| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Arbeitsstationsdienst lässt sich nicht starten!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.02.2013, 20:16
| #1 |
 |  Arbeitsstationsdienst lässt sich nicht starten! Hi ich wollte heute Kaspersky installieren, aber als ich den Lizenzschlüssel eingeben wollte kam eine Fehlermeldung. Ich vermute es liegt daran, dass ich den Arbeitsstationsdienst nicht starten kann, es erscheint immer folgende Fehlermeldung: Der Dienst "Arbeitsdienst" auf "Lokaler Computer" konnte nicht gestartet werden. Fehler 2: Das System kann die angegebene Datei nicht finden. Außerdem kann ich keine Fenster mehr öffnen, es erscheint immer die Meldung: "Windows-Explorer funktioniert nicht mehr" und im Anschluss "Windows-Explorer wird neu gestartet" - oft ist es so, dass dieser Zustand in einer Art Dauerschleufe hängenbleibt - es hört einfach nicht auf. Ich habe auch diesen "LanmanworkstationCheck" gemacht und raus kam folgende Meldung: "Vermutlich infiziert Der Lanmanworkstationschlüssel konnte nicht ausgelesen werden oder ist nicht vorhanden! Auf ihrem Rechner wurde eine Datei gefunden die auf eine Infektion mit einem Mediyes Trojaner hindeuten könnte! Bitte wenden sie sich mit den angezeiten Infos an das Virenforum und erstellen sie dort einen neuen Beitrag!!!" Hier die Infos: DLL im Lanmanworkstation Schlüssel: Geladene DLL: Signatur der DLL: Rückgabe der Signaturermittlung: Das System kann die angegebene Datei nicht finden. MD5 der DLL: DLL im Dnscache Schlüssel: %SystemRoot%\System32\dnsrslvr.dll Geladene DLL: C:\Windows\System32\dnsrslvr.dll Signatur der DLL: Microsoft Windows Rückgabe der Signaturermittlung: Der Vorgang wurde erfolgreich beendet. MD5 der DLL: 16835866AAA693C7D7FCEBA8FFF706E4 Der Lanmanworkstation Schlüssel konnte nicht ausgelesen werden oder ist nicht vorhanden! Auf ihrem Rechner wurde eine Datei gefunden, die auf eine Infektion mit einem Mediyes Trojaner hindeuten könnte! Ich bitte dringenst um eure Mithilfe!! Vielen Dank schonmal im voraus!  |
|
04.02.2013, 11:29
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Arbeitsstationsdienst lässt sich nicht starten! Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ |
|
04.02.2013, 18:08
| #3 |
| | Arbeitsstationsdienst lässt sich nicht starten! Vielen Dank für deine Hilfe
__________________ Ich werde mich bemühen deinen Anweisungen zu folgen! OTL.Txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.02.2013 17:49:42 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Frank\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,91 Gb Total Physical Memory | 5,07 Gb Available Physical Memory | 64,13% Memory free 15,82 Gb Paging File | 12,22 Gb Available in Paging File | 77,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 301,93 Gb Total Space | 61,10 Gb Free Space | 20,24% Space Free | Partition Type: NTFS Drive D: | 371,71 Gb Total Space | 280,24 Gb Free Space | 75,39% Space Free | Partition Type: NTFS Drive F: | 1863,01 Gb Total Space | 1127,99 Gb Free Space | 60,55% Space Free | Partition Type: NTFS Computer Name: FRANK-PC | User Name: Frank | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Frank\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Windows\AsScrPro.exe (ASUS) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe (ASUS) PRC - C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe (ASUS) PRC - C:\Windows\SysWOW64\ACEngSvr.exe (ASUSTeK) PRC - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS) PRC - C:\ASUS.SYS\SIONExportService.exe (Splashtop Inc.) PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (Intel Corporation) PRC - C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (CyberLink) PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files (x86)\syncables\syncables desktop\syncables.exe (syncables, LLC) PRC - C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe (Sun Microsystems, Inc.) PRC - C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe (Virage Logic Corporation / Sonic Focus) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtWebKit\qmlwebkitplugin4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll () MOD - C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll () MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe () ========== Services (SafeList) ========== SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe () SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation) SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation) SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.) SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (LanmanWorkstation) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation) SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (Update-Service) -- C:\Windows\SysWOW64\UpdSvc.dll (Joosoft.com GmbH) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (ASUS InstantOn) -- C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe (ASUS) SRV - (Splashtop MDES) -- C:\ASUS.SYS\SIONExportService.exe (Splashtop Inc.) SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (CLKMSVC10_38F51D56) -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe (CyberLink) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) SRV - (DfSdkS) -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 8\DfsdkS64.exe (mst software GmbH, Germany) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (nvkflt) -- C:\Windows\SysNative\drivers\nvkflt.sys (NVIDIA Corporation) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation) DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation) DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation) DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation) DRV:64bit: - (AiCharger) -- C:\Windows\SysNative\drivers\AiCharger.sys (ASUSTek Computer Inc.) DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc) DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (RTL8187B) -- C:\Windows\SysNative\drivers\RTL8187B.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (a2acc) -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys (Emsisoft GmbH) DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsi Software GmbH) DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKLM\..\URLSearchHook: {62d40876-df18-411f-9d34-a9dd7a197bc5} - C:\Program Files (x86)\BrotherSoft_Extreme3\prxtbBrot.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3164768286-1964387947-1448381298-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKU\S-1-5-21-3164768286-1964387947-1448381298-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKU\S-1-5-21-3164768286-1964387947-1448381298-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-3164768286-1964387947-1448381298-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKU\S-1-5-21-3164768286-1964387947-1448381298-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-3164768286-1964387947-1448381298-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKU\S-1-5-21-3164768286-1964387947-1448381298-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKU\S-1-5-21-3164768286-1964387947-1448381298-1001\..\URLSearchHook: {62d40876-df18-411f-9d34-a9dd7a197bc5} - C:\Program Files (x86)\BrotherSoft_Extreme3\prxtbBrot.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3164768286-1964387947-1448381298-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3164768286-1964387947-1448381298-1001\..\SearchScopes\{5895BA2C-841C-4749-B86C-CBC07A293553}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3205709 IE - HKU\S-1-5-21-3164768286-1964387947-1448381298-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3164768286-1964387947-1448381298-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..CT3205709.browser.search.defaultthis.engineName: true FF - prefs.js..CT3240727.browser.search.defaultthis.engineName: "true" FF - prefs.js..browser.search.defaultenginename: "Search the web" FF - prefs.js..browser.search.defaultthis.engineName: "findr Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3240727&SearchSource=3&q={searchTerms}&CUI=UN26736811875978932" FF - prefs.js..browser.search.order.1: "Search the web" FF - prefs.js..browser.search.selectedEngine: "Search the web" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT3240727&SearchSource=13&CUI=UN26736811875978932" FF - prefs.js..ct3205709.browser.search.defaultthis.engineName: true FF - prefs.js..extensions.enabledAddons: %7BC9B68337-E93A-44EA-94DC-CB300EC06444%7D:5.30.4 FF - prefs.js..extensions.enabledAddons: %7BFCAB6FDD-5585-425b-95C1-5ED856F3FD08%7D:6.9 FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145 FF - prefs.js..extensions.enabledAddons: %7B62d40876-df18-411f-9d34-a9dd7a197bc5%7D:10.14.42.7 FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4190 FF - prefs.js..extensions.enabledAddons: %7B4373e9b4-0a12-4112-8e3d-36ded19ee3dd%7D:10.14.42.7 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3240727&SearchSource=2&CUI=UN26736811875978932&q=" FF - user.js..browser.search.selectedEngine: "Search the web" FF - user.js..browser.search.order.1: "Search the web" FF - user.js..browser.search.defaultenginename: "Search the web" FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.22 22:09:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.12 15:13:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\webbooster@iminent.com: C:\Program Files (x86)\Iminent\webbooster@iminent.com FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.02.03 14:30:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.02.03 14:30:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.02.03 14:29:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.02.03 14:29:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.02.03 14:29:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 04:53:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.26 20:17:08 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.12 15:13:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 04:53:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.26 20:17:08 | 000,000,000 | ---D | M] [2011.12.09 22:25:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Extensions [2013.02.03 17:48:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\n1tor11v.default\extensions [2013.02.03 09:28:59 | 000,000,000 | ---D | M] (findr) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\n1tor11v.default\extensions\{4373e9b4-0a12-4112-8e3d-36ded19ee3dd} [2013.01.25 10:33:12 | 000,000,000 | ---D | M] (BrotherSoft Extreme3) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\n1tor11v.default\extensions\{62d40876-df18-411f-9d34-a9dd7a197bc5} [2012.09.30 13:20:19 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\n1tor11v.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} [2012.02.22 22:01:00 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\n1tor11v.default\extensions\welcome@toolmin.com [2013.02.03 17:48:27 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\firefox\profiles\n1tor11v.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.09.16 20:22:51 | 000,304,450 | ---- | M] () (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\firefox\profiles\n1tor11v.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}.xpi [2013.02.03 10:20:47 | 000,001,066 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\mozilla\firefox\profiles\n1tor11v.default\searchplugins\findr-customized-web-search.xml [2013.01.19 04:53:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.19 04:53:37 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\mozilla firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2013.01.19 04:53:38 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak [2012.02.22 22:09:22 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2013.02.03 14:29:47 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM [2013.01.19 04:53:47 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.22 22:01:00 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src [2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (BrotherSoft Extreme3 Toolbar) - {62d40876-df18-411f-9d34-a9dd7a197bc5} - C:\Program Files (x86)\BrotherSoft_Extreme3\prxtbBrot.dll (Conduit Ltd.) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (BrotherSoft Extreme3 Toolbar) - {62d40876-df18-411f-9d34-a9dd7a197bc5} - C:\Program Files (x86)\BrotherSoft_Extreme3\prxtbBrot.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-3164768286-1964387947-1448381298-1001\..\Toolbar\WebBrowser: (BrotherSoft Extreme3 Toolbar) - {62D40876-DF18-411F-9D34-A9DD7A197BC5} - C:\Program Files (x86)\BrotherSoft_Extreme3\prxtbBrot.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S File not found O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [emsisoft anti-malware] C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe (Virage Logic Corporation / Sonic Focus) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3164768286-1964387947-1448381298-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O4 - HKU\S-1-5-21-3164768286-1964387947-1448381298-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3164768286-1964387947-1448381298-1001..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-3164768286-1964387947-1448381298-1001..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-21-3164768286-1964387947-1448381298-1001..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe (syncables, LLC) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-3164768286-1964387947-1448381298-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk = File not found O4 - Startup: C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-3164768286-1964387947-1448381298-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3164768286-1964387947-1448381298-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.11.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42713A31-1749-4DB5-91DC-FE79CFCC532C}: NameServer = 193.189.244.206 193.189.244.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B023C04D-E2DD-4399-975A-9BFF60B791C9}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F72A33CB-0D97-46D0-8B73-02D4B5A20E02}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\asuswspanel.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\excel.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\groove.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\hamachi-2-ui.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\hpwucli.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\infopath.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\kies.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\labelprint.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\mediaespresso.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\msaccess.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\mspub.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\mstore.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\offdiag.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\ois.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\olrsubmission.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\onenote.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\outlook.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\pdr8.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\pdvdlaunchpolicy.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\power2go.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\power2goexpress.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\powerpnt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\powerstarter.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\setup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\uninst.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\Winword.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\asuswspanel.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\excel.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\groove.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\hamachi-2-ui.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\hpwucli.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\infopath.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\kies.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\labelprint.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\mediaespresso.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\msaccess.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\mspub.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\mstore.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\offdiag.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\ois.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\olrsubmission.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\onenote.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\outlook.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\pdr8.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\pdvdlaunchpolicy.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\power2go.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\power2goexpress.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\powerpnt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\powerstarter.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\setup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\uninst.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\Winword.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{275586c8-f4fb-11e0-b5c4-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{275586c8-f4fb-11e0-b5c4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe O33 - MountPoints2\{426560aa-d973-11e1-974b-ac72891c556f}\Shell - "" = AutoRun O33 - MountPoints2\{426560aa-d973-11e1-974b-ac72891c556f}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{5e9c83eb-d5ac-11e1-98ee-14dae9ab5f76}\Shell - "" = AutoRun O33 - MountPoints2\{5e9c83eb-d5ac-11e1-98ee-14dae9ab5f76}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{952a04ec-da71-11e1-872b-ac72891c556f}\Shell - "" = AutoRun O33 - MountPoints2\{952a04ec-da71-11e1-872b-ac72891c556f}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.04 17:48:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Frank\Desktop\OTL.exe [2013.02.04 08:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2013.02.04 08:10:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager [2013.02.03 21:32:54 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\Chromium [2013.02.03 19:52:07 | 000,623,003 | ---- | C] (No company) -- C:\Users\Frank\Desktop\LanmanCheck.exe [2013.02.03 19:29:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware [2013.02.03 19:28:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware [2013.02.03 19:28:58 | 000,000,000 | ---D | C] -- C:\Users\Frank\Documents\Anti-Malware [2013.02.03 18:48:03 | 000,000,000 | -HSD | C] -- C:\found.000 [2013.02.03 15:33:43 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\Malwarebytes [2013.02.03 15:33:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.03 15:33:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.03 15:33:30 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.03 15:33:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.03 15:25:42 | 000,000,000 | ---D | C] -- C:\PPF_Scan1 [2013.02.03 14:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2013.02.03 14:30:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013 [2013.02.03 14:30:25 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll [2013.02.03 14:29:51 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP [2013.02.03 14:29:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2013.02.03 14:29:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2013.02.03 14:29:27 | 000,611,160 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2013.02.03 14:29:27 | 000,089,432 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys [2013.02.03 09:29:37 | 000,037,216 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll [2013.02.03 09:29:37 | 000,029,536 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll [2013.02.03 09:27:00 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2013.02.03 09:26:58 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2013.02.03 09:26:58 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2013.02.03 09:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013 [2013.02.03 09:26:45 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\TuneUp Software [2013.02.03 09:26:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2013 [2013.02.03 09:26:38 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2013.02.03 09:26:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013.02.03 09:26:35 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2013.02.03 09:26:16 | 000,000,000 | ---D | C] -- C:\Users\Frank\Documents\My Cheat Tables [2013.02.03 09:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.2 [2013.02.03 09:26:04 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\OpenCandy [2013.02.03 09:26:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.2 [2013.02.02 18:09:29 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\Gameforge4d [2013.02.02 18:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live [2013.02.02 18:08:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameforgeLive [2013.02.02 18:08:51 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\Programs [2013.01.27 17:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center [2013.01.27 17:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center [2013.01.27 13:01:48 | 000,000,000 | ---D | C] -- C:\Users\Frank\Desktop\Minecraft! [2013.01.27 03:16:56 | 005,113,072 | ---- | C] (PC Cleaners) -- C:\Windows\uninst.exe [2013.01.27 03:16:55 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data [2013.01.26 20:17:08 | 000,859,552 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.01.26 20:17:08 | 000,261,024 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.01.26 20:16:50 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.01.26 20:16:50 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.01.26 20:16:50 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.01.26 16:09:48 | 000,000,000 | ---D | C] -- C:\Users\Frank\Desktop\Allgemein [2013.01.26 13:07:52 | 000,308,640 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013.01.26 13:07:34 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013.01.26 13:07:34 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013.01.26 13:07:34 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013.01.26 13:07:22 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.01.26 11:56:05 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys [2013.01.26 11:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2013.01.26 11:56:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2013.01.26 11:55:34 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\LogMeIn Hamachi [2013.01.25 13:24:40 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\.minecraft [2013.01.19 04:53:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.09 17:09:05 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.01.09 17:09:05 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.01.09 17:08:51 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013.01.09 17:08:49 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013.01.09 17:08:41 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013.01.09 17:08:41 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013.01.09 17:08:41 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013.01.09 17:08:41 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013.01.09 17:08:41 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013.01.09 17:08:41 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013.01.09 17:08:41 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013.01.09 17:08:41 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013.01.09 17:08:40 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013.01.09 17:08:40 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013.01.09 17:08:40 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013.01.09 17:08:40 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013.01.09 17:08:40 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013.01.09 17:08:40 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013.01.09 17:08:40 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013.01.09 17:08:40 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013.01.09 17:08:40 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013.01.09 17:08:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013.01.09 17:08:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013.01.09 17:08:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013.01.09 17:08:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013.01.09 17:08:40 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013.01.09 17:08:40 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013.01.09 17:08:39 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013.01.09 17:08:38 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013.01.09 17:08:38 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013.01.09 17:08:38 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013.01.09 17:08:38 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013.01.09 17:08:38 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013.01.09 17:08:38 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013.01.09 17:08:38 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013.01.09 17:08:38 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013.01.09 17:08:07 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.01.09 17:08:06 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.01.09 17:08:05 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.01.09 17:08:05 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.01.09 17:08:05 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.01.09 17:08:05 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.01.09 17:08:05 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.01.09 17:08:05 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.01.09 17:08:05 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.01.09 