52B 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] USER32.dll!SetWinEventHook 7E3817B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] USER32.dll!GetWindowTextA 7E38212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] USER32.dll!DrawTextA 7E38C6CA 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] USER32.dll!DdeConnect 7E3A7F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] USER32.dll!EndTask 7E3A9E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] USER32.dll!RegisterRawInputDevices 7E3BCBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] USER32.dll!RegisterRawInputDevices + 4 7E3BCBD8 2 Bytes [16, 71]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] SHELL32.dll!ShellExecuteExW 7E6B25D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] SHELL32.dll!Shell_NotifyIcon 7E6D18BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] SHELL32.dll!Shell_NotifyIconW 7E6D62A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] SHELL32.dll!ShellExecuteEx 7E6F0E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] SHELL32.dll!ShellExecuteA 7E6F11C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] SHELL32.dll!ShellExecuteW 7E7659D0 6 Bytes JMP 714A000A
.text C:\Programme\Secunia\PSI\sua.exe[3788] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\Programme\Secunia\PSI\sua.exe[3788] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Programme\Alwil Software\Avast5\AvastUI.exe[1092] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Programme\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\WINDOWS\system32\services.exe[1180] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002
IAT C:\WINDOWS\system32\services.exe[1180] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000
IAT C:\Programme\Alwil Software\Avast5\AvastSvc.exe[1908] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Programme\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Ip Windows7FirewallControl.sys
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\CMISTOR \Device\0000009d 8A6544C8
Device \Driver\CMISTOR \Device\0000009e 8A6544C8
Device \Driver\CMISTOR \Device\0000009f 8A6544C8

AttachedDevice \Driver\Tcpip \Device\Tcp Windows7FirewallControl.sys
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\prodrv06 \Device\ProDrv06 E22B4008
Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\prohlp02 \Device\ProHlp02 E10097E0

AttachedDevice \Driver\Tcpip \Device\Udp Windows7FirewallControl.sys
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp Windows7FirewallControl.sys
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\CMISTOR \Device\00000098 8A6544C8
Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5E 0x18 0x2A 0xC1 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5E 0x18 0x2A 0xC1 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG12.00.00.01PROFESSIONAL E83C792702BB0C48C9B33DC6829A35B902F48F0F6A40E87DBF45AF93F7E9872DFCD03532AA5E6166C1F5B1A8E9827EEBA920224776FAB6E243B32DAE30601B15BD82B39EAB7CAFC564DE33 D316A4ED1FE92FF5F66815279F079B901B6C6823A8E24736C911169E90D71E59A79188924B77A8959DE7BD4C9CE87DF9960EF9D4E41B3893D3190BABF3B784CC4519984DEE7837A0FA4D09 0CC8C0FD9E262D723C498412339FB7A0A49E10084B109A21D08B89AA4B97A66CA097D263C60F1412B758B73492D5150130C6E3C22AB13D57A7A737F5DCBB3644977FFEBC9E127BECC74CFE BC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452BA7FD869164D67945D575E7D6A3B9808A35D603C 60586167597AEA3B4077BD2970FD6495E7464E1D509819CA2AD3C8F189C700A78108EA8626EE6E36C485D6E5428293B9AD99374802C34DBC2BC1BB2C410846B384BC60FC2796682853AB02 C985911AF53F49CF88FDF0D39E1CA6F973838DFB22487F40E7A43997F2632047E12C6C4FEE5153C47E847E3974106773197FEF80785B40DF69D9C8513D24F87EC09E7C980CCE97134DCB6B 18064E4E6CEF5769C6FE0450E927F5D67AF076B156FDB84EF377D6598E9B7CDE24DF52097B522156D3C23867D9491A19113C702950B4CB8FF0A03CC25E9

---- Files - GMER 1.0.15 ----

File C:\avast! sandbox 0 bytes
File C:\avast! sandbox\S-1-5-18 0 bytes
File C:\avast! sandbox\S-1-5-18\webStorage 0 bytes
File C:\avast! sandbox\S-1-5-18\webStorage\C 0 bytes
File C:\avast! sandbox\S-1-5-18\webStorage\C\Dokumente und Einstellungen 0 bytes
File C:\avast! sandbox\S-1-5-18\webStorage\C\Dokumente und Einstellungen\Roman 0 bytes
File C:\avast! sandbox\S-1-5-18\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen 0 bytes
File C:\avast! sandbox\S-1-5-18\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten 0 bytes
File C:\avast! sandbox\S-1-5-18\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\Microsoft 0 bytes
File C:\avast! sandbox\S-1-5-18\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\Microsoft\Internet Explorer 0 bytes
File C:\avast! sandbox\S-1-5-18\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\Microsoft\Internet Explorer\Recovery 0 bytes
File C:\avast! sandbox\S-1-5-18\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\Microsoft\Internet Explorer\Recovery\Active 0 bytes
File C:\avast! sandbox\S-1-5-18\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Temporary Internet Files 0 bytes
File C:\avast! sandbox\S-1-5-18\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Temporary Internet Files\Content.IE5 0 bytes
File C:\avast! sandbox\S-1-5-18\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat 294912 bytes
File C:\avast! sandbox\S-1-5-18\webStorage\snx_fs.dat 2504 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\IETldCache 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\IETldCache\index.dat 245760 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\Microsoft 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\Microsoft\Internet Explorer 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\Microsoft\Internet Explorer\Recovery 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\Microsoft\Internet Explorer\Recovery\Active 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{0FFCAC22-BC62-11E1-AC09-0012BF525952}.dat 4608 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{27FCB81C-BC62-11E1-AC09-0012BF525952}.dat 4608 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{34180475-B23E-11E1-ABFC-0012BF525952}.dat 4608 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{4ED2C621-BC62-11E1-AC09-0012BF525952}.dat 4608 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{92FD21D3-8CA9-11E1-ABC6-0012BF525952}.dat 4608 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{99A74904-95FC-11E1-ABD2-0012BF525952}.dat 4608 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{C6503BBD-B23F-11E1-ABFC-0012BF525952}.dat 4608 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{DE30822A-95FC-11E1-ABD2-0012BF525952}.dat 3584 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{E3B97DF9-B23F-11E1-ABFC-0012BF525952}.dat 4608 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\Microsoft\Internet Explorer\Recovery\Active\{E6354AD8-95FC-11E1-ABD2-0012BF525952}.dat 4096 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Temp 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Temporary Internet Files 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Temporary Internet Files\Content.IE5 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat 294912 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Verlauf 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Verlauf\History.IE5 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Programme 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Programme\FVD Suite 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Programme\FVD Suite\addons 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Programme\FVD Suite\addons\IE 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Programme\FVD Suite\addons\IE\FVDIEDownloader.exe 142336 bytes executable
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Programme\Java 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Programme\Java\jre6 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Programme\Java\jre6\lib 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\WINDOWS 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\WINDOWS\Prefetch 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\WINDOWS\Prefetch\IEXPLORE.EXE-2CA9778D.pf 42582 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\WINDOWS\system32 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\WINDOWS\system32\url.dll 33280 bytes executable
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\snx_fs.dat 10018 bytes
File C:\avast! sandbox\snx_rhive 262144 bytes
File C:\avast! sandbox\snx_rhive.LOG 1024 bytes

---- EOF - GMER 1.0.15 ----

cosinus 29.07.2012 19:07
Über neun Postings ein Log zu verteilen ist nicht mehr wirklich sinnvoll :wtf:
Wenn die Logs so groß, dann zippen und hier anhängen, aber wirklich nur dann wenn die Logs so eine Größe haben!

Zitat:
07:46:40.125 File: C:\Dokumente und Einstellungen\Roman\Desktop\sonstiges\minefiled\minefield-4.0-2011031913.en-US.win32-tete009-sse2-pgo\tmemutil.dll **INFECTED** Win32:Fraudo
Diese Datei kennst du? Aus welcher Quelle ist die?

Polarbär 30.07.2012 07:19
Hallo Arne
Ja Firefox private build, habe ich von: Software - Tete's Atelier,History - Tete's Atelier.
Wird aber nicht mehr gebraucht. Kann ich die löschen ?

cosinus 30.07.2012 09:42
Das ist doch ein älterer Nightly Build von Mozilla, was willst du damit?! :wtf:
NightlyBuilds sind ungetestete automatische Builds, die können einiges an Fehlern enthalten und ziemlich gefährlich sein

Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

Polarbär 30.07.2012 18:05
Hier die Logfile
Zitat:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-29 07:35:31
-----------------------------
07:35:31.703 OS Version: Windows 5.1.2600 Service Pack 2
07:35:31.703 Number of processors: 2 586 0x404
07:35:31.703 ComputerName: PALME UserName: Roman
07:35:32.484 Initialize success
07:35:36.234 AVAST engine defs: 12072801
07:35:44.921 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
07:35:44.921 Disk 0 Vendor: ST3250823AS 3.03 Size: 238475MB BusType: 3
07:35:44.921 Disk 0 MBR read successfully
07:35:44.937 Disk 0 MBR scan
07:35:44.937 Disk 0 unknown MBR code
07:35:44.937 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 119208 MB offset 63
07:35:44.953 Disk 0 Partition - 00 0F Extended LBA 119263 MB offset 244139805
07:35:44.984 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 110501 MB offset 244139868
07:35:44.984 Disk 0 Partition - 00 05 Extended 8762 MB offset 470447460
07:35:45.015 Disk 0 Partition 3 00 0B FAT32 MSWIN4.1 8761 MB offset 470447523
07:35:45.031 Disk 0 scanning sectors +488392065
07:35:45.093 Disk 0 scanning C:\WINDOWS\system32\drivers
07:35:54.687 Service scanning
07:36:07.937 Modules scanning
07:36:13.796 Disk 0 trace - called modules:
07:36:13.828 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys >>UNKNOWN [0x8a7d09d8]<<
07:36:13.828 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a77eab8]
07:36:13.843 3 CLASSPNP.SYS[f74c805b] -> nt!IofCallDriver -> \Device\0000008b[0x8a7335b0]
07:36:13.859 5 ACPI.sys[f735d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8a72cd98]
07:36:13.875 \Driver\atapi[0x8a77f628] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> prosync1.sys[0xf798d661]
07:36:14.218 AVAST engine scan C:\WINDOWS
07:36:22.453 AVAST engine scan C:\WINDOWS\system32
07:38:48.343 AVAST engine scan C:\WINDOWS\system32\drivers
07:39:12.968 AVAST engine scan C:\Dokumente und Einstellungen\Roman
07:46:40.125 File: C:\Dokumente und Einstellungen\Roman\Desktop\sonstiges\minefiled\minefield-4.0-2011031913.en-US.win32-tete009-sse2-pgo\tmemutil.dll **INFECTED** Win32:Fraudo [Trj]
07:54:13.843 AVAST engine scan C:\Dokumente und Einstellungen\All Users
07:57:21.109 Scan finished successfully
08:01:55.609 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Roman\Desktop\MBR.dat"
08:01:55.625 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Roman\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-30 17:26:19
-----------------------------
17:26:19.796 OS Version: Windows 5.1.2600 Service Pack 2
17:26:19.796 Number of processors: 2 586 0x404
17:26:19.812 ComputerName: PALME UserName: Roman
17:26:20.562 Initialize success
17:26:24.312 AVAST engine defs: 12073000
17:26:29.343 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
17:26:29.359 Disk 0 Vendor: ST3250823AS 3.03 Size: 238475MB BusType: 3
17:26:29.359 Disk 0 MBR read successfully
17:26:29.375 Disk 0 MBR scan
17:26:29.375 Disk 0 unknown MBR code
17:26:29.375 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 119208 MB offset 63
17:26:29.390 Disk 0 Partition - 00 0F Extended LBA 119263 MB offset 244139805
17:26:29.406 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 110501 MB offset 244139868
17:26:29.421 Disk 0 Partition - 00 05 Extended 8762 MB offset 470447460
17:26:29.453 Disk 0 Partition 3 00 0B FAT32 MSWIN4.1 8761 MB offset 470447523
17:26:29.453 Disk 0 scanning sectors +488392065
17:26:29.515 Disk 0 scanning C:\WINDOWS\system32\drivers
17:26:38.718 Service scanning
17:26:52.296 Modules scanning
17:26:58.218 Disk 0 trace - called modules:
17:26:58.234 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys >>UNKNOWN [0x8a74a958]<<
17:26:58.250 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a763ab8]
17:26:58.250 3 CLASSPNP.SYS[f74c805b] -> nt!IofCallDriver -> \Device\0000008b[0x8a74bf18]
17:26:58.265 5 ACPI.sys[f735d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8a733888]
17:26:58.281 \Driver\atapi[0x8a74e628] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> prosync1.sys[0xf798d661]
17:26:58.625 AVAST engine scan C:\WINDOWS
17:27:07.140 AVAST engine scan C:\WINDOWS\system32
17:29:44.375 AVAST engine scan C:\WINDOWS\system32\drivers
17:30:09.515 AVAST engine scan C:\Dokumente und Einstellungen\Roman
17:38:13.921 File: C:\Dokumente und Einstellungen\Roman\Desktop\sonstiges\minefiled\minefield-4.0-2011031913.en-US.win32-tete009-sse2-pgo\tmemutil.dll **INFECTED** Win32:Fraudo [Trj]
17:44:57.500 AVAST engine scan C:\Dokumente und Einstellungen\All Users
17:47:17.640 Scan finished successfully
17:58:43.265 Verifying
17:58:53.281 Disk 0 Windows 501 MBR fixed successfully
17:59:58.859 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Roman\Desktop\MBR.dat"
17:59:58.890 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Roman\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-30 18:12:50
-----------------------------
18:12:50.031 OS Version: Windows 5.1.2600 Service Pack 2
18:12:50.031 Number of processors: 2 586 0x404
18:12:50.031 ComputerName: PALME UserName: Roman
18:12:52.093 Initialize success
18:12:55.906 AVAST engine defs: 12073000
18:13:31.906 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
18:13:31.906 Disk 0 Vendor: ST3250823AS 3.03 Size: 238475MB BusType: 3
18:13:31.937 Disk 0 MBR read successfully
18:13:31.937 Disk 0 MBR scan
18:13:32.046 Disk 0 Windows XP default MBR code
18:13:32.046 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 119208 MB offset 63
18:13:32.062 Disk 0 Partition - 00 0F Extended LBA 119263 MB offset 244139805
18:13:32.093 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 110501 MB offset 244139868
18:13:32.093 Disk 0 Partition - 00 05 Extended 8762 MB offset 470447460
18:13:32.125 Disk 0 Partition 3 00 0B FAT32 MSWIN4.1 8761 MB offset 470447523
18:13:32.140 Disk 0 scanning sectors +488392065
18:13:32.203 Disk 0 scanning C:\WINDOWS\system32\drivers
18:13:46.281 Service scanning
18:14:00.765 Modules scanning
18:14:06.687 Disk 0 trace - called modules:
18:14:06.718 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys >>UNKNOWN [0x8a785960]<<
18:14:06.734 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a771ab8]
18:14:06.734 3 CLASSPNP.SYS[f74c805b] -> nt!IofCallDriver -> \Device\0000008b[0x8a7bc610]
18:14:06.750 5 ACPI.sys[f735d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8a741d98]
18:14:06.765 \Driver\atapi[0x8a747720] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> prosync1.sys[0xf798d661]
18:14:07.125 AVAST engine scan C:\WINDOWS
18:14:16.296 AVAST engine scan C:\WINDOWS\system32
18:16:51.062 AVAST engine scan C:\WINDOWS\system32\drivers
18:17:15.328 AVAST engine scan C:\Dokumente und Einstellungen\Roman
18:25:43.468 File: C:\Dokumente und Einstellungen\Roman\Desktop\sonstiges\minefiled\minefield-4.0-2011031913.en-US.win32-tete009-sse2-pgo\tmemutil.dll **INFECTED** Win32:Fraudo [Trj]
18:32:23.937 AVAST engine scan C:\Dokumente und Einstellungen\All Users
18:34:38.843 Scan finished successfully
18:48:54.812 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Roman\Desktop\MBR.dat"
18:48:54.843 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Roman\Desktop\aswMBR.txt"

cosinus 30.07.2012 20:32
Willst du die alte Nightly vom FF nicht lieber löschen? http://cheesebuerger.de/images/midi/froehlich/a048.gif

Polarbär 31.07.2012 12:20
:rolleyes: Ja natürlich.
Zitat:
08:10:52.750 OS Version: Windows 5.1.2600 Service Pack 2
08:10:52.765 Number of processors: 2 586 0x404
08:10:52.765 ComputerName: PALME UserName: Roman
08:10:53.484 Initialize success
08:10:57.453 AVAST engine defs: 12073100
08:11:09.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
08:11:09.875 Disk 0 Vendor: ST3250823AS 3.03 Size: 238475MB BusType: 3
08:11:09.890 Disk 0 MBR read successfully
08:11:09.890 Disk 0 MBR scan
08:11:09.906 Disk 0 Windows XP default MBR code
08:11:09.921 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 119208 MB offset 63
08:11:09.921 Disk 0 Partition - 00 0F Extended LBA 119263 MB offset 244139805
08:11:09.953 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 110501 MB offset 244139868
08:11:09.953 Disk 0 Partition - 00 05 Extended 8762 MB offset 470447460
08:11:09.984 Disk 0 Partition 3 00 0B FAT32 MSWIN4.1 8761 MB offset 470447523
08:11:10.000 Disk 0 scanning sectors +488392065
08:11:10.078 Disk 0 scanning C:\WINDOWS\system32\drivers
08:11:20.031 Service scanning
08:11:35.031 Modules scanning
08:11:41.140 Disk 0 trace - called modules:
08:11:41.156 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys >>UNKNOWN [0x8a74a958]<<
08:11:41.171 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a734ab8]
08:11:41.187 3 CLASSPNP.SYS[f74c805b] -> nt!IofCallDriver -> \Device\0000008b[0x8a77d9e8]
08:11:41.187 5 ACPI.sys[f735d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8a72c940]
08:11:41.203 \Driver\atapi[0x8a77f938] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> prosync1.sys[0xf798d661]
08:11:41.562 AVAST engine scan C:\WINDOWS
08:11:49.812 AVAST engine scan C:\WINDOWS\system32
08:14:15.109 AVAST engine scan C:\WINDOWS\system32\drivers
08:14:39.140 AVAST engine scan C:\Dokumente und Einstellungen\Roman
08:30:26.375 AVAST engine scan C:\Dokumente und Einstellungen\All Users
08:32:55.125 Scan finished successfully
08:51:40.875 Verifying
08:51:50.875 Disk 0 Windows 501 MBR fixed successfully
08:53:06.796 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Roman\Desktop\MBR.dat"
08:53:06.843 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Roman\Desktop\aswMBR.txt"

cosinus 31.07.2012 14:19
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Polarbär 31.07.2012 21:20
Hier die Logs :crazy:
Zitat:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/31/2012 at 06:34 PM

Application Version : 5.5.1012

Core Rules Database Version : 8985
Trace Rules Database Version: 6797

Scan type : Complete Scan
Total Scan Time : 01:03:59

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 2 (Build 5.01.2600)
Administrator

Memory items scanned : 549
Memory threats detected : 0
Registry items scanned : 37999
Registry threats detected : 0
File items scanned : 68982
File threats detected : 9

Adware.Tracking Cookie
accounts.google.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ROMAN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\KNVWX1WV.ROMAN\COOKIES.SQLITE ]
accounts.google.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ROMAN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\KNVWX1WV.ROMAN\COOKIES.SQLITE ]
.webmasterplan.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ROMAN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\KNVWX1WV.ROMAN\COOKIES.SQLITE ]
.webmasterplan.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ROMAN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\KNVWX1WV.ROMAN\COOKIES.SQLITE ]
.mediafire.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ROMAN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\KNVWX1WV.ROMAN\COOKIES.SQLITE ]

Adware.Casino Games (Golden Palace Casino)
C:\CASINO\CASINO-CLUB DEUTSCH\CASINO.EXE

Trojan.Agent/Gen-Bancos
C:\SYSTEM VOLUME INFORMATION\_RESTORE{20EA187A-C68E-49AC-A1E6-FEF621E0E4FC}\RP144\A0134570.AX

Trojan.Agent/Gen-Downloader
C:\SYSTEM VOLUME INFORMATION\_RESTORE{20EA187A-C68E-49AC-A1E6-FEF621E0E4FC}\RP144\A0134571.EXE

Trojan.Agent/Gen-Small
C:\WWW.DOWNLOAD.DE\1BY1_166.EXE
Zitat:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.31.10

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Roman :: PALME [Administrator]