17:08:05 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.01.09 17:08:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.01.09 17:08:04 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.01.09 17:08:04 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.01.09 17:08:04 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.01.09 17:08:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.09 17:08:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.09 17:08:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.09 17:08:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.09 17:08:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.09 17:08:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.01.09 17:08:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.01.09 17:08:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.01.09 17:08:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.09 17:08:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.09 17:08:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.09 17:08:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.09 17:08:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.09 17:08:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.09 17:08:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.09 17:08:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.01.09 17:08:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.01.09 17:08:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.01.09 17:08:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.09 17:08:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.09 17:08:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.09 17:08:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.01.09 17:08:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.01.09 17:08:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.01.09 17:08:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.01.09 17:08:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.01.09 17:08:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.01.09 17:08:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.01.09 17:08:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.01.09 17:08:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.01.09 17:08:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.09 17:08:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.01.09 17:08:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.09 17:08:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.01.09 17:08:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.01.09 17:08:03 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.01.09 17:08:03 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.01.09 17:08:03 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.01.09 17:08:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.09 17:08:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.01.09 17:08:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.01.09 17:08:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.01.09 17:08:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.01.09 17:08:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.09 17:08:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.01.09 17:08:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.01.09 17:08:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.01.09 17:08:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.09 17:08:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.01.09 17:08:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.01.09 17:08:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.01.09 17:08:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.01.09 17:08:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.01.09 17:08:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.01.09 17:08:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.01.09 17:07:43 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2 C:\Users\Frank\Documents\*.tmp files -> C:\Users\Frank\Documents\*.tmp -> ] [10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.04 17:50:01 | 000,000,342 | -H-- | M] () -- C:\dvmexp.idx [2013.02.04 17:48:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Frank\Desktop\OTL.exe [2013.02.04 17:47:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.04 14:17:39 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.04 14:17:39 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.04 14:05:38 | 000,001,804 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2013.02.04 14:04:39 | 000,045,056 | ---- | M] () -- C:\Windows\SysWow64\acovcnt.exe [2013.02.04 14:04:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.04 14:03:30 | 2076,749,823 | -HS- | M] () -- C:\hiberfil.sys [2013.02.04 07:59:11 | 000,007,250 | ---- | M] () -- C:\Users\Frank\Desktop\Windows-Kompatibilitätsbericht.htm [2013.02.03 21:51:45 | 007,243,680 | ---- | M] () -- C:\Users\Frank\Desktop\aion_hack_kinah_2.0_-_2.5.rar [2013.02.03 19:52:05 | 000,623,003 | ---- | M] (No company) -- C:\Users\Frank\Desktop\LanmanCheck.exe [2013.02.03 19:29:25 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2013.02.03 18:14:17 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.03 18:14:17 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.03 15:33:32 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.03 14:53:49 | 000,001,082 | ---- | M] () -- C:\Users\Frank\Desktop\Kaspersky Internet Security 2013 Version 13.0.1.4190 installieren.lnk [2013.02.03 14:30:25 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk [2013.02.03 14:20:28 | 000,002,486 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2013.02.03 09:29:54 | 000,000,009 | ---- | M] () -- C:\END [2013.02.03 09:26:55 | 000,002,195 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2013.02.03 09:26:09 | 000,001,091 | ---- | M] () -- C:\Users\Frank\Desktop\Cheat Engine.lnk [2013.02.02 18:14:10 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\AION.lnk [2013.01.27 13:01:14 | 001,531,014 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.27 13:01:14 | 000,666,256 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.27 13:01:14 | 000,628,098 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.27 13:01:14 | 000,134,178 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.27 13:01:14 | 000,110,560 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.27 12:57:15 | 000,000,946 | ---- | M] () -- C:\Users\Frank\Desktop\LogMeIn Hamachi.lnk [2013.01.27 11:37:09 | 000,002,101 | -H-- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013.01.27 03:16:29 | 005,113,072 | ---- | M] (PC Cleaners) -- C:\Windows\uninst.exe [2013.01.26 20:16:34 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.01.26 20:16:33 | 000,859,552 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.01.26 20:16:33 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.01.26 20:16:33 | 000,261,024 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.01.26 20:16:33 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.01.26 20:16:33 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.01.26 13:07:25 | 001,081,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013.01.26 13:07:25 | 000,960,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2013.01.26 13:07:25 | 000,308,640 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013.01.26 13:07:25 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013.01.26 13:07:25 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013.01.26 13:07:25 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013.01.10 14:02:03 | 000,547,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.09 17:47:39 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.01.09 17:47:39 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2 C:\Users\Frank\Documents\*.tmp files -> C:\Users\Frank\Documents\*.tmp -> ] [10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.04 07:59:11 | 000,007,250 | ---- | C] () -- C:\Users\Frank\Desktop\Windows-Kompatibilitätsbericht.htm [2013.02.03 21:51:34 | 007,243,680 | ---- | C] () -- C:\Users\Frank\Desktop\aion_hack_kinah_2.0_-_2.5.rar [2013.02.03 19:29:25 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2013.02.03 15:33:32 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.03 15:23:56 | 000,010,240 | ---- | C] () -- C:\Users\Frank\Desktop\Erweiterter Scan.scp [2013.02.03 14:53:49 | 000,001,082 | ---- | C] () -- C:\Users\Frank\Desktop\Kaspersky Internet Security 2013 Version 13.0.1.4190 installieren.lnk [2013.02.03 14:30:49 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk [2013.02.03 09:26:55 | 000,002,195 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2013.02.03 09:26:54 | 000,002,207 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk [2013.02.03 09:26:09 | 000,001,091 | ---- | C] () -- C:\Users\Frank\Desktop\Cheat Engine.lnk [2013.02.02 18:14:10 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\AION.lnk [2013.01.27 12:57:15 | 000,000,946 | ---- | C] () -- C:\Users\Frank\Desktop\LogMeIn Hamachi.lnk [2013.01.04 12:30:58 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2013.01.04 12:30:58 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2012.07.30 13:16:20 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.07.30 13:16:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.07.30 13:16:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.07.30 13:16:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.07.30 13:16:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.07.24 20:20:03 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2012.06.12 15:06:16 | 000,233,545 | ---- | C] () -- C:\Windows\hpoins47.dat [2012.02.22 22:00:04 | 000,000,181 | ---- | C] () -- C:\Windows\WinInit.Ini [2012.02.11 15:39:34 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2012.02.11 15:37:45 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl47.dat.temp [2012.02.06 19:35:25 | 000,017,408 | ---- | C] () -- C:\Users\Frank\AppData\Local\WebpageIcons.db [2012.01.30 15:57:55 | 001,557,708 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.12.21 15:30:47 | 000,003,584 | ---- | C] () -- C:\Users\Frank\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.13 21:11:15 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.12.13 21:11:10 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.12.12 21:15:51 | 000,034,308 | ---- | C] () -- C:\ProgramData\mazuki.dll [2011.12.11 20:40:09 | 000,000,000 | ---- | C] () -- C:\Users\Frank\AppData\Local\{B55A0129-9065-4945-819B-EF351192F335} [2011.12.10 16:05:45 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.10.12 19:18:15 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe [2011.10.12 19:00:19 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2011.07.12 09:14:12 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011.07.12 09:13:09 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.07.12 09:13:06 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.07.12 09:13:05 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011.07.12 09:13:04 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.07.12 09:13:03 | 013,356,032 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.05.10 23:55:50 | 000,368,400 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll [2011.04.13 03:48:48 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > |
|
04.02.2013, 19:54
| #4 |
| | Arbeitsstationsdienst lässt sich nicht starten! Extras.Txt OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 04.02.2013 17:49:42 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Frank\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,91 Gb Total Physical Memory | 5,07 Gb Available Physical Memory | 64,13% Memory free
15,82 Gb Paging File | 12,22 Gb Available in Paging File | 77,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 301,93 Gb Total Space | 61,10 Gb Free Space | 20,24% Space Free | Partition Type: NTFS
Drive D: | 371,71 Gb Total Space | 280,24 Gb Free Space | 75,39% Space Free | Partition Type: NTFS
Drive F: | 1863,01 Gb Total Space | 1127,99 Gb Free Space | 60,55% Space Free | Partition Type: NTFS
Computer Name: FRANK-PC | User Name: Frank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-3164768286-1964387947-1448381298-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{026F28B2-4112-45D7-86C9-DF12DAFD671E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{04F13F12-B56A-45DF-8C87-19ABBBC547DA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{05C2E10B-73AD-46B7-AE15-36B508DC9E0B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0A1CFD93-70BA-44AD-B349-BBCDFF1CF6AA}" = lport=445 | protocol=6 | dir=in | app=system |
"{0D41A9F8-AEBD-40AF-BB6E-86AB2A1B5F2C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{28D0B26B-8B52-477F-8EED-4850B30FD34A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2EA147DD-C580-42F4-88E6-303307743D54}" = rport=445 | protocol=6 | dir=out | app=system |
"{3EE82233-EEF0-4F3F-BD41-EE03797E00D6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{410C7CDE-ADD8-414A-A7CD-3E3843391B86}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{48E93503-3600-488F-9503-A917B6DC8D8F}" = rport=137 | protocol=17 | dir=out | app=system |
"{4E00135A-770B-47DD-827A-E8330345F76A}" = lport=139 | protocol=6 | dir=in | app=system |
"{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{656CC142-A605-4762-978B-6E1CAA7B0B3A}" = lport=138 | protocol=17 | dir=in | app=system |
"{6D86BBA6-660B-4EA4-9C85-ADBCBF533D55}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{791B4AF4-246C-4E1C-A822-D77FF9D90D9E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7C84E8B4-292F-4387-A6FF-85F86F780646}" = lport=10243 | protocol=6 | dir=in | app=system |
"{803A9BF5-E051-45F2-B1CF-EAAE68DA0574}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8A889400-2DB5-4FB5-826E-0B1EC5B8C74A}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{94922B9A-C569-41CD-8266-59553D72EB4A}" = rport=138 | protocol=17 | dir=out | app=system |
"{97E4330D-A257-4617-B034-7D0AA0648385}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{AE52A85A-FB5E-4A38-B8F6-D3BEA64996C9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF3EC28E-E7BB-49F9-9ACC-8A533507284C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B827E1C7-5A7A-484C-9653-2FE388A8B888}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{BBDDDA9C-86A9-4551-8218-CBE4E88E5D0B}" = lport=137 | protocol=17 | dir=in | app=system |
"{D7104979-663D-4398-A2AD-B0EB928506FC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{EB3931EC-1871-460B-AAFD-6A39EE09CA30}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F61A0EBD-FA03-490B-8C98-30F4955A7611}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FDB2458D-4D68-4AB7-8490-0CE92A842050}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0087BA66-969B-4D93-9B9D-BCB7FEC560FD}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{033CF1F1-7967-44BE-B6C1-AA3D263E1610}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe |
"{074085CA-0F91-4F28-A926-C8AFCB938406}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{08A9F95D-7CDC-4D0B-A807-687B0B0A134D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{110E1EBB-D366-4823-8512-6BE2ADB34DFA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{1241C853-A9BF-4C24-B856-F8EFDA7A4D8E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1346C3D0-4EFC-486C-A4F1-6AB109432716}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{143B7CF2-8293-449B-9A54-675278E2E203}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1A1280C6-E72A-4BCF-85EA-92FDF2E34406}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1B56B178-8AE2-4BF1-93EB-8BA95EAC9B31}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{1C26B8E9-017F-48B7-9534-ABDC36BE5F9A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{257680F7-C301-4733-A1CF-E70C9DD71261}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{25BDD843-A815-48A8-A216-66D065687049}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{2A2BA377-2A73-44C3-853D-B8EFDC57B9EA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2B56AC0E-2D34-4B1A-8AD0-8EC520F1C278}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{2F7F2A47-15B9-4E0A-B3E1-4D5FE1F82727}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{33FC3C20-3C1E-4713-B306-EA370FD15C18}" = protocol=17 | dir=in | app=d:\games\avatar\bin\avatar.exe |
"{39886990-6DA5-435F-AF79-0BE2C649CFAC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{3D981610-0DAE-471B-9D92-B7012BE7623F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{3DFEFF10-2FDE-4E7E-917B-1A7F20F5F87C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{3FBE5635-0BEB-49AD-9B5C-B9F8687D9560}" = protocol=6 | dir=in | app=d:\games\age of empires iii\age of empires iii\age3y.exe |
"{41FED41A-41A4-441F-AA4B-45D3DE83AAC0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{42545A11-14FD-46D1-9409-38A89B7989B1}" = protocol=17 | dir=in | app=d:\games\age of empires iii\age of empires iii\age3.exe |
"{43E1DB64-3946-4EB7-A429-56C85F8D3F86}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{499C344C-75F5-466C-824D-71569580D58A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{4C208F8A-0AF3-46CE-97E0-62F00C33B292}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{4CBC787C-2730-4E39-AE8C-4544A50D1D53}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe |
"{4D11A4DE-77D7-4073-A858-5101040D800B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{50D76052-134E-46DB-AF8E-63827F883C0F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{513803D3-2CBE-4AD7-888B-9FBB87B7F6F6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5139507B-AE4F-4801-B58C-3F4462CE5BBE}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{57FFA164-EBE0-4AFF-B0F1-9BE45057C3F6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{58A37FBC-C980-4DA4-BDFE-FA86530E1279}" = protocol=6 | dir=in | app=d:\games\gta iv\rockstar games social club\rgsclauncher.exe |
"{58C43DDC-31E4-46F8-AFAC-E8A91409832B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{5EDC770F-EEE8-4707-A500-4CF3A47B9E03}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{608B7EA1-5255-4D45-89A8-DB05FB6C7F31}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{61B371C5-B57D-4212-843D-36000116DB95}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{63E82044-D25A-436B-98C6-39E3C701CFE4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{66D51F49-4790-4758-874E-8789F4563E77}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{69808785-007A-4AB1-A6F6-CC94D0123ED3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{706BAAD3-6376-41B5-9A65-B278F7A0BE43}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{7099C2A9-3AEB-49DA-BD14-4F30C10341AE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{727CD718-E57E-4C2D-A18F-AD32A375FDE4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{757EA4FA-DB8D-4070-9AEF-F724118944E8}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{76FE2EAD-41B2-46D4-9214-2545AE01306D}" = protocol=17 | dir=in | app=d:\games\age of empires iii\age of empires iii\age3y.exe |
"{7BF72C69-9170-4AD1-8925-BE127059083A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7C151C6B-AD46-4AC0-B220-F3DAABF64036}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{7FA06F0E-FB41-459B-BDCA-8EB52C7D0B43}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7FE4D89C-CCED-4DFC-854D-BC55F793CFFF}" = protocol=17 | dir=in | app=d:\games\gta iv\rockstar games social club\rgsclauncher.exe |
"{853C20A7-0182-4439-8E9B-1BED0CC822CD}" = protocol=6 | dir=in | app=d:\games\gta iv\grand theft auto iv\launchgtaiv.exe |
"{86689817-277B-47C7-94F9-A89F86C994DC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{872A7F77-2BCB-4C25-980E-EC159538C93D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8928D9A5-C13F-497A-98E8-03D633F44079}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{894F2A3A-01D4-4696-9E2F-FAF1A60FB825}" = protocol=6 | dir=in | app=d:\games\age of empires iii\age of empires iii\age3.exe |
"{8C47B80B-36E6-4D5E-8DDF-2E66BE707A75}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8EF01BA1-D1F6-4D73-AADB-AB5E81F83EF1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{9087C678-E140-427B-A315-61BC0A7D02CE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{9B0DBA31-8CAD-4D9A-BFB9-0C1111D9AE66}" = protocol=6 | dir=out | app=system |
"{9D78343A-DA63-4A71-9551-1BA7843A6A1C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{9E89F54A-8A8D-433F-9F47-0B6181230749}" = protocol=6 | dir=in | app=d:\games\age of empires iii\age of empires iii\age3x.exe |
"{A18DDF2B-B1CC-4BAC-926A-AE3744A21AB5}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{A80522B8-0C6A-4522-ACF0-634A77A676AD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{A80E1F92-EC8F-419B-A1CE-A634831364A8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B1E5F4A6-C366-4466-AC0C-CEEBABAF2136}" = protocol=6 | dir=in | app=d:\games\avatar\bin\avatarlauncher.exe |
"{BB2CBA44-51FB-498D-BB21-1758E8464CEC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BDC4E9DB-AA26-4461-8BBF-0E1770911456}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{BE63B653-69A2-4B10-9AA6-C9F5D78A5377}" = protocol=17 | dir=in | app=d:\games\age of empires iii\age of empires iii\age3x.exe |
"{C72241F6-7698-4FD3-A3FF-7BE96E70766B}" = protocol=6 | dir=in | app=d:\games\avatar\bin\avatar.exe |
"{C885D74D-EBB1-48C9-B859-931A654241A5}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{C92CF1B2-8BF6-4E52-99E5-697911372680}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CBDE7739-94E4-4ACA-8F50-DFAC7A3F275F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{CE3B1A99-FA81-4F96-8562-BAA3F68BD881}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{D2AEAE29-34A6-44C7-8D62-E54D8936BCE5}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{D39FEFF8-49E6-46D9-B41C-5CCCC9A5F4B3}" = dir=in | app=e:\setup\hpznui40.exe |
"{D4F0E4EE-F566-4AD3-86A0-B37ED5CB9F50}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{D7F289E0-5350-4ED5-9C1A-7337486615EE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E2315EF4-132E-4EB6-9572-1F453362F660}" = protocol=17 | dir=in | app=d:\games\avatar\bin\avatarlauncher.exe |
"{E8FC992F-084D-4BB7-B0A8-1BE47FCF0D93}" = protocol=17 | dir=in | app=d:\games\gta iv\grand theft auto iv\launchgtaiv.exe |
"{EA54A53C-2F02-4D8A-AEA8-337E1AADDCB9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{EAA60805-57A5-4C15-AF0A-76B7B4F6D0F3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EBE658DA-90BF-4F7F-A87E-5EBD79CA800F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EC467394-B11F-456A-8472-856A7358643F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F19A67D9-2FC7-498F-896C-05692DB83B1B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F30A4339-21FF-4CCA-B8B6-ED9B2921B4B8}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{F53F2B8E-35C7-47A3-8F8A-A5EBDFC33D65}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F9FEF07C-8A6C-4F5B-8E04-34B8DFC678F5}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{FFA64E37-BBF2-4E0A-BF70-B72BA01DD83E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"TCP Query User{D694BC43-C580-4881-AD99-D9500562500D}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe |
"UDP Query User{445C7303-C4CD-45F6-86D3-F5BD91E1B033}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{006B5C65-3938-4246-B182-994A7E415EDE}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{0F696557-180C-4813-A754-5D43969B0691}" = Windows Live Family Safety
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{169C77B7-69C9-4648-9DD0-72B152AF269F}" = Windows Live Family Safety
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{26A24AE4-039D-4CA4-87B4-2F86417011FF}" = Java 7 Update 11 (64-bit)
"{289809B1-078A-49F3-83D0-7E51715B3915}" = Windows Live Family Safety
"{33B98264-A889-4913-A0CA-C364A75032B3}" = ASUS Power4Gear Hybrid
"{3946328A-5B3A-434C-A22B-64CF6652FBAD}" = Windows Live Family Safety
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software
"{401C50F6-B443-43EE-8F27-A80DB19B03FD}" = Windows Live Family Safety
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{59C83C08-63F4-4AEC-81D6-392C5E23B843}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{64A3A4F4-B792-11D6-A78A-00B0D0170110}" = Java SE Development Kit 7 Update 11 (64-bit)
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7734509D-A1F7-4A5E-AF9D-77CD17AE41AF}" = Windows Live Family Safety
"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft-Maus- und Tastatur-Center
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{9210D7A2-DC28-43F6-92F9-E6CD4C729F7B}" = Windows Live Family Safety
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A0E106D2-4815-4B7A-BAA7-7E21B530CFB4}" = Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B22C8566-D522-4B40-A7AF-525F5A70D832}" = Windows Live Family Safety
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CB7935EF-43EE-4C0F-AC02-B0E4DD5DAC17}" = Windows Live Family Safety
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"MAXON8C02D5E0" = CINEMA 4D 12.048
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"ProInst" = Intel PROSet Wireless
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = SonicMaster
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0E1FE502-7536-4155-BBC6-7BE8E465DE08}" = Firebird SQL Server - MAGIX Edition
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = Die Sims™ 3 Design-Garten-Accessoires
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25680C01-6753-4FE9-A891-7857F26457C1}" = Intel(R) WiDi
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{3966711E-1F98-4C9F-AE0B-6AD28137FE64}" = Multiple Image Resizer .NET 4
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It!-Bibliothek 10
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Foto Premium 10
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{4555BB9E-E715-4260-A178-E8EFD2B653E3}" = Alcor Micro USB Card Reader
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{733B66AD-B771-4FA6-8DBF-765B820CC0EB}" = Langenscheidt Vokabeltrainer 6.0 Englisch
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = Die Sims™ 3 Stadt-Accessoires
"{7C6A4E35-5EEE-426A-A7BF-EA95CDC54DEA}" = Music Now!
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E19B002-4CA3-4C9F-BA92-91D101B97219}" = James Cameron's AVATAR(tm): DAS SPIEL
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1" = AION Free-to-Play Version 1.0
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8F311E2E-C275-4CF0-8154-B63991832668}_is1" = SUPER © v2012.build.52 (July 7, 2012) Version v2012.build.52
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{915726DF-7891-444A-AA03-0DF1D64F561A}" = L.A. Noire
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1" = Gameforge Live 1.0 "Legend"
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{9F9A2D22-7E30-4546-B817-10644FFB9935}" = B110
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AECA3622-E634-4A55-A696-70A511CBE06E}" = ASUS USB Charger Plus
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CAAB0192-5704-469F-A0BE-2D842D70E93B}_is1" = Sothink FLV Player
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CC8C451E-A820-48C8-AE92-A0FF088969D8}" = Stereoscopic Player
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DD47370C-E0F1-407F-9DB0-3FF98907F1BC}" = ASUS Music Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = Die Sims™ 3 Lebensfreude
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1" = Game Park Console
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = Die Sims™ 3 Gib Gas-Accessoires
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AmUStor" = Alcor Micro USB Card Reader
"Ashampoo Burning Studio 10_is1" = Ashampoo Burning Studio 10.0.7
"Ashampoo WinOptimizer 8_is1" = Ashampoo WinOptimizer 8 v.8.0.1
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"AsusScr_N5_En" = AsusScr_N5_En
"BrotherSoft_Extreme3 Toolbar" = BrotherSoft Extreme3 Toolbar
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"DivX Setup" = DivX-Setup
"DPP" = Canon Utilities Digital Photo Professional 3.10
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Sample Music" = Canon Utilities EOS Sample Music
"EOS Utility" = Canon Utilities EOS Utility
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"Governor of Poker" = Governor of Poker
"Hotel Dash Suite Success" = Hotel Dash Suite Success
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{7C6A4E35-5EEE-426A-A7BF-EA95CDC54DEA}" = Music Now!
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"IrfanView" = IrfanView (remove only)
"Jewel Quest 3" = Jewel Quest 3
"JPEG ReSizer" = JPEG ReSizer (remove only)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Luxor 3" = Luxor 3
"MAGIX_MSI_mm17_silver_asus" = ASUS Music Maker
"Mahjongg dimensions" = Mahjongg dimensions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.0.1.8d
"Mobile Partner" = Mobile Partner
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Multiple Image Resizer .NET 4" = Multiple Image Resizer .NET 4
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"Opera 12.13.1734" = Opera 12.13
"Origin" = Origin
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PictureItPrem_v10" = Microsoft Picture It! Foto Premium 10
"Plants vs Zombies" = Plants vs Zombies
"ProInst" = Intel PROSet Wireless
"PunkBusterSvc" = PunkBuster Services
"Rockstar Games Social Club" = Rockstar Games Social Club
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"World of Goo" = World of Goo
"xSIMS_Censor_Remover_TS3" = Sims 3 - Nude Censor Remover
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3164768286-1964387947-1448381298-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Kies Air Discovery Service" = Kies Air Discovery Service
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.01.2013 14:27:34 | Computer Name = Frank-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4758
Error - 13.01.2013 14:27:34 | Computer Name = Frank-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4758
Error - 13.01.2013 14:32:19 | Computer Name = Frank-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: obexsrv.exe, Version: 1.1.0.51, Zeitstempel:
0x4d6e5ab8 Name des fehlerhaften Moduls: obexsrv.exe, Version: 1.1.0.51, Zeitstempel:
0x4d6e5ab8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001aade ID des fehlerhaften Prozesses:
0xf18 Startzeit der fehlerhaften Anwendung: 0x01cdf1bc1531552e Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe Pfad des fehlerhaften
Moduls: C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe Berichtskennung: 8fbe3130-5daf-11e2-941d-ac72891c556f
Error - 14.01.2013 06:47:23 | Computer Name = Frank-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Failed to Start the CVH service 1063
Error - 14.01.2013 11:21:30 | Computer Name = Frank-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 14.01.2013 11:21:30 | Computer Name = Frank-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8734512
Error - 14.01.2013 11:21:30 | Computer Name = Frank-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8734512
Error - 14.01.2013 12:52:27 | Computer Name = Frank-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 14.01.2013 12:52:27 | Computer Name = Frank-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2090
Error - 14.01.2013 12:52:27 | Computer Name = Frank-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2090
Error - 15.01.2013 07:05:15 | Computer Name = Frank-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: obexsrv.exe, Version: 1.1.0.51, Zeitstempel:
0x4d6e5ab8 Name des fehlerhaften Moduls: obexsrv.exe, Version: 1.1.0.51, Zeitstempel:
0x4d6e5ab8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001aade ID des fehlerhaften Prozesses:
0xf1c Startzeit der fehlerhaften Anwendung: 0x01cdf30ff9d7db8a Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe Pfad des fehlerhaften
Moduls: C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe Berichtskennung: 6fe49d88-5f03-11e2-93d6-ac72891c556f
[ Media Center Events ]
Error - 26.12.2012 14:21:02 | Computer Name = Frank-PC | Source = MCUpdate | ID = 0
Description = 19:21:02 - Fehler beim Herstellen der Internetverbindung. 19:21:02
- Serververbindung konnte nicht hergestellt werden..
Error - 26.12.2012 14:21:14 | Computer Name = Frank-PC | Source = MCUpdate | ID = 0
Description = 19:21:07 - Fehler beim Herstellen der Internetverbindung. 19:21:07
- Serververbindung konnte nicht hergestellt werden..
Error - 26.12.2012 15:21:19 | Computer Name = Frank-PC | Source = MCUpdate | ID = 0
Description = 20:21:19 - Fehler beim Herstellen der Internetverbindung. 20:21:19
- Serververbindung konnte nicht hergestellt werden..
Error - 26.12.2012 15:21:26 | Computer Name = Frank-PC | Source = MCUpdate | ID = 0
Description = 20:21:24 - Fehler beim Herstellen der Internetverbindung. 20:21:24
- Serververbindung konnte nicht hergestellt werden..
Error - 26.12.2012 16:21:32 | Computer Name = Frank-PC | Source = MCUpdate | ID = 0
Description = 21:21:32 - Fehler beim Herstellen der Internetverbindung. 21:21:32
- Serververbindung konnte nicht hergestellt werden..
Error - 26.12.2012 16:21:39 | Computer Name = Frank-PC | Source = MCUpdate | ID = 0
Description = 21:21:37 - Fehler beim Herstellen der Internetverbindung. 21:21:37
- Serververbindung konnte nicht hergestellt werden..
Error - 26.12.2012 18:14:55 | Computer Name = Frank-PC | Source = MCUpdate | ID = 0
Description = 23:14:55 - Fehler beim Herstellen der Internetverbindung. 23:14:55
- Serververbindung konnte nicht hergestellt werden..
Error - 26.12.2012 18:15:02 | Computer Name = Frank-PC | Source = MCUpdate | ID = 0
Description = 23:15:00 - Fehler beim Herstellen der Internetverbindung. 23:15:00
- Serververbindung konnte nicht hergestellt werden..
Error - 02.01.2013 12:19:29 | Computer Name = Frank-PC | Source = MCUpdate | ID = 0
Description = 17:19:29 - Fehler beim Herstellen der Internetverbindung. 17:19:29
- Serververbindung konnte nicht hergestellt werden..
Error - 02.01.2013 12:20:03 | Computer Name = Frank-PC | Source = MCUpdate | ID = 0
Description = 17:19:58 - Fehler beim Herstellen der Internetverbindung. 17:19:58
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 04.02.2013 09:08:17 | Computer Name = Frank-PC | Source = DCOM | ID = 10010
Description =
Error - 04.02.2013 09:10:53 | Computer Name = Frank-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Google Update Service (gupdate) erreicht.
Error - 04.02.2013 09:10:53 | Computer Name = Frank-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 04.02.2013 09:11:14 | Computer Name = Frank-PC | Source = WMPNetworkSvc | ID = 866300
Description = Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden,
da ein Fehler "0x80070422" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten
ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente
"UPnPHost" richtig installiert ist.
Error - 04.02.2013 09:11:19 | Computer Name = Frank-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 04.02.2013 11:17:26 | Computer Name = Frank-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
%%2
Error - 04.02.2013 11:53:37 | Computer Name = Frank-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 04.02.2013 11:53:40 | Computer Name = Frank-PC | Source = WMPNetworkSvc | ID = 866300
Description = Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden,
da ein Fehler "0x80070422" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten
ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente
"UPnPHost" richtig installiert ist.
Error - 04.02.2013 12:50:49 | Computer Name = Frank-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 04.02.2013 12:50:51 | Computer Name = Frank-PC | Source = WMPNetworkSvc | ID = 866300
Description = Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden,
da ein Fehler "0x80070422" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten
ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente
"UPnPHost" richtig installiert ist.
< End of report >
|
|
04.02.2013, 21:32
| #5 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Arbeitsstationsdienst lässt sich nicht starten!Zitat:
Anschließend Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus. aswMBR-Download => aswMBR.exe - speichere die Datei auf deinem Desktop.
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.02.2013, 14:41
| #6 |
| | Arbeitsstationsdienst lässt sich nicht starten! GMER 1/2 Code:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-05 14:15:35
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST975042 rev.0001 698,64GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\Frank\AppData\Local\Temp\ugloypog.sys
---- User code sections - GMER 2.0 ----
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076b7efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076ba99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076bb94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076bb9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076bda500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd573460 7 bytes JMP 000007fffd5600d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd579940 6 bytes JMP 000007fffd560148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd579fb0 5 bytes JMP 000007fffd560180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd57a150 5 bytes JMP 000007fffd560110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd8189e0 8 bytes JMP 000007fffd5601f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd81be40 8 bytes JMP 000007fffd5601b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefefa7490 11 bytes JMP 000007fffd560228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefefbbf00 7 bytes JMP 000007fffd560260
.text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[2432] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074cc1429 5 bytes JMP 00000001701a1eb0
.text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[2432] C:\Windows\syswow64\kernel32.dll!RegSetValueExA + 6 0000000074cc142f 1 byte INT3
.text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[2432] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000074cdb223 5 bytes JMP 00000001701a1dc0
.text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[2432] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000074d588f4 7 bytes JMP 00000001701a1db0
.text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[2432] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074d58979 5 bytes JMP 00000001701a1ea0
.text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[2432] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000074d58ccf 5 bytes JMP 00000001701a1e30
.text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[2432] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074fd1d1b 5 bytes JMP 00000001701a24b0
.text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[2432] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074fd1dc9 5 bytes JMP 00000001701a2510
.text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[2432] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074fd2aa4 5 bytes JMP 00000001701a2580
.text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[2432] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074fd2d0a 5 bytes JMP 00000001701a26e0
.text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[2432] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007490e9a2 5 bytes JMP 00000001701a1a10
.text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[2432] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007490ebdc 5 bytes JMP 00000001701a1aa0
.text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[2432] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000750f5ea5 5 bytes JMP 00000001701a1d00
.text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[2432] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075129d0b 5 bytes JMP 00000001701a1c80
.text C:\Windows\system32\taskeng.exe[2488] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd573460 7 bytes JMP 000007fffd5600d8
.text C:\Windows\system32\taskeng.exe[2488] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd579940 6 bytes JMP 000007fffd560148
.text C:\Windows\system32\taskeng.exe[2488] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd579fb0 5 bytes JMP 000007fffd560180
.text C:\Windows\system32\taskeng.exe[2488] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd57a150 5 bytes JMP 000007fffd560110
.text C:\Windows\system32\taskeng.exe[2488] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd8189e0 8 bytes JMP 000007fffd5601f0
.text C:\Windows\system32\taskeng.exe[2488] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd81be40 8 bytes JMP 000007fffd5601b8
.text C:\Windows\system32\taskeng.exe[2488] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefefa7490 11 bytes JMP 000007fffd560228
.text C:\Windows\system32\taskeng.exe[2488] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefefbbf00 7 bytes JMP 000007fffd560260
.text C:\Windows\system32\Dwm.exe[2536] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd573460 7 bytes JMP 000007fffd5600d8
.text C:\Windows\system32\Dwm.exe[2536] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd579940 6 bytes JMP 000007fffd560148
.text C:\Windows\system32\Dwm.exe[2536] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd579fb0 5 bytes JMP 000007fffd560180
.text C:\Windows\system32\Dwm.exe[2536] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd57a150 5 bytes JMP 000007fffd560110
.text C:\Windows\system32\Dwm.exe[2536] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd8189e0 8 bytes JMP 000007fffd5601f0
.text C:\Windows\system32\Dwm.exe[2536] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd81be40 8 bytes JMP 000007fffd5601b8
.text C:\Windows\system32\taskeng.exe[2956] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd573460 7 bytes JMP 000007fffd5600d8
.text C:\Windows\system32\taskeng.exe[2956] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd579940 6 bytes JMP 000007fffd560148
.text C:\Windows\system32\taskeng.exe[2956] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd579fb0 5 bytes JMP 000007fffd560180
.text C:\Windows\system32\taskeng.exe[2956] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd57a150 5 bytes JMP 000007fffd560110
.text C:\Windows\system32\taskeng.exe[2956] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd8189e0 8 bytes JMP 000007fffd5601f0
.text C:\Windows\system32\taskeng.exe[2956] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd81be40 8 bytes JMP 000007fffd5601b8
.text C:\Windows\system32\taskeng.exe[2956] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefefa7490 11 bytes JMP 000007fffd560228
.text C:\Windows\system32\taskeng.exe[2956] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefefbbf00 7 bytes JMP 000007fffd560260
.text C:\Windows\SysWOW64\ACEngSvr.exe[2176] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074cc1429 5 bytes JMP 00000001701a1eb0
.text C:\Windows\SysWOW64\ACEngSvr.exe[2176] C:\Windows\syswow64\kernel32.dll!RegSetValueExA + 6 0000000074cc142f 1 byte INT3
.text C:\Windows\SysWOW64\ACEngSvr.exe[2176] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000074cdb223 5 bytes JMP 00000001701a1dc0
.text C:\Windows\SysWOW64\ACEngSvr.exe[2176] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000074d588f4 7 bytes JMP 00000001701a1db0
.text C:\Windows\SysWOW64\ACEngSvr.exe[2176] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074d58979 5 bytes JMP 00000001701a1ea0
.text C:\Windows\SysWOW64\ACEngSvr.exe[2176] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000074d58ccf 5 bytes JMP 00000001701a1e30
.text C:\Windows\SysWOW64\ACEngSvr.exe[2176] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074fd1d1b 5 bytes JMP 00000001701a24b0
.text C:\Windows\SysWOW64\ACEngSvr.exe[2176] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074fd1dc9 5 bytes JMP 00000001701a2510
.text C:\Windows\SysWOW64\ACEngSvr.exe[2176] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074fd2aa4 5 bytes JMP 00000001701a2580
.text C:\Windows\SysWOW64\ACEngSvr.exe[2176] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074fd2d0a 5 bytes JMP 00000001701a26e0
.text C:\Windows\SysWOW64\ACEngSvr.exe[2176] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007490e9a2 5 bytes JMP 00000001701a1a10
.text C:\Windows\SysWOW64\ACEngSvr.exe[2176] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007490ebdc 5 bytes JMP 00000001701a1aa0
.text C:\Windows\SysWOW64\ACEngSvr.exe[2176] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000750f5ea5 5 bytes JMP 00000001701a1d00
.text C:\Windows\SysWOW64\ACEngSvr.exe[2176] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075129d0b 5 bytes JMP 00000001701a1c80
.text C:\Windows\System32\igfxpers.exe[2800] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076b7efe0 5 bytes JMP 000000016fff0148
.text C:\Windows\System32\igfxpers.exe[2800] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076ba99b0 7 bytes JMP 000000016fff00d8
.text C:\Windows\System32\igfxpers.exe[2800] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076bb94d0 5 bytes JMP 000000016fff0180
.text C:\Windows\System32\igfxpers.exe[2800] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076bb9640 5 bytes JMP 000000016fff0110
.text C:\Windows\System32\igfxpers.exe[2800] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076bda500 7 bytes JMP 000000016fff01b8
.text C:\Windows\System32\igfxpers.exe[2800] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd573460 7 bytes JMP 000007fffd5600d8
.text C:\Windows\System32\igfxpers.exe[2800] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd579940 6 bytes JMP 000007fffd560148
.text C:\Windows\System32\igfxpers.exe[2800] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd579fb0 5 bytes JMP 000007fffd560180
.text C:\Windows\System32\igfxpers.exe[2800] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd57a150 5 bytes JMP 000007fffd560110
.text C:\Windows\System32\igfxpers.exe[2800] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd8189e0 8 bytes JMP 000007fffd5601f0
.text C:\Windows\System32\igfxpers.exe[2800] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd81be40 8 bytes JMP 000007fffd5601b8
.text C:\Windows\System32\igfxpers.exe[2800] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefefa7490 11 bytes JMP 000007fffd560228
.text C:\Windows\System32\igfxpers.exe[2800] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefefbbf00 7 bytes JMP 000007fffd560260
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2836] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076b7efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2836] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076ba99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2836] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076bb94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2836] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076bb9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2836] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076bda500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2836] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd573460 7 bytes JMP 000007fffd5600d8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2836] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd579940 6 bytes JMP 000007fffd560148
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2836] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd579fb0 5 bytes JMP 000007fffd560180
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2836] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd57a150 5 bytes JMP 000007fffd560110
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2836] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefefa7490 11 bytes JMP 000007fffd560228
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2836] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefefbbf00 7 bytes JMP 000007fffd560260
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2836] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd8189e0 8 bytes JMP 000007fffd5601f0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2836] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd81be40 8 bytes JMP 000007fffd5601b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2852] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076b7efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2852] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076ba99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2852] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076bb94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2852] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076bb9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2852] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076bda500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2852] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd573460 7 bytes JMP 000007fffd5600d8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2852] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd579940 6 bytes JMP 000007fffd560148
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2852] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd579fb0 5 bytes JMP 000007fffd560180
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2852] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd57a150 5 bytes JMP 000007fffd560110
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2852] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd8189e0 8 bytes JMP 000007fffd5601f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2852] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd81be40 8 bytes JMP 000007fffd5601b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2852] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefefa7490 11 bytes JMP 000007fffd560228
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2852] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefefbbf00 7 bytes JMP 000007fffd560260
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2952] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076b7efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2952] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076ba99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2952] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076bb94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2952] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076bb9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2952] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076bda500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2952] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd573460 7 bytes JMP 000007fffd5600d8
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2952] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd579940 6 bytes JMP 000007fffd560148
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2952] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd579fb0 5 bytes JMP 000007fffd560180
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2952] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd57a150 5 bytes JMP 000007fffd560110
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2952] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd8189e0 8 bytes JMP 000007fffd5601f0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2952] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd81be40 8 bytes JMP 000007fffd5601b8
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2952] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefefa7490 11 bytes JMP 000007fffd560228
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2952] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefefbbf00 7 bytes JMP 000007fffd560260
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076b7efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076ba99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076bb94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076bb9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076bda500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd573460 7 bytes JMP 000007fffd5600d8
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd579940 6 bytes JMP 000007fffd560148
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd579fb0 5 bytes JMP 000007fffd560180
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd57a150 5 bytes JMP 000007fffd560110
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd8189e0 8 bytes JMP 000007fffd5601f0
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd81be40 8 bytes JMP 000007fffd5601b8
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefefa7490 11 bytes JMP 000007fffd560228
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefefbbf00 7 bytes JMP 000007fffd560260
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076b7efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076ba99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076bb94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076bb9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076bda500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd573460 7 bytes JMP 000007fffd4b00d8
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd579940 6 bytes JMP 000007fffd4b0148
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd579fb0 5 bytes JMP 000007fffd4b0180
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd57a150 5 bytes JMP 000007fffd4b0110
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd8189e0 8 bytes JMP 000007fffd4b01f0
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd81be40 8 bytes JMP 000007fffd4b01b8
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefefa7490 11 bytes JMP 000007fffd4b0228
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefefbbf00 7 bytes JMP 000007fffd4b0260
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[3076] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074cc1429 5 bytes JMP 00000001701a1eb0
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[3076] C:\Windows\syswow64\kernel32.dll!RegSetValueExA + 6 0000000074cc142f 1 byte INT3
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[3076] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000074cdb223 5 bytes JMP 00000001701a1dc0
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[3076] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000074d588f4 7 bytes JMP 00000001701a1db0
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[3076] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074d58979 5 bytes JMP 00000001701a1ea0
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[3076] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000074d58ccf 5 bytes JMP 00000001701a1e30
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[3076] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074fd1d1b 5 bytes JMP 00000001701a24b0
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[3076] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074fd1dc9 5 bytes JMP 00000001701a2510
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[3076] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074fd2aa4 5 bytes JMP 00000001701a2580
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[3076] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074fd2d0a 5 bytes JMP 00000001701a26e0
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076511401 2 bytes [51, 76]
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[3076] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076511419 2 bytes [51, 76]
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076511431 2 bytes [51, 76]
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007651144a 2 bytes [51, 76]
.text ... * 9
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[3076] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000765114dd 2 bytes [51, 76]
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000765114f5 2 bytes [51, 76]
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[3076] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007651150d 2 bytes [51, 76]
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076511525 2 bytes [51, 76]
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007651153d 2 bytes [51, 76]
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[3076] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076511555 2 bytes [51, 76]
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007651156d 2 bytes [51, 76]
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076511585 2 bytes [51, 76]
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[3076] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007651159d 2 bytes [51, 76]
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000765115b5 2 bytes [51, 76]
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000765115cd 2 bytes [51, 76]
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000765116b2 2 bytes [51, 76]
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000765116bd 2 bytes [51, 76]
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[3076] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007490e9a2 5 bytes JMP 00000001701a1a10
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[3076] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007490ebdc 5 bytes JMP 00000001701a1aa0
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[3076] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000750f5ea5 5 bytes JMP 00000001701a1d00
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[3076] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075129d0b 5 bytes JMP 00000001701a1c80