31.07.2012 19:44:43
mbam-log-2012-07-31 (19-44-43).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 410873
Laufzeit: 1 Stunde(n), 53 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\System Volume Information\_restore{20EA187A-C68E-49AC-A1E6-FEF621E0E4FC}\RP144\A0134397.exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\WINDOWS\ie8\iexplore.exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
:applaus::rofl:Hallo Arne,
jetzt geht OTL auf einmal doch hab den Scan gemacht.
Wenn alles o.K. ist soll ich ein Backup vom ganzen System auf eine externe Festplatte vornehmen. Wie soll ich da vorgehen, hast du ne Empfhelung?
Zitat:
OTL logfile created on: 01.08.2012 16:20:08 - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Dokumente und Einstellungen\Roman\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 64,10% Memory free
3,85 Gb Paging File | 3,31 Gb Available in Paging File | 86,02% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 116,41 Gb Total Space | 42,36 Gb Free Space | 36,39% Space Free | Partition Type: NTFS
Drive D: | 107,91 Gb Total Space | 104,90 Gb Free Space | 97,21% Space Free | Partition Type: NTFS
Drive E: | 8,55 Gb Total Space | 2,69 Gb Free Space | 31,43% Space Free | Partition Type: FAT32
Drive F: | 0,00 Mb Total Space | 0,00 Mb Free Space | NAN% Space Free | Partition Type: CDFS
Drive G: | 0,00 Mb Total Space | 0,00 Mb Free Space | NAN% Space Free | Partition Type: CDFS
Computer Name: PALME | User Name: Roman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.07.23 23:35:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Roman\Desktop\OTL.exe
PRC - [2012.07.04 12:40:20 | 001,395,736 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.07.04 12:40:18 | 001,188,896 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012.05.04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012.03.11 19:01:14 | 000,073,728 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.EXE
PRC - [2012.01.17 11:07:54 | 000,252,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.10.14 08:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe
PRC - [2011.10.14 08:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\sua.exe
PRC - [2011.10.14 08:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psi_tray.exe
PRC - [2011.08.22 21:58:08 | 000,397,312 | ---- | M] (Sphinx Software) -- C:\Programme\Windows7FirewallControl\Windows7FirewallService.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2010.06.14 16:10:32 | 000,153,672 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\Gaming Software\LWEMon.exe
PRC - [2010.04.06 01:41:46 | 000,116,224 | ---- | M] (Brio) -- C:\Programme\FolderSize\FolderSizeSvc.exe
PRC - [2010.01.15 01:08:13 | 000,070,928 | ---- | M] (PC Tools) -- C:\Programme\ThreatFire\TFService.exe
PRC - [2008.03.05 11:00:12 | 001,531,904 | ---- | M] (Ralink Technology, Corp.) -- C:\Programme\RALINK\Common\RaUI.exe
PRC - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.exe
PRC - [2007.06.13 15:10:08 | 001,200,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.exe
PRC - [2007.05.30 01:21:24 | 000,520,192 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2005.11.17 13:46:26 | 000,172,032 | ---- | M] (Dritek System Inc.) -- C:\Programme\Medion Info Display\MdionLCM.exe
PRC - [2003.08.16 12:07:00 | 000,172,032 | ---- | M] (Jorgen Bosman) -- C:\WINDOWS\system32\poweroff.exe
PRC - [2001.09.24 09:39:28 | 000,098,304 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVComS.exe


========== Modules (No Company Name) ==========
MOD - [2012.08.01 09:31:56 | 001,790,464 | ---- | M] () -- C:\Programme\Alwil Software\Avast5\defs\12080100\algo.dll
MOD - [2012.07.31 21:06:18 | 001,790,464 | ---- | M] () -- C:\Programme\Alwil Software\Avast5\defs\12073102\algo.dll
MOD - [2012.07.04 12:39:50 | 000,051,200 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012.07.04 12:39:48 | 000,410,112 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2011.04.20 12:39:12 | 000,565,827 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\sqlite3.dll
MOD - [2007.11.28 04:32:00 | 001,163,264 | ---- | M] () -- C:\Programme\RALINK\Common\acAuth.dll
MOD - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.exe
MOD - [2007.09.02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.dll
MOD - [2007.05.30 01:21:24 | 000,520,192 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
MOD - [2005.07.28 16:18:46 | 000,065,536 | ---- | M] () -- C:\Programme\Medion Info Display\MsnCtrl.dll
MOD - [2003.10.14 22:01:42 | 000,086,016 | ---- | M] () -- C:\Programme\RocketDock\Docklets\iCal\iCal.dll


========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Running] -- C:\Programme\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Programme\Spybot -- (SDScannerService)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.18 20:49:31 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.05.29 13:09:52 | 001,528,672 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.05.29 13:09:50 | 000,029,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2012.05.04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011.10.14 08:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011.10.14 08:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011.08.22 21:58:08 | 000,397,312 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Programme\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService)
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010.07.05 14:39:28 | 000,022,016 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Dokan\DokanLibrary\mounter.exe -- (DokanMounter)
SRV - [2010.07.04 19:07:40 | 000,238,952 | ---- | M] (Teruten) [Disabled | Stopped] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010.04.06 01:41:46 | 000,116,224 | ---- | M] (Brio) [Auto | Running] -- C:\Programme\FolderSize\FolderSizeSvc.exe -- (FolderSize)
SRV - [2010.01.15 01:08:13 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Programme\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2006.10.19 13:52:24 | 000,061,440 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006.03.31 19:06:50 | 000,266,338 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc)
SRV - [2006.03.31 19:06:50 | 000,118,880 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched)
SRV - [2006.03.31 19:05:34 | 001,073,152 | ---- | M] (Cyberlink) [On_Demand | Stopped] -- C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005.09.26 15:48:12 | 000,032,768 | ---- | M] (Softex Inc.) [Disabled | Stopped] -- C:\Programme\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2003.08.16 12:07:00 | 000,172,032 | ---- | M] (Jorgen Bosman) [Auto | Running] -- C:\WINDOWS\system32\poweroff.exe -- (Poweroff)
SRV - [2001.11.12 15:31:48 | 000,020,480 | ---- | M] (X10) [On_Demand | Stopped] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)


========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | Disabled | Stopped] -- System32\vsdatant.sys -- (vsdatant)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012.07.03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.07.03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.07.03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.07.03 18:21:53 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012.07.03 18:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012.07.03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.07.03 18:21:52 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012.06.30 06:50:23 | 000,014,416 | ---- | M] (OpenLibSys.org) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ptbring0.sys -- (WinRing0_1_2_0)
DRV - [2012.06.11 20:57:18 | 006,629,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011.12.13 19:27:30 | 007,069,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2011.12.12 20:31:38 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.08.17 18:43:12 | 000,019,072 | ---- | M] () [Kernel | System | Running] -- C:\Programme\Windows7FirewallControl\Windows7FirewallControl.sys -- (Windows7FirewallControl)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.11.17 14:03:56 | 000,101,904 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2010.09.01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010.07.05 14:39:30 | 000,084,608 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\dokan.sys -- (Dokan)
DRV - [2010.06.14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.04.27 16:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2010.04.27 16:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2010.04.27 16:57:24 | 000,031,816 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmHidLo.sys -- (WmHidLo)
DRV - [2010.04.27 16:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2010.04.27 14:01:26 | 000,037,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2010.04.27 04:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2010.04.27 04:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus)
DRV - [2010.04.27 04:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV - [2010.02.14 15:02:02 | 000,028,164 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2010.02.11 14:01:43 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2010.01.15 01:08:30 | 000,059,664 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010.01.15 01:08:29 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010.01.15 01:08:28 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2009.11.18 08:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 08:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.11.16 15:46:12 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2009.11.06 06:32:25 | 000,007,296 | ---- | M] (Matthias Withopf) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\HDPrfDrv-1.sys -- (HDPrfDrv)
DRV - [2009.06.16 16:27:33 | 000,003,567 | ---- | M] (Beyond Logic hxxp://www.beyondlogic.org) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ptbtalk.sys -- (PortTalk)
DRV - [2009.02.12 09:55:00 | 000,241,408 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (RT2500USB)
DRV - [2008.12.20 10:02:49 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2007.09.12 18:24:00 | 000,026,816 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DslTestSp5.sys -- (dsltestSp5)
DRV - [2007.04.04 15:21:00 | 000,006,912 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2007.02.09 20:04:50 | 000,014,336 | R--- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Amps2prt.sys -- (Amps2prt)
DRV - [2006.11.10 15:08:50 | 000,024,064 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool)
DRV - [2006.11.02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006.08.11 15:47:13 | 000,059,776 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync04.sys -- (sfsync04)
DRV - [2006.07.05 14:46:06 | 000,063,352 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01a.sys -- (sfdrv01a)
DRV - [2006.06.14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2006.06.12 03:06:28 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2005.11.03 16:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02)
DRV - [2005.10.17 15:52:58 | 000,826,112 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2005.09.26 15:38:14 | 000,116,594 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ATSwpDrv.sys -- (ATSWPDRV)
DRV - [2005.08.04 01:30:52 | 000,069,248 | ---- | M] (C-Media Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmiucr.SYS -- (CMISTOR)
DRV - [2005.06.30 13:16:00 | 001,094,848 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005.05.19 15:52:58 | 000,017,792 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2005.01.05 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004.08.04 14:00:00 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004.08.04 14:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004.08.04 14:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004.08.04 14:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004.08.03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004.08.03 23:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2004.04.10 09:42:36 | 000,002,944 | ---- | M] (cansoft@livewiredev.com) [Kernel | System | Running] -- C:\WINDOWS\system32\mbmiodrvr.sys -- (mbmiodrvr)
DRV - [2004.04.08 12:06:08 | 000,070,400 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.04.08 10:46:50 | 000,054,272 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003.09.06 14:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\prosync1.sys -- (prosync1)
DRV - [2003.01.10 23:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2002.12.17 11:36:22 | 000,730,880 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\WDMCAPI.sys -- (WDMCAPI)
DRV - [2002.12.09 11:21:28 | 000,026,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdmwanmp.sys -- (WDMWANMP)
DRV - [2001.09.24 09:42:12 | 000,116,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\p35u.sys -- (QCPro)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{13BD4379-2A86-4BEB-8CD3-B8B8D42D9236}: "URL" = hxxp://www.amazon.de/gp/search?search-alias=aps&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{207805E3-B809-4932-9E9D-AC1523718D89}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{6E6D5EAE-4609-4B72-954E-1DCC201F13CC}: "URL" = hxxp://suche.lycos.de/cgi-bin/pursuit?query={searchTerms}
IE - HKCU\..\SearchScopes\{A36FB954-3D9A-4F21-9FD4-A6697272BB05}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}
IE - HKCU\..\SearchScopes\{C56DB163-251D-4DB0-97A7-C8519313FD9B}: "URL" = hxxp://suche.freenet.de/suche?query={searchTerms}
IE - HKCU\..\SearchScopes\{CF407345-062F-4C3D-8472-A7E294D50EC0}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{DC50E125-1C21-4F64-B590-1A7015B0A4FD}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.1
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.12
FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.93
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.9.7.3
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: fb_add_on@avm.de:1.5.5
FF - prefs.js..extensions.enabledItems: informationaltab@piro.sakura.ne.jp:0.3.2010062901
FF - prefs.js..extensions.enabledItems: secureLogin@blueimp.net:0.9.5
FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76
FF - prefs.js..extensions.enabledItems: {411F2F11-830F-4AB5-B7F0-FBC77B870B5A}:1.0.6.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: ietab@ip.cn:1.95.20100933
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.11
FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009110501
FF - prefs.js..extensions.enabledItems: hidemenubar@moztw.org:4.0.20101120
FF - prefs.js..extensions.enabledItems: {de1b245c-de57-11da-ba2d-0050c2490048}:1.0.8
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.8
FF - prefs.js..extensions.enabledItems: {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}:0.9.1
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {455D905A-D37C-4643-A9E2-F6FEFAA0424A}:0.8.13
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36605
FF - prefs.js..extensions.enabledItems: {398e77b8-2304-11dc-8314-0800200c9a66}:0.3.13
FF - prefs.js..extensions.enabledItems: {D9A7CBEC-DE1A-444f-A092-844461596C4D}:4.3
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.4.2
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..extensions.enabledItems: {bb8d77b0-a845-4249-a205-ef7395587b69}:1.7
FF - prefs.js..extensions.enabledItems: silvermelxt@pardal.de:1.3.6
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2
FF - prefs.js..extensions.enabledItems: {fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}:1.1.1
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:3.6.5
FF - prefs.js..extensions.enabledItems: NuvolaFF@paenglab.ch:1.9.6
FF - prefs.js..extensions.enabledItems: david@dkjensen.com:0.0.4
FF - prefs.js..extensions.enabledItems: {961408A3-C970-4577-970A-D97C29839A67}:1.3.6
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
FF - prefs.js..network.proxy.socks_version: 4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Programme\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Programme\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programme\Alwil Software\Avast5\WebRep\FF [2012.07.14 07:23:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9051303c-7e41-4311-a783-d6fe5ef2832d}: C:\Programme\FVD Suite\addons\Firefox [2012.03.13 16:33:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.18 20:49:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.03.22 16:46:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2012.06.08 16:53:05 | 000,000,000 | ---D | M]