.text C:\Program Files\Windows Sidebar\sidebar.exe[3084] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076b7efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Windows Sidebar\sidebar.exe[3084] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076ba99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3084] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076bb94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Windows Sidebar\sidebar.exe[3084] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076bb9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Windows Sidebar\sidebar.exe[3084] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076bda500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3084] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd573460 7 bytes JMP 000007fffd5600d8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3084] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd579940 6 bytes JMP 000007fffd560148
.text C:\Program Files\Windows Sidebar\sidebar.exe[3084] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd579fb0 5 bytes JMP 000007fffd560180
.text C:\Program Files\Windows Sidebar\sidebar.exe[3084] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd57a150 5 bytes JMP 000007fffd560110
.text C:\Program Files\Windows Sidebar\sidebar.exe[3084] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd8189e0 8 bytes JMP 000007fffd5601f0
.text C:\Program Files\Windows Sidebar\sidebar.exe[3084] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd81be40 8 bytes JMP 000007fffd5601b8
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[3204] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074cc1429 5 bytes JMP 00000001701a1eb0
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[3204] C:\Windows\syswow64\kernel32.dll!RegSetValueExA + 6 0000000074cc142f 1 byte INT3
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[3204] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000074cdb223 5 bytes JMP 00000001701a1dc0
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[3204] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000074d588f4 7 bytes JMP 00000001701a1db0
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[3204] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074d58979 5 bytes JMP 00000001701a1ea0
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[3204] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000074d58ccf 5 bytes JMP 00000001701a1e30
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[3204] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074fd1d1b 5 bytes JMP 00000001701a24b0
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[3204] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074fd1dc9 5 bytes JMP 00000001701a2510
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[3204] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074fd2aa4 5 bytes JMP 00000001701a2580
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[3204] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074fd2d0a 5 bytes JMP 00000001701a26e0
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[3204] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007490e9a2 5 bytes JMP 00000001701a1a10
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[3204] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007490ebdc 5 bytes JMP 00000001701a1aa0
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[3204] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000750f5ea5 5 bytes JMP 00000001701a1d00
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[3204] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075129d0b 5 bytes JMP 00000001701a1c80
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076511401 2 bytes [51, 76]
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[3204] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076511419 2 bytes [51, 76]
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076511431 2 bytes [51, 76]
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007651144a 2 bytes [51, 76]
.text ... * 9
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[3204] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000765114dd 2 bytes [51, 76]
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000765114f5 2 bytes [51, 76]
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[3204] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007651150d 2 bytes [51, 76]
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076511525 2 bytes [51, 76]
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007651153d 2 bytes [51, 76]
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[3204] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076511555 2 bytes [51, 76]
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007651156d 2 bytes [51, 76]
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076511585 2 bytes [51, 76]
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[3204] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007651159d 2 bytes [51, 76]
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000765115b5 2 bytes [51, 76]
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000765115cd 2 bytes [51, 76]
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000765116b2 2 bytes [51, 76]
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000765116bd 2 bytes [51, 76]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3568] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074cc1429 5 bytes JMP 00000001701a1eb0
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3568] C:\Windows\syswow64\kernel32.dll!RegSetValueExA + 6 0000000074cc142f 1 byte INT3
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3568] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000074cdb223 5 bytes JMP 00000001701a1dc0
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3568] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000074d588f4 7 bytes JMP 00000001701a1db0
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3568] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074d58979 5 bytes JMP 00000001701a1ea0
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3568] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000074d58ccf 5 bytes JMP 00000001701a1e30
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3568] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074fd1d1b 5 bytes JMP 00000001701a24b0
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3568] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074fd1dc9 5 bytes JMP 00000001701a2510
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3568] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074fd2aa4 5 bytes JMP 00000001701a2580
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3568] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074fd2d0a 5 bytes JMP 00000001701a26e0
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3568] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007490e9a2 5 bytes JMP 00000001701a1a10
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3568] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007490ebdc 5 bytes JMP 00000001701a1aa0
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3568] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000750f5ea5 5 bytes JMP 00000001701a1d00
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3568] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075129d0b 5 bytes JMP 00000001701a1c80
.text C:\Windows\AsScrPro.exe[3760] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074cc1429 5 bytes JMP 00000001701a1eb0
.text C:\Windows\AsScrPro.exe[3760] C:\Windows\syswow64\kernel32.dll!RegSetValueExA + 6 0000000074cc142f 1 byte INT3
.text C:\Windows\AsScrPro.exe[3760] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000074cdb223 5 bytes JMP 00000001701a1dc0
.text C:\Windows\AsScrPro.exe[3760] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000074d588f4 7 bytes JMP 00000001701a1db0
.text C:\Windows\AsScrPro.exe[3760] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074d58979 5 bytes JMP 00000001701a1ea0
.text C:\Windows\AsScrPro.exe[3760] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000074d58ccf 5 bytes JMP 00000001701a1e30
.text C:\Windows\AsScrPro.exe[3760] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074fd1d1b 5 bytes JMP 00000001701a24b0
.text C:\Windows\AsScrPro.exe[3760] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074fd1dc9 5 bytes JMP 00000001701a2510
.text C:\Windows\AsScrPro.exe[3760] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074fd2aa4 5 bytes JMP 00000001701a2580
.text C:\Windows\AsScrPro.exe[3760] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074fd2d0a 5 bytes JMP 00000001701a26e0
.text C:\Windows\AsScrPro.exe[3760] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007490e9a2 5 bytes JMP 00000001701a1a10
.text C:\Windows\AsScrPro.exe[3760] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007490ebdc 5 bytes JMP 00000001701a1aa0
.text C:\Windows\AsScrPro.exe[3760] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000750f5ea5 5 bytes JMP 00000001701a1d00
.text C:\Windows\AsScrPro.exe[3760] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075129d0b 5 bytes JMP 00000001701a1c80
.text C:\Windows\AsScrPro.exe[3760] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076511401 2 bytes [51, 76]
.text C:\Windows\AsScrPro.exe[3760] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076511419 2 bytes [51, 76]
.text C:\Windows\AsScrPro.exe[3760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076511431 2 bytes [51, 76]
.text C:\Windows\AsScrPro.exe[3760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007651144a 2 bytes [51, 76]
.text ... * 9
.text C:\Windows\AsScrPro.exe[3760] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000765114dd 2 bytes [51, 76]
.text C:\Windows\AsScrPro.exe[3760] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000765114f5 2 bytes [51, 76]
.text C:\Windows\AsScrPro.exe[3760] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007651150d 2 bytes [51, 76]
.text C:\Windows\AsScrPro.exe[3760] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076511525 2 bytes [51, 76]
.text C:\Windows\AsScrPro.exe[3760] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007651153d 2 bytes [51, 76]
.text C:\Windows\AsScrPro.exe[3760] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076511555 2 bytes [51, 76]
.text C:\Windows\AsScrPro.exe[3760] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007651156d 2 bytes [51, 76]
.text C:\Windows\AsScrPro.exe[3760] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076511585 2 bytes [51, 76]
.text C:\Windows\AsScrPro.exe[3760] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007651159d 2 bytes [51, 76]
.text C:\Windows\AsScrPro.exe[3760] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000765115b5 2 bytes [51, 76]
.text C:\Windows\AsScrPro.exe[3760] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000765115cd 2 bytes [51, 76]
.text C:\Windows\AsScrPro.exe[3760] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000765116b2 2 bytes [51, 76]
.text C:\Windows\AsScrPro.exe[3760] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000765116bd 2 bytes [51, 76]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3768] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074cc1429 5 bytes JMP 00000001701a1eb0
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3768] C:\Windows\syswow64\kernel32.dll!RegSetValueExA + 6 0000000074cc142f 1 byte INT3
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3768] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000074cdb223 5 bytes JMP 00000001701a1dc0
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3768] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000074d588f4 7 bytes JMP 00000001701a1db0
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3768] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074d58979 5 bytes JMP 00000001701a1ea0
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3768] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000074d58ccf 5 bytes JMP 00000001701a1e30
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3768] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074fd1d1b 5 bytes JMP 00000001701a24b0
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3768] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074fd1dc9 5 bytes JMP 00000001701a2510
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3768] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074fd2aa4 5 bytes JMP 00000001701a2580
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3768] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074fd2d0a 5 bytes JMP 00000001701a26e0
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3768] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007490e9a2 5 bytes JMP 00000001701a1a10
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3768] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007490ebdc 5 bytes JMP 00000001701a1aa0
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3768] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000750f5ea5 5 bytes JMP 00000001701a1d00
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3768] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075129d0b 5 bytes JMP 00000001701a1c80
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076511401 2 bytes [51, 76]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3768] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076511419 2 bytes [51, 76]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076511431 2 bytes [51, 76]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007651144a 2 bytes [51, 76]
.text ... * 9
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3768] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000765114dd 2 bytes [51, 76]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3768] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000765114f5 2 bytes [51, 76]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3768] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007651150d 2 bytes [51, 76]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3768] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076511525 2 bytes [51, 76]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007651153d 2 bytes [51, 76]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3768] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076511555 2 bytes [51, 76]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3768] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007651156d 2 bytes [51, 76]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3768] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076511585 2 bytes [51, 76]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3768] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007651159d 2 bytes [51, 76]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000765115b5 2 bytes [51, 76]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000765115cd 2 bytes [51, 76]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3768] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000765116b2 2 bytes [51, 76]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3768] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000765116bd 2 bytes [51, 76]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4076] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074cc1429 5 bytes JMP 00000001701a1eb0
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4076] C:\Windows\syswow64\kernel32.dll!RegSetValueExA + 6 0000000074cc142f 1 byte INT3
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4076] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000074cdb223 5 bytes JMP 00000001701a1dc0
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4076] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000074d588f4 7 bytes JMP 00000001701a1db0
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4076] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074d58979 5 bytes JMP 00000001701a1ea0
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4076] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000074d58ccf 5 bytes JMP 00000001701a1e30
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4076] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074fd1d1b 5 bytes JMP 00000001701a24b0
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4076] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074fd1dc9 5 bytes JMP 00000001701a2510
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4076] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074fd2aa4 5 bytes JMP 00000001701a2580
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4076] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074fd2d0a 5 bytes JMP 00000001701a26e0
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4076] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007490e9a2 5 bytes JMP 00000001701a1a10
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4076] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007490ebdc 5 bytes JMP 00000001701a1aa0
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4076] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000750f5ea5 5 bytes JMP 00000001701a1d00
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4076] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075129d0b 5 bytes JMP 00000001701a1c80
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2704] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076b7efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2704] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076ba99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2704] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076bb94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2704] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076bb9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2704] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076bda500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2704] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd573460 7 bytes JMP 000007fffd5600d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2704] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd579940 6 bytes JMP 000007fffd560148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2704] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd579fb0 5 bytes JMP 000007fffd560180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2704] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd57a150 5 bytes JMP 000007fffd560110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2704] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd8189e0 8 bytes JMP 000007fffd5601f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2704] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd81be40 8 bytes JMP 000007fffd5601b8
|
|
05.02.2013, 14:42
| #7 |
| | Arbeitsstationsdienst lässt sich nicht starten! GMER 2/2 Code:
ATTFilter .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[3668] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074cc1429 5 bytes JMP 00000001701a1eb0
.text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[3668] C:\Windows\syswow64\kernel32.dll!RegSetValueExA + 6 0000000074cc142f 1 byte INT3
.text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[3668] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000074cdb223 5 bytes JMP 00000001701a1dc0
.text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[3668] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000074d588f4 7 bytes JMP 00000001701a1db0
.text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[3668] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074d58979 5 bytes JMP 00000001701a1ea0
.text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[3668] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000074d58ccf 5 bytes JMP 00000001701a1e30
.text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[3668] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074fd1d1b 5 bytes JMP 00000001701a24b0
.text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[3668] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074fd1dc9 5 bytes JMP 00000001701a2510
.text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[3668] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074fd2aa4 5 bytes JMP 00000001701a2580
.text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[3668] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074fd2d0a 5 bytes JMP 00000001701a26e0
.text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[3668] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000750f5ea5 5 bytes JMP 00000001701a1d00
.text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[3668] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075129d0b 5 bytes JMP 00000001701a1c80
.text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[3668] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007490e9a2 5 bytes JMP 00000001701a1a10
.text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[3668] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007490ebdc 5 bytes JMP 00000001701a1aa0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3480] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074cc1429 5 bytes JMP 00000001701a1eb0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3480] C:\Windows\syswow64\kernel32.dll!RegSetValueExA + 6 0000000074cc142f 1 byte INT3
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3480] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000074cdb223 5 bytes JMP 00000001701a1dc0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3480] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000074d588f4 7 bytes JMP 00000001701a1db0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3480] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074d58979 5 bytes JMP 00000001701a1ea0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3480] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000074d58ccf 5 bytes JMP 00000001701a1e30
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3480] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074fd1d1b 5 bytes JMP 00000001701a24b0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3480] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074fd1dc9 5 bytes JMP 00000001701a2510
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3480] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074fd2aa4 5 bytes JMP 00000001701a2580
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3480] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074fd2d0a 5 bytes JMP 00000001701a26e0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3480] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007490e9a2 5 bytes JMP 00000001701a1a10
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3480] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007490ebdc 5 bytes JMP 00000001701a1aa0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3480] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000750f5ea5 5 bytes JMP 00000001701a1d00
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3480] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075129d0b 5 bytes JMP 00000001701a1c80
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3360] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074cc1429 5 bytes JMP 00000001701a1eb0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3360] C:\Windows\syswow64\kernel32.dll!RegSetValueExA + 6 0000000074cc142f 1 byte INT3
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3360] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000074cdb223 5 bytes JMP 00000001701a1dc0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3360] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000074d588f4 7 bytes JMP 00000001701a1db0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3360] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074d58979 5 bytes JMP 00000001701a1ea0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3360] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000074d58ccf 5 bytes JMP 00000001701a1e30
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3360] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074fd1d1b 5 bytes JMP 00000001701a24b0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3360] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074fd1dc9 5 bytes JMP 00000001701a2510
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3360] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074fd2aa4 5 bytes JMP 00000001701a2580
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3360] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074fd2d0a 5 bytes JMP 00000001701a26e0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3360] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007490e9a2 5 bytes JMP 00000001701a1a10
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3360] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007490ebdc 5 bytes JMP 00000001701a1aa0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3360] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000750f5ea5 5 bytes JMP 00000001701a1d00
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3360] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075129d0b 5 bytes JMP 00000001701a1c80
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[3692] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074cc1429 5 bytes JMP 00000001701a1eb0
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[3692] C:\Windows\syswow64\kernel32.dll!RegSetValueExA + 6 0000000074cc142f 1 byte INT3
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[3692] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000074cdb223 5 bytes JMP 00000001701a1dc0
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[3692] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000074d588f4 7 bytes JMP 00000001701a1db0
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[3692] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074d58979 5 bytes JMP 00000001701a1ea0
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[3692] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000074d58ccf 5 bytes JMP 00000001701a1e30
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[3692] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074fd1d1b 5 bytes JMP 00000001701a24b0
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[3692] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074fd1dc9 5 bytes JMP 00000001701a2510
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[3692] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074fd2aa4 5 bytes JMP 00000001701a2580
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[3692] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074fd2d0a 5 bytes JMP 00000001701a26e0
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[3692] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007490e9a2 5 bytes JMP 00000001701a1a10
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[3692] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007490ebdc 5 bytes JMP 00000001701a1aa0
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[3692] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000750f5ea5 5 bytes JMP 00000001701a1d00
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[3692] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075129d0b 5 bytes JMP 00000001701a1c80
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3344] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074cc1429 5 bytes JMP 00000001701a1eb0
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3344] C:\Windows\syswow64\kernel32.dll!RegSetValueExA + 6 0000000074cc142f 1 byte INT3
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3344] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000074cdb223 5 bytes JMP 00000001701a1dc0
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3344] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000074d588f4 7 bytes JMP 00000001701a1db0
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3344] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074d58979 5 bytes JMP 00000001701a1ea0
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3344] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000074d58ccf 5 bytes JMP 00000001701a1e30
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3344] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074fd1d1b 5 bytes JMP 00000001701a24b0
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3344] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074fd1dc9 5 bytes JMP 00000001701a2510
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3344] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074fd2aa4 5 bytes JMP 00000001701a2580
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3344] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074fd2d0a 5 bytes JMP 00000001701a26e0
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3344] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007490e9a2 5 bytes JMP 00000001701a1a10
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3344] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007490ebdc 5 bytes JMP 00000001701a1aa0
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3344] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000750f5ea5 5 bytes JMP 00000001701a1d00
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3344] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075129d0b 5 bytes JMP 00000001701a1c80
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2400] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076b7efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2400] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076ba99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2400] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076bb94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2400] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076bb9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2400] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076bda500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2400] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd573460 7 bytes JMP 000007fffd5600d8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2400] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd579940 6 bytes JMP 000007fffd560148
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2400] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd579fb0 5 bytes JMP 000007fffd560180
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2400] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd57a150 5 bytes JMP 000007fffd560110
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2400] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd8189e0 8 bytes JMP 000007fffd5601f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2400] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd81be40 8 bytes JMP 000007fffd5601b8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2400] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefefa7490 11 bytes JMP 000007fffd560228
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2400] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefefbbf00 7 bytes JMP 000007fffd560260
.text C:\Windows\SysWOW64\PnkBstrA.exe[3124] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000745017fa 2 bytes [50, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3124] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000074501860 2 bytes [50, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3124] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000074501942 2 bytes [50, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3124] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 000000007450194d 2 bytes [50, 74]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4632] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074cc1429 5 bytes JMP 00000001701a1eb0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4632] C:\Windows\syswow64\kernel32.dll!RegSetValueExA + 6 0000000074cc142f 1 byte INT3
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4632] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000074cdb223 5 bytes JMP 00000001701a1dc0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4632] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000074d588f4 7 bytes JMP 00000001701a1db0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4632] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074d58979 5 bytes JMP 00000001701a1ea0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4632] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000074d58ccf 5 bytes JMP 00000001701a1e30
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4632] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074fd1d1b 5 bytes JMP 00000001701a24b0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4632] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074fd1dc9 5 bytes JMP 00000001701a2510
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4632] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074fd2aa4 5 bytes JMP 00000001701a2580
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4632] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074fd2d0a 5 bytes JMP 00000001701a26e0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4632] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007490e9a2 5 bytes JMP 00000001701a1a10
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4632] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007490ebdc 5 bytes JMP 00000001701a1aa0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4632] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000750f5ea5 5 bytes JMP 00000001701a1d00
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4632] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075129d0b 5 bytes JMP 00000001701a1c80
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5224] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076511401 2 bytes [51, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5224] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076511419 2 bytes [51, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076511431 2 bytes [51, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007651144a 2 bytes [51, 76]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5224] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000765114dd 2 bytes [51, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5224] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000765114f5 2 bytes [51, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5224] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007651150d 2 bytes [51, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5224] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076511525 2 bytes [51, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5224] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007651153d 2 bytes [51, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5224] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076511555 2 bytes [51, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5224] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007651156d 2 bytes [51, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5224] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076511585 2 bytes [51, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5224] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007651159d 2 bytes [51, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5224] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000765115b5 2 bytes [51, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5224] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000765115cd 2 bytes [51, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5224] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000765116b2 2 bytes [51, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5224] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000765116bd 2 bytes [51, 76]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5952] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd573460 7 bytes JMP 000007fffd5600d8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5952] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd579940 6 bytes JMP 000007fffd560148
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5952] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd579fb0 5 bytes JMP 000007fffd560180
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5952] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd57a150 5 bytes JMP 000007fffd560110
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5952] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd8189e0 8 bytes JMP 000007fffd5601f0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5952] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd81be40 8 bytes JMP 000007fffd5601b8
.text C:\Windows\system32\wbem\unsecapp.exe[6060] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd573460 7 bytes JMP 000007fffd5600d8
.text C:\Windows\system32\wbem\unsecapp.exe[6060] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd579940 6 bytes JMP 000007fffd560148
.text C:\Windows\system32\wbem\unsecapp.exe[6060] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd579fb0 5 bytes JMP 000007fffd560180
.text C:\Windows\system32\wbem\unsecapp.exe[6060] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd57a150 5 bytes JMP 000007fffd560110
.text C:\Windows\system32\wbem\unsecapp.exe[6060] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefefa7490 11 bytes JMP 000007fffd560228
.text C:\Windows\system32\wbem\unsecapp.exe[6060] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefefbbf00 7 bytes JMP 000007fffd560260
.text C:\Windows\system32\wbem\unsecapp.exe[6060] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd8189e0 8 bytes JMP 000007fffd5601f0
.text C:\Windows\system32\wbem\unsecapp.exe[6060] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd81be40 8 bytes JMP 000007fffd5601b8
.text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[6480] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd573460 7 bytes JMP 000007fffd5600d8
.text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[6480] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd579940 6 bytes JMP 000007fffd560148
.text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[6480] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd579fb0 5 bytes JMP 000007fffd560180
.text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[6480] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd57a150 5 bytes JMP 000007fffd560110
.text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[6480] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd8189e0 8 bytes JMP 000007fffd5601f0
.text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[6480] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd81be40 8 bytes JMP 000007fffd5601b8
.text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[6480] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefefa7490 11 bytes JMP 000007fffd560228
.text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[6480] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefefbbf00 7 bytes JMP 000007fffd560260
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6328] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076511401 2 bytes [51, 76]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6328] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076511419 2 bytes [51, 76]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076511431 2 bytes [51, 76]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007651144a 2 bytes [51, 76]
.text ... * 9
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6328] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000765114dd 2 bytes [51, 76]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6328] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000765114f5 2 bytes [51, 76]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6328] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007651150d 2 bytes [51, 76]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6328] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076511525 2 bytes [51, 76]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6328] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007651153d 2 bytes [51, 76]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6328] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076511555 2 bytes [51, 76]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6328] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007651156d 2 bytes [51, 76]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6328] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076511585 2 bytes [51, 76]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6328] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007651159d 2 bytes [51, 76]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6328] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000765115b5 2 bytes [51, 76]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6328] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000765115cd 2 bytes [51, 76]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6328] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000765116b2 2 bytes [51, 76]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6328] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000765116bd 2 bytes [51, 76]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7048] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074cc1429 5 bytes JMP 00000001701a1eb0
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7048] C:\Windows\syswow64\kernel32.dll!RegSetValueExA + 6 0000000074cc142f 1 byte INT3
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7048] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000074cdb223 5 bytes JMP 00000001701a1dc0
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7048] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000074d588f4 7 bytes JMP 00000001701a1db0
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7048] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074d58979 5 bytes JMP 00000001701a1ea0
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7048] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000074d58ccf 5 bytes JMP 00000001701a1e30
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7048] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074fd1d1b 5 bytes JMP 00000001701a24b0
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7048] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074fd1dc9 5 bytes JMP 00000001701a2510
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7048] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074fd2aa4 5 bytes JMP 00000001701a2580
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7048] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074fd2d0a 5 bytes JMP 00000001701a26e0
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7048] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007490e9a2 5 bytes JMP 00000001701a1a10
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7048] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007490ebdc 5 bytes JMP 00000001701a1aa0
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7048] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000750f5ea5 5 bytes JMP 00000001701a1d00
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7048] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075129d0b 5 bytes JMP 00000001701a1c80
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076511401 2 bytes [51, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5464] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076511419 2 bytes [51, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076511431 2 bytes [51, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007651144a 2 bytes [51, 76]
.text ... * 9
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5464] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000765114dd 2 bytes [51, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000765114f5 2 bytes [51, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5464] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007651150d 2 bytes [51, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076511525 2 bytes [51, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007651153d 2 bytes [51, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5464] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076511555 2 bytes [51, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007651156d 2 bytes [51, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076511585 2 bytes [51, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5464] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007651159d 2 bytes [51, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000765115b5 2 bytes [51, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000765115cd 2 bytes [51, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000765116b2 2 bytes [51, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000765116bd 2 bytes [51, 76]
.text C:\Users\Frank\Desktop\gmer_2.0.18454.exe[1808] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074cc1429 5 bytes JMP 00000001701a1eb0
.text C:\Users\Frank\Desktop\gmer_2.0.18454.exe[1808] C:\Windows\syswow64\kernel32.dll!RegSetValueExA + 6 0000000074cc142f 1 byte INT3
.text C:\Users\Frank\Desktop\gmer_2.0.18454.exe[1808] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000074cdb223 5 bytes JMP 00000001701a1dc0
.text C:\Users\Frank\Desktop\gmer_2.0.18454.exe[1808] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000074d588f4 7 bytes JMP 00000001701a1db0
.text C:\Users\Frank\Desktop\gmer_2.0.18454.exe[1808] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074d58979 5 bytes JMP 00000001701a1ea0
.text C:\Users\Frank\Desktop\gmer_2.0.18454.exe[1808] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000074d58ccf 5 bytes JMP 00000001701a1e30
.text C:\Users\Frank\Desktop\gmer_2.0.18454.exe[1808] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074fd1d1b 5 bytes JMP 00000001701a24b0
.text C:\Users\Frank\Desktop\gmer_2.0.18454.exe[1808] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074fd1dc9 5 bytes JMP 00000001701a2510
.text C:\Users\Frank\Desktop\gmer_2.0.18454.exe[1808] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074fd2aa4 5 bytes JMP 00000001701a2580
.text C:\Users\Frank\Desktop\gmer_2.0.18454.exe[1808] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074fd2d0a 5 bytes JMP 00000001701a26e0
.text C:\Users\Frank\Desktop\gmer_2.0.18454.exe[1808] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007490e9a2 5 bytes JMP 00000001701a1a10
.text C:\Users\Frank\Desktop\gmer_2.0.18454.exe[1808] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007490ebdc 5 bytes JMP 00000001701a1aa0
---- User IAT/EAT - GMER 2.0 ----
IAT C:\Windows\system32\winlogon.exe[944] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!GetProcAddress] [7fefad72960] c:\windows\system32\uxtuneup.dll
IAT C:\Windows\system32\winlogon.exe[944] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!ReadFile] [7fefad72840] c:\windows\system32\uxtuneup.dll
IAT C:\Windows\system32\winlogon.exe[944] @ C:\Windows\system32\themeservice.dll[KERNEL32.dll!GetProcAddress] [7fefad72960] c:\windows\system32\uxtuneup.dll
IAT C:\Windows\system32\winlogon.exe[944] @ C:\Windows\system32\themeservice.dll[KERNEL32.dll!ReadFile] [7fefad72840] c:\windows\system32\uxtuneup.dll
IAT C:\Windows\system32\svchost.exe[1216] @ c:\windows\system32\themeservice.dll[KERNEL32.dll!GetProcAddress] [7fefad72960] c:\windows\system32\uxtuneup.dll
IAT C:\Windows\system32\svchost.exe[1216] @ c:\windows\system32\themeservice.dll[KERNEL32.dll!ReadFile] [7fefad72840] c:\windows\system32\uxtuneup.dll
IAT C:\Windows\system32\svchost.exe[1216] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!GetProcAddress] [7fefad72960] c:\windows\system32\uxtuneup.dll
IAT C:\Windows\system32\svchost.exe[1216] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!ReadFile] [7fefad72840] c:\windows\system32\uxtuneup.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] @ C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[sqmapi.dll!SqmGetSession] [7fef5cf1c00] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] @ C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[sqmapi.dll!SqmStartSession] [7fef5cf6544] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] @ C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[sqmapi.dll!SqmEndSession] [7fef5cf5e30] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] @ C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[sqmapi.dll!SqmSetAppVersion] [7fef5cf7064] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] @ C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[sqmapi.dll!SqmSetAppId] [7fef5cf2750] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] @ C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[sqmapi.dll!SqmSetMachineId] [7fef5cf2b98] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] @ C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[sqmapi.dll!SqmSetUserId] [7fef5cf2c90] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] @ C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[sqmapi.dll!SqmWriteSharedMachineId] [7fef5cf7de0] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] @ C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[sqmapi.dll!SqmWaitForUploadComplete] [7fef5cf86fc] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] @ C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[sqmapi.dll!SqmStartUpload] [7fef5cf81d8] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] @ C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[sqmapi.dll!SqmCreateNewId] [7fef5cf8130] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] @ C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[sqmapi.dll!SqmWriteSharedUserId] [7fef5cf7fcc] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] @ C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[sqmapi.dll!SqmAddToStreamDWord] [7fef5cf77bc] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] @ C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[sqmapi.dll!SqmSet] [7fef5cf2878] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] @ C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[sqmapi.dll!SqmSetBool] [7fef5cf6830] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] @ C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[sqmapi.dll!SqmIncrement] [7fef5cf6c48] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] @ C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[sqmapi.dll!SqmReadSharedUserId] [7fef5cf22c8] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] @ C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[sqmapi.dll!SqmReadSharedMachineId] [7fef5cf1908] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] @ C:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll[sqmapi.dll!SqmSetMachineId] [7fef5cf2b98] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] @ C:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll[sqmapi.dll!SqmIncrement] [7fef5cf6c48] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] @ C:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll[sqmapi.dll!SqmGetSession] [7fef5cf1c00] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] @ C:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll[sqmapi.dll!SqmStartSession] [7fef5cf6544] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] @ C:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll[sqmapi.dll!SqmEndSession] [7fef5cf5e30] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] @ C:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll[sqmapi.dll!SqmSetAppVersion] [7fef5cf7064] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] @ C:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll[sqmapi.dll!SqmSetUserId] [7fef5cf2c90] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] @ C:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll[sqmapi.dll!SqmReadSharedMachineId] [7fef5cf1908] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] @ C:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll[sqmapi.dll!SqmReadSharedUserId] [7fef5cf22c8] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] @ C:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll[sqmapi.dll!SqmWriteSharedMachineId] [7fef5cf7de0] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] @ C:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll[sqmapi.dll!SqmWriteSharedUserId] [7fef5cf7fcc] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] @ C:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll[sqmapi.dll!SqmCreateNewId] [7fef5cf8130] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] @ C:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll[sqmapi.dll!SqmStartUpload] [7fef5cf81d8] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[3056] @ C:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll[sqmapi.dll!SqmSetAppId] [7fef5cf2750] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] @ C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[sqmapi.dll!SqmGetSession] [7fef5cf1c00] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] @ C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[sqmapi.dll!SqmStartSession] [7fef5cf6544] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] @ C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[sqmapi.dll!SqmEndSession] [7fef5cf5e30] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] @ C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[sqmapi.dll!SqmSetAppVersion] [7fef5cf7064] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] @ C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[sqmapi.dll!SqmSetAppId] [7fef5cf2750] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] @ C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[sqmapi.dll!SqmSetMachineId] [7fef5cf2b98] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] @ C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[sqmapi.dll!SqmSetUserId] [7fef5cf2c90] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] @ C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[sqmapi.dll!SqmReadSharedMachineId] [7fef5cf1908] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] @ C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[sqmapi.dll!SqmReadSharedUserId] [7fef5cf22c8] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] @ C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[sqmapi.dll!SqmWriteSharedMachineId] [7fef5cf7de0] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] @ C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[sqmapi.dll!SqmWriteSharedUserId] [7fef5cf7fcc] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] @ C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[sqmapi.dll!SqmCreateNewId] [7fef5cf8130] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] @ C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[sqmapi.dll!SqmStartUpload] [7fef5cf81d8] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] @ C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[sqmapi.dll!SqmAddToStreamString] [7fef5cf7a5c] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] @ C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[sqmapi.dll!SqmSetBool] [7fef5cf6830] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] @ C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[sqmapi.dll!SqmSet] [7fef5cf2878] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] @ C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[sqmapi.dll!SqmAddToStreamDWord] [7fef5cf77bc] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] @ C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[sqmapi.dll!SqmIncrement] [7fef5cf6c48] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] @ C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[sqmapi.dll!SqmWaitForUploadComplete] [7fef5cf86fc] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] @ C:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll[sqmapi.dll!SqmSetMachineId] [7fef5cf2b98] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] @ C:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll[sqmapi.dll!SqmIncrement] [7fef5cf6c48] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] @ C:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll[sqmapi.dll!SqmGetSession] [7fef5cf1c00] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] @ C:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll[sqmapi.dll!SqmStartSession] [7fef5cf6544] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] @ C:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll[sqmapi.dll!SqmEndSession] [7fef5cf5e30] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] @ C:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll[sqmapi.dll!SqmSetAppVersion] [7fef5cf7064] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] @ C:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll[sqmapi.dll!SqmSetUserId] [7fef5cf2c90] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] @ C:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll[sqmapi.dll!SqmReadSharedMachineId] [7fef5cf1908] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] @ C:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll[sqmapi.dll!SqmReadSharedUserId] [7fef5cf22c8] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] @ C:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll[sqmapi.dll!SqmWriteSharedMachineId] [7fef5cf7de0] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] @ C:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll[sqmapi.dll!SqmWriteSharedUserId] [7fef5cf7fcc] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] @ C:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll[sqmapi.dll!SqmCreateNewId] [7fef5cf8130] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] @ C:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll[sqmapi.dll!SqmStartUpload] [7fef5cf81d8] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[1212] @ C:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll[sqmapi.dll!SqmSetAppId] [7fef5cf2750] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4744] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef4062750] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4744] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef4062b98] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4744] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef4067de0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4744] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef4068130] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4744] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef4061908] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4744] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef4061c00] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4744] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef40681d8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4744] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef4062878] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4744] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef4067a5c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4744] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmIncrement] [7fef4066c48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4744] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef40677bc] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4744] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef4067064] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4744] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef4066544] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4744] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef4065e30] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac72891c556f
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ac72891c556f (not active ControlSet)
---- EOF - GMER 2.0 ----
|
|
05.02.2013, 14:44
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Arbeitsstationsdienst lässt sich nicht starten! Was ist mit der Erklärung zu dieser besagten Datei? 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.02.2013, 14:47
| #9 |
| | Arbeitsstationsdienst lässt sich nicht starten! aswMBR Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-05 14:43:49
-----------------------------
14:43:49.825 OS Version: Windows x64 6.1.7601 Service Pack 1
14:43:49.825 Number of processors: 8 586 0x2A07
14:43:49.825 ComputerName: FRANK-PC UserName: Frank
14:43:50.962 Initialze error C000010E - driver not loaded
14:43:57.573 AVAST engine defs: 13020500
14:43:59.445 Service scanning
14:44:32.152 Modules scanning
14:44:32.152 Disk 0 trace - called modules:
14:44:32.162
14:44:42.452 The log file has been saved successfully to "C:\Users\Frank\Desktop\aswMBR.txt"
Unbedeutende Datei, weiss die Quelle nicht mehr - wurde auch erst heuntergeladen, nachdem meine Probleme entstanden sind. |
|
05.02.2013, 14:58
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Arbeitsstationsdienst lässt sich nicht starten! aswMBR wurde falsch gemacht, bitte richtig wiederholen Zitat:
Bitte erklär was für eine Datei das sein soll und welchen Zweck sie erfüllt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.02.2013, 18:15
| #11 |
| | Arbeitsstationsdienst lässt sich nicht starten! Wenn ich "AV-scan" (none) setzte kommt das raus was ich gepostet habe. Steht er auf Quick-scan kommt immer "avast! Antirootkit funktioniert nicht mehr" -> Die letzten zwei Zeilen im DOS-Fenster: File: C:\Windows\system32\xptz7cb2.tsp **INFECTED** Win32:Malware-gen M C: Windows\assembly\GAC_MSIL\Microsoft.VisualStudios.Tools.Applications.S (Weiter kann ich nicht lesen) Ich habe angefangen ein Rollenspiel zu spielen und war drauf und dran zu cheaten, habe micht dann aber entschieden es doch nicht zu machen, weil cheaten ne echt uncoole Sache ist - jetzt spiele ich das Spiel lieber so wie es richtig ist. Die Datei existiert allerdings tatsächlich erst, nachdem ich diese Probleme habe!  |
|
06.02.2013, 10:46
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Arbeitsstationsdienst lässt sich nicht starten! Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.02.2013, 13:52
| #13 |
| | Arbeitsstationsdienst lässt sich nicht starten!Code:
ATTFilter ity *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Emsisoft Anti-Malware *Enabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\programdata\mazuki.dll
c:\programdata\ntuser.dat
c:\programdata\Roaming
c:\users\Frank\Documents\~WRL0522.tmp
c:\users\Frank\Documents\~WRL3026.tmp
c:\windows\msvcr71.dll
c:\windows\SysWow64\muzapp.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-06 bis 2013-02-06 ))))))))))))))))))))))))))))))
.