[2010.06.12 09:37:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Extensions
[2010.06.12 09:37:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009.12.19 22:01:20 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Extensions\MediaCoder
[2009.12.19 21:58:53 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Extensions\MediaCoder-Setup-Wizard
[2008.10.01 08:34:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Extensions\songbird@songbirdnest.com
[2010.12.10 15:34:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions
[2010.12.10 15:34:33 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2010.12.10 15:34:33 | 000,000,000 | ---D | M] (Flagfox) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.12.10 15:34:33 | 000,000,000 | ---D | M] (TwitterBar) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}
[2010.12.10 15:34:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.12.10 15:34:33 | 000,000,000 | ---D | M] ("Split Browser") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2010.12.10 15:34:29 | 000,000,000 | ---D | M] (Minimap Addon) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
[2010.12.10 15:34:28 | 000,000,000 | ---D | M] (Flashblock) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010.12.10 15:34:28 | 000,000,000 | ---D | M] (Buyertools) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{411F2F11-830F-4AB5-B7F0-FBC77B870B5A}
[2010.12.10 15:34:28 | 000,000,000 | ---D | M] (RefControl) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}
[2010.12.10 15:34:28 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2010.12.10 15:34:27 | 000,000,000 | ---D | M] (Google Analytics Opt-out Browser Add-on) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}
[2010.12.10 15:34:27 | 000,000,000 | ---D | M] (NoScript) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2010.12.10 15:34:26 | 000,000,000 | ---D | M] (QuickPageZoom) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{8FFE139B-90A7-4460-A972-9D2738997F6D}
[2010.12.10 15:34:26 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2010.12.10 15:34:26 | 000,000,000 | ---D | M] (Charamel) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{961408A3-C970-4577-970A-D97C29839A67}
[2010.12.10 15:34:25 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010.12.10 15:34:25 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010.12.10 15:34:25 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}(2)
[2010.12.10 15:34:25 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.12.10 15:34:25 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.12.10 15:34:25 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2010.12.10 15:34:24 | 000,000,000 | ---D | M] (PwdHash) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{bb8d77b0-a845-4249-a205-ef7395587b69}
[2010.12.10 15:34:24 | 000,000,000 | ---D | M] (Full Fullscreen) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{bfe3406c-6f31-4789-86d5-efa50e12c9eb}(2)
[2010.12.10 15:34:19 | 000,000,000 | ---D | M] (Interclue) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{c33c5b47-69c8-45a4-a5e0-af85bbe628dd}
[2010.12.10 15:34:18 | 000,000,000 | ---D | M] ("BabelFish") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2010.12.10 15:34:17 | 000,000,000 | ---D | M] ("CoolPreviews") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}(2)
[2010.12.10 15:34:17 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.12.10 15:34:16 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010.12.10 15:34:13 | 000,000,000 | ---D | M] ("Default Full Zoom Level") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
[2010.12.10 15:34:13 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010.12.10 15:34:13 | 000,000,000 | ---D | M] (MinimizeToTray Plus) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}
[2010.12.10 15:34:09 | 000,000,000 | ---D | M] (Torbutton) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010.12.10 15:34:09 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010.12.10 15:34:06 | 000,000,000 | ---D | M] (FoxTab) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010.12.10 15:34:06 | 000,000,000 | ---D | M] (ProfileSwitcher) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}
[2010.12.10 15:35:01 | 000,000,000 | ---D | M] (Chromifox Basic) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\chromifox@altmusictv.com
[2010.12.10 15:34:55 | 000,000,000 | ---D | M] (Fopra) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\david@dkjensen.com
[2010.12.10 15:34:55 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.12.10 15:34:55 | 000,000,000 | ---D | M] (Element Hiding Helper for Adblock Plus) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\elemhidehelper@adblockplus.org
[2010.12.10 15:34:54 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\fb_add_on@avm.de
[2010.12.10 15:34:53 | 000,000,000 | ---D | M] (Ghostery) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\firefox@ghostery.com
[2010.12.10 15:34:52 | 000,000,000 | ---D | M] (Hide Menubar) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\hidemenubar@moztw.org
[2010.12.10 15:34:45 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\ietab@ip.cn
[2010.12.10 15:34:45 | 000,000,000 | ---D | M] ("Informational Tab") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\informationaltab@piro.sakura.ne.jp
[2010.12.10 15:34:44 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\noia2_option@kk.noia
[2010.12.10 15:34:44 | 000,000,000 | ---D | M] (Nuvola) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\NuvolaFF@paenglab.ch
[2010.12.10 15:34:44 | 000,000,000 | ---D | M] (Cooliris) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\piclens@cooliris(2).com
[2010.12.10 15:34:42 | 000,000,000 | ---D | M] (Cooliris) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\piclens@cooliris.com
[2010.12.10 15:34:41 | 000,000,000 | ---D | M] (qtl) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\qtl.co.il@gmail(2).com
[2010.12.10 15:34:39 | 000,000,000 | ---D | M] (Secure Login) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\secureLogin@blueimp.net
[2010.12.10 15:34:39 | 000,000,000 | ---D | M] (Silvermel and Charamel XT) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\silvermelxt@pardal.de
[2010.12.10 15:34:35 | 000,000,000 | ---D | M] (FastestFox) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\smarterwiki@wikiatic.com
[2010.12.10 15:34:35 | 000,000,000 | ---D | M] (Echofon) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\twitternotifier@naan.net
[2010.12.10 15:34:56 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\david@dkjensen.com\chrome\mozapps\extensions
[2012.02.22 16:20:07 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions
[2010.11.18 17:44:54 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2011.02.22 16:37:49 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010.12.20 15:52:33 | 000,000,000 | ---D | M] (Flagfox) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.10.14 15:52:54 | 000,000,000 | ---D | M] (TwitterBar) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}
[2010.04.27 15:20:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.29 10:00:06 | 000,000,000 | ---D | M] ("Split Browser") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2010.11.14 12:35:09 | 000,000,000 | ---D | M] (Minimap Addon) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
[2010.10.14 15:52:54 | 000,000,000 | ---D | M] (Flashblock) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010.08.18 11:28:27 | 000,000,000 | ---D | M] (Buyertools) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{411F2F11-830F-4AB5-B7F0-FBC77B870B5A}
[2010.07.18 13:55:17 | 000,000,000 | ---D | M] (RefControl) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}
[2010.12.11 12:56:05 | 000,000,000 | ---D | M] (SafeHistory) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{4649c7bb-2665-40f9-be48-fa9db9fdeb6c}
[2010.12.11 22:04:27 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2010.06.19 07:27:30 | 000,000,000 | ---D | M] (Google Analytics Opt-out Browser Add-on) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}
[2009.06.09 20:52:02 | 000,000,000 | ---D | M] (NoScript) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2010.01.09 13:47:44 | 000,000,000 | ---D | M] (QuickPageZoom) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{8FFE139B-90A7-4460-A972-9D2738997F6D}
[2009.07.05 20:27:50 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2010.12.08 16:47:21 | 000,000,000 | ---D | M] (Charamel) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{961408A3-C970-4577-970A-D97C29839A67}
[2009.09.15 18:54:30 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010.02.23 21:16:14 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2009.06.09 20:51:24 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}(2)
[2010.09.09 22:56:55 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.11.21 13:18:11 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2010.11.28 14:10:38 | 000,000,000 | ---D | M] (PwdHash) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{bb8d77b0-a845-4249-a205-ef7395587b69}
[2009.06.09 20:51:53 | 000,000,000 | ---D | M] (Full Fullscreen) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{bfe3406c-6f31-4789-86d5-efa50e12c9eb}(2)
[2010.01.15 13:17:21 | 000,000,000 | ---D | M] (Interclue) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{c33c5b47-69c8-45a4-a5e0-af85bbe628dd}
[2010.08.14 23:23:18 | 000,000,000 | ---D | M] ("BabelFish") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2009.06.09 20:51:55 | 000,000,000 | ---D | M] ("CoolPreviews") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}(2)
[2010.12.25 16:38:28 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.08.01 08:56:19 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010.11.21 12:48:46 | 000,000,000 | ---D | M] ("Default Full Zoom Level") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
[2010.05.29 10:00:05 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010.05.29 10:33:51 | 000,000,000 | ---D | M] (MinimizeToTray Plus) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}
[2010.07.17 12:56:39 | 000,000,000 | ---D | M] (Torbutton) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2011.01.06 17:54:15 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010.11.17 16:57:55 | 000,000,000 | ---D | M] (FoxTab) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010.12.10 15:19:06 | 000,000,000 | ---D | M] (ProfileSwitcher) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}
[2010.06.02 14:15:58 | 000,000,000 | ---D | M] (Chromifox Basic) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\chromifox@altmusictv.com
[2010.11.03 17:31:01 | 000,000,000 | ---D | M] (Fopra) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\david@dkjensen.com
[2010.11.17 21:00:14 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.11.03 17:34:27 | 000,000,000 | ---D | M] (Element Hiding Helper for Adblock Plus) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\elemhidehelper@adblockplus.org
[2010.01.11 17:50:35 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\fb_add_on@avm.de
[2010.11.21 13:07:59 | 000,000,000 | ---D | M] (Ghostery) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\firefox@ghostery.com
[2011.01.03 18:55:26 | 000,000,000 | ---D | M] (Hide Menubar) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\hidemenubar@moztw(2).org
[2010.11.23 22:15:02 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\ietab@ip.cn
[2010.07.01 08:12:59 | 000,000,000 | ---D | M] ("Informational Tab") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\informationaltab@piro.sakura.ne.jp
[2011.01.03 18:55:25 | 000,000,000 | ---D | M] ("Deutsch (DE) Language Pack") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\langpack-de@firefox.mozilla(2).org
[2011.01.03 22:40:53 | 000,000,000 | ---D | M] ("Deutsch (DE) Language Pack") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\langpack-de@firefox.mozilla.org
[2010.12.12 12:06:13 | 000,000,000 | ---D | M] (suchen.de) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\nachrichten@searchteq.de
[2010.02.23 21:16:16 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\noia2_option@kk.noia
[2010.12.17 14:38:03 | 000,000,000 | ---D | M] (Nuvola) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\NuvolaFF@paenglab.ch
[2009.06.09 20:51:55 | 000,000,000 | ---D | M] (Cooliris) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\piclens@cooliris(2).com
[2010.11.07 17:23:51 | 000,000,000 | ---D | M] (Cooliris) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\piclens@cooliris.com
[2009.06.09 20:52:00 | 000,000,000 | ---D | M] (qtl) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\qtl.co.il@gmail(2).com
[2011.01.03 18:55:29 | 000,000,000 | ---D | M] (Secure Login) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\secureLogin@blueimp(2).net
[2011.01.04 22:51:48 | 000,000,000 | ---D | M] (Secure Login) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\secureLogin@blueimp.net
[2010.12.08 16:47:19 | 000,000,000 | ---D | M] (Silvermel and Charamel XT) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\silvermelxt@pardal.de
[2010.11.10 15:09:36 | 000,000,000 | ---D | M] (FastestFox) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\smarterwiki@wikiatic.com
[2010.12.04 07:32:58 | 000,000,000 | ---D | M] (Echofon) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\twitternotifier@naan.net
[2010.11.03 17:31:01 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\david@dkjensen.com\chrome\mozapps\extensions
[2012.07.30 09:51:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions
[2012.07.09 12:23:36 | 000,000,000 | ---D | M] (Flagfox) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.07.21 18:33:18 | 000,000,000 | ---D | M] (Flashblock) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2012.01.03 18:17:17 | 000,000,000 | ---D | M] (RefControl) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}
[2012.05.22 19:34:16 | 000,000,000 | ---D | M] (Orange Fox) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{5b35cb30-16b4-11de-8c30-0800200c9a66}
[2011.01.09 19:30:32 | 000,000,000 | ---D | M] (NoScript) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2011.01.09 19:30:31 | 000,000,000 | ---D | M] (QuickPageZoom) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{8FFE139B-90A7-4460-A972-9D2738997F6D}
[2012.03.14 16:53:59 | 000,000,000 | ---D | M] ("FVD Suite Addon") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{9051303c-7e41-4311-a783-d6fe5ef2832d}
[2011.01.09 19:30:30 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2011.01.09 19:30:30 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2011.01.09 19:30:30 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}(2)
[2012.05.17 15:57:21 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.05.09 16:51:39 | 000,000,000 | ---D | M] (FT SleekDark) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{a21cd440-41d6-11e0-9207-0800200c9a66}
[2011.01.09 19:30:30 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2011.01.09 19:30:29 | 000,000,000 | ---D | M] (PwdHash) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{bb8d77b0-a845-4249-a205-ef7395587b69}
[2011.01.09 19:30:29 | 000,000,000 | ---D | M] (Full Fullscreen) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{bfe3406c-6f31-4789-86d5-efa50e12c9eb}(2)
[2011.06.24 15:08:49 | 000,000,000 | ---D | M] ("BabelFish") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2011.01.09 19:30:24 | 000,000,000 | ---D | M] ("CoolPreviews") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}(2)
[2012.01.26 22:01:50 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2011.10.27 16:51:28 | 000,000,000 | ---D | M] ("Default Full Zoom Level") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
[2012.06.28 09:16:23 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012.05.20 10:00:44 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.01.09 19:35:54 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2012.03.26 19:29:05 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2012.01.03 18:17:24 | 000,000,000 | ---D | M] (ProfileSwitcher) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}
[2012.01.03 18:17:08 | 000,000,000 | ---D | M] ("Gutscheinsammler.de") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\alarm@gutscheinsammler.de
[2011.01.09 19:30:53 | 000,000,000 | ---D | M] (Chromifox Basic) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\chromifox@altmusictv.com
[2012.06.26 20:57:37 | 000,000,000 | ---D | M] ("pearltrees") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\collector@broceliand.fr
[2011.03.10 16:11:46 | 000,000,000 | ---D | M] (Fopra) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\david@dkjensen.com
[2011.01.09 19:30:50 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.03.13 18:19:00 | 000,000,000 | ---D | M] (Ebay Button) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\ebayHotStuff@wangtom.com
[2012.05.16 15:57:28 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\fb_add_on@avm.de
[2011.11.19 15:35:03 | 000,000,000 | ---D | M] (Shareaholic) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\firefox-extension@shareaholic.com
[2012.05.05 19:41:27 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\ietab@ip.cn
[2012.01.16 21:01:27 | 000,000,000 | ---D | M] (SpeedFox) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\jid1-uabu5A9hduqzCw@jetpack
[2011.01.09 19:30:43 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\noia2_option@kk.noia
[2012.06.18 13:55:13 | 000,000,000 | ---D | M] ("Nuvola") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\NuvolaFF@paenglab.ch
[2011.01.09 19:30:43 | 000,000,000 | ---D | M] (Cooliris) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\piclens@cooliris(2).com
[2011.01.09 19:30:40 | 000,000,000 | ---D | M] (qtl) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\qtl.co.il@gmail(2).com
[2012.07.17 13:58:46 | 000,000,000 | ---D | M] (rein) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\rein@notiz.jp
[2011.10.29 10:33:33 | 000,000,000 | ---D | M] (Secure Login) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\secureLogin@blueimp.net
[2012.03.19 17:27:11 | 000,000,000 | ---D | M] (Echofon) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\twitternotifier@naan.net
[2011.11.19 15:35:02 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\firefox-extension@shareaholic.com\chrome
[2011.11.19 15:35:02 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\firefox-extension@shareaholic.com\defaults
[2011.03.10 16:11:46 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\david@dkjensen.com\chrome\mozapps\extensions
[2012.02.22 16:20:07 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions
[2010.12.10 15:56:55 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2011.02.22 16:37:50 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010.12.10 15:56:55 | 000,000,000 | ---D | M] (Flagfox) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.12.10 15:56:55 | 000,000,000 | ---D | M] (TwitterBar) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}
[2010.12.10 15:49:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.12.10 15:56:55 | 000,000,000 | ---D | M] ("Split Browser") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2010.12.10 15:56:53 | 000,000,000 | ---D | M] (Minimap Addon) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
[2010.12.10 15:56:53 | 000,000,000 | ---D | M] (Flashblock) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010.12.10 15:56:53 | 000,000,000 | ---D | M] (Buyertools) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{411F2F11-830F-4AB5-B7F0-FBC77B870B5A}
[2010.12.10 15:56:53 | 000,000,000 | ---D | M] (RefControl) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}
[2010.12.10 15:56:53 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2010.12.10 15:56:53 | 000,000,000 | ---D | M] (Google Analytics Opt-out Browser Add-on) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}
[2010.12.10 15:56:52 | 000,000,000 | ---D | M] (NoScript) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2010.12.10 15:56:51 | 000,000,000 | ---D | M] (QuickPageZoom) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{8FFE139B-90A7-4460-A972-9D2738997F6D}
[2010.12.10 15:56:51 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2010.12.10 15:56:51 | 000,000,000 | ---D | M] (Charamel) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{961408A3-C970-4577-970A-D97C29839A67}
[2010.12.10 15:56:51 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010.12.10 15:56:51 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010.12.10 15:56:50 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}(2)
[2010.12.10 15:56:50 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.12.10 15:56:50 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2010.12.10 15:56:50 | 000,000,000 | ---D | M] (PwdHash) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{bb8d77b0-a845-4249-a205-ef7395587b69}
[2010.12.10 15:56:50 | 000,000,000 | ---D | M] (Full Fullscreen) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{bfe3406c-6f31-4789-86d5-efa50e12c9eb}(2)
[2010.12.10 15:56:48 | 000,000,000 | ---D | M] (Interclue) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{c33c5b47-69c8-45a4-a5e0-af85bbe628dd}
[2010.12.10 15:56:47 | 000,000,000 | ---D | M] ("BabelFish") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2010.12.10 15:56:46 | 000,000,000 | ---D | M] ("CoolPreviews") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}(2)
[2010.12.10 15:56:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.12.10 15:56:46 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010.12.10 15:56:45 | 000,000,000 | ---D | M] ("Default Full Zoom Level") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
[2010.12.10 15:56:45 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010.12.10 15:56:45 | 000,000,000 | ---D | M] (MinimizeToTray Plus) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}
[2010.12.10 15:56:43 | 000,000,000 | ---D | M] (Torbutton) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010.12.10 15:56:43 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010.12.10 15:56:42 | 000,000,000 | ---D | M] (FoxTab) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010.12.10 15:56:42 | 000,000,000 | ---D | M] (ProfileSwitcher) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}
[2010.12.10 15:57:10 | 000,000,000 | ---D | M] (Chromifox Basic) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\chromifox@altmusictv.com
[2010.12.10 15:57:07 | 000,000,000 | ---D | M] (Fopra) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\david@dkjensen.com
[2010.12.10 15:57:07 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.12.10 15:57:07 | 000,000,000 | ---D | M] (Element Hiding Helper for Adblock Plus) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\elemhidehelper@adblockplus.org
[2010.12.10 15:57:06 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\fb_add_on@avm.de
[2010.12.10 15:57:06 | 000,000,000 | ---D | M] (Ghostery) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\firefox@ghostery.com
[2010.12.10 15:57:05 | 000,000,000 | ---D | M] (Hide Menubar) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\hidemenubar@moztw.org
[2010.12.10 16:01:43 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\ietab@ip.cn
[2010.12.10 15:57:02 | 000,000,000 | ---D | M] ("Informational Tab") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\informationaltab@piro.sakura.ne.jp
[2010.12.10 15:57:01 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\noia2_option@kk.noia
[2010.12.10 15:57:01 | 000,000,000 | ---D | M] (Nuvola) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\NuvolaFF@paenglab.ch
[2010.12.10 15:56:59 | 000,000,000 | ---D | M] (Cooliris) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\piclens@cooliris(2).com
[2010.12.10 15:56:59 | 000,000,000 | ---D | M] (Cooliris) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\piclens@cooliris.com
[2010.12.10 15:56:59 | 000,000,000 | ---D | M] (qtl) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\qtl.co.il@gmail(2).com
[2010.12.10 15:56:57 | 000,000,000 | ---D | M] (Secure Login) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\secureLogin@blueimp.net
[2010.12.10 15:56:57 | 000,000,000 | ---D | M] (Silvermel and Charamel XT) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\silvermelxt@pardal.de
[2010.12.10 15:56:56 | 000,000,000 | ---D | M] (FastestFox) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\smarterwiki@wikiatic.com
[2010.12.10 15:56:56 | 000,000,000 | ---D | M] (Echofon) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\twitternotifier@naan.net
[2010.12.10 15:57:07 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\david@dkjensen.com\chrome\mozapps\extensions
[2010.11.14 12:14:03 | 000,001,449 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\searchplugins\100-search-engines.xml
[2010.11.14 12:28:27 | 000,002,007 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\searchplugins\amazon-search.xml
[2010.05.29 11:14:41 | 000,001,820 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\searchplugins\bing.xml
[2010.07.17 12:18:57 | 000,000,873 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\searchplugins\conduit.xml
[2010.12.10 14:28:17 | 000,001,640 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\searchplugins\geizkragende-preisvergleich.xml
[2010.12.08 16:57:36 | 000,001,595 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\searchplugins\ixquick---deutsch.xml
[2010.12.10 14:28:18 | 000,001,134 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\searchplugins\mininova.xml
[2010.11.14 12:16:44 | 000,001,549 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\searchplugins\scroogle-ssl-search.xml
[2010.12.10 14:28:18 | 000,001,817 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\searchplugins\the-pirate-bay---uploaded.xml
[2010.12.06 15:44:24 | 000,011,187 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\searchplugins\timeanddatecom.xml
[2010.12.10 14:28:17 | 000,002,087 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\searchplugins\youtube.xml
[2012.03.21 16:24:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ROMAN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\4F18HCYE.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ROMAN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\4F18HCYE.DEFAULT\EXTENSIONS\HIDEMENUBAR@MOZTW.ORG
[2010.12.11 12:38:00 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\PROGRAMME\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSION
File not found (No name found) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.10.16 09:34:11 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAMME\MOZILLA FIREFOX 3 BETA 3\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2012.07.18 20:49:33 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.01.02 12:30:16 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.02 12:30:16 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.01.02 12:30:16 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.02 12:30:16 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.02 12:30:16 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.02 12:30:16 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2012.07.25 19:38:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Mediaplayer) - {1536BA74-8625-4240-99B0-BE65883689C8} - C:\Programme\Mediapiraten\Mediapiraten\IEButtonMPInterface.dll ()
O2 - BHO: (Open FVD Suite Toolbar) - {2B171655-A69C-5c18-B693-6CB5DC269D44} - C:\Programme\FVD Suite\addons\IE\FVDToolbar.dll (www.flashvideodownloader.org/fvd-suite/)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Buyertools) - {7C7A8947-5935-4430-AC0E-E7D04697414E} - C:\Programme\Buyertools Reminder\IEButtonBuyertoolsInterface.dll ()
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (FVD Suite Toolbar) - {2B171655-A69C-5c18-B693-6CB5DC269D41} - C:\Programme\FVD Suite\addons\IE\FVDToolbar.dll (www.flashvideodownloader.org/fvd-suite/)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVComS.exe (Logitech Inc.)
O4 - HKLM..\Run: [MedionVFD] C:\Programme\Medion Info Display\MdionLCM.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [SDTray] C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Programme\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [RocketDock] C:\Programme\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Ralink Wireless Utility.lnk = C:\Programme\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk = C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ToggleCommentPosition = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideShutdownScripts = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 1
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Programme\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Programme\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Programme\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Programme\Gemeinsame Dateien\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm File not found
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Programme\Free Download Manager\dlfvideo.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194093786750 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1244713437203 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F2A0C21-95A8-49D2-A281-77F75A6D8BF8}: NameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O19 - User stylesheet: User Stylesheet -
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\AutorunsDisabled: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\dimsntfy: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.10.09 14:46:45 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.bat -- [ NTFS ]
O32 - AutoRun File - [2006.11.02 12:52:16 | 000,000,120 | ---- | M] () - E:\autoexec.bat -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\System32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {9309DD7E-EBFE-3C95-8B47-30D3A012F606} - .NET Framework
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /HideWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: AutorunsDisabled -