.
2013-02-06 12:33 . 2013-02-06 12:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-05 11:01 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD9D20CF-00BC-4A22-8739-A2D4E8570483}\mpengine.dll
2013-02-04 21:24 . 2012-08-21 12:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-02-04 21:23 . 2013-02-04 21:23 -------- d-----w- c:\program files\iPod
2013-02-04 21:23 . 2013-02-04 21:24 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-02-04 21:23 . 2013-02-04 21:24 -------- d-----w- c:\program files\iTunes
2013-02-04 21:23 . 2013-02-04 21:23 -------- d-----w- c:\program files (x86)\iTunes
2013-02-04 07:11 . 2013-02-04 13:02 -------- d-----w- c:\programdata\SecTaskMan
2013-02-04 07:10 . 2013-02-04 13:02 -------- d-----w- c:\program files (x86)\Security Task Manager
2013-02-03 20:32 . 2013-02-03 20:32 -------- d-----w- c:\users\Frank\AppData\Local\Chromium
2013-02-03 18:28 . 2013-02-06 12:14 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2013-02-03 17:48 . 2013-02-03 17:48 -------- d-----w- C:\found.000
2013-02-03 14:33 . 2013-02-03 14:33 -------- d-----w- c:\users\Frank\AppData\Roaming\Malwarebytes
2013-02-03 14:33 . 2013-02-03 14:33 -------- d-----w- c:\programdata\Malwarebytes
2013-02-03 14:33 . 2013-02-03 14:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-03 14:33 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-03 14:25 . 2013-02-03 14:25 -------- d-----w- C:\PPF_Scan1
2013-02-03 13:50 . 2013-02-03 13:54 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2013-02-03 13:30 . 2012-07-11 16:09 64856 ----a-w- c:\windows\system32\klfphc.dll
2013-02-03 13:29 . 2013-02-03 13:29 -------- d-----w- c:\windows\ELAMBKUP
2013-02-03 13:29 . 2013-02-06 12:34 -------- d-----w- c:\programdata\Kaspersky Lab
2013-02-03 13:29 . 2013-02-03 13:29 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2013-02-03 13:29 . 2012-10-25 11:42 611160 ----a-w- c:\windows\system32\drivers\klif.sys
2013-02-03 13:29 . 2012-08-13 17:24 89432 ----a-w- c:\windows\system32\drivers\klflt.sys
2013-02-03 09:29 . 2013-02-03 09:30 8282192 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2013-02-03 08:29 . 2012-11-29 15:06 37216 ----a-w- c:\windows\system32\uxtuneup.dll
2013-02-03 08:29 . 2012-11-29 15:06 29536 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2013-02-03 08:27 . 2012-11-29 15:06 34656 ----a-w- c:\windows\system32\TURegOpt.exe
2013-02-03 08:26 . 2012-11-29 15:06 25952 ----a-w- c:\windows\system32\authuitu.dll
2013-02-03 08:26 . 2012-11-29 15:06 21344 ----a-w- c:\windows\SysWow64\authuitu.dll
2013-02-03 08:26 . 2013-02-03 08:26 -------- d-----w- c:\users\Frank\AppData\Roaming\TuneUp Software
2013-02-03 08:26 . 2013-02-04 13:03 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2013
2013-02-03 08:26 . 2013-02-04 13:02 -------- d-----w- c:\programdata\TuneUp Software
2013-02-03 08:26 . 2013-02-03 09:00 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-02-03 08:26 . 2013-02-03 08:26 -------- d--h--w- c:\programdata\Common Files
2013-02-03 08:26 . 2013-02-03 08:26 -------- d-----w- c:\program files (x86)\Cheat Engine 6.2
2013-02-03 08:26 . 2013-02-03 08:26 -------- d-----w- c:\users\Frank\AppData\Roaming\OpenCandy
2013-02-02 17:09 . 2013-02-02 17:09 -------- d-----w- c:\users\Frank\AppData\Local\Gameforge4d
2013-02-02 17:08 . 2013-02-02 17:13 -------- d-----w- c:\program files (x86)\GameforgeLive
2013-02-02 17:08 . 2013-02-02 17:08 -------- d-----w- c:\users\Frank\AppData\Local\Programs
2013-01-27 16:46 . 2013-01-27 16:47 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center
2013-01-27 02:16 . 2013-01-27 02:16 5113072 ----a-w- c:\windows\uninst.exe
2013-01-27 02:16 . 2013-01-27 02:17 -------- d-----w- c:\programdata\PC1Data
2013-01-26 19:17 . 2013-01-26 19:16 859552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-01-26 19:16 . 2013-01-26 19:16 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-26 12:07 . 2013-01-26 12:07 308640 ----a-w- c:\windows\system32\javaws.exe
2013-01-26 12:07 . 2013-01-26 12:07 188832 ----a-w- c:\windows\system32\javaw.exe
2013-01-26 12:07 . 2013-01-26 12:07 188832 ----a-w- c:\windows\system32\java.exe
2013-01-26 12:07 . 2013-01-26 12:07 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-01-26 12:07 . 2013-01-26 18:31 -------- d-----w- c:\program files\Java
2013-01-26 10:56 . 2009-03-18 15:35 33856 ---ha-w- c:\windows\system32\hamachi.sys
2013-01-26 10:56 . 2013-01-26 10:56 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2013-01-26 10:55 . 2013-02-04 13:02 -------- d-----w- c:\users\Frank\AppData\Local\LogMeIn Hamachi
2013-01-25 12:24 . 2013-01-27 12:02 -------- d-----w- c:\users\Frank\AppData\Roaming\.minecraft
2013-01-10 23:03 . 2013-01-10 23:03 0 ----a-w- c:\windows\SysWow64\shoA483.tmp
2013-01-09 16:09 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 16:09 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-09 16:07 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-09 16:07 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-06 09:52 . 2011-10-12 18:18 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe
2013-01-26 19:16 . 2011-12-14 13:31 780192 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-26 12:07 . 2012-11-11 17:08 960416 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-26 12:07 . 2012-11-11 17:08 1081760 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-17 00:28 . 2011-12-10 16:29 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-09 22:19 . 2011-12-13 16:47 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-09 16:47 . 2012-04-15 09:18 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 16:47 . 2012-01-02 23:32 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-03 16:31 . 2011-12-12 00:13 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-01-03 16:30 . 2011-12-12 00:12 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-01-03 16:30 . 2011-12-15 08:58 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-12-16 17:11 . 2012-12-22 19:59 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 19:59 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 19:59 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 19:59 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-02 17:03 . 2011-12-10 13:26 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-12-02 17:03 . 2011-12-10 13:26 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-11-30 04:45 . 2013-01-09 16:08 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-28 21:35 . 2012-11-28 21:35 0 ----a-w- c:\windows\SysWow64\shoB259.tmp
2012-11-14 22:48 . 2012-11-14 22:48 0 ----a-w- c:\windows\SysWow64\sho6556.tmp
2012-11-14 07:06 . 2012-12-12 22:28 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-12 22:28 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-12 22:28 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-12 22:28 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-12 22:28 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-12 22:28 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-12 22:28 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-12 22:28 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-12 22:28 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-12 22:28 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-12 22:28 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-12 22:28 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-12 22:28 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-12 22:29 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-12 22:29 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-12 22:28 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-12 22:28 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-12 22:28 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 22:28 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-12 22:28 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 22:29 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-12 22:29 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-12 13:43 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 13:43 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2006-05-03 10:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{62d40876-df18-411f-9d34-a9dd7a197bc5}"= "c:\program files (x86)\BrotherSoft_Extreme3\prxtbBrot.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{62d40876-df18-411f-9d34-a9dd7a197bc5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{62d40876-df18-411f-9d34-a9dd7a197bc5}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\BrotherSoft_Extreme3\prxtbBrot.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{62d40876-df18-411f-9d34-a9dd7a197bc5}"= "c:\program files (x86)\BrotherSoft_Extreme3\prxtbBrot.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{62d40876-df18-411f-9d34-a9dd7a197bc5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Syncables"="c:\program files (x86)\syncables\syncables desktop\Syncables.exe" [2010-07-19 370480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-08-07 960440]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-07 21432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"SonicMasterTray"="c:\program files (x86)\ASUS\SonicMaster\SonicMasterTray.exe" [2010-07-10 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"RemoteControl10"="c:\program files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-11-12 75048]
"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-11-24 222504]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-08-07 3524536]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-08-17 218880]
"emsisoft anti-malware"="c:\program files (x86)\Emsisoft Anti-Malware\a2guard.exe" [2013-01-30 3365288]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
c:\users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel(R) Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-13 549040]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe [2011-12-9 12862]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "c:\programdata\Nuance\PDF Reader\Ereg\Ereg.ini"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-04-21 294912]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2011-03-18 74840]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584]
R3 DfSdkS;Defragmentation-Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 8\DfsdkS64.exe [2009-08-24 544768]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-19 102368]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-10-21 243200]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 114304]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-03-24 34200]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187B.sys [2010-03-31 450048]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-19 203104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R4 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-04-21 1136640]
R4 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-04-21 134928]
R4 CLKMSVC10_38F51D56;CyberLink Product - 2011/10/12 11:23;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-11-12 241648]
R4 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-01-14 1839616]
R4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-10-15 28992]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2012-06-08 54104]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2011-10-15 249152]
S2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2013-01-30 3089320]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-01-25 379520]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\Common Files\InstantOn\InsOnSrv.exe [2011-06-02 64128]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Splashtop MDES;Splashtop Meta Data Export Service;c:\asus.sys\SIONExportService.exe [2011-05-10 338208]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-11-29 2401632]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S2 Update-Service;Update-Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2012-04-30 66320]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2011-02-26 16768]
S3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-04-21 294912]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-01-27 125416]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-01-27 385512]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-03-08 51712]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-03-08 274944]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-03-23 59904]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-03-24 25496]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-10-25 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-10-25 29528]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-09-19 11880]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service REG_MULTI_SZ Update-Service-Installer-Service
Update-Service REG_MULTI_SZ Update-Service
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 16:47]
.
2013-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
.
2013-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-12 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-12 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-12 416024]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{42713A31-1749-4DB5-91DC-FE79CFCC532C}: NameServer = 193.189.244.206 193.189.244.225
TCP: Interfaces\{B023C04D-E2DD-4399-975A-9BFF60B791C9}: NameServer = 193.189.244.225 193.189.244.206
FF - ProfilePath - c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\n1tor11v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3240727&SearchSource=3&q={searchTerms}&CUI=UN26736811875978932
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3240727&SearchSource=13&CUI=UN26736811875978932
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3240727&SearchSource=2&CUI=UN26736811875978932&q=
FF - ExtSQL: 2013-02-03 09:29; {4373e9b4-0a12-4112-8e3d-36ded19ee3dd}; c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\n1tor11v.default\extensions\{4373e9b4-0a12-4112-8e3d-36ded19ee3dd}
FF - ExtSQL: 2013-02-03 14:29; anti_banner@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2013-02-03 14:29; content_blocker@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2013-02-03 14:29; online_banking@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF - ExtSQL: 2013-02-03 14:30; url_advisor@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2013-02-03 14:30; virtual_keyboard@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF - ExtSQL: 2013-02-03 17:48; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\n1tor11v.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: !HIDDEN! 2012-06-12 16:13; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: browser.search.selectedEngine - Search the web
FF - user.js: browser.search.order.1 - Search the web
FF - user.js: browser.search.defaultenginename - Search the web
FF - user.js: keyword.URL - hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: privacy.item.cookies - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
WebBrowser-{62D40876-DF18-411F-9D34-A9DD7A197BC5} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
AddRemove-Multiple Image Resizer .NET 4 - c:\programdata\{7E365CC2-534E-4C8D-B11C-02B771C3B82B}\Mir4Installer.exe
AddRemove-{3966711E-1F98-4C9F-AE0B-6AD28137FE64} - c:\programdata\{7E365CC2-534E-4C8D-B11C-02B771C3B82B}\Mir4Installer.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-3164768286-1964387947-1448381298-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-3164768286-1964387947-1448381298-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3164768286-1964387947-1448381298-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-3164768286-1964387947-1448381298-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3164768286-1964387947-1448381298-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-3164768286-1964387947-1448381298-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3164768286-1964387947-1448381298-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-3164768286-1964387947-1448381298-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-3164768286-1964387947-1448381298-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3164768286-1964387947-1448381298-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-3164768286-1964387947-1448381298-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3164768286-1964387947-1448381298-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-3164768286-1964387947-1448381298-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:75,2d,41,94,b1,1a,1c,a9,e3,03,48,52,1b,f8,b3,3b,9a,d1,8e,3d,e9,63,54,
51,67,62,99,f7,c9,3c,ae,e5,33,06,d1,39,b1,9b,22,88,d7,69,ca,99,88,4c,6a,84,\
"??"=hex:41,e0,42,8c,cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b
.
[HKEY_USERS\S-1-5-21-3164768286-1964387947-1448381298-1001\Software\SecuROM\License information*]
"datasecu"=hex:38,65,82,07,89,cd,ac,e5,65,3e,dc,3e,94,28,1c,8f,b7,43,7b,5a,1f,
01,af,b8,3e,22,8d,c6,53,2e,03,11,8b,db,51,ee,50,d3,99,eb,b8,d5,08,9a,d8,b8,\
"rkeysecu"=hex:cf,c5,f8,0c,f6,37,2a,22,f3,c1,47,d5,f7,9e,30,d6
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\SmartLogon\smartlogon.exe
c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
c:\program files (x86)\ASUS\Splendid\ACMON.exe
c:\windows\SysWOW64\ACEngSvr.exe
c:\program files (x86)\Common Files\InstantOn\InsOnWMI.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-02-06 13:43:07 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-02-06 12:43
.
Vor Suchlauf: 10 Verzeichnis(se), 63.689.859.072 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 63.678.074.880 Bytes frei
.