Drivers32: msacm.dvacm - C:\Programme\Gemeinsame Dateien\Ulead Systems\VIO\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imc - C:\WINDOWS\System32\IMC32.acm (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.MPEGacm - C:\Programme\Gemeinsame Dateien\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.ulmp3acm - C:\Programme\Gemeinsame Dateien\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i263 - C:\WINDOWS\System32\I263_32.drv (Intel Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.JPGL - C:\WINDOWS\System32\jpgl.dll (Tekom Technologies, Inc.)
Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\WMV9VCM.dll (Microsoft Corporation)
Drivers32: vidc.X264 - C:\WINDOWS\System32\x264vfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========
[2012.08.01 06:57:16 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Roman\Recent
[2012.07.31 16:48:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roman\Desktop\adb
[2012.07.31 16:42:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roman\.android
[2012.07.31 15:45:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\MindSoft
[2012.07.31 15:37:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\SUPERAntiSpyware.com
[2012.07.31 15:37:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
[2012.07.31 15:37:08 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2012.07.31 15:35:05 | 018,720,152 | ---- | C] (SUPERAntiSpyware.com) -- C:\Dokumente und Einstellungen\Roman\Desktop\SUPERAntiSpyware.exe
[2012.07.30 19:26:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Debugging Tools for Windows (x86)
[2012.07.30 19:26:33 | 000,000,000 | ---D | C] -- C:\Programme\Debugging Tools for Windows (x86)
[2012.07.29 07:27:16 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Roman\Desktop\aswMBR.exe
[2012.07.29 07:26:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roman\Desktop\osam
[2012.07.26 07:32:12 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.07.25 06:43:23 | 004,584,441 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Roman\Desktop\ComboFix.exe
[2012.07.24 22:02:20 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Roman\Desktop\tdsskiller.exe
[2012.07.24 16:57:57 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Roman\Desktop\OTL.exe
[2012.07.24 06:37:32 | 000,241,408 | ---- | C] (Ralink Technology Inc.) -- C:\WINDOWS\System32\drivers\rt2500usb.sys
[2012.07.24 06:37:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ralink Wireless
[2012.07.24 06:37:30 | 000,000,000 | ---D | C] -- C:\Programme\RALINK
[2012.07.23 15:38:32 | 000,101,832 | ---- | C] (SUPERAntiSpyware.com) -- C:\Dokumente und Einstellungen\Roman\Desktop\SASUNINST.EXE
[2012.07.23 10:07:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roman\Startmen³
[2012.07.18 16:17:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roman\Desktop\119622-spybot-2-0-rootkit-scan-hkey_local_machine-software-xanthic-blue-screen-irql_not_less_or_equal-Dateien
[2012.07.18 16:03:21 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Roman\Desktop\esetsmartinstaller_enu.exe
[2012.07.13 19:48:56 | 000,162,616 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Dokumente und Einstellungen\Roman\Desktop\RegDelNull.exe
[2012.07.08 16:30:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roman\Eigene Dateien\ProcAlyzer Dumps
[2012.07.08 13:47:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy 2
[2012.07.08 13:46:51 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2012.07.08 13:46:36 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy 2
[2012.07.03 14:15:02 | 000,000,000 | ---D | C] -- C:\Programme\AMD
[2012.07.02 21:08:31 | 000,000,000 | ---D | C] -- C:\Programme\ATI
[2012.07.02 20:51:44 | 000,000,000 | ---D | C] -- C:\AMD
[76 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========
[2012.08.01 16:04:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.08.01 16:04:03 | 2145,898,496 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.31 19:35:32 | 215,875,584 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2012.07.31 16:49:56 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2012.07.31 16:48:46 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2012.07.31 16:48:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.07.31 16:13:37 | 000,008,121 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Eigene Dateien\wpdmtp.inf
[2012.07.31 15:45:44 | 000,001,776 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\MindSoft Utilities XP.lnk
[2012.07.31 15:37:15 | 000,001,646 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.07.31 15:35:04 | 018,720,152 | ---- | M] (SUPERAntiSpyware.com) -- C:\Dokumente und Einstellungen\Roman\Desktop\SUPERAntiSpyware.exe
[2012.07.31 13:00:24 | 000,000,610 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012.07.31 13:00:24 | 000,000,310 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012.07.31 08:53:06 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Desktop\MBR.dat
[2012.07.25 19:38:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.07.24 17:16:26 | 000,640,378 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.07.24 17:16:26 | 000,597,154 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.07.24 17:16:26 | 000,155,712 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.07.24 17:16:26 | 000,128,692 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.07.24 12:14:57 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Roman\Desktop\tdsskiller.exe
[2012.07.24 11:23:42 | 004,584,441 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Roman\Desktop\ComboFix.exe
[2012.07.24 07:22:35 | 000,001,246 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Desktop\cports.cfg
[2012.07.24 06:37:31 | 000,001,589 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Ralink Wireless Utility.lnk
[2012.07.23 23:35:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Roman\Desktop\OTL.exe
[2012.07.23 19:58:55 | 000,001,659 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Eigene Dateien\PTBSync-AutoExport-Roman.ini
[2012.07.23 19:02:19 | 000,430,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.07.23 18:37:29 | 000,000,134 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Desktop\Internet Explorer-Problembehebung.url
[2012.07.23 10:07:48 | 000,000,690 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Desktop\KMPlayer.lnk
[2012.07.21 09:31:03 | 000,050,529 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Desktop\Florianweiß.jpg
[2012.07.20 17:53:32 | 000,000,487 | ---- | M] () -- C:\WINDOWS\wiso.ini
[2012.07.19 14:33:52 | 000,624,883 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Desktop\adwcleaner.exe
[2012.07.18 16:17:39 | 000,224,333 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Desktop\119622-spybot-2-0-rootkit-scan-hkey_local_machine-software-xanthic-blue-screen-irql_not_less_or_equal.html
[2012.07.18 13:19:30 | 000,022,354 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Desktop\GMER18.7.12.rar
[2012.07.17 14:37:55 | 000,000,705 | RHS- | M] () -- C:\boot.ini
[2012.07.16 14:57:33 | 000,018,798 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Desktop\germ.rar
[2012.07.16 13:16:13 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Desktop\u43koo52.exe
[2012.07.16 13:01:36 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\defogger_reenable
[2012.07.15 18:57:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.07.14 07:23:51 | 000,003,008 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012.07.13 20:57:15 | 000,000,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.13 20:42:07 | 000,001,832 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012.07.11 20:34:12 | 000,000,612 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2012.07.09 12:35:56 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2012.07.08 13:52:21 | 000,442,344 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120720-070551.backup
[2012.07.08 13:47:06 | 000,001,804 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spybot-S&D Start Center.lnk
[2012.07.03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012.07.03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012.07.03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012.07.03 18:21:53 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012.07.03 18:21:53 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012.07.03 18:21:53 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012.07.03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012.07.03 18:21:52 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012.07.03 18:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012.07.03 18:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.07.02 20:39:51 | 000,009,112 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[76 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========
[2012.07.31 16:49:56 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2012.07.31 16:48:46 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2012.07.31 16:13:32 | 000,008,121 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\Eigene Dateien\wpdmtp.inf
[2012.07.31 15:45:44 | 000,001,776 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\MindSoft Utilities XP.lnk
[2012.07.31 15:37:15 | 000,001,646 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.07.30 19:24:54 | 019,269,120 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\Desktop\dbg_x86.msi
[2012.07.29 08:01:55 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\Desktop\MBR.dat
[2012.07.24 07:38:51 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012.07.24 06:48:17 | 2145,898,496 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.24 06:37:31 | 000,001,589 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Ralink Wireless Utility.lnk
[2012.07.23 18:37:29 | 000,000,134 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\Desktop\Internet Explorer-Problembehebung.url
[2012.07.21 09:13:45 | 000,050,529 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\Desktop\Florianweiß.jpg
[2012.07.21 09:03:20 | 000,066,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\Desktop\svsh01.jpg
[2012.07.21 09:02:21 | 000,071,643 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\Desktop\florian.jpg
[2012.07.19 14:33:53 | 000,624,883 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\Desktop\adwcleaner.exe
[2012.07.19 08:07:20 | 000,005,442 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\Desktop\images_002.jpeg
[2012.07.19 07:59:59 | 000,009,719 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\Desktop\images_001.jpeg
[2012.07.19 07:59:32 | 000,013,123 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\Desktop\images.jpeg
[2012.07.18 16:17:32 | 000,224,333 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\Desktop\119622-spybot-2-0-rootkit-scan-hkey_local_machine-software-xanthic-blue-screen-irql_not_less_or_equal.html
[2012.07.18 13:19:30 | 000,022,354 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\Desktop\GMER18.7.12.rar
[2012.07.16 14:57:33 | 000,018,798 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\Desktop\germ.rar
[2012.07.16 13:16:15 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\Desktop\u43koo52.exe
[2012.07.16 13:01:21 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\defogger_reenable
[2012.07.16 12:57:47 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\Desktop\Defogger.exe
[2012.07.14 07:23:51 | 000,000,310 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012.07.08 13:47:20 | 000,000,612 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2012.07.08 13:47:20 | 000,000,610 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012.07.08 13:47:20 | 000,000,440 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2012.07.08 13:47:06 | 000,001,810 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot-S&D Start Center.lnk
[2012.07.08 13:47:06 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spybot-S&D Start Center.lnk
[2012.07.03 06:06:39 | 215,875,584 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2012.03.11 18:06:48 | 000,021,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2012.01.19 20:57:19 | 000,000,487 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2012.01.03 21:48:24 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2012.01.03 21:48:24 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2012.01.03 21:48:24 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2012.01.03 21:46:46 | 000,037,888 | ---- | C] () -- C:\WINDOWS\UninstallLegend.exe
[2011.12.28 21:03:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011.12.28 21:02:49 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011.12.28 21:02:49 | 000,637,743 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011.12.28 21:02:49 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011.12.05 23:04:00 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011.12.05 23:03:52 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011.05.28 20:42:45 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\LVUI2RC.dll
[2011.05.28 20:42:40 | 000,000,260 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2011.01.06 19:52:01 | 000,000,011 | ---- | C] () -- C:\WINDOWS\Chine.ini
[2010.11.13 23:22:25 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2010.11.12 00:15:52 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.11.12 00:15:52 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.11.12 00:15:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.11.12 00:15:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.11.12 00:15:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.09.07 09:57:18 | 000,000,084 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2010.08.14 12:46:46 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010.02.02 00:11:36 | 000,000,290 | ---- | C] () -- C:\Programme\setup.ini
[2009.12.19 17:47:01 | 011,796,480 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\ntuser.bak
[2009.12.05 13:32:21 | 000,004,138 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\schocko.aup
[2009.12.04 13:07:07 | 000,003,164 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\Derkabeljau.aup
[2009.10.27 18:49:13 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\$_hpcst$.hpc
[2009.10.02 16:12:56 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt
[2009.09.17 12:42:21 | 000,000,218 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\.recently-used.xbel
[2009.01.16 19:44:58 | 000,000,016 | -H-- | C] () -- C:\Dokumente und Einstellungen\Roman\mxfilerelatedcache.mxc2
[2008.05.09 16:51:13 | 000,000,008 | RH-- | C] () -- C:\Dokumente und Einstellungen\Roman\hwid
[2007.10.10 21:38:09 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2007.09.18 17:56:32 | 000,003,880 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\HKLM_Run.reg
[2007.09.18 17:56:32 | 000,000,990 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\HKCU_Run.reg
[2007.09.18 17:56:32 | 000,000,238 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\HKLM_RunServices.reg
[2007.09.18 17:56:32 | 000,000,230 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\HKLM_RunOnce.reg
[2007.09.18 17:56:32 | 000,000,228 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\HKCU_RunOnce.reg
[2006.06.29 17:50:20 | 000,416,961 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\.fonts.cache-1
[2006.06.05 17:37:08 | 000,000,033 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\.gtkrc-2.0
[2006.06.05 10:10:40 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\.gtk-bookmarks
[2006.05.16 15:20:30 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\default.pls
[2005.11.27 23:10:48 | 000,001,274 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\wklnhst.dat
[2005.11.27 19:54:51 | 000,000,147 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2005.11.25 22:43:04 | 000,059,392 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005.11.25 22:43:04 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

Polarbär 01.08.2012 16:46
2.Teil OTL
Zitat:
========== LOP Check ==========
[2011.01.03 20:09:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AAV
[2010.03.10 23:05:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software
[2012.06.28 05:55:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH
[2009.09.06 19:50:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2012.05.31 17:31:43 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2008.12.20 10:14:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2008.02.10 00:19:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DFX
[2009.07.06 17:09:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreeDownloadManager.ORG
[2005.10.09 14:49:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fun communications
[2010.11.12 18:18:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe
[2010.01.23 19:29:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Intermedia Software
[2011.01.03 20:26:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IObit
[2010.02.17 15:37:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware
[2008.07.11 17:31:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier
[2010.03.27 18:47:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MP3Find
[2005.10.09 14:46:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\muvee Technologies
[2009.11.04 22:47:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MySQL
[2011.02.01 19:35:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PassMark
[2009.11.01 09:27:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters
[2009.10.27 18:54:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2009.06.16 16:27:35 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PTBSync
[2009.12.04 23:30:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\r2 Studios
[2010.11.12 17:48:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RapidSolution
[2010.10.09 11:05:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung
[2010.11.12 21:03:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2006.05.01 12:37:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sierra On-Line
[2007.10.08 16:06:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\soft Xpansion
[2008.03.11 22:48:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SongbirdVLC
[2010.11.12 17:58:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2011.12.29 21:10:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2006.09.11 16:40:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ubisoft
[2007.05.06 18:06:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2011.08.27 10:58:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\X-Setup Pro
[2005.10.18 15:28:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\X10 Settings
[2011.12.29 21:07:03 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2008.01.06 16:13:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Album Shaper
[2011.12.29 14:00:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Audacity
[2011.01.26 19:22:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\AudioMoves
[2006.02.04 14:03:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\BoostXP2
[2012.02.22 16:08:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Broad Intelligence
[2012.01.19 20:58:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Buhl Data Service
[2012.07.19 07:55:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Canon
[2012.01.27 19:21:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Christofer Persson
[2010.12.15 08:12:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\COMPUTERBILD Mein-Datensafe
[2007.11.27 21:15:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\DataCast
[2005.11.25 23:14:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\DataDesign
[2008.06.25 16:11:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\DeepBurner Pro
[2012.02.22 16:18:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\DVDVideoSoft
[2012.02.22 16:19:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\DVDVideoSoftIEHelpers
[2010.12.31 12:34:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Easeware
[2012.03.13 16:26:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\EurekaLog
[2010.09.17 21:17:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\ExportTool
[2011.06.14 10:45:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Foxit Software
[2006.03.02 15:35:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Fraunhofer
[2011.10.31 17:23:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Free Download Manager
[2009.09.26 17:50:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\FreenetMail
[2011.12.01 16:15:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\FRITZ!
[2012.03.13 16:33:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\FVDToolbar
[2009.10.12 19:33:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\gnupg
[2011.04.17 13:26:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\GrabPro
[2008.12.30 18:32:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\gtk-2.0
[2011.01.03 20:09:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Inkscape
[2010.01.23 19:29:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Intermedia Software
[2012.05.22 21:22:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Internet-Radio Player
[2007.05.06 18:23:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\InterVideo
[2010.12.26 13:34:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\IObit
[2010.12.31 13:07:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\KC Softwares
[2008.12.30 18:09:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\KDE
[2007.09.25 14:22:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Launchy
[2010.02.17 15:37:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Lexware
[2011.12.10 11:52:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\LibreOffice
[2005.11.27 20:12:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\MAGIX
[2010.12.16 22:35:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\metaspinner net GmbH
[2011.07.18 18:41:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\ML
[2009.12.06 16:24:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mp3tag
[2006.01.01 19:14:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Notepad++
[2010.11.12 23:16:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Online Solutions
[2010.04.22 19:44:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\OpenOffice.org
[2010.12.04 11:14:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Opera
[2012.04.22 09:21:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Oracle
[2011.12.29 13:26:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Orbit
[2009.10.27 18:54:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\PC Suite
[2012.02.11 17:30:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\phonostar-Player
[2012.02.27 15:13:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\PhotoScape
[2010.10.13 15:58:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\PreisHai4
[2011.04.17 13:28:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\ProgSense
[2012.02.20 17:16:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\QuickScan
[2009.12.04 23:30:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\r2 Studios
[2011.12.07 15:23:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Rainmeter
[2010.10.09 11:22:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\SAMSUNG
[2006.05.01 12:41:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Sierra
[2009.09.28 13:12:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\StarOffice8
[2010.01.25 20:09:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Thunderbird
[2011.12.29 21:09:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\TuneUp Software
[2007.05.06 18:23:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Ulead Systems
[2011.01.02 10:30:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Uniblue
[2008.04.09 15:39:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\winpt
[2011.11.19 15:18:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Wise Registry Cleaner
[2005.12.31 11:39:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Workrave
[2009.08.25 13:56:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\X-Setup Pro
[2012.07.19 07:53:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\XnView
[2012.07.31 13:00:24 | 000,000,310 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
[2012.07.11 20:34:12 | 000,000,612 | ---- | M] () -- C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
[2012.07.31 13:00:24 | 000,000,610 | ---- | M] () -- C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012.07.09 12:35:56 | 000,000,440 | ---- | M] () -- C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
[2012.07.31 14:22:32 | 000,032,126 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2012.07.16 16:00:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Adobe
[2012.02.18 21:23:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\AdobeMuse
[2008.01.06 16:13:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Album Shaper
[2011.12.29 14:00:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Audacity
[2011.01.26 19:22:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\AudioMoves
[2009.12.19 23:14:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\AVS4YOU
[2006.02.04 14:03:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\BoostXP2
[2012.02.22 16:08:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Broad Intelligence
[2012.01.19 20:58:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Buhl Data Service
[2012.07.19 07:55:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Canon
[2012.01.27 19:21:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Christofer Persson
[2010.12.15 08:12:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\COMPUTERBILD Mein-Datensafe
[2005.11.01 13:06:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\CyberLink
[2007.11.27 21:15:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\DataCast
[2005.11.25 23:14:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\DataDesign
[2008.06.25 16:11:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\DeepBurner Pro
[2010.01.03 11:25:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\DivX
[2009.02.16 18:35:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\dvdcss
[2012.02.22 16:18:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\DVDVideoSoft
[2012.02.22 16:19:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\DVDVideoSoftIEHelpers
[2010.12.31 12:34:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Easeware
[2012.03.13 16:26:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\EurekaLog
[2010.09.17 21:17:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\ExportTool
[2011.06.14 10:45:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Foxit Software
[2006.03.02 15:35:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Fraunhofer
[2011.10.31 17:23:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Free Download Manager
[2009.09.26 17:50:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\FreenetMail
[2011.12.01 16:15:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\FRITZ!
[2012.03.13 16:33:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\FVDToolbar
[2009.10.12 19:33:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\gnupg
[2011.04.17 13:26:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\GrabPro
[2008.12.30 18:32:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\gtk-2.0
[2005.11.27 23:43:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Help
[2005.10.08 22:58:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Identities
[2011.01.03 20:09:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Inkscape
[2009.01.04 18:44:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\InstallShield
[2010.01.23 19:29:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Intermedia Software
[2012.05.22 21:22:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Internet-Radio Player
[2007.05.06 18:23:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\InterVideo
[2010.12.26 13:34:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\IObit
[2010.12.31 13:07:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\KC Softwares
[2008.12.30 18:09:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\KDE
[2007.09.25 14:22:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Launchy
[2010.02.17 15:37:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Lexware
[2011.12.10 11:52:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\LibreOffice
[2012.03.04 18:37:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Macromedia
[2005.11.27 20:12:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\MAGIX
[2010.11.17 18:39:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Malwarebytes
[2012.02.04 20:43:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Media Player Classic
[2010.12.16 22:35:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\metaspinner net GmbH
[2010.06.26 20:39:59 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Microsoft
[2011.07.18 18:41:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\ML
[2012.02.13 17:02:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla
[2009.12.06 16:24:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mp3tag
[2006.01.01 19:14:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Notepad++
[2010.11.12 23:16:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Online Solutions
[2010.04.22 19:44:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\OpenOffice.org
[2007.04.11 16:02:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\OpenOffice.org2
[2010.12.04 11:14:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Opera
[2012.04.22 09:21:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Oracle
[2011.12.29 13:26:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Orbit
[2009.10.27 18:54:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\PC Suite
[2012.04.29 21:59:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Phoenix Backup
[2012.02.11 17:30:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\phonostar-Player
[2012.02.27 15:13:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\PhotoScape
[2010.10.13 15:58:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\PreisHai4
[2011.04.17 13:28:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\ProgSense
[2012.02.20 17:16:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\QuickScan
[2009.12.04 23:30:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\r2 Studios
[2011.12.07 15:23:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Rainmeter
[2009.10.03 19:58:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Real Desktop
[2010.10.09 11:22:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\SAMSUNG
[2008.03.11 18:34:14 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\SecuROM
[2006.05.01 12:41:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Sierra
[2009.09.28 13:12:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\StarOffice8
[2006.01.07 08:23:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Sun
[2012.07.31 15:37:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\SUPERAntiSpyware.com
[2007.10.15 18:23:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Talkback
[2010.01.25 20:09:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Thunderbird
[2011.12.29 21:09:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\TuneUp Software
[2008.03.26 16:12:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\U3
[2007.05.06 18:23:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Ulead Systems
[2011.01.02 10:30:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Uniblue
[2012.02.01 21:04:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\vlc
[2011.11.13 10:27:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\VMware
[2008.04.09 15:39:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\winpt
[2011.11.13 20:20:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\WinRAR
[2011.11.19 15:18:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Wise Registry Cleaner
[2005.12.31 11:39:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Workrave
[2009.08.25 13:56:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\X-Setup Pro
[2012.07.19 07:53:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\XnView

< %APPDATA%\*.exe /s >
[2012.02.11 17:30:17 | 000,045,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Internet-Radio Player\update.exe
[2012.02.11 17:30:24 | 001,369,683 | ---- | M] ( ) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Internet-Radio Player\update2.exe
[2008.07.10 19:46:28 | 000,094,208 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Internet-Radio Player\skins\ps_starter.exe
[2012.06.23 18:13:12 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.01.25 22:26:00 | 000,003,584 | R--- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
[2010.12.31 13:28:13 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2012.07.03 06:57:08 | 000,088,102 | R--- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Microsoft\Installer\{8CB71C6D-C5C1-3838-6A53-917618E0B4DE}\ARPPRODUCTICON.exe
[2008.02.13 20:32:29 | 000,025,214 | R--- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Microsoft\Installer\{CE378F36-E404-4244-A33F-F50A2A6D31BD}\ARPPRODUCTICON.exe
[2008.08.12 20:16:08 | 000,015,086 | R--- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Microsoft\Installer\{D21B65C4-F7ED-4805-8781-BB835AC85D14}\_AC451EB93647F071F44C3B.exe
[2008.08.12 20:16:08 | 000,015,086 | R--- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Microsoft\Installer\{D21B65C4-F7ED-4805-8781-BB835AC85D14}\_AF6EF1E1D61E94F138937B.exe
[2010.03.29 16:02:58 | 000,528,522 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\sqlite3.exe
[2008.04.15 14:49:02 | 000,127,488 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{411F2F11-830F-4AB5-B7F0-FBC77B870B5A}\chrome\buyertools.exe
[2010.05.26 20:10:22 | 000,425,984 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
[2010.05.26 20:10:22 | 000,545,280 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
[2010.03.29 16:02:58 | 000,528,522 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\sqlite3.exe
[2008.04.15 14:49:02 | 000,127,488 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{411F2F11-830F-4AB5-B7F0-FBC77B870B5A}\chrome\buyertools.exe
[2010.05.26 20:10:22 | 000,425,984 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
[2010.05.26 20:10:22 | 000,545,280 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
[2008.04.15 14:49:02 | 000,127,488 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{411F2F11-830F-4AB5-B7F0-FBC77B870B5A}\chrome\buyertools.exe
[2010.05.26 20:10:22 | 000,425,984 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
[2010.05.26 20:10:22 | 000,545,280 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
[2010.03.29 16:02:58 | 000,528,522 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Thunderbird\Profiles\k3jpyvld.default\sqlite3.exe
[2006.12.07 11:45:12 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\U3\temp\cleanup.exe
[2006.12.07 11:45:12 | 003,096,576 | -H-- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\U3\temp\Launchpad Removal.exe

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USER32.DLL >
[2007.03.08 17:36:30 | 000,579,072 | ---- | M] () MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\RECYCLER\S-1-5-21-2258962752-1167673804-3329230130-1006\Dc116\NoiaPack\_IN\User32.dll
[2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\ERDNT\cache\user32.dll
[2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\system32\dllcache\user32.dll
[2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\system32\user32.dll
[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll

< MD5 for: USERINIT.EXE >
[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.04 14:00:00 | 000,507,392 | ---- | M] () MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\RECYCLER\S-1-5-21-2258962752-1167673804-3329230130-1006\Dc116\NoiaPack\_IN\Winlogon.exe
[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WS2IFSL.SYS >
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005.10.09 00:51:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2005.10.09 00:51:04 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2005.10.09 00:51:04 | 000,442,368 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\rundll32.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Dokumente und Einstellungen\Roman\Desktop\IS_AP_STA_2500USB_D-2.1.1.15_VA-3.1.0.0_RU-2.1.1.0_VA-2.1.1.0_AU-2.0.0.0_VA-2.0.0.0_021209_0.1.0.46_.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Boot.bak:SummaryInformation

< End of report >

cosinus 02.08.2012 13:39
Code:
Scan Mode: Current user
Du hast den Haken bei alle Beutzer vergessen

Polarbär 02.08.2012 17:35
OTL Logfile:
Code:
OTL logfile created on: 02.08.2012 17:09:08 - Run 2
OTL by OldTimer - Version 3.2.55.0    Folder = C:\Dokumente und Einstellungen\Roman\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 57,51% Memory free
3,85 Gb Paging File | 3,23 Gb Available in Paging File | 83,89% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 116,41 Gb Total Space | 42,48 Gb Free Space | 36,49% Space Free | Partition Type: NTFS
Drive D: | 107,91 Gb Total Space | 104,90 Gb Free Space | 97,21% Space Free | Partition Type: NTFS
Drive E: | 8,55 Gb Total Space | 2,69 Gb Free Space | 31,43% Space Free | Partition Type: FAT32
Drive F: | 0,00 Mb Total Space | 0,00 Mb Free Space | NAN% Space Free | Partition Type: CDFS
Drive G: | 0,00 Mb Total Space | 0,00 Mb Free Space | NAN% Space Free | Partition Type: CDFS
 
Computer Name: PALME | User Name: Roman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.26 23:20:25 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Roman\Desktop\OTL_001.exe
PRC - [2012.07.04 12:40:58 | 003,921,432 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012.07.04 12:40:20 | 001,395,736 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.07.04 12:40:18 | 001,188,896 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012.05.04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012.03.11 19:01:14 | 000,073,728 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.EXE
PRC - [2012.01.17 11:07:54 | 000,252,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.10.14 08:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe
PRC - [2011.10.14 08:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\sua.exe
PRC - [2011.10.14 08:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psi_tray.exe
PRC - [2011.08.22 21:58:08 | 000,397,312 | ---- | M] (Sphinx Software) -- C:\Programme\Windows7FirewallControl\Windows7FirewallService.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2010.06.14 16:10:32 | 000,153,672 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\Gaming Software\LWEMon.exe
PRC - [2010.04.06 01:41:46 | 000,116,224 | ---- | M] (Brio) -- C:\Programme\FolderSize\FolderSizeSvc.exe
PRC - [2010.01.15 01:08:13 | 000,070,928 | ---- | M] (PC Tools) -- C:\Programme\ThreatFire\TFService.exe
PRC - [2008.03.05 11:00:12 | 001,531,904 | ---- | M] (Ralink Technology, Corp.) -- C:\Programme\RALINK\Common\RaUI.exe
PRC - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.exe
PRC - [2007.06.13 15:10:08 | 001,200,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.exe
PRC - [2007.05.30 01:21:24 | 000,520,192 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2005.11.17 13:46:26 | 000,172,032 | ---- | M] (Dritek System Inc.) -- C:\Programme\Medion Info Display\MdionLCM.exe
PRC - [2003.08.16 12:07:00 | 000,172,032 | ---- | M] (Jorgen Bosman) -- C:\WINDOWS\system32\poweroff.exe
PRC - [2001.09.24 09:39:28 | 000,098,304 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVComS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.02 10:12:42 | 001,790,464 | ---- | M] () -- C:\Programme\Alwil Software\Avast5\defs\12080200\algo.dll
MOD - [2012.07.04 12:39:50 | 000,051,200 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012.07.04 12:39:48 | 000,517,632 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012.07.04 12:39:48 | 000,410,112 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2011.04.20 12:39:12 | 000,565,827 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\sqlite3.dll
MOD - [2007.11.28 04:32:00 | 001,163,264 | ---- | M] () -- C:\Programme\RALINK\Common\acAuth.dll
MOD - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.exe
MOD - [2007.09.02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.dll
MOD - [2007.05.30 01:21:24 | 000,520,192 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
MOD - [2005.07.28 16:18:46 | 000,065,536 | ---- | M] () -- C:\Programme\Medion Info Display\MsnCtrl.dll
MOD - [2003.10.14 22:01:42 | 000,086,016 | ---- | M] () -- C:\Programme\RocketDock\Docklets\iCal\iCal.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Programme\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Programme\Spybot -- (SDScannerService)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.18 20:49:31 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.05.29 13:09:52 | 001,528,672 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.05.29 13:09:50 | 000,029,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2012.05.04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011.10.14 08:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011.10.14 08:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011.08.22 21:58:08 | 000,397,312 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Programme\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService)
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010.07.05 14:39:28 | 000,022,016 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Dokan\DokanLibrary\mounter.exe -- (DokanMounter)
SRV - [2010.07.04 19:07:40 | 000,238,952 | ---- | M] (Teruten) [Disabled | Stopped] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010.04.06 01:41:46 | 000,116,224 | ---- | M] (Brio) [Auto | Running] -- C:\Programme\FolderSize\FolderSizeSvc.exe -- (FolderSize)
SRV - [2010.01.15 01:08:13 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Programme\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2006.10.19 13:52:24 | 000,061,440 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006.03.31 19:06:50 | 000,266,338 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc)
SRV - [2006.03.31 19:06:50 | 000,118,880 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched)
SRV - [2006.03.31 19:05:34 | 001,073,152 | ---- | M] (Cyberlink) [On_Demand | Stopped] -- C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005.09.26 15:48:12 | 000,032,768 | ---- | M] (Softex Inc.) [Disabled | Stopped] -- C:\Programme\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2003.08.16 12:07:00 | 000,172,032 | ---- | M] (Jorgen Bosman) [Auto | Running] -- C:\WINDOWS\system32\poweroff.exe -- (Poweroff)
SRV - [2001.11.12 15:31:48 | 000,020,480 | ---- | M] (X10) [On_Demand | Stopped] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Disabled | Stopped] -- System32\vsdatant.sys -- (vsdatant)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012.07.03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.07.03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.07.03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.07.03 18:21:53 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012.07.03 18:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012.07.03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.07.03 18:21:52 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012.06.30 06:50:23 | 000,014,416 | ---- | M] (OpenLibSys.org) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ptbring0.sys -- (WinRing0_1_2_0)
DRV - [2012.06.11 20:57:18 | 006,629,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011.12.13 19:27:30 | 007,069,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2011.12.12 20:31:38 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.08.17 18:43:12 | 000,019,072 | ---- | M] () [Kernel | System | Running] -- C:\Programme\Windows7FirewallControl\Windows7FirewallControl.sys -- (Windows7FirewallControl)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.11.17 14:03:56 | 000,101,904 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2010.09.01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010.07.05 14:39:30 | 000,084,608 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\dokan.sys -- (Dokan)
DRV - [2010.06.14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.04.27 16:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2010.04.27 16:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2010.04.27 16:57:24 | 000,031,816 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmHidLo.sys -- (WmHidLo)
DRV - [2010.04.27 16:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2010.04.27 14:01:26 | 000,037,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2010.04.27 04:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2010.04.27 04:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus)
DRV - [2010.04.27 04:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV - [2010.02.14 15:02:02 | 000,028,164 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2010.02.11 14:01:43 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2010.01.15 01:08:30 | 000,059,664 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010.01.15 01:08:29 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010.01.15 01:08:28 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2009.11.18 08:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 08:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.11.16 15:46:12 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2009.11.06 06:32:25 | 000,007,296 | ---- | M] (Matthias Withopf) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\HDPrfDrv-1.sys -- (HDPrfDrv)
DRV - [2009.06.16 16:27:33 | 000,003,567 | ---- | M] (Beyond Logic hxxp://www.beyondlogic.org) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ptbtalk.sys -- (PortTalk)
DRV - [2009.02.12 09:55:00 | 000,241,408 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (RT2500USB)
DRV - [2008.12.20 10:02:49 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2007.09.12 18:24:00 | 000,026,816 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DslTestSp5.sys -- (dsltestSp5)
DRV - [2007.04.04 15:21:00 | 000,006,912 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2007.02.09 20:04:50 | 000,014,336 | R--- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Amps2prt.sys -- (Amps2prt)
DRV - [2006.11.10 15:08:50 | 000,024,064 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool)
DRV - [2006.11.02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006.08.11 15:47:13 | 000,059,776 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync04.sys -- (sfsync04)
DRV - [2006.07.05 14:46:06 | 000,063,352 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01a.sys -- (sfdrv01a)
DRV - [2006.06.14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2006.06.12 03:06:28 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2005.11.03 16:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02)
DRV - [2005.10.17 15:52:58 | 000,826,112 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2005.09.26 15:38:14 | 000,116,594 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ATSwpDrv.sys -- (ATSWPDRV)
DRV - [2005.08.04 01:30:52 | 000,069,248 | ---- | M] (C-Media Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmiucr.SYS -- (CMISTOR)
DRV - [2005.06.30 13:16:00 | 001,094,848 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005.05.19 15:52:58 | 000,017,792 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2005.01.05 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004.08.04 14:00:00 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004.08.04 14:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004.08.04 14:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004.08.04 14:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004.08.03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004.08.03 23:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2004.04.10 09:42:36 | 000,002,944 | ---- | M] (cansoft@livewiredev.com) [Kernel | System | Running] -- C:\WINDOWS\system32\mbmiodrvr.sys -- (mbmiodrvr)
DRV - [2004.04.08 12:06:08 | 000,070,400 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.04.08 10:46:50 | 000,054,272 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003.09.06 14:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\prosync1.sys -- (prosync1)
DRV - [2003.01.10 23:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2002.12.17 11:36:22 | 000,730,880 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\WDMCAPI.sys -- (WDMCAPI)
DRV - [2002.12.09 11:21:28 | 000,026,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdmwanmp.sys -- (WDMWANMP)
DRV - [2001.09.24 09:42:12 | 000,116,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\p35u.sys -- (QCPro)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.medion.com
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.medion.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
 
IE - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006\..\SearchScopes,DefaultScope = {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}
IE - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006\..\SearchScopes\{13BD4379-2A86-4BEB-8CD3-B8B8D42D9236}: "URL" = hxxp://www.amazon.de/gp/search?search-alias=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006\..\SearchScopes\{207805E3-B809-4932-9E9D-AC1523718D89}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006\..\SearchScopes\{6E6D5EAE-4609-4B72-954E-1DCC201F13CC}: "URL" = hxxp://suche.lycos.de/cgi-bin/pursuit?query={searchTerms}
IE - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006\..\SearchScopes\{A36FB954-3D9A-4F21-9FD4-A6697272BB05}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms}
IE - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}
IE - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006\..\SearchScopes\{C56DB163-251D-4DB0-97A7-C8519313FD9B}: "URL" = hxxp://suche.freenet.de/suche?query={searchTerms}
IE - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006\..\SearchScopes\{CF407345-062F-4C3D-8472-A7E294D50EC0}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006\..\SearchScopes\{DC50E125-1C21-4F64-B590-1A7015B0A4FD}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.1
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.12
FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.93
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.9.7.3
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: fb_add_on@avm.de:1.5.5
FF - prefs.js..extensions.enabledItems: informationaltab@piro.sakura.ne.jp:0.3.2010062901
FF - prefs.js..extensions.enabledItems: secureLogin@blueimp.net:0.9.5
FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76
FF - prefs.js..extensions.enabledItems: {411F2F11-830F-4AB5-B7F0-FBC77B870B5A}:1.0.6.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: ietab@ip.cn:1.95.20100933
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.11
FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009110501
FF - prefs.js..extensions.enabledItems: hidemenubar@moztw.org:4.0.20101120
FF - prefs.js..extensions.enabledItems: {de1b245c-de57-11da-ba2d-0050c2490048}:1.0.8
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.8
FF - prefs.js..extensions.enabledItems: {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}:0.9.1
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {455D905A-D37C-4643-A9E2-F6FEFAA0424A}:0.8.13
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36605
FF - prefs.js..extensions.enabledItems: {398e77b8-2304-11dc-8314-0800200c9a66}:0.3.13
FF - prefs.js..extensions.enabledItems: {D9A7CBEC-DE1A-444f-A092-844461596C4D}:4.3
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.4.2
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..extensions.enabledItems: {bb8d77b0-a845-4249-a205-ef7395587b69}:1.7
FF - prefs.js..extensions.enabledItems: silvermelxt@pardal.de:1.3.6
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2
FF - prefs.js..extensions.enabledItems: {fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}:1.1.1
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:3.6.5
FF - prefs.js..extensions.enabledItems: NuvolaFF@paenglab.ch:1.9.6
FF - prefs.js..extensions.enabledItems: david@dkjensen.com:0.0.4
FF - prefs.js..extensions.enabledItems: {961408A3-C970-4577-970A-D97C29839A67}:1.3.6
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
FF - prefs.js..network.proxy.socks_version: 4
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Programme\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Programme\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programme\Alwil Software\Avast5\WebRep\FF [2012.07.14 07:23:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9051303c-7e41-4311-a783-d6fe5ef2832d}: C:\Programme\FVD Suite\addons\Firefox [2012.03.13 16:33:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.18 20:49:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.03.22 16:46:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2012.06.08 16:53:05 | 000,000,000 | ---D | M]
 