- - End Of File - - 7C60CC20E5B5690813606B8DA65E9DFB
|
|
06.02.2013, 14:35
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Arbeitsstationsdienst lässt sich nicht starten! Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.02.2013, 16:22
| #15 |
| | Arbeitsstationsdienst lässt sich nicht starten!Code:
ATTFilter 16:17:27.0170 7380 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:17:27.0310 7380 ============================================================
16:17:27.0310 7380 Current date / time: 2013/02/06 16:17:27.0310
16:17:27.0310 7380 SystemInfo:
16:17:27.0310 7380
16:17:27.0310 7380 OS Version: 6.1.7601 ServicePack: 1.0
16:17:27.0310 7380 Product type: Workstation
16:17:27.0310 7380 ComputerName: FRANK-PC
16:17:27.0310 7380 UserName: Frank
16:17:27.0310 7380 Windows directory: C:\Windows
16:17:27.0310 7380 System windows directory: C:\Windows
16:17:27.0310 7380 Running under WOW64
16:17:27.0310 7380 Processor architecture: Intel x64
16:17:27.0310 7380 Number of processors: 8
16:17:27.0310 7380 Page size: 0x1000
16:17:27.0310 7380 Boot type: Normal boot
16:17:27.0310 7380 ============================================================
16:17:27.0856 7380 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:17:27.0872 7380 ============================================================
16:17:27.0872 7380 \Device\Harddisk0\DR0:
16:17:27.0872 7380 MBR partitions:
16:17:27.0872 7380 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x25BDA000
16:17:27.0903 7380 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x28DDB000, BlocksNum 0x2E76B000
16:17:27.0903 7380 ============================================================
16:17:27.0950 7380 C: <-> \Device\Harddisk0\DR0\Partition1
16:17:27.0996 7380 D: <-> \Device\Harddisk0\DR0\Partition2
16:17:27.0996 7380 ============================================================
16:17:27.0996 7380 Initialize success
16:17:27.0996 7380 ============================================================
16:18:15.0951 8160 ============================================================
16:18:15.0951 8160 Scan started
16:18:15.0951 8160 Mode: Manual; SigCheck; TDLFS;
16:18:15.0951 8160 ============================================================
16:18:16.0310 8160 ================ Scan system memory ========================
16:18:16.0310 8160 System memory - ok
16:18:16.0310 8160 ================ Scan services =============================
16:18:17.0558 8160 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:18:17.0651 8160 1394ohci - ok
16:18:17.0792 8160 [ 2D6434E957F7CFA0035C20890F77BBC6 ] a2acc C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
16:18:17.0823 8160 a2acc - ok
16:18:17.0948 8160 [ 521C7DB6FA2B4DC01610B7A7D741F2BB ] a2AntiMalware C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
16:18:18.0010 8160 a2AntiMalware - ok
16:18:18.0010 8160 [ 3044D0F3FEB9FFE8BC953D8F34B5B504 ] A2DDA C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys
16:18:18.0026 8160 A2DDA - ok
16:18:18.0104 8160 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:18:18.0135 8160 ACPI - ok
16:18:18.0166 8160 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:18:18.0213 8160 AcpiPmi - ok
16:18:20.0069 8160 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:18:20.0101 8160 AdobeFlashPlayerUpdateSvc - ok
16:18:20.0163 8160 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:18:20.0194 8160 adp94xx - ok
16:18:20.0241 8160 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:18:20.0257 8160 adpahci - ok
16:18:20.0272 8160 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:18:20.0288 8160 adpu320 - ok
16:18:20.0319 8160 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:18:20.0381 8160 AeLookupSvc - ok
16:18:20.0459 8160 [ 6E79A119B0CE418FE44E0C824BF3F039 ] AFBAgent C:\Windows\system32\FBAgent.exe
16:18:20.0506 8160 AFBAgent - ok
16:18:20.0553 8160 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:18:20.0600 8160 AFD - ok
16:18:20.0647 8160 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:18:20.0678 8160 agp440 - ok
16:18:20.0709 8160 [ 14370049D8C9912EAC7603809A77C378 ] AiCharger C:\Windows\system32\DRIVERS\AiCharger.sys
16:18:20.0740 8160 AiCharger - ok
16:18:20.0756 8160 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:18:20.0803 8160 ALG - ok
16:18:20.0834 8160 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:18:20.0865 8160 aliide - ok
16:18:20.0881 8160 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:18:20.0896 8160 amdide - ok
16:18:20.0927 8160 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:18:20.0990 8160 AmdK8 - ok
16:18:21.0021 8160 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
16:18:21.0083 8160 AmdPPM - ok
16:18:21.0115 8160 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:18:21.0161 8160 amdsata - ok
16:18:21.0193 8160 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
16:18:21.0224 8160 amdsbs - ok
16:18:21.0239 8160 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:18:21.0255 8160 amdxata - ok
16:18:21.0302 8160 [ 9921E78BC29634235F4BF5809E7E8CDE ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
16:18:21.0364 8160 AMPPAL - ok
16:18:21.0395 8160 [ 9921E78BC29634235F4BF5809E7E8CDE ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
16:18:21.0411 8160 AMPPALP - ok
16:18:21.0520 8160 [ 83A0E7BA4AE616D3654E700D9C5FF9DB ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
16:18:21.0551 8160 AMPPALR3 - ok
16:18:21.0661 8160 [ 92A848F962DA91C631147D566414BB7E ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
16:18:21.0692 8160 AmUStor - ok
16:18:21.0739 8160 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:18:21.0848 8160 AppID - ok
16:18:21.0879 8160 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:18:21.0988 8160 AppIDSvc - ok
16:18:22.0035 8160 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:18:22.0097 8160 Appinfo - ok
16:18:22.0300 8160 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:18:22.0331 8160 Apple Mobile Device - ok
16:18:22.0378 8160 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
16:18:22.0409 8160 arc - ok
16:18:22.0441 8160 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:18:22.0472 8160 arcsas - ok
16:18:22.0503 8160 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
16:18:22.0534 8160 ASLDRService - ok
16:18:22.0550 8160 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
16:18:22.0581 8160 ASMMAP64 - ok
16:18:22.0612 8160 [ 718692FFF22D6AF47EBA0A741A924921 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
16:18:22.0690 8160 asmthub3 - ok
16:18:22.0737 8160 [ BAD70A5AC534C108F680A33C654BC626 ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
16:18:22.0799 8160 asmtxhci - ok
16:18:22.0831 8160 [ 0CC5D45987A29D5F2806F4C344ACEA75 ] ASUS InstantOn C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe
16:18:22.0862 8160 ASUS InstantOn - ok
16:18:22.0893 8160 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:18:22.0955 8160 AsyncMac - ok
16:18:23.0049 8160 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:18:23.0080 8160 atapi - ok
16:18:23.0127 8160 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys
16:18:23.0221 8160 athr - ok
16:18:23.0236 8160 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
16:18:23.0267 8160 ATKGFNEXSrv - ok
16:18:23.0314 8160 [ 1F7238A37389ED92E9D8EEE975CABD54 ] ATKWMIACPIIO C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
16:18:23.0345 8160 ATKWMIACPIIO - ok
16:18:23.0392 8160 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:18:23.0470 8160 AudioEndpointBuilder - ok
16:18:23.0486 8160 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:18:23.0517 8160 AudioSrv - ok
16:18:23.0767 8160 [ F1CA8ED683D6945EFDC4492AB60B1460 ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
16:18:23.0813 8160 AVP - ok
16:18:23.0876 8160 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:18:23.0954 8160 AxInstSV - ok
16:18:24.0016 8160 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
16:18:24.0094 8160 b06bdrv - ok
16:18:24.0141 8160 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:18:24.0203 8160 b57nd60a - ok
16:18:24.0344 8160 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
16:18:24.0375 8160 BBSvc - ok
16:18:24.0422 8160 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
16:18:24.0453 8160 BBUpdate - ok
16:18:24.0500 8160 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:18:24.0547 8160 BDESVC - ok
16:18:24.0593 8160 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:18:24.0687 8160 Beep - ok
16:18:24.0781 8160 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:18:24.0859 8160 BFE - ok
16:18:24.0921 8160 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
16:18:25.0030 8160 BITS - ok
16:18:25.0077 8160 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:18:25.0124 8160 blbdrive - ok
16:18:25.0249 8160 [ 55B0C8441DE7D91A819A39D0351154A2 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
16:18:25.0280 8160 Bluetooth Device Monitor - ok
16:18:25.0327 8160 [ 7E262330DF0C4BE4ECE853B59B9CBE4C ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
16:18:25.0373 8160 Bluetooth Media Service - ok
16:18:25.0514 8160 [ 8BF4B9956E13871A88A3810074E2E110 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
16:18:25.0545 8160 Bluetooth OBEX Service - ok
16:18:25.0670 8160 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:18:25.0717 8160 Bonjour Service - ok
16:18:25.0763 8160 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:18:25.0810 8160 bowser - ok
16:18:25.0841 8160 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
16:18:25.0904 8160 BrFiltLo - ok
16:18:25.0935 8160 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
16:18:25.0966 8160 BrFiltUp - ok
16:18:26.0013 8160 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
16:18:26.0122 8160 BridgeMP - ok
16:18:26.0169 8160 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:18:26.0231 8160 Browser - ok
16:18:26.0263 8160 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:18:26.0341 8160 Brserid - ok
16:18:26.0356 8160 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:18:26.0419 8160 BrSerWdm - ok
16:18:26.0434 8160 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:18:26.0497 8160 BrUsbMdm - ok
16:18:26.0512 8160 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:18:26.0543 8160 BrUsbSer - ok
16:18:26.0606 8160 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
16:18:26.0715 8160 BthEnum - ok
16:18:26.0746 8160 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:18:26.0809 8160 BTHMODEM - ok
16:18:26.0840 8160 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
16:18:26.0887 8160 BthPan - ok
16:18:26.0933 8160 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
16:18:26.0996 8160 BTHPORT - ok
16:18:27.0058 8160 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:18:27.0121 8160 bthserv - ok
16:18:27.0152 8160 [ A5B3E8B2B78C7B3DA56A0DE490E6718C ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
16:18:27.0167 8160 BTHSSecurityMgr - ok
16:18:27.0199 8160 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
16:18:27.0245 8160 BTHUSB - ok
16:18:27.0292 8160 [ 270FBA230E78E25726D065A924589A72 ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys
16:18:27.0339 8160 btmaux - ok
16:18:27.0386 8160 [ 0010A54571F525A97EED8C091E96EAA9 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
16:18:27.0433 8160 btmhsf - ok
16:18:27.0479 8160 catchme - ok
16:18:27.0511 8160 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:18:27.0620 8160 cdfs - ok
16:18:27.0667 8160 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:18:27.0729 8160 cdrom - ok
16:18:27.0776 8160 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:18:27.0885 8160 CertPropSvc - ok
16:18:27.0932 8160 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
16:18:27.0994 8160 circlass - ok
16:18:28.0025 8160 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:18:28.0057 8160 CLFS - ok
16:18:28.0135 8160 [ 524DC3807CB1746225F9D26ADD19C319 ] CLKMSVC10_38F51D56 C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
16:18:28.0166 8160 CLKMSVC10_38F51D56 - ok
16:18:28.0259 8160 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:18:28.0291 8160 clr_optimization_v2.0.50727_32 - ok
16:18:28.0322 8160 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:18:28.0353 8160 clr_optimization_v2.0.50727_64 - ok
16:18:28.0431 8160 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:18:28.0462 8160 clr_optimization_v4.0.30319_32 - ok
16:18:28.0556 8160 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:18:28.0571 8160 clr_optimization_v4.0.30319_64 - ok
16:18:28.0618 8160 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:18:28.0681 8160 CmBatt - ok
16:18:28.0696 8160 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:18:28.0712 8160 cmdide - ok
16:18:28.0774 8160 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
16:18:28.0837 8160 CNG - ok
16:18:28.0883 8160 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
16:18:28.0883 8160 Compbatt - ok
16:18:28.0915 8160 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
16:18:28.0993 8160 CompositeBus - ok
16:18:28.0993 8160 COMSysApp - ok
16:18:29.0008 8160 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:18:29.0024 8160 crcdisk - ok
16:18:29.0055 8160 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:18:29.0102 8160 CryptSvc - ok
16:18:29.0195 8160 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
16:18:29.0227 8160 cvhsvc - ok
16:18:29.0289 8160 [ 1CA90212A99DB6975C344826D11055C9 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
16:18:29.0320 8160 dc3d - ok
16:18:29.0351 8160 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:18:29.0414 8160 DcomLaunch - ok
16:18:29.0492 8160 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:18:29.0585 8160 defragsvc - ok
16:18:29.0648 8160 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:18:29.0710 8160 DfsC - ok
16:18:29.0819 8160 [ D51B32BA3897F630D99713B74B40D6A2 ] DfSdkS C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 8\DfsdkS64.exe
16:18:29.0866 8160 DfSdkS ( UnsignedFile.Multi.Generic ) - warning
16:18:29.0866 8160 DfSdkS - detected UnsignedFile.Multi.Generic (1)
16:18:29.0944 8160 [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
16:18:29.0975 8160 dg_ssudbus - ok
16:18:30.0022 8160 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:18:30.0069 8160 Dhcp - ok
16:18:30.0100 8160 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:18:30.0209 8160 discache - ok
16:18:30.0225 8160 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
16:18:30.0241 8160 Disk - ok
16:18:30.0272 8160 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:18:30.0334 8160 Dnscache - ok
16:18:30.0365 8160 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:18:30.0475 8160 dot3svc - ok
16:18:30.0521 8160 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:18:30.0631 8160 DPS - ok
16:18:30.0662 8160 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:18:30.0724 8160 drmkaud - ok
16:18:30.0787 8160 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:18:30.0818 8160 DXGKrnl - ok
16:18:30.0865 8160 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:18:30.0943 8160 EapHost - ok
16:18:31.0021 8160 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
16:18:31.0192 8160 ebdrv - ok
16:18:31.0239 8160 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:18:31.0286 8160 EFS - ok
16:18:31.0411 8160 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:18:31.0457 8160 ehRecvr - ok
16:18:31.0489 8160 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:18:31.0535 8160 ehSched - ok
16:18:31.0613 8160 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:18:31.0645 8160 elxstor - ok
16:18:31.0676 8160 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:18:31.0723 8160 ErrDev - ok
16:18:31.0769 8160 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:18:31.0863 8160 EventSystem - ok
16:18:32.0003 8160 [ 54FC81B0162478A72A93DBBEAFB35671 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
16:18:32.0050 8160 EvtEng - ok
16:18:32.0144 8160 [ 477BC304201197F4057090BD60AF1739 ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
16:18:32.0206 8160 ewusbnet - ok
16:18:32.0237 8160 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:18:32.0315 8160 exfat - ok
16:18:32.0362 8160 Fabs - ok
16:18:32.0409 8160 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:18:32.0518 8160 fastfat - ok
16:18:32.0581 8160 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:18:32.0643 8160 Fax - ok
16:18:32.0674 8160 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
16:18:32.0705 8160 fdc - ok
16:18:32.0737 8160 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:18:32.0799 8160 fdPHost - ok
16:18:32.0830 8160 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:18:32.0908 8160 FDResPub - ok
16:18:32.0986 8160 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:18:33.0017 8160 FileInfo - ok
16:18:33.0033 8160 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:18:33.0095 8160 Filetrace - ok
16:18:33.0189 8160 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
16:18:33.0345 8160 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
16:18:33.0345 8160 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
16:18:33.0439 8160 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:18:33.0485 8160 FLEXnet Licensing Service - ok
16:18:33.0532 8160 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
16:18:33.0579 8160 flpydisk - ok
16:18:33.0626 8160 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:18:33.0657 8160 FltMgr - ok
16:18:33.0704 8160 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
16:18:33.0766 8160 FontCache - ok
16:18:33.0813 8160 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:18:33.0844 8160 FontCache3.0.0.0 - ok
16:18:33.0860 8160 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:18:33.0891 8160 FsDepends - ok
16:18:33.0922 8160 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
16:18:33.0953 8160 fssfltr - ok
16:18:34.0016 8160 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
16:18:34.0078 8160 fsssvc - ok
16:18:34.0109 8160 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:18:34.0125 8160 Fs_Rec - ok
16:18:34.0187 8160 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:18:34.0203 8160 fvevol - ok
16:18:34.0219 8160 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:18:34.0219 8160 gagp30kx - ok
16:18:34.0297 8160 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:18:34.0390 8160 gpsvc - ok
16:18:34.0484 8160 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:18:34.0515 8160 gupdate - ok
16:18:34.0562 8160 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:18:34.0593 8160 gupdatem - ok
16:18:34.0624 8160 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:18:34.0655 8160 gusvc - ok
16:18:34.0702 8160 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
16:18:34.0733 8160 hamachi - ok
16:18:34.0874 8160 [ 785FD63B74B30986A9F2C7D965CA509F ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
16:18:34.0921 8160 Hamachi2Svc - ok
16:18:34.0952 8160 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:18:34.0967 8160 hcw85cir - ok
16:18:34.0999 8160 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:18:35.0045 8160 HdAudAddService - ok
16:18:35.0077 8160 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:18:35.0123 8160 HDAudBus - ok
16:18:35.0123 8160 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
16:18:35.0155 8160 HidBatt - ok
16:18:35.0186 8160 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:18:35.0186 8160 HidBth - ok
16:18:35.0233 8160 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
16:18:35.0264 8160 HidIr - ok
16:18:35.0295 8160 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
16:18:35.0357 8160 hidserv - ok
16:18:35.0389 8160 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:18:35.0451 8160 HidUsb - ok
16:18:35.0467 8160 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:18:35.0545 8160 hkmsvc - ok
16:18:35.0560 8160 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:18:35.0607 8160 HomeGroupListener - ok
16:18:35.0638 8160 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:18:35.0669 8160 HomeGroupProvider - ok
16:18:35.0779 8160 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
16:18:35.0794 8160 hpqcxs08 - ok
16:18:35.0810 8160 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
16:18:35.0825 8160 hpqddsvc - ok
16:18:35.0872 8160 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:18:35.0888 8160 HpSAMD - ok
16:18:36.0075 8160 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
16:18:36.0137 8160 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
16:18:36.0137 8160 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
16:18:36.0278 8160 [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64 C:\Windows\system32\Drivers\ANDROIDUSB.sys
16:18:36.0325 8160 HTCAND64 ( UnsignedFile.Multi.Generic ) - warning
16:18:36.0325 8160 HTCAND64 - detected UnsignedFile.Multi.Generic (1)
16:18:36.0512 8160 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:18:36.0590 8160 HTTP - ok
16:18:36.0652 8160 [ 8F9B0FC4EC3A8194BD4CBC5ED3E7ABEB ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
16:18:36.0699 8160 hwdatacard - ok
16:18:36.0746 8160 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:18:36.0746 8160 hwpolicy - ok
16:18:36.0793 8160 [ B45B3647BA32749B94FA689175EC8C26 ] hwusbdev C:\Windows\system32\DRIVERS\ewusbdev.sys
16:18:36.0824 8160 hwusbdev - ok
16:18:36.0855 8160 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:18:36.0871 8160 i8042prt - ok
16:18:36.0886 8160 [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
16:18:36.0902 8160 iaStor - ok
16:18:36.0980 8160 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:18:37.0027 8160 iaStorV - ok
16:18:37.0042 8160 [ DE9E40BAEE2E48FD1E3EB423074C014C ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
16:18:37.0073 8160 iBtFltCoex - ok
16:18:37.0136 8160 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:18:37.0183 8160 IDriverT ( UnsignedFile.Multi.Generic ) - warning
16:18:37.0183 8160 IDriverT - detected UnsignedFile.Multi.Generic (1)