[2010.06.12 09:37:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Extensions
[2010.06.12 09:37:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009.12.19 22:01:20 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Extensions\MediaCoder
[2009.12.19 21:58:53 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Extensions\MediaCoder-Setup-Wizard
[2008.10.01 08:34:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Extensions\songbird@songbirdnest.com
[2010.12.10 15:34:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions
[2010.12.10 15:34:33 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2010.12.10 15:34:33 | 000,000,000 | ---D | M] (Flagfox) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.12.10 15:34:33 | 000,000,000 | ---D | M] (TwitterBar) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}
[2010.12.10 15:34:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.12.10 15:34:33 | 000,000,000 | ---D | M] ("Split Browser") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2010.12.10 15:34:29 | 000,000,000 | ---D | M] (Minimap Addon) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
[2010.12.10 15:34:28 | 000,000,000 | ---D | M] (Flashblock) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010.12.10 15:34:28 | 000,000,000 | ---D | M] (Buyertools) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{411F2F11-830F-4AB5-B7F0-FBC77B870B5A}
[2010.12.10 15:34:28 | 000,000,000 | ---D | M] (RefControl) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}
[2010.12.10 15:34:28 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2010.12.10 15:34:27 | 000,000,000 | ---D | M] (Google Analytics Opt-out Browser Add-on) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}
[2010.12.10 15:34:27 | 000,000,000 | ---D | M] (NoScript) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2010.12.10 15:34:26 | 000,000,000 | ---D | M] (QuickPageZoom) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{8FFE139B-90A7-4460-A972-9D2738997F6D}
[2010.12.10 15:34:26 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2010.12.10 15:34:26 | 000,000,000 | ---D | M] (Charamel) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{961408A3-C970-4577-970A-D97C29839A67}
[2010.12.10 15:34:25 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010.12.10 15:34:25 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010.12.10 15:34:25 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}(2)
[2010.12.10 15:34:25 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.12.10 15:34:25 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.12.10 15:34:25 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2010.12.10 15:34:24 | 000,000,000 | ---D | M] (PwdHash) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{bb8d77b0-a845-4249-a205-ef7395587b69}
[2010.12.10 15:34:24 | 000,000,000 | ---D | M] (Full Fullscreen) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{bfe3406c-6f31-4789-86d5-efa50e12c9eb}(2)
[2010.12.10 15:34:19 | 000,000,000 | ---D | M] (Interclue) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{c33c5b47-69c8-45a4-a5e0-af85bbe628dd}
[2010.12.10 15:34:18 | 000,000,000 | ---D | M] ("BabelFish") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2010.12.10 15:34:17 | 000,000,000 | ---D | M] ("CoolPreviews") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}(2)
[2010.12.10 15:34:17 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.12.10 15:34:16 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010.12.10 15:34:13 | 000,000,000 | ---D | M] ("Default Full Zoom Level") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
[2010.12.10 15:34:13 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010.12.10 15:34:13 | 000,000,000 | ---D | M] (MinimizeToTray Plus) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}
[2010.12.10 15:34:09 | 000,000,000 | ---D | M] (Torbutton) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010.12.10 15:34:09 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010.12.10 15:34:06 | 000,000,000 | ---D | M] (FoxTab) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010.12.10 15:34:06 | 000,000,000 | ---D | M] (ProfileSwitcher) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}
[2010.12.10 15:35:01 | 000,000,000 | ---D | M] (Chromifox Basic) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\chromifox@altmusictv.com
[2010.12.10 15:34:55 | 000,000,000 | ---D | M] (Fopra) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\david@dkjensen.com
[2010.12.10 15:34:55 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.12.10 15:34:55 | 000,000,000 | ---D | M] (Element Hiding Helper for Adblock Plus) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\elemhidehelper@adblockplus.org
[2010.12.10 15:34:54 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\fb_add_on@avm.de
[2010.12.10 15:34:53 | 000,000,000 | ---D | M] (Ghostery) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\firefox@ghostery.com
[2010.12.10 15:34:52 | 000,000,000 | ---D | M] (Hide Menubar) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\hidemenubar@moztw.org
[2010.12.10 15:34:45 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\ietab@ip.cn
[2010.12.10 15:34:45 | 000,000,000 | ---D | M] ("Informational Tab") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\informationaltab@piro.sakura.ne.jp
[2010.12.10 15:34:44 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\noia2_option@kk.noia
[2010.12.10 15:34:44 | 000,000,000 | ---D | M] (Nuvola) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\NuvolaFF@paenglab.ch
[2010.12.10 15:34:44 | 000,000,000 | ---D | M] (Cooliris) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\piclens@cooliris(2).com
[2010.12.10 15:34:42 | 000,000,000 | ---D | M] (Cooliris) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\piclens@cooliris.com
[2010.12.10 15:34:41 | 000,000,000 | ---D | M] (qtl) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\qtl.co.il@gmail(2).com
[2010.12.10 15:34:39 | 000,000,000 | ---D | M] (Secure Login) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\secureLogin@blueimp.net
[2010.12.10 15:34:39 | 000,000,000 | ---D | M] (Silvermel and Charamel XT) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\silvermelxt@pardal.de
[2010.12.10 15:34:35 | 000,000,000 | ---D | M] (FastestFox) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\smarterwiki@wikiatic.com
[2010.12.10 15:34:35 | 000,000,000 | ---D | M] (Echofon) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\twitternotifier@naan.net
[2010.12.10 15:34:56 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\david@dkjensen.com\chrome\mozapps\extensions
[2012.02.22 16:20:07 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions
[2010.11.18 17:44:54 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2011.02.22 16:37:49 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010.12.20 15:52:33 | 000,000,000 | ---D | M] (Flagfox) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.10.14 15:52:54 | 000,000,000 | ---D | M] (TwitterBar) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}
[2010.04.27 15:20:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.29 10:00:06 | 000,000,000 | ---D | M] ("Split Browser") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2010.11.14 12:35:09 | 000,000,000 | ---D | M] (Minimap Addon) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
[2010.10.14 15:52:54 | 000,000,000 | ---D | M] (Flashblock) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010.08.18 11:28:27 | 000,000,000 | ---D | M] (Buyertools) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{411F2F11-830F-4AB5-B7F0-FBC77B870B5A}
[2010.07.18 13:55:17 | 000,000,000 | ---D | M] (RefControl) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}
[2010.12.11 12:56:05 | 000,000,000 | ---D | M] (SafeHistory) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{4649c7bb-2665-40f9-be48-fa9db9fdeb6c}
[2010.12.11 22:04:27 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2010.06.19 07:27:30 | 000,000,000 | ---D | M] (Google Analytics Opt-out Browser Add-on) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}
[2009.06.09 20:52:02 | 000,000,000 | ---D | M] (NoScript) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2010.01.09 13:47:44 | 000,000,000 | ---D | M] (QuickPageZoom) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{8FFE139B-90A7-4460-A972-9D2738997F6D}
[2009.07.05 20:27:50 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2010.12.08 16:47:21 | 000,000,000 | ---D | M] (Charamel) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{961408A3-C970-4577-970A-D97C29839A67}
[2009.09.15 18:54:30 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010.02.23 21:16:14 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2009.06.09 20:51:24 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}(2)
[2010.09.09 22:56:55 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.11.21 13:18:11 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2010.11.28 14:10:38 | 000,000,000 | ---D | M] (PwdHash) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{bb8d77b0-a845-4249-a205-ef7395587b69}
[2009.06.09 20:51:53 | 000,000,000 | ---D | M] (Full Fullscreen) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{bfe3406c-6f31-4789-86d5-efa50e12c9eb}(2)
[2010.01.15 13:17:21 | 000,000,000 | ---D | M] (Interclue) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{c33c5b47-69c8-45a4-a5e0-af85bbe628dd}
[2010.08.14 23:23:18 | 000,000,000 | ---D | M] ("BabelFish") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2009.06.09 20:51:55 | 000,000,000 | ---D | M] ("CoolPreviews") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}(2)
[2010.12.25 16:38:28 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.08.01 08:56:19 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010.11.21 12:48:46 | 000,000,000 | ---D | M] ("Default Full Zoom Level") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
[2010.05.29 10:00:05 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010.05.29 10:33:51 | 000,000,000 | ---D | M] (MinimizeToTray Plus) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}
[2010.07.17 12:56:39 | 000,000,000 | ---D | M] (Torbutton) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2011.01.06 17:54:15 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010.11.17 16:57:55 | 000,000,000 | ---D | M] (FoxTab) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010.12.10 15:19:06 | 000,000,000 | ---D | M] (ProfileSwitcher) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}
[2010.06.02 14:15:58 | 000,000,000 | ---D | M] (Chromifox Basic) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\chromifox@altmusictv.com
[2010.11.03 17:31:01 | 000,000,000 | ---D | M] (Fopra) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\david@dkjensen.com
[2010.11.17 21:00:14 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.11.03 17:34:27 | 000,000,000 | ---D | M] (Element Hiding Helper for Adblock Plus) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\elemhidehelper@adblockplus.org
[2010.01.11 17:50:35 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\fb_add_on@avm.de
[2010.11.21 13:07:59 | 000,000,000 | ---D | M] (Ghostery) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\firefox@ghostery.com
[2011.01.03 18:55:26 | 000,000,000 | ---D | M] (Hide Menubar) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\hidemenubar@moztw(2).org
[2010.11.23 22:15:02 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\ietab@ip.cn
[2010.07.01 08:12:59 | 000,000,000 | ---D | M] ("Informational Tab") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\informationaltab@piro.sakura.ne.jp
[2011.01.03 18:55:25 | 000,000,000 | ---D | M] ("Deutsch (DE) Language Pack") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\langpack-de@firefox.mozilla(2).org
[2011.01.03 22:40:53 | 000,000,000 | ---D | M] ("Deutsch (DE) Language Pack") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\langpack-de@firefox.mozilla.org
[2010.12.12 12:06:13 | 000,000,000 | ---D | M] (suchen.de) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\nachrichten@searchteq.de
[2010.02.23 21:16:16 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\noia2_option@kk.noia
[2010.12.17 14:38:03 | 000,000,000 | ---D | M] (Nuvola) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\NuvolaFF@paenglab.ch
[2009.06.09 20:51:55 | 000,000,000 | ---D | M] (Cooliris) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\piclens@cooliris(2).com
[2010.11.07 17:23:51 | 000,000,000 | ---D | M] (Cooliris) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\piclens@cooliris.com
[2009.06.09 20:52:00 | 000,000,000 | ---D | M] (qtl) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\qtl.co.il@gmail(2).com
[2011.01.03 18:55:29 | 000,000,000 | ---D | M] (Secure Login) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\secureLogin@blueimp(2).net
[2011.01.04 22:51:48 | 000,000,000 | ---D | M] (Secure Login) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\secureLogin@blueimp.net
[2010.12.08 16:47:19 | 000,000,000 | ---D | M] (Silvermel and Charamel XT) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\silvermelxt@pardal.de
[2010.11.10 15:09:36 | 000,000,000 | ---D | M] (FastestFox) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\smarterwiki@wikiatic.com
[2010.12.04 07:32:58 | 000,000,000 | ---D | M] (Echofon) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\twitternotifier@naan.net
[2010.11.03 17:31:01 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\david@dkjensen.com\chrome\mozapps\extensions
[2012.07.30 09:51:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions
[2012.07.09 12:23:36 | 000,000,000 | ---D | M] (Flagfox) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.07.21 18:33:18 | 000,000,000 | ---D | M] (Flashblock) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2012.01.03 18:17:17 | 000,000,000 | ---D | M] (RefControl) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}
[2012.05.22 19:34:16 | 000,000,000 | ---D | M] (Orange Fox) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{5b35cb30-16b4-11de-8c30-0800200c9a66}
[2011.01.09 19:30:32 | 000,000,000 | ---D | M] (NoScript) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2011.01.09 19:30:31 | 000,000,000 | ---D | M] (QuickPageZoom) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{8FFE139B-90A7-4460-A972-9D2738997F6D}
[2012.03.14 16:53:59 | 000,000,000 | ---D | M] ("FVD Suite Addon") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{9051303c-7e41-4311-a783-d6fe5ef2832d}
[2011.01.09 19:30:30 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2011.01.09 19:30:30 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2011.01.09 19:30:30 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}(2)
[2012.05.17 15:57:21 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.05.09 16:51:39 | 000,000,000 | ---D | M] (FT SleekDark) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{a21cd440-41d6-11e0-9207-0800200c9a66}
[2011.01.09 19:30:30 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2011.01.09 19:30:29 | 000,000,000 | ---D | M] (PwdHash) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{bb8d77b0-a845-4249-a205-ef7395587b69}
[2011.01.09 19:30:29 | 000,000,000 | ---D | M] (Full Fullscreen) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{bfe3406c-6f31-4789-86d5-efa50e12c9eb}(2)
[2011.06.24 15:08:49 | 000,000,000 | ---D | M] ("BabelFish") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2011.01.09 19:30:24 | 000,000,000 | ---D | M] ("CoolPreviews") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}(2)
[2012.01.26 22:01:50 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2011.10.27 16:51:28 | 000,000,000 | ---D | M] ("Default Full Zoom Level") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
[2012.06.28 09:16:23 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012.05.20 10:00:44 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.01.09 19:35:54 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2012.03.26 19:29:05 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2012.01.03 18:17:24 | 000,000,000 | ---D | M] (ProfileSwitcher) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}
[2012.01.03 18:17:08 | 000,000,000 | ---D | M] ("Gutscheinsammler.de") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\alarm@gutscheinsammler.de
[2011.01.09 19:30:53 | 000,000,000 | ---D | M] (Chromifox Basic) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\chromifox@altmusictv.com
[2012.06.26 20:57:37 | 000,000,000 | ---D | M] ("pearltrees") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\collector@broceliand.fr
[2011.03.10 16:11:46 | 000,000,000 | ---D | M] (Fopra) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\david@dkjensen.com
[2011.01.09 19:30:50 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.03.13 18:19:00 | 000,000,000 | ---D | M] (Ebay Button) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\ebayHotStuff@wangtom.com
[2012.05.16 15:57:28 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\fb_add_on@avm.de
[2011.11.19 15:35:03 | 000,000,000 | ---D | M] (Shareaholic) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\firefox-extension@shareaholic.com
[2012.05.05 19:41:27 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\ietab@ip.cn
[2012.01.16 21:01:27 | 000,000,000 | ---D | M] (SpeedFox) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\jid1-uabu5A9hduqzCw@jetpack
[2011.01.09 19:30:43 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\noia2_option@kk.noia
[2012.06.18 13:55:13 | 000,000,000 | ---D | M] ("Nuvola") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\NuvolaFF@paenglab.ch
[2011.01.09 19:30:43 | 000,000,000 | ---D | M] (Cooliris) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\piclens@cooliris(2).com
[2011.01.09 19:30:40 | 000,000,000 | ---D | M] (qtl) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\qtl.co.il@gmail(2).com
[2012.07.17 13:58:46 | 000,000,000 | ---D | M] (rein) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\rein@notiz.jp
[2011.10.29 10:33:33 | 000,000,000 | ---D | M] (Secure Login) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\secureLogin@blueimp.net
[2012.03.19 17:27:11 | 000,000,000 | ---D | M] (Echofon) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\twitternotifier@naan.net
[2011.11.19 15:35:02 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\firefox-extension@shareaholic.com\chrome
[2011.11.19 15:35:02 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\firefox-extension@shareaholic.com\defaults
[2011.03.10 16:11:46 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\knvwx1wv.Roman\extensions\david@dkjensen.com\chrome\mozapps\extensions
[2012.02.22 16:20:07 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions
[2010.12.10 15:56:55 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2011.02.22 16:37:50 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010.12.10 15:56:55 | 000,000,000 | ---D | M] (Flagfox) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.12.10 15:56:55 | 000,000,000 | ---D | M] (TwitterBar) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}
[2010.12.10 15:49:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.12.10 15:56:55 | 000,000,000 | ---D | M] ("Split Browser") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2010.12.10 15:56:53 | 000,000,000 | ---D | M] (Minimap Addon) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
[2010.12.10 15:56:53 | 000,000,000 | ---D | M] (Flashblock) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010.12.10 15:56:53 | 000,000,000 | ---D | M] (Buyertools) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{411F2F11-830F-4AB5-B7F0-FBC77B870B5A}
[2010.12.10 15:56:53 | 000,000,000 | ---D | M] (RefControl) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}
[2010.12.10 15:56:53 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2010.12.10 15:56:53 | 000,000,000 | ---D | M] (Google Analytics Opt-out Browser Add-on) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}
[2010.12.10 15:56:52 | 000,000,000 | ---D | M] (NoScript) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2010.12.10 15:56:51 | 000,000,000 | ---D | M] (QuickPageZoom) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{8FFE139B-90A7-4460-A972-9D2738997F6D}
[2010.12.10 15:56:51 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2010.12.10 15:56:51 | 000,000,000 | ---D | M] (Charamel) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{961408A3-C970-4577-970A-D97C29839A67}
[2010.12.10 15:56:51 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010.12.10 15:56:51 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010.12.10 15:56:50 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}(2)
[2010.12.10 15:56:50 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.12.10 15:56:50 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2010.12.10 15:56:50 | 000,000,000 | ---D | M] (PwdHash) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{bb8d77b0-a845-4249-a205-ef7395587b69}
[2010.12.10 15:56:50 | 000,000,000 | ---D | M] (Full Fullscreen) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{bfe3406c-6f31-4789-86d5-efa50e12c9eb}(2)
[2010.12.10 15:56:48 | 000,000,000 | ---D | M] (Interclue) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{c33c5b47-69c8-45a4-a5e0-af85bbe628dd}
[2010.12.10 15:56:47 | 000,000,000 | ---D | M] ("BabelFish") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2010.12.10 15:56:46 | 000,000,000 | ---D | M] ("CoolPreviews") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}(2)
[2010.12.10 15:56:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.12.10 15:56:46 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010.12.10 15:56:45 | 000,000,000 | ---D | M] ("Default Full Zoom Level") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
[2010.12.10 15:56:45 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010.12.10 15:56:45 | 000,000,000 | ---D | M] (MinimizeToTray Plus) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}
[2010.12.10 15:56:43 | 000,000,000 | ---D | M] (Torbutton) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010.12.10 15:56:43 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010.12.10 15:56:42 | 000,000,000 | ---D | M] (FoxTab) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010.12.10 15:56:42 | 000,000,000 | ---D | M] (ProfileSwitcher) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}
[2010.12.10 15:57:10 | 000,000,000 | ---D | M] (Chromifox Basic) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\chromifox@altmusictv.com
[2010.12.10 15:57:07 | 000,000,000 | ---D | M] (Fopra) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\david@dkjensen.com
[2010.12.10 15:57:07 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.12.10 15:57:07 | 000,000,000 | ---D | M] (Element Hiding Helper for Adblock Plus) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\elemhidehelper@adblockplus.org
[2010.12.10 15:57:06 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\fb_add_on@avm.de
[2010.12.10 15:57:06 | 000,000,000 | ---D | M] (Ghostery) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\firefox@ghostery.com
[2010.12.10 15:57:05 | 000,000,000 | ---D | M] (Hide Menubar) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\hidemenubar@moztw.org
[2010.12.10 16:01:43 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\ietab@ip.cn
[2010.12.10 15:57:02 | 000,000,000 | ---D | M] ("Informational Tab") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\informationaltab@piro.sakura.ne.jp
[2010.12.10 15:57:01 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\noia2_option@kk.noia
[2010.12.10 15:57:01 | 000,000,000 | ---D | M] (Nuvola) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\NuvolaFF@paenglab.ch
[2010.12.10 15:56:59 | 000,000,000 | ---D | M] (Cooliris) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\piclens@cooliris(2).com
[2010.12.10 15:56:59 | 000,000,000 | ---D | M] (Cooliris) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\piclens@cooliris.com
[2010.12.10 15:56:59 | 000,000,000 | ---D | M] (qtl) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\qtl.co.il@gmail(2).com
[2010.12.10 15:56:57 | 000,000,000 | ---D | M] (Secure Login) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\secureLogin@blueimp.net
[2010.12.10 15:56:57 | 000,000,000 | ---D | M] (Silvermel and Charamel XT) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\silvermelxt@pardal.de
[2010.12.10 15:56:56 | 000,000,000 | ---D | M] (FastestFox) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\smarterwiki@wikiatic.com
[2010.12.10 15:56:56 | 000,000,000 | ---D | M] (Echofon) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\twitternotifier@naan.net
[2010.12.10 15:57:07 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\david@dkjensen.com\chrome\mozapps\extensions
[2010.11.14 12:14:03 | 000,001,449 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\searchplugins\100-search-engines.xml
[2010.11.14 12:28:27 | 000,002,007 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\searchplugins\amazon-search.xml
[2010.05.29 11:14:41 | 000,001,820 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\searchplugins\bing.xml
[2010.07.17 12:18:57 | 000,000,873 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\searchplugins\conduit.xml
[2010.12.10 14:28:17 | 000,001,640 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\searchplugins\geizkragende-preisvergleich.xml
[2010.12.08 16:57:36 | 000,001,595 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\searchplugins\ixquick---deutsch.xml
[2010.12.10 14:28:18 | 000,001,134 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\searchplugins\mininova.xml
[2010.11.14 12:16:44 | 000,001,549 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\searchplugins\scroogle-ssl-search.xml
[2010.12.10 14:28:18 | 000,001,817 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\searchplugins\the-pirate-bay---uploaded.xml
[2010.12.06 15:44:24 | 000,011,187 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\searchplugins\timeanddatecom.xml
[2010.12.10 14:28:17 | 000,002,087 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\searchplugins\youtube.xml
[2012.03.21 16:24:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ROMAN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\4F18HCYE.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ROMAN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\4F18HCYE.DEFAULT\EXTENSIONS\HIDEMENUBAR@MOZTW.ORG
[2010.12.11 12:38:00 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\PROGRAMME\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSION
File not found (No name found) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.10.16 09:34:11 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAMME\MOZILLA FIREFOX 3 BETA 3\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2012.07.18 20:49:33 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.01.02 12:30:16 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.02 12:30:16 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.01.02 12:30:16 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.02 12:30:16 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.02 12:30:16 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.02 12:30:16 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 [/QUOTE] scanlog OTL

OTL Scanlog 2[QUOTE]O1 HOSTS File: ([2012.07.25 19:38:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Mediaplayer) - {1536BA74-8625-4240-99B0-BE65883689C8} - C:\Programme\Mediapiraten\Mediapiraten\IEButtonMPInterface.dll ()
O2 - BHO: (Open FVD Suite Toolbar) - {2B171655-A69C-5c18-B693-6CB5DC269D44} - C:\Programme\FVD Suite\addons\IE\FVDToolbar.dll (www.flashvideodownloader.org/fvd-suite/)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Buyertools) - {7C7A8947-5935-4430-AC0E-E7D04697414E} - C:\Programme\Buyertools Reminder\IEButtonBuyertoolsInterface.dll ()
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (FVD Suite Toolbar) - {2B171655-A69C-5c18-B693-6CB5DC269D41} - C:\Programme\FVD Suite\addons\IE\FVDToolbar.dll (www.flashvideodownloader.org/fvd-suite/)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVComS.exe (Logitech Inc.)
O4 - HKLM..\Run: [MedionVFD] C:\Programme\Medion Info Display\MdionLCM.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [SDTray] C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Programme\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006..\Run: [RocketDock] C:\Programme\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Ralink Wireless Utility.lnk = C:\Programme\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk = C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ToggleCommentPosition = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideShutdownScripts = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 01 00 00 00  [binary data]
O7 - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 01 00 00 00  [binary data]
O7 - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 01 00 00 00  [binary data]
O7 - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 1
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Programme\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Programme\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Programme\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Programme\Gemeinsame Dateien\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm File not found
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Programme\Free Download Manager\dlfvideo.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194093786750 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1244713437203 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F2A0C21-95A8-49D2-A281-77F75A6D8BF8}: NameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O19 - User stylesheet: User Stylesheet -
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\AutorunsDisabled: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\dimsntfy: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.10.09 14:46:45 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.bat -- [ NTFS ]
O32 - AutoRun File - [2006.11.02 12:52:16 | 000,000,120 | ---- | M] () - E:\autoexec.bat -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip - C:\WINDOWS\System32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
 
SafeBootMin: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {9309DD7E-EBFE-3C95-8B47-30D3A012F606} - .NET Framework
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /HideWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: AutorunsDisabled -
 
Drivers32: msacm.dvacm - C:\Programme\Gemeinsame Dateien\Ulead Systems\VIO\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imc - C:\WINDOWS\System32\IMC32.acm (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.MPEGacm - C:\Programme\Gemeinsame Dateien\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.ulmp3acm - C:\Programme\Gemeinsame Dateien\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i263 - C:\WINDOWS\System32\I263_32.drv (Intel Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.JPGL - C:\WINDOWS\System32\jpgl.dll (Tekom Technologies, Inc.)
Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\WMV9VCM.dll (Microsoft Corporation)
Drivers32: vidc.X264 - C:\WINDOWS\System32\x264vfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.02 17:07:04 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Roman\Desktop\OTL_001.exe
[2012.08.02 15:24:14 | 003,092,640 | ---- | C] (Adobe Systems, Inc.) -- C:\Dokumente und Einstellungen\Roman\Desktop\install_flash_player_10_plugin.exe
[2012.08.01 21:46:34 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Roman\Recent
[2012.07.31 16:48:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roman\Desktop\adb
[2012.07.31 16:48:38 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2012.07.31 16:42:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roman\.android
[2012.07.31 15:45:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\MindSoft
[2012.07.31 15:37:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\SUPERAntiSpyware.com
[2012.07.31 15:37:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
[2012.07.31 15:37:08 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2012.07.31 15:35:05 | 018,720,152 | ---- | C] (SUPERAntiSpyware.com) -- C:\Dokumente und Einstellungen\Roman\Desktop\SUPERAntiSpyware.exe
[2012.07.30 19:26:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Debugging Tools for Windows (x86)
[2012.07.30 19:26:33 | 000,000,000 | ---D | C] -- C:\Programme\Debugging Tools for Windows (x86)
[2012.07.29 07:27:16 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Roman\Desktop\aswMBR.exe
[2012.07.29 07:26:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roman\Desktop\osam
[2012.07.26 07:32:12 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.07.25 06:43:23 | 004,584,441 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Roman\Desktop\ComboFix.exe
[2012.07.24 22:02:20 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Roman\Desktop\tdsskiller.exe
[2012.07.24 16:57:57 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Roman\Desktop\OTL.exe
[2012.07.24 06:37:32 | 000,241,408 | ---- | C] (Ralink Technology Inc.) -- C:\WINDOWS\System32\drivers\rt2500usb.sys
[2012.07.24 06:37:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ralink Wireless
[2012.07.24 06:37:30 | 000,000,000 | ---D | C] -- C:\Programme\RALINK
[2012.07.23 20:09:24 | 035,625,327 | ---- | C] (Macrovision Corporation) -- C:\Dokumente und Einstellungen\Roman\Desktop\IS_AP_STA_2500USB_D-2.1.1.15_VA-3.1.0.0_RU-2.1.1.0_VA-2.1.1.0_AU-2.0.0.0_VA-2.0.0.0_021209_0.1.0.46_.exe
[2012.07.23 18:31:28 | 017,010,016 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Roman\Desktop\IE8-WindowsXP-x86-DEU.exe
[2012.07.23 15:38:32 | 000,101,832 | ---- | C] (SUPERAntiSpyware.com) -- C:\Dokumente und Einstellungen\Roman\Desktop\SASUNINST.EXE
[2012.07.23 10:07:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roman\Startmen³
[2012.07.18 16:17:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roman\Desktop\119622-spybot-2-0-rootkit-scan-hkey_local_machine-software-xanthic-blue-screen-irql_not_less_or_equal-Dateien
[2012.07.18 16:03:21 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Roman\Desktop\esetsmartinstaller_enu.exe
[2012.07.16 06:38:07 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.07.16 06:38:07 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.07.13 19:48:56 | 000,162,616 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Dokumente und Einstellungen\Roman\Desktop\RegDelNull.exe
[2012.07.08 16:30:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roman\Eigene Dateien\ProcAlyzer Dumps
[2012.07.08 13:47:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy 2
[2012.07.08 13:46:51 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2012.07.08 13:46:36 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy 2
[76 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.02 17:00:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.08.02 17:00:19 | 2145,898,496 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.02 15:24:44 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.07.31 19:35:32 | 215,875,584 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2012.07.31 16:49:56 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2012.07.31 16:48:46 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2012.07.31 16:48:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.07.31 16:13:37 | 000,008,121 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Eigene Dateien\wpdmtp.inf
[2012.07.31 15:45:44 | 000,001,776 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\MindSoft Utilities XP.lnk
[2012.07.31 15:37:15 | 000,001,646 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.07.31 15:35:04 | 018,720,152 | ---- | M] (SUPERAntiSpyware.com) -- C:\Dokumente und Einstellungen\Roman\Desktop\SUPERAntiSpyware.exe
[2012.07.31 13:00:24 | 000,000,610 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012.07.31 13:00:24 | 000,000,310 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012.07.31 08:53:06 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Desktop\MBR.dat
[2012.07.26 23:20:25 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Roman\Desktop\OTL_001.exe
[2012.07.25 19:38:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.07.24 17:16:26 | 000,640,378 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.07.24 17:16:26 | 000,597,154 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.07.24 17:16:26 | 000,155,712 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.07.24 17:16:26 | 000,128,692 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.07.24 12:14:57 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Roman\Desktop\tdsskiller.exe
[2012.07.24 11:23:42 | 004,584,441 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Roman\Desktop\ComboFix.exe
[2012.07.24 07:22:35 | 000,001,246 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Desktop\cports.cfg
[2012.07.24 06:37:31 | 000,001,589 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Ralink Wireless Utility.lnk
[2012.07.23 23:35:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Roman\Desktop\OTL.exe
[2012.07.23 20:23:45 | 035,625,327 | ---- | M] (Macrovision Corporation) -- C:\Dokumente und Einstellungen\Roman\Desktop\IS_AP_STA_2500USB_D-2.1.1.15_VA-3.1.0.0_RU-2.1.1.0_VA-2.1.1.0_AU-2.0.0.0_VA-2.0.0.0_021209_0.1.0.46_.exe
[2012.07.23 19:58:55 | 000,001,659 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Eigene Dateien\PTBSync-AutoExport-Roman.ini
[2012.07.23 19:02:19 | 000,430,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.07.23 18:37:29 | 000,000,134 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Desktop\Internet Explorer-Problembehebung.url
[2012.07.23 10:07:48 | 000,000,690 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Desktop\KMPlayer.lnk
[2012.07.21 09:31:03 | 000,050,529 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Desktop\Florianweiß.jpg
[2012.07.20 17:53:32 | 000,000,487 | ---- | M] () -- C:\WINDOWS\wiso.ini
[2012.07.19 14:33:52 | 000,624,883 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Desktop\adwcleaner.exe
[2012.07.18 16:17:39 | 000,224,333 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Desktop\119622-spybot-2-0-rootkit-scan-hkey_local_machine-software-xanthic-blue-screen-irql_not_less_or_equal.html
[2012.07.18 13:19:30 | 000,022,354 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Desktop\GMER18.7.12.rar
[2012.07.17 14:37:55 | 000,000,705 | RHS- | M] () -- C:\boot.ini
[2012.07.16 14:57:33 | 000,018,798 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Desktop\germ.rar
[2012.07.16 13:16:13 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Desktop\u43koo52.exe
[2012.07.16 13:01:36 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\defogger_reenable
[2012.07.16 06:38:07 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.07.15 18:57:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.07.14 07:23:51 | 000,003,008 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012.07.13 20:57:15 | 000,000,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.13 20:42:07 | 000,001,832 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012.07.11 20:34:12 | 000,000,612 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2012.07.09 12:35:56 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2012.07.08 13:52:21 | 000,442,344 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120720-070551.backup
[2012.07.08 13:47:06 | 000,001,804 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spybot-S&D Start Center.lnk
[2012.07.03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012.07.03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012.07.03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012.07.03 18:21:53 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012.07.03 18:21:53 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012.07.03 18:21:53 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012.07.03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012.07.03 18:21:52 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012.07.03 18:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012.07.03 18:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[76 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.31 16:49:56 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2012.07.31 16:48:46 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2012.07.31 16:13:32 | 000,008,121 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\Eigene Dateien\wpdmtp.inf
[2012.07.31 15:45:44 | 000,001,776 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\MindSoft Utilities XP.lnk
[2012.07.31 15:37:15 | 000,001,646 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.07.30 19:24:54 | 019,269,120 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\Desktop\dbg_x86.msi
[2012.07.29 08:01:55 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\Desktop\MBR.dat
[2012.07.24 07:38:51 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012.07.24 06:48:17 | 2145,898,496 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.24 06:37:31 | 000,001,589 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Ralink Wireless Utility.lnk
[2012.07.23 18:37:29 | 000,000,134 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\Desktop\Internet Explorer-Problembehebung.url
[2012.07.21 09:13:45 | 000,050,529 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\Desktop\Florianweiß.jpg
[2012.07.21 09:03:20 | 000,066,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\Desktop\svsh01.jpg
[2012.07.21 09:02:21 | 000,071,643 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\Desktop\florian.jpg
[2012.07.19 14:33:53 | 000,624,883 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\Desktop\adwcleaner.exe
[2012.07.19 08:07:20 | 000,005,442 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\Desktop\images_002.jpeg
[2012.07.19 07:59:59 | 000,009,719 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\Desktop\images_001.jpeg
[2012.07.19 07:59:32 | 000,013,123 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\Desktop\images.jpeg
[2012.07.18 16:17:32 | 000,224,333 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\Desktop\119622-spybot-2-0-rootkit-scan-hkey_local_machine-software-xanthic-blue-screen-irql_not_less_or_equal.html
[2012.07.18 13:19:30 | 000,022,354 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\Desktop\GMER18.7.12.rar
[2012.07.16 14:57:33 | 000,018,798 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\Desktop\germ.rar
[2012.07.16 13:16:15 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\Desktop\u43koo52.exe
[2012.07.16 13:01:21 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\defogger_reenable
[2012.07.16 12:57:47 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\Desktop\Defogger.exe
[2012.07.14 07:23:51 | 000,000,310 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012.07.08 13:47:20 | 000,000,612 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2012.07.08 13:47:20 | 000,000,610 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012.07.08 13:47:20 | 000,000,440 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2012.07.08 13:47:06 | 000,001,810 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot-S&D Start Center.lnk
[2012.07.08 13:47:06 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spybot-S&D Start Center.lnk
[2012.03.11 18:06:48 | 000,021,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2012.01.19 20:57:19 | 000,000,487 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2012.01.03 21:48:24 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2012.01.03 21:48:24 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2012.01.03 21:48:24 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2012.01.03 21:46:46 | 000,037,888 | ---- | C] () -- C:\WINDOWS\UninstallLegend.exe
[2011.12.28 21:03:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011.12.28 21:02:49 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011.12.28 21:02:49 | 000,637,743 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011.12.28 21:02:49 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011.12.05 23:04:00 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011.12.05 23:03:52 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011.05.28 20:42:45 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\LVUI2RC.dll
[2011.05.28 20:42:40 | 000,000,260 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2011.01.06 19:52:01 | 000,000,011 | ---- | C] () -- C:\WINDOWS\Chine.ini
[2010.11.13 23:22:25 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2010.11.12 00:15:52 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.11.12 00:15:52 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.11.12 00:15:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.11.12 00:15:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.11.12 00:15:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.09.07 09:57:18 | 000,000,084 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2010.08.14 12:46:46 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010.02.02 00:11:36 | 000,000,290 | ---- | C] () -- C:\Programme\setup.ini
[2009.12.19 17:47:01 | 011,796,480 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\ntuser.bak
[2009.12.05 13:32:21 | 000,004,138 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\schocko.aup
[2009.12.04 13:07:07 | 000,003,164 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\Derkabeljau.aup
[2009.10.27 18:49:13 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\$_hpcst$.hpc
[2009.10.02 16:12:56 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt
[2009.09.17 12:42:21 | 000,000,218 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\.recently-used.xbel
[2009.01.16 19:44:58 | 000,000,016 | -H-- | C] () -- C:\Dokumente und Einstellungen\Roman\mxfilerelatedcache.mxc2
[2008.05.09 16:51:13 | 000,000,008 | RH-- | C] () -- C:\Dokumente und Einstellungen\Roman\hwid
[2007.10.10 21:38:09 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2007.09.18 17:56:32 | 000,003,880 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\HKLM_Run.reg
[2007.09.18 17:56:32 | 000,000,990 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\HKCU_Run.reg
[2007.09.18 17:56:32 | 000,000,238 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\HKLM_RunServices.reg
[2007.09.18 17:56:32 | 000,000,230 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\HKLM_RunOnce.reg
[2007.09.18 17:56:32 | 000,000,228 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\HKCU_RunOnce.reg
[2006.06.29 17:50:20 | 000,416,961 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\.fonts.cache-1
[2006.06.05 17:37:08 | 000,000,033 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\.gtkrc-2.0
[2006.06.05 10:10:40 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\.gtk-bookmarks
[2006.05.16 15:20:30 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\default.pls
[2005.11.27 23:10:48 | 000,001,274 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\wklnhst.dat
[2005.11.27 19:54:51 | 000,000,147 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2005.11.25 22:43:04 | 000,059,392 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005.11.25 22:43:04 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.07.16 16:00:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Adobe
[2012.02.18 21:23:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\AdobeMuse
[2008.01.06 16:13:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Album Shaper
[2011.12.29 14:00:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Audacity
[2011.01.26 19:22:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\AudioMoves
[2009.12.19 23:14:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\AVS4YOU
[2006.02.04 14:03:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\BoostXP2
[2012.02.22 16:08:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Broad Intelligence
[2012.01.19 20:58:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Buhl Data Service
[2012.07.19 07:55:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Canon
[2012.01.27 19:21:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Christofer Persson
[2010.12.15 08:12:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\COMPUTERBILD Mein-Datensafe
[2005.11.01 13:06:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\CyberLink
[2007.11.27 21:15:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\DataCast
[2005.11.25 23:14:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\DataDesign
[2008.06.25 16:11:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\DeepBurner Pro
[2010.01.03 11:25:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\DivX
[2009.02.16 18:35:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\dvdcss
[2012.02.22 16:18:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\DVDVideoSoft
[2012.02.22 16:19:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\DVDVideoSoftIEHelpers
[2010.12.31 12:34:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Easeware
[2012.03.13 16:26:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\EurekaLog
[2010.09.17 21:17:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\ExportTool
[2011.06.14 10:45:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Foxit Software
[2006.03.02 15:35:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Fraunhofer
[2011.10.31 17:23:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Free Download Manager
[2009.09.26 17:50:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\FreenetMail
[2011.12.01 16:15:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\FRITZ!
[2012.03.13 16:33:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\FVDToolbar
[2009.10.12 19:33:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\gnupg
[2011.04.17 13:26:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\GrabPro
[2008.12.30 18:32:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\gtk-2.0
[2005.11.27 23:43:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Help
[2005.10.08 22:58:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Identities
[2011.01.03 20:09:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Inkscape
[2009.01.04 18:44:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\InstallShield
[2010.01.23 19:29:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Intermedia Software
[2012.05.22 21:22:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Internet-Radio Player
[2007.05.06 18:23:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\InterVideo
[2010.12.26 13:34:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\IObit
[2010.12.31 13:07:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\KC Softwares
[2008.12.30 18:09:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\KDE
[2007.09.25 14:22:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Launchy
[2010.02.17 15:37:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Lexware
[2011.12.10 11:52:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\LibreOffice
[2012.03.04 18:37:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Macromedia
[2005.11.27 20:12:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\MAGIX
[2010.11.17 18:39:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Malwarebytes
[2012.02.04 20:43:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Media Player Classic
[2010.12.16 22:35:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\metaspinner net GmbH
[2010.06.26 20:39:59 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Microsoft
[2011.07.18 18:41:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\ML
[2012.02.13 17:02:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla
[2009.12.06 16:24:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mp3tag
[2006.01.01 19:14:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Notepad++
[2010.11.12 23:16:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Online Solutions
[2010.04.22 19:44:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\OpenOffice.org
[2007.04.11 16:02:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\OpenOffice.org2
[2010.12.04 11:14:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Opera
[2012.04.22 09:21:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Oracle
[2011.12.29 13:26:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Orbit
[2009.10.27 18:54:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\PC Suite
[2012.04.29 21:59:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Phoenix Backup
[2012.02.11 17:30:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\phonostar-Player
[2012.02.27 15:13:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\PhotoScape
[2010.10.13 15:58:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\PreisHai4
[2011.04.17 13:28:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\ProgSense
[2012.02.20 17:16:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\QuickScan
[2009.12.04 23:30:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\r2 Studios
[2011.12.07 15:23:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Rainmeter
[2009.10.03 19:58:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Real Desktop
[2010.10.09 11:22:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\SAMSUNG
[2008.03.11 18:34:14 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\SecuROM
[2006.05.01 12:41:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Sierra
[2009.09.28 13:12:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\StarOffice8
[2006.01.07 08:23:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Sun
[2012.07.31 15:37:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\SUPERAntiSpyware.com
[2007.10.15 18:23:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Talkback
[2010.01.25 20:09:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Thunderbird
[2011.12.29 21:09:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\TuneUp Software
[2008.03.26 16:12:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\U3
[2007.05.06 18:23:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Ulead Systems
[2011.01.02 10:30:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Uniblue
[2012.02.01 21:04:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\vlc
[2011.11.13 10:27:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\VMware
[2008.04.09 15:39:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\winpt
[2011.11.13 20:20:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\WinRAR
[2011.11.19 15:18:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Wise Registry Cleaner
[2005.12.31 11:39:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Workrave
[2009.08.25 13:56:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\X-Setup Pro
[2012.07.19 07:53:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\XnView
 
< %APPDATA%\*.exe /s >
[2012.02.11 17:30:17 | 000,045,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Internet-Radio Player\update.exe
[2012.02.11 17:30:24 | 001,369,683 | ---- | M] (                                                            ) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Internet-Radio Player\update2.exe
[2008.07.10 19:46:28 | 000,094,208 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Internet-Radio Player\skins\ps_starter.exe
[2012.06.23 18:13:12 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.01.25 22:26:00 | 000,003,584 | R--- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
[2010.12.31 13:28:13 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2012.07.03 06:57:08 | 000,088,102 | R--- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Microsoft\Installer\{8CB71C6D-C5C1-3838-6A53-917618E0B4DE}\ARPPRODUCTICON.exe
[2008.02.13 20:32:29 | 000,025,214 | R--- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Microsoft\Installer\{CE378F36-E404-4244-A33F-F50A2A6D31BD}\ARPPRODUCTICON.exe
[2008.08.12 20:16:08 | 000,015,086 | R--- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Microsoft\Installer\{D21B65C4-F7ED-4805-8781-BB835AC85D14}\_AC451EB93647F071F44C3B.exe
[2008.08.12 20:16:08 | 000,015,086 | R--- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Microsoft\Installer\{D21B65C4-F7ED-4805-8781-BB835AC85D14}\_AF6EF1E1D61E94F138937B.exe
[2010.03.29 16:02:58 | 000,528,522 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\sqlite3.exe
[2008.04.15 14:49:02 | 000,127,488 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{411F2F11-830F-4AB5-B7F0-FBC77B870B5A}\chrome\buyertools.exe
[2010.05.26 20:10:22 | 000,425,984 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
[2010.05.26 20:10:22 | 000,545,280 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
[2010.03.29 16:02:58 | 000,528,522 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\sqlite3.exe
[2008.04.15 14:49:02 | 000,127,488 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{411F2F11-830F-4AB5-B7F0-FBC77B870B5A}\chrome\buyertools.exe
[2010.05.26 20:10:22 | 000,425,984 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
[2010.05.26 20:10:22 | 000,545,280 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
[2008.04.15 14:49:02 | 000,127,488 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{411F2F11-830F-4AB5-B7F0-FBC77B870B5A}\chrome\buyertools.exe
[2010.05.26 20:10:22 | 000,425,984 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
[2010.05.26 20:10:22 | 000,545,280 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
[2010.03.29 16:02:58 | 000,528,522 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Thunderbird\Profiles\k3jpyvld.default\sqlite3.exe
[2006.12.07 11:45:12 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\U3\temp\cleanup.exe
[2006.12.07 11:45:12 | 003,096,576 | -H-- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.03.08 17:36:30 | 000,579,072 | ---- | M] () MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\RECYCLER\S-1-5-21-2258962752-1167673804-3329230130-1006\Dc116\NoiaPack\_IN\User32.dll
[2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\ERDNT\cache\user32.dll
[2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\system32\dllcache\user32.dll
[2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\system32\user32.dll
[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 14:00:00 | 000,507,392 | ---- | M] () MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\RECYCLER\S-1-5-21-2258962752-1167673804-3329230130-1006\Dc116\NoiaPack\_IN\Winlogon.exe
[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2005.10.09 00:51:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2005.10.09 00:51:04 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2005.10.09 00:51:04 | 000,442,368 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\rundll32.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Dokumente und Einstellungen\Roman\Desktop\IS_AP_STA_2500USB_D-2.1.1.15_VA-3.1.0.0_RU-2.1.1.0_VA-2.1.1.0_AU-2.0.0.0_VA-2.0.0.0_021209_0.1.0.46_.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Boot.bak:SummaryInformation

< End of report >
--- --- ---

cosinus 03.08.2012 15:50
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
IE - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006\..\SearchScopes\{6E6D5EAE-4609-4B72-954E-1DCC201F13CC}: "URL" = http://suche.lycos.de/cgi-bin/pursuit?query={searchTerms}
IE - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006\..\SearchScopes\{A36FB954-3D9A-4F21-9FD4-A6697272BB05}: "URL" = http://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms}
IE - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
IE - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006\..\SearchScopes\{C56DB163-251D-4DB0-97A7-C8519313FD9B}: "URL" = http://suche.freenet.de/suche?query={searchTerms}
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.medion.com
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.medion.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
FF - prefs.js..network.proxy.socks_version: 4
[2010.12.10 15:34:25 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.02.22 16:37:49 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2011.02.22 16:37:50 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010.07.17 12:18:57 | 000,000,873 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\searchplugins\conduit.xml
[2010.12.10 14:28:17 | 000,001,640 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\searchplugins\geizkragende-preisvergleich.xml
[2010.12.08 16:57:36 | 000,001,595 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\searchplugins\ixquick---deutsch.xml
[2010.12.10 14:28:18 | 000,001,134 | ---- | M] () -- C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\searchplugins\mininova.xml
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found.
O3 - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ToggleCommentPosition = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideShutdownScripts = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 01 00 00 00  [binary data]
O7 - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 01 00 00 00  [binary data]
O7 - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 01 00 00 00  [binary data]
O7 - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-2258962752-1167673804-3329230130-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.10.09 14:46:45 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.bat -- [ NTFS ]
O32 - AutoRun File - [2006.11.02 12:52:16 | 000,000,120 | ---- | M] () - E:\autoexec.bat -- [ FAT32 ]
:Files
C:\Dokumente und Einstellungen\Roman\Desktop\IS_AP_STA_2500USB_D-2.1.1.15_VA-3.1.0.0_RU-2.1.1.0_VA-2.1.1.0_AU-2.0.0.0_VA-2.0.0.0_021209_0.1.0.46_.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Polarbär 03.08.2012 18:13
FIX ausgeführt:cool::cool:
Zitat:
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-2258962752-1167673804-3329230130-1006\Software\Microsoft\Internet Explorer\SearchScopes\{6E6D5EAE-4609-4B72-954E-1DCC201F13CC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E6D5EAE-4609-4B72-954E-1DCC201F13CC}\ not found.
Registry key HKEY_USERS\S-1-5-21-2258962752-1167673804-3329230130-1006\Software\Microsoft\Internet Explorer\SearchScopes\{A36FB954-3D9A-4F21-9FD4-A6697272BB05}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A36FB954-3D9A-4F21-9FD4-A6697272BB05}\ not found.
Registry key HKEY_USERS\S-1-5-21-2258962752-1167673804-3329230130-1006\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}\ not found.
Registry key HKEY_USERS\S-1-5-21-2258962752-1167673804-3329230130-1006\Software\Microsoft\Internet Explorer\SearchScopes\{C56DB163-251D-4DB0-97A7-C8519313FD9B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C56DB163-251D-4DB0-97A7-C8519313FD9B}\ not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: true removed from browser.search.openintab
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" removed from keyword.URL
Prefs.js: 4 removed from network.proxy.socks_version
C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\META-INF folder moved successfully.
C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components folder moved successfully.
C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\4f18hcye.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} folder moved successfully.
C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\META-INF folder moved successfully.
C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components folder moved successfully.
C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\Profiles\mrtyg6wm.Neu Test Profil\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} folder moved successfully.
C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\searchplugins\conduit.xml moved successfully.
C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\searchplugins\geizkragende-preisvergleich.xml moved successfully.
C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\searchplugins\ixquick---deutsch.xml moved successfully.
C:\Dokumente und Einstellungen\Roman\Anwendungsdaten\Mozilla\Firefox\4f18hcye.default (PROFIL KOPIE)\searchplugins\mininova.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2258962752-1167673804-3329230130-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ToggleCommentPosition deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStrCmpLogical deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveSearch deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\VerboseStatus deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogonScripts deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\SynchronousMachineGroupPolicy deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\SynchronousUserGroupPolicy deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideShutdownScripts deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2258962752-1167673804-3329230130-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2258962752-1167673804-3329230130-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoWinKeys deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2258962752-1167673804-3329230130-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSharedDocuments deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2258962752-1167673804-3329230130-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMBalloonTip deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2258962752-1167673804-3329230130-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoNetworkConnections deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2258962752-1167673804-3329230130-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2258962752-1167673804-3329230130-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2258962752-1167673804-3329230130-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsNetHood deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2258962752-1167673804-3329230130-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2258962752-1167673804-3329230130-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2258962752-1167673804-3329230130-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2258962752-1167673804-3329230130-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogonScripts deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.bat moved successfully.
E:\autoexec.bat moved successfully.
========== FILES ==========
C:\Dokumente und Einstellungen\Roman\Desktop\IS_AP_STA_2500USB_D-2.1.1.15_VA-3.1.0.0_RU-2.1.1.0_VA-2.1.1.0_AU-2.0.0.0_VA-2.0.0.0_021209_0.1.0.46_.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Besitzer

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 229376 bytes

User: Internet
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 296223 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 31456256 bytes
->Flash cache emptied: 36665 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Apple Safari cache emptied: 104448 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Roman
->Temp folder emptied: 5274034 bytes
->Temporary Internet Files folder emptied: 399683 bytes
->Java cache emptied: 120301 bytes
->FireFox cache emptied: 147736467 bytes
->Flash cache emptied: 58035 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 92296 bytes
%systemroot%\System32\dllcache .tmp files removed: 24568832 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2929713 bytes
RecycleBin emptied: 2495399018 bytes

Total Files Cleaned = 2.583,00 mb


[EMPTYFLASH]

User: All Users

User: Besitzer

User: Default User

User: Internet
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Roman
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.55.0 log created on 08032012_185257

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus 03.08.2012 20:49
Code:
[2012.07.24 22:02:20 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Roman\Desktop\tdsskiller.exe
Was hast du da schon mit dem tdsskiller gemacht?!! :eek:

Polarbär 04.08.2012 06:57
OTL hat vorher doch nicht geklappt. :pfeiff:

Zitat:
Zitat von Polarbär (Beitrag 872602)
Ja klar! Gerade nochmal probiert OTL geht nicht.
Hab festgestellt das Internet Explorer8 sich nicht öffnet. Gibts da einen Zusammenhang?

Zitat:
Zitat von cosinus (Beitrag 872808)
Könnte sein. Überspringen wir OTL erstmal

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-a...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

cosinus 04.08.2012 14:16
Ach sry, das hab ich ja völlig verplant, dass wir das gemacht haben :stirn:


Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Polarbär 04.08.2012 17:49
Na dann hier die Logs:
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:16:48 on 04.08.2012

OS: Windows XP Home Edition Service Pack 2 (Build 2600)
Default Browser: Mozilla Corporation Firefox 14.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - ? - C:\WINDOWS\system32\sdnclean.exe

[Common]
-----( %SystemRoot%\Tasks )-----
"Scan the system (Spybot - Search & Destroy).job" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDScan.exe
"avast! Emergency Update.job" - "AVAST Software" - C:\Programme\Alwil Software\Avast5\AvastEmUpdate.exe
"Check for updates (Spybot - Search & Destroy).job" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe
"Refresh immunization (Spybot - Search & Destroy).job" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDImmunize.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"cttune.cpl" - ? - C:\WINDOWS\system32\cttune.cpl
"ddbaccpl.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddbaccpl.cpl
"ddbacctm.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddbacctm.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Oracle Corporation" - C:\WINDOWS\system32\javacpl.cpl
"QTW32.CPL" - "Apple Computer, Inc." - C:\WINDOWS\system32\QTW32.CPL
"scurecpl.cpl" - "Softex, Inc" - C:\WINDOWS\system32\scurecpl.cpl
"wuaucpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\wuaucpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"ColorManagement" - "Microsoft Corporation" - C:\Programme\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\ColorMgmt.cpl
"Folder Size" - "Brio" - C:\Programme\FolderSize\FolderSize.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QT Lite\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"A4Tech PS/2 Port Mouse Driver" (Amps2prt) - "A4Tech Co.,Ltd." - C:\WINDOWS\System32\DRIVERS\Amps2prt.sys
"AEGIS Protocol (IEEE 802.1x) v3.7.5.0" (AegisP) - "Cisco Systems, Inc." - C:\WINDOWS\System32\DRIVERS\AegisP.sys
"aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswFsBlk.sys
"aswRdr" (aswRdr) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswRdr.sys
"aswSnx" (aswSnx) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSnx.sys
"aswSP" (aswSP) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSP.sys
"ati2mtag" (ati2mtag) - "ATI Technologies Inc." - C:\WINDOWS\System32\DRIVERS\ati2mtag.sys
"ATITool Overclocking Utility" (ATITool) - ? - C:\WINDOWS\System32\DRIVERS\ATITool.sys
"avast! Asynchronous Virus Monitor" (Aavmker4) - "AVAST Software" - C:\WINDOWS\system32\drivers\Aavmker4.sys
"avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswTdi.sys
"avast! Standard Shield Support" (aswMon2) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswMon2.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"CrystalSysInfo" (CrystalSysInfo) - ? - C:\Programme\MediaCoder\SysInfo.sys  (File not found)
"DgiVecp" (DgiVecp) - "Samsung Electronics Co., Ltd." - C:\WINDOWS\system32\Drivers\DgiVecp.sys
"Dokan" (Dokan) - "Windows (R) Win 7 DDK provider" - C:\WINDOWS\system32\drivers\dokan.sys
"dsltestSp5 NDIS Protocol Driver" (dsltestSp5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\System32\Drivers\dsltestSp5.sys
"FsUsbExDisk" (FsUsbExDisk) - ? - C:\WINDOWS\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)
"GEARAspiWDM" (GEARAspiWDM) - "GEAR Software Inc." - C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
"giveio" (giveio) - ? - C:\WINDOWS\System32\giveio.sys  (File found, but it contains no detailed information)
"HDPrfDrv" (HDPrfDrv) - "Matthias Withopf" - C:\WINDOWS\system32\HDPrfDrv-1.sys
"ISDN PCI CAPI" (WDMCAPI) - ? - C:\WINDOWS\System32\DRIVERS\WDMCAPI.sys  (File signed by Microsoft | File found, but it contains no detailed information)
"mbmiodrvr" (mbmiodrvr) - "cansoft@livewiredev.com" - C:\WINDOWS\system32\mbmiodrvr.sys
"MxlW2k" (MxlW2k) - "MusicMatch, Inc." - C:\WINDOWS\system32\drivers\MxlW2k.sys
"NDIS WAN miniport" (WDMWANMP) - ? - C:\WINDOWS\System32\DRIVERS\wdmwanmp.sys  (File signed by Microsoft | File found, but it contains no detailed information)
"NPPTNT2" (NPPTNT2) - "INCA Internet Co., Ltd." - C:\WINDOWS\system32\npptNT2.sys
"nv" (nv) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
"NVR0Dev" (NVR0Dev) - "NVidia Corp." - C:\WINDOWS\nvoclock.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PortTalk" (PortTalk) - "Beyond Logic hxxp://www.beyondlogic.org" - C:\WINDOWS\system32\Drivers\PtbTalk.sys
"PSI" (PSI) - "Secunia" - C:\WINDOWS\System32\DRIVERS\psi_mf.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"RT2500 USB Wireless LAN Driver" (RT2500USB) - "Ralink Technology Inc." - C:\WINDOWS\System32\DRIVERS\rt2500usb.sys
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
"StarForce Protection Environment Driver (version 1.x.a)" (sfdrv01a) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfdrv01a.sys
"StarForce Protection Environment Driver v6" (prodrv06) - "Protection Technology" - C:\WINDOWS\System32\drivers\prodrv06.sys
"StarForce Protection Helper Driver" (sfhlp01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp01.sys
"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfhlp02.sys
"StarForce Protection Helper Driver v2" (prohlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\prohlp02.sys
"StarForce Protection Synchronization Driver (version 4.x)" (sfsync04) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfsync04.sys
"StarForce Protection Synchronization Driver v1" (prosync1) - "Protection Technology" - C:\WINDOWS\System32\drivers\prosync1.sys
"StarForce Protection VFS Driver (version 2.x)" (sfvfs02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfvfs02.sys
"TCP/IP-Protokolltreiber" (Tcpip) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\tcpip.sys
"TfFsMon" (TfFsMon) - "PC Tools" - C:\WINDOWS\System32\drivers\TfFsMon.sys
"TfNetMon" (TfNetMon) - "PC Tools" - C:\WINDOWS\system32\drivers\TfNetMon.sys
"TfSysMon" (TfSysMon) - "PC Tools" - C:\WINDOWS\System32\drivers\TfSysMon.sys
"Tunebite High-Speed Dubbing" (tbhsd) - "RapidSolution Software AG" - C:\WINDOWS\System32\drivers\tbhsd.sys
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
"VMware Virtual Ethernet Adapter Driver" (VMnetAdapter) - ? - C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys  (File not found)
"Windows7FirewallControl" (Windows7FirewallControl) - ? - C:\Programme\Windows7FirewallControl\Windows7FirewallControl.sys  (File found, but it contains no detailed information)
"WinRing0 driver" (WinRing0_1_2_0) - "OpenLibSys.org" - C:\WINDOWS\system32\Drivers\ptbring0.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
{89820200-ECBD-11cf-8B85-00AA005B4340} "Windows Desktop-Update" - "Microsoft Corporation" - regsvr32.exe /s /n /i:U shell32.dll
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{04DAAD08-70EF-450E-834A-DCFAF9B48748} "{04DAAD08-70EF-450E-834A-DCFAF9B48748}" - "Brio" - C:\Programme\FolderSize\FolderSizeColumn.dll
{0D2E74C4-3C34-11d2-A27E-00C04FC30871} "{0D2E74C4-3C34-11d2-A27E-00C04FC30871}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{24F14F01-7B1C-11d1-838f-0000F80461CF} "{24F14F01-7B1C-11d1-838f-0000F80461CF}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{24F14F02-7B1C-11d1-838f-0000F80461CF} "{24F14F02-7B1C-11d1-838f-0000F80461CF}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{66742402-F9B9-11D1-A202-0000F81FEDEE} "{66742402-F9B9-11D1-A202-0000F81FEDEE}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - "The Document Foundation" - C:\Programme\LibreOffice 3.4\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{733AC4CB-F1A4-11d0-B951-00A0C90312E1} "WebView MIME Filter" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Programme\SUPERAntiSpyware\SASSEH.DLL
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "URL Exec Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\shell32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{1B96FAD8-1C10-416E-8027-6EFF94045F6F} "FoxitPDFPreviewHandlerHost Class" - "Foxit Corporation" - C:\Programme\Foxit Software\Foxit Reader\Shell Extensions\FoxitPrevhost.exe
{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2} "IntelliType Pro Key Settings Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliType Pro\itcplkey.dll
{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB} "IntelliType Pro Scrolling Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliType Pro\itcplwhl.dll
{1825D0FA-5B0C-4e20-A929-3EFD15B6DF71} "IntelliType Pro Touchpad Control Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliType Pro\itcpltp.dll
{A2569D1F-4E06-43EC-9825-0088B471BE47} "IntelliType Pro Wireless Control Panel Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliType Pro\itcplwir.dll
{97FA8AA2-EE77-4FF2-9449-424D8924EF21} "IntelliType Pro Zooming Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliType Pro\itcplzm.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - "The Document Foundation" - C:\Programme\LibreOffice 3.4\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - "The Document Foundation" - C:\Programme\LibreOffice 3.4\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - "The Document Foundation" - C:\Programme\LibreOffice 3.4\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - "The Document Foundation" - C:\Programme\LibreOffice 3.4\Basis\program\shlxthdl\shlxthdl.dll
{BDAA6E01-669F-4783-8831-1648CEB8A16C} "Phoenix Backup Context Menu Shell Extension" - ? -  (File not found | COM-object registry key not found)
{44176360-2BBF-4EC1-93CE-384B8681A0BC} "Spybot-S&D Explorer Integration" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDECon32.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2012\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2012\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll
DefragglerShellExtension "{4380C993-0C43-4E02-9A7A-0D40B6EA7590}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{7849596a-48ea-486e-8937-a2a3009f31a9} "PostBootReminder object" - "Microsoft Corporation" - C:\WINDOWS\system32\shell32.dll
{fbeb8a05-beee-4442-804e-409d6c4515e9} "ShellFolder for CD Burning" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{4D5C8C25-D075-11D0-B416-00C04FB90376} "&Tipps und Tricks" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{EFA24E64-B078-11D0-89E4-00C04FC9E26E} "Explorer-Band" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} "File Search Explorer Band" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{EFA24E62-B078-11D0-89E4-00C04FC9E26E} "History Band" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Links" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} "MUWebControl Class" - "Microsoft Corporation" - C:\WINDOWS\system32\muweb.dll / hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1244713437203
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} "Office Update Installation Engine" - "Microsoft Corporation" - C:\WINDOWS\opuc.dll / hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\legitcheckcontrol.dll / hxxp://go.microsoft.com/fwlink/?linkid=39204
{6414512B-B978-451D-A0D8-FCFDF33E833C} "WUWebControl Class" - "Microsoft Corporation" - C:\WINDOWS\system32\wuweb.dll / hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194093786750
{166B1BCA-3F9C-11CF-8075-444553540000} "{166B1BCA-3F9C-11CF-8075-444553540000}" - ? -  (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "{8AD9C840-044E-11D1-B3E9-00805F499D93}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "{D27CDB6E-AE6D-11CF-96B8-444553540000}" - ? -  (File not found | COM-object registry key not found) /
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) /
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC} "ClsidExtension" - ? -  (File not found | COM-object registry key not found)
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "avast! WebRep" - "AVAST Software" - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll
{2B171655-A69C-5c18-B693-6CB5DC269D41} "FVD Suite Toolbar" - "www.flashvideodownloader.org/fvd-suite/" - C:\Programme\FVD Suite\addons\IE\FVDToolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep" - "AVAST Software" - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll
{7C7A8947-5935-4430-AC0E-E7D04697414E} "Buyertools" - ? - C:\PROGRA~1\Buyertools Reminder\IEButtonBuyertoolsInterface.dll  (File found, but it contains no detailed information)
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
{1536BA74-8625-4240-99B0-BE65883689C8} "Mediaplayer" - ? - C:\Programme\Mediapiraten\Mediapiraten\IEButtonMPInterface.dll  (File found, but it contains no detailed information)
{2B171655-A69C-5c18-B693-6CB5DC269D44} "Open FVD Suite Toolbar" - "www.flashvideodownloader.org/fvd-suite/" - C:\Programme\FVD Suite\addons\IE\FVDToolbar.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "{E7E6F031-17CE-4C07-BC86-EABFE594F69C}" - ? -  (File not found | COM-object registry key not found)

[Known DLLs]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs )-----
"shell32" - "Microsoft Corporation" - C:\WINDOWS\system32\shell32.dll
"url" - "Microsoft Corporation" - C:\WINDOWS\system32\url.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"Ralink Wireless Utility.lnk" - "Ralink Technology, Corp." - C:\Programme\RALINK\Common\RaUI.exe  (Shortcut exists | File exists)
"Secunia PSI Tray.lnk" - "Secunia" - C:\Programme\Secunia\PSI\psi_tray.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Roman\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"RocketDock" - ? - "C:\Programme\RocketDock\RocketDock.exe"  (File found, but it contains no detailed information)
"SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
"SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"Shell" - "Microsoft Corporation" - C:\WINDOWS\Explorer.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"IntelliPoint" - "Microsoft Corporation" - "C:\Programme\Microsoft IntelliPoint\ipoint.exe"
"MedionVFD" - "Dritek System Inc." - "C:\Programme\Medion Info Display\MdionLCM.exe"
"Samsung PanelMgr" - ? - C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
"SDTray" - "Safer-Networking Ltd." - "C:\Programme\Spybot - Search & Destroy 2\SDTray.exe"
"Start WingMan Profiler" - "Logitech Inc." - C:\Programme\Logitech\Gaming Software\LWEMon.exe /noui
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"1und1 Fax Monitor" - "1&1 Internet AG" - C:\WINDOWS\system32\UI1&1MON.DLL
"Canon BJ Language Monitor S820" - "CANON INC." - C:\WINDOWS\system32\CNMLM3k.DLL
"FRITZ!fax Color Monitor" - ? - FritzVistaColorMon.dll  (File not found)
"FRITZ!fax Color Port Monitor" - "AVM Berlin GmbH" - C:\WINDOWS\system32\FritzColorPort.dll
"FRITZ!fax Port Monitor" - "AVM Berlin GmbH" - C:\WINDOWS\system32\FritzPort.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Ati HotKey Poller" (Ati HotKey Poller) - "ATI Technologies Inc." - C:\WINDOWS\system32\Ati2evxx.exe
"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Programme\Alwil Software\Avast5\AvastSvc.exe
"CyberLink Background Capture Service (CBCS)" (CLCapSvc) - ? - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
"CyberLink Media Library Service" (CyberLink Media Library Service) - "Cyberlink" - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Programme\CyberLink\Shared Files\RichVideo.exe
"CyberLink Task Scheduler (CTS)" (CLSched) - ? - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
"Folder Size" (FolderSize) - "Brio" - C:\Programme\FolderSize\FolderSizeSvc.exe
"Java Quick Starter" (JavaQuickStarterService) - "Oracle Corporation" - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
"Poweroff" (Poweroff) - "Jorgen Bosman" - C:\WINDOWS\system32\poweroff.exe
"SAS Core Service" (!SASCORE) - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASCORE.EXE
"Secunia PSI Agent" (Secunia PSI Agent) - "Secunia" - C:\Programme\Secunia\PSI\PSIA.exe
"Secunia Update Agent" (Secunia Update Agent) - "Secunia" - C:\Programme\Secunia\PSI\sua.exe
"Spybot-S&D 2 Scanner Service" (SDScannerService) - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
"Spybot-S&D 2 Updating Service" (SDUpdateService) - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
"ThreatFire" (ThreatFire) - "PC Tools" - C:\Programme\ThreatFire\TFService.exe
"TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows7FirewallService" (Windows7FirewallService) - "Sphinx Software" - C:\Programme\Windows7FirewallControl\Windows7FirewallService.exe
"X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL
"AtiExtEvent" - "ATI Technologies Inc." - C:\WINDOWS\system32\Ati2evxx.dll

===[ Logfile end ]=========================================[ Logfile end ]===
Zitat:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-04 17:17:57
-----------------------------
17:17:57.109 OS Version: Windows 5.1.2600 Service Pack 2
17:17:57.109 Number of processors: 2 586 0x404
17:17:57.109 ComputerName: PALME UserName: Roman
17:17:58.015 Initialize success
17:18:01.750 AVAST engine defs: 12080400
17:18:09.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
17:18:09.781 Disk 0 Vendor: ST3250823AS 3.03 Size: 238475MB BusType: 3
17:18:09.796 Disk 0 MBR read successfully
17:18:09.796 Disk 0 MBR scan
17:18:09.812 Disk 0 Windows XP default MBR code
17:18:09.812 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 119208 MB offset 63
17:18:09.812 Disk 0 Partition - 00 0F Extended LBA 119263 MB offset 244139805
17:18:09.843 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 110501 MB offset 244139868
17:18:09.843 Disk 0 Partition - 00 05 Extended 8762 MB offset 470447460
17:18:09.875 Disk 0 Partition 3 00 0B FAT32 MSWIN4.1 8761 MB offset 470447523
17:18:09.890 Disk 0 scanning sectors +488392065
17:18:09.953 Disk 0 scanning C:\WINDOWS\system32\drivers
17:18:19.437 Service scanning
17:18:33.281 Modules scanning
17:18:38.718 Disk 0 trace - called modules:
17:18:38.734 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys >>UNKNOWN [0x8a7858e8]<<
17:18:38.734 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a748ab8]
17:18:38.734 3 CLASSPNP.SYS[f74c805b] -> nt!IofCallDriver -> \Device\0000008e[0x8a7bc760]
17:18:38.734 5 ACPI.sys[f735d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8a749d98]
17:18:38.734 \Driver\atapi[0x8a74ad20] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> prosync1.sys[0xf798d661]
17:18:39.093 AVAST engine scan C:\WINDOWS
17:18:47.750 AVAST engine scan C:\WINDOWS\system32
17:21:18.421 AVAST engine scan C:\WINDOWS\system32\drivers
17:21:43.546 AVAST engine scan C:\Dokumente und Einstellungen\Roman
17:35:29.656 AVAST engine scan C:\Dokumente und Einstellungen\All Users
17:37:32.859 Scan finished successfully
18:31:33.250 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Roman\Desktop\MBR.dat"
18:31:33.265 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Roman\Desktop\aswMBR.txt"

Polarbär 04.08.2012 17:54
Gmer :dummguck: logfile

cosinus 04.08.2012 19:11
War das GMER Log zu groß zum direkten Posten?

Polarbär 05.08.2012 09:10
Ja sehr gross.

cosinus 05.08.2012 15:28
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Polarbär 05.08.2012 20:01
hallo Arne hier die logfiles:D:D
Zitat:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.05.07

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Roman :: PALME [Administrator]

05.08.2012 19:20:02
mbam-log-2012-08-05 (19-20-02).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 394169
Laufzeit: 1 Stunde(n), 28 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Zitat:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 08/05/2012 at 07:08 PM

Application Version : 5.5.1012

Core Rules Database Version : 9012
Trace Rules Database Version: 6824

Scan type : Complete Scan
Total Scan Time : 00:55:09

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 2 (Build 5.01.2600)
Administrator

Memory items scanned : 520
Memory threats detected : 0
Registry items scanned : 38004
Registry threats detected : 0
File items scanned : 63933
File threats detected : 2

Adware.Tracking Cookie
accounts.google.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ROMAN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\KNVWX1WV.ROMAN\COOKIES.SQLITE ]

Adware.Casino Games (Golden Palace Casino)
C:\CASINO\CASINO-CLUB DEUTSCH\CASINO.EXE

cosinus 06.08.2012 09:48
Sieht ok aus, da wurden nur ein Cookie und Casino-Adware gefunden
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Polarbär 06.08.2012 17:11
Hallo Arne :dankeschoen::taenzer:

Soweit geht alles das einzige was noch nicht geht ist der Win Explorer 8 zeigt beim öffnen kein Fenster an wird aber im Taskmanager unter Prozesse :headbang:aufgelistet aber nicht unter Anwendungen (hab schon neu installiert). Falls Du ne Idee hast, aber ist nicht so wichtig da ich ihn eh nicht benutze. Ist das Win SP 3 eigentlich unbedigt nötig wenn alle Updates drauf sind( hatte damals nicht geklappt mit dem aufspielen)?
Danke erstmal für deine Arbeit!:applaus:

cosinus 07.08.2012 11:35
Ja das SP3 ist ein absolutes Muss!!
  1. Das SP3 von hier downloaden => Detail Seite Windows XP Service Pack 3-Netzwerkinstallationspaket für IT-Spezialisten und Entwickler (und ja es ist das richtige Paket für dich)
  2. Alle Programme beenden, Internetverbindung trennen, Virenscanner abstellen!
  3. SP3 instalieren, Anweisungen folgen - Installation sollte ca. 15-20 Minuten dauern. Kann auch schneller gehen, bei älteren Rechnern dauert es ca. ne halbe Stunde - nach der Installation Rechner neu starten

Polarbär 09.08.2012 08:32
So hab das SP3 drauf, ist zwar am Schluß hängen geblieben aber nach neuem Hochfahren wird es unter Informationen angezeigt.
Jezt will Win aber noch 47:stirn: updates drauf installieren! Kann das sein?

cosinus 10.08.2012 09:42
Ja das ist folgerichtig! Es gibt Updates, nach dem SP3 - immerhin ist das SP3 ja auch nun über vier Jahre alt
Und diese Update, die nach dem SP3 erschienen sind, erfodern auch das SP3, d.h. die konntest du vorher nicht sehen weil du nur das SP2 drin hattest


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:31 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55