16:18:37.0261 8160 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:18:37.0307 8160 idsvc - ok
16:18:37.0713 8160 [ 174BCAC474DE13B2650E444CF124828E ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
16:18:38.0072 8160 igfx - ok
16:18:38.0119 8160 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:18:38.0134 8160 iirsp - ok
16:18:38.0181 8160 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:18:38.0228 8160 IKEEXT - ok
16:18:38.0275 8160 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
16:18:38.0275 8160 intaud_WaveExtensible - ok
16:18:38.0384 8160 [ 028E40182A6F0374978C755F85B9F07C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:18:38.0431 8160 IntcAzAudAddService - ok
16:18:38.0477 8160 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:18:38.0477 8160 intelide - ok
16:18:38.0524 8160 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:18:38.0587 8160 intelppm - ok
16:18:38.0649 8160 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:18:38.0743 8160 IPBusEnum - ok
16:18:38.0789 8160 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:18:38.0883 8160 IpFilterDriver - ok
16:18:38.0945 8160 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:18:38.0992 8160 iphlpsvc - ok
16:18:39.0023 8160 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:18:39.0070 8160 IPMIDRV - ok
16:18:39.0086 8160 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:18:39.0148 8160 IPNAT - ok
16:18:39.0226 8160 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:18:39.0257 8160 iPod Service - ok
16:18:39.0289 8160 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:18:39.0351 8160 IRENUM - ok
16:18:39.0367 8160 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:18:39.0398 8160 isapnp - ok
16:18:39.0429 8160 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:18:39.0445 8160 iScsiPrt - ok
16:18:39.0491 8160 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys
16:18:39.0523 8160 iwdbus - ok
16:18:39.0554 8160 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:18:39.0569 8160 kbdclass - ok
16:18:39.0585 8160 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:18:39.0647 8160 kbdhid - ok
16:18:39.0694 8160 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
16:18:39.0725 8160 kbfiltr - ok
16:18:39.0741 8160 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:18:39.0757 8160 KeyIso - ok
16:18:39.0835 8160 [ 8B5219318DF5895ABD230C373F2DF18A ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
16:18:39.0881 8160 kl1 - ok
16:18:39.0991 8160 [ 8191BB24F61EBCAF84719993C7F7B5C6 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
16:18:40.0037 8160 KLIF - ok
16:18:40.0084 8160 [ 9BD99E1AB3F664120AB95C35F9EC1EB0 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
16:18:40.0115 8160 KLIM6 - ok
16:18:40.0178 8160 [ 2C43FD500522EF3B8C283A5846B7FC41 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
16:18:40.0209 8160 klkbdflt - ok
16:18:40.0240 8160 [ 70A6D2E292017EC47949696F51ABE18D ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
16:18:40.0256 8160 klmouflt - ok
16:18:40.0303 8160 [ FFC0501A1EA742406F1904A0CFE3BFE2 ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
16:18:40.0318 8160 kltdi - ok
16:18:40.0381 8160 [ 185D21CB8F10CFB351FF65DA88C18BC9 ] kneps C:\Windows\system32\DRIVERS\kneps.sys
16:18:40.0396 8160 kneps - ok
16:18:40.0427 8160 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:18:40.0443 8160 KSecDD - ok
16:18:40.0474 8160 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:18:40.0490 8160 KSecPkg - ok
16:18:40.0537 8160 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:18:40.0615 8160 ksthunk - ok
16:18:40.0661 8160 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:18:40.0755 8160 KtmRm - ok
16:18:40.0817 8160 [ A4A9CA24E54E81C6C3E469EAEB4B3F42 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
16:18:40.0833 8160 L1C - ok
16:18:40.0895 8160 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
16:18:40.0973 8160 LanmanServer - ok
16:18:41.0083 8160 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:18:41.0161 8160 lltdio - ok
16:18:41.0207 8160 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:18:41.0270 8160 lltdsvc - ok
16:18:41.0301 8160 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:18:41.0332 8160 lmhosts - ok
16:18:41.0410 8160 [ 0803906D607A9B83184447B75B60ECC2 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:18:41.0441 8160 LMS - ok
16:18:41.0488 8160 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:18:41.0504 8160 LSI_FC - ok
16:18:41.0535 8160 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:18:41.0551 8160 LSI_SAS - ok
16:18:41.0597 8160 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
16:18:41.0613 8160 LSI_SAS2 - ok
16:18:41.0629 8160 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:18:41.0644 8160 LSI_SCSI - ok
16:18:41.0675 8160 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:18:41.0753 8160 luafv - ok
16:18:41.0863 8160 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
16:18:41.0894 8160 MBAMProtector - ok
16:18:41.0956 8160 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:18:41.0987 8160 MBAMScheduler - ok
16:18:42.0050 8160 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:18:42.0097 8160 MBAMService - ok
16:18:42.0143 8160 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:18:42.0190 8160 Mcx2Svc - ok
16:18:42.0221 8160 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
16:18:42.0237 8160 megasas - ok
16:18:42.0299 8160 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
16:18:42.0331 8160 MegaSR - ok
16:18:42.0362 8160 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
16:18:42.0377 8160 MEIx64 - ok
16:18:42.0471 8160 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
16:18:42.0487 8160 Microsoft Office Groove Audit Service - ok
16:18:42.0518 8160 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:18:42.0627 8160 MMCSS - ok
16:18:42.0627 8160 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:18:42.0689 8160 Modem - ok
16:18:42.0721 8160 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:18:42.0783 8160 monitor - ok
16:18:42.0814 8160 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:18:42.0845 8160 mouclass - ok
16:18:42.0877 8160 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:18:42.0939 8160 mouhid - ok
16:18:42.0955 8160 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:18:42.0970 8160 mountmgr - ok
16:18:43.0033 8160 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:18:43.0079 8160 MozillaMaintenance - ok
16:18:43.0111 8160 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:18:43.0142 8160 mpio - ok
16:18:43.0142 8160 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:18:43.0204 8160 mpsdrv - ok
16:18:43.0251 8160 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:18:43.0313 8160 MpsSvc - ok
16:18:43.0345 8160 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:18:43.0423 8160 MRxDAV - ok
16:18:43.0469 8160 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:18:43.0501 8160 mrxsmb - ok
16:18:43.0579 8160 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:18:43.0625 8160 mrxsmb10 - ok
16:18:43.0641 8160 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:18:43.0688 8160 mrxsmb20 - ok
16:18:43.0703 8160 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:18:43.0719 8160 msahci - ok
16:18:43.0750 8160 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:18:43.0766 8160 msdsm - ok
16:18:43.0781 8160 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:18:43.0844 8160 MSDTC - ok
16:18:43.0844 8160 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:18:43.0906 8160 Msfs - ok
16:18:43.0937 8160 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:18:43.0984 8160 mshidkmdf - ok
16:18:43.0984 8160 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:18:44.0000 8160 msisadrv - ok
16:18:44.0031 8160 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:18:44.0125 8160 MSiSCSI - ok
16:18:44.0125 8160 msiserver - ok
16:18:44.0171 8160 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:18:44.0249 8160 MSKSSRV - ok
16:18:44.0296 8160 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:18:44.0343 8160 MSPCLOCK - ok
16:18:44.0452 8160 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:18:44.0577 8160 MSPQM - ok
16:18:44.0593 8160 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:18:44.0608 8160 MsRPC - ok
16:18:44.0624 8160 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:18:44.0624 8160 mssmbios - ok
16:18:44.0639 8160 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:18:44.0733 8160 MSTEE - ok
16:18:44.0733 8160 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
16:18:44.0795 8160 MTConfig - ok
16:18:44.0811 8160 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:18:44.0827 8160 Mup - ok
16:18:44.0858 8160 [ 4BBB9D9C4DF259FAE2D172C5BB25DDD0 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
16:18:44.0873 8160 MyWiFiDHCPDNS - ok
16:18:44.0951 8160 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:18:44.0998 8160 napagent - ok
16:18:45.0170 8160 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:18:45.0248 8160 NativeWifiP - ok
16:18:45.0341 8160 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:18:45.0357 8160 NDIS - ok
16:18:45.0404 8160 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:18:45.0451 8160 NdisCap - ok
16:18:45.0544 8160 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:18:45.0653 8160 NdisTapi - ok
16:18:45.0653 8160 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:18:45.0716 8160 Ndisuio - ok
16:18:45.0778 8160 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:18:45.0841 8160 NdisWan - ok
16:18:45.0856 8160 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:18:45.0903 8160 NDProxy - ok
16:18:45.0950 8160 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
16:18:45.0981 8160 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:18:45.0981 8160 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:18:46.0012 8160 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:18:46.0090 8160 NetBIOS - ok
16:18:46.0137 8160 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:18:46.0184 8160 NetBT - ok
16:18:46.0199 8160 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:18:46.0215 8160 Netlogon - ok
16:18:46.0262 8160 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:18:46.0355 8160 Netman - ok
16:18:46.0371 8160 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:18:46.0418 8160 netprofm - ok
16:18:46.0449 8160 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:18:46.0465 8160 NetTcpPortSharing - ok
16:18:46.0683 8160 [ AC69618DE5BCCE8747C9AB0AAE1003C1 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
16:18:46.0948 8160 NETwNs64 - ok
16:18:46.0995 8160 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:18:47.0026 8160 nfrd960 - ok
16:18:47.0057 8160 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:18:47.0104 8160 NlaSvc - ok
16:18:47.0120 8160 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:18:47.0167 8160 Npfs - ok
16:18:47.0213 8160 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:18:47.0307 8160 nsi - ok
16:18:47.0354 8160 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:18:47.0447 8160 nsiproxy - ok
16:18:47.0525 8160 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:18:47.0603 8160 Ntfs - ok
16:18:47.0619 8160 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:18:47.0681 8160 Null - ok
16:18:47.0728 8160 [ 10204955027011E08A9DC27737A48A54 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
16:18:47.0744 8160 NVHDA - ok
16:18:47.0806 8160 [ 63BCD806F51C31159193697F306FEB7F ] nvkflt C:\Windows\system32\DRIVERS\nvkflt.sys
16:18:47.0822 8160 nvkflt - ok
16:18:48.0118 8160 [ B15258B1F45F9571758AC6BB2F043B01 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:18:48.0274 8160 nvlddmkm - ok
16:18:48.0305 8160 [ 682EA9ED3399D6066F0DAECF7938727E ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
16:18:48.0321 8160 nvpciflt - ok
16:18:48.0352 8160 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:18:48.0352 8160 nvraid - ok
16:18:48.0368 8160 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:18:48.0383 8160 nvstor - ok
16:18:48.0446 8160 [ 2D7092FEC9BD2ACA199673BBA2BA9277 ] NVSvc C:\Windows\system32\nvvsvc.exe
16:18:48.0493 8160 NVSvc - ok
16:18:48.0633 8160 [ 7E22DE30E222BFDFCEC7E77032BAF3CD ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
16:18:48.0680 8160 nvUpdatusService - ok
16:18:48.0742 8160 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:18:48.0789 8160 nv_agp - ok
16:18:48.0836 8160 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:18:48.0883 8160 odserv - ok
16:18:48.0898 8160 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:18:48.0929 8160 ohci1394 - ok
16:18:48.0976 8160 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:18:49.0007 8160 ose - ok
16:18:49.0210 8160 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:18:49.0413 8160 osppsvc - ok
16:18:49.0460 8160 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:18:49.0522 8160 p2pimsvc - ok
16:18:49.0553 8160 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:18:49.0616 8160 p2psvc - ok
16:18:49.0663 8160 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
16:18:49.0725 8160 Parport - ok
16:18:49.0772 8160 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:18:49.0803 8160 partmgr - ok
16:18:49.0819 8160 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:18:49.0865 8160 PcaSvc - ok
16:18:49.0865 8160 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:18:49.0881 8160 pci - ok
16:18:49.0881 8160 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:18:49.0897 8160 pciide - ok
16:18:49.0912 8160 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:18:49.0928 8160 pcmcia - ok
16:18:49.0928 8160 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:18:49.0943 8160 pcw - ok
16:18:49.0959 8160 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:18:50.0021 8160 PEAUTH - ok
16:18:50.0099 8160 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:18:50.0146 8160 PerfHost - ok
16:18:50.0224 8160 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:18:50.0333 8160 pla - ok
16:18:50.0380 8160 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:18:50.0443 8160 PlugPlay - ok
16:18:50.0505 8160 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
16:18:50.0536 8160 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:18:50.0536 8160 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:18:50.0552 8160 PnkBstrA - ok
16:18:50.0567 8160 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:18:50.0614 8160 PNRPAutoReg - ok
16:18:50.0645 8160 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:18:50.0677 8160 PNRPsvc - ok
16:18:50.0708 8160 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
16:18:50.0739 8160 Point64 - ok
16:18:50.0755 8160 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:18:50.0833 8160 PolicyAgent - ok
16:18:50.0864 8160 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:18:50.0942 8160 Power - ok
16:18:50.0989 8160 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:18:51.0082 8160 PptpMiniport - ok
16:18:51.0098 8160 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
16:18:51.0160 8160 Processor - ok
16:18:51.0191 8160 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:18:51.0254 8160 ProfSvc - ok
16:18:51.0285 8160 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:18:51.0301 8160 ProtectedStorage - ok
16:18:51.0347 8160 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:18:51.0394 8160 Psched - ok
16:18:51.0472 8160 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:18:51.0550 8160 ql2300 - ok
16:18:51.0550 8160 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:18:51.0566 8160 ql40xx - ok
16:18:51.0597 8160 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:18:51.0613 8160 QWAVE - ok
16:18:51.0628 8160 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:18:51.0659 8160 QWAVEdrv - ok
16:18:51.0659 8160 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:18:51.0691 8160 RasAcd - ok
16:18:51.0753 8160 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:18:51.0831 8160 RasAgileVpn - ok
16:18:51.0862 8160 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:18:51.0909 8160 RasAuto - ok
16:18:51.0909 8160 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:18:51.0956 8160 Rasl2tp - ok
16:18:51.0987 8160 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:18:52.0018 8160 RasMan - ok
16:18:52.0034 8160 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:18:52.0081 8160 RasPppoe - ok
16:18:52.0112 8160 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:18:52.0190 8160 RasSstp - ok
16:18:52.0221 8160 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:18:52.0268 8160 rdbss - ok
16:18:52.0299 8160 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
16:18:52.0361 8160 rdpbus - ok
16:18:52.0377 8160 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:18:52.0439 8160 RDPCDD - ok
16:18:52.0455 8160 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:18:52.0502 8160 RDPENCDD - ok
16:18:52.0517 8160 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:18:52.0564 8160 RDPREFMP - ok
16:18:52.0595 8160 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:18:52.0642 8160 RDPWD - ok
16:18:52.0689 8160 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:18:52.0720 8160 rdyboost - ok
16:18:52.0798 8160 [ A436F5E7D80BBDBB0826D0F176D5BEA8 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
16:18:52.0845 8160 RegSrvc - ok
16:18:52.0876 8160 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:18:52.0939 8160 RemoteAccess - ok
16:18:52.0985 8160 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:18:53.0079 8160 RemoteRegistry - ok
16:18:53.0126 8160 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
16:18:53.0173 8160 RFCOMM - ok
16:18:53.0282 8160 [ 616F6E52CAE254727A886BA8EDA1BEEA ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
16:18:53.0313 8160 RichVideo - ok
16:18:53.0344 8160 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:18:53.0407 8160 RpcEptMapper - ok
16:18:53.0438 8160 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:18:53.0469 8160 RpcLocator - ok
16:18:53.0500 8160 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:18:53.0531 8160 RpcSs - ok
16:18:53.0609 8160 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:18:53.0672 8160 rspndr - ok
16:18:53.0828 8160 [ 945AB249D12CBE044782430C6013AA1A ] RTL8187B C:\Windows\system32\DRIVERS\rtl8187B.sys
16:18:53.0906 8160 RTL8187B - ok
16:18:53.0921 8160 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:18:53.0953 8160 SamSs - ok
16:18:53.0968 8160 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:18:53.0984 8160 sbp2port - ok
16:18:54.0046 8160 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:18:54.0109 8160 SCardSvr - ok
16:18:54.0155 8160 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:18:54.0249 8160 scfilter - ok
16:18:54.0327 8160 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:18:54.0405 8160 Schedule - ok
16:18:54.0436 8160 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:18:54.0467 8160 SCPolicySvc - ok
16:18:54.0467 8160 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:18:54.0499 8160 SDRSVC - ok
16:18:54.0545 8160 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:18:54.0608 8160 secdrv - ok
16:18:54.0686 8160 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:18:54.0779 8160 seclogon - ok
16:18:54.0795 8160 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
16:18:54.0889 8160 SENS - ok
16:18:54.0982 8160 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:18:55.0045 8160 SensrSvc - ok
16:18:55.0060 8160 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
16:18:55.0107 8160 Serenum - ok
16:18:55.0154 8160 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
16:18:55.0216 8160 Serial - ok
16:18:55.0263 8160 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:18:55.0310 8160 sermouse - ok
16:18:55.0357 8160 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:18:55.0419 8160 SessionEnv - ok
16:18:55.0419 8160 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:18:55.0466 8160 sffdisk - ok
16:18:55.0466 8160 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:18:55.0497 8160 sffp_mmc - ok
16:18:55.0513 8160 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:18:55.0575 8160 sffp_sd - ok
16:18:55.0575 8160 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:18:55.0637 8160 sfloppy - ok
16:18:55.0793 8160 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
16:18:55.0825 8160 Sftfs - ok
16:18:55.0918 8160 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
16:18:55.0949 8160 sftlist - ok
16:18:55.0965 8160 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
16:18:55.0981 8160 Sftplay - ok
16:18:56.0012 8160 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
16:18:56.0027 8160 Sftredir - ok
16:18:56.0043 8160 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
16:18:56.0043 8160 Sftvol - ok
16:18:56.0059 8160 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
16:18:56.0074 8160 sftvsa - ok
16:18:56.0121 8160 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:18:56.0199 8160 SharedAccess - ok
16:18:56.0246 8160 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:18:56.0308 8160 ShellHWDetection - ok
16:18:56.0355 8160 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
16:18:56.0402 8160 SiSGbeLH - ok
16:18:56.0433 8160 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
16:18:56.0449 8160 SiSRaid2 - ok
16:18:56.0480 8160 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:18:56.0480 8160 SiSRaid4 - ok
16:18:56.0495 8160 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:18:56.0542 8160 Smb - ok
16:18:56.0573 8160 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:18:56.0620 8160 SNMPTRAP - ok
16:18:56.0667 8160 [ 0416266CCBC2B95EAE2C6E0AA5D228FD ] Splashtop MDES C:\ASUS.SYS\SIONExportService.exe
16:18:56.0698 8160 Splashtop MDES - ok
16:18:56.0714 8160 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:18:56.0714 8160 spldr - ok
16:18:56.0745 8160 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
16:18:56.0776 8160 Spooler - ok
16:18:56.0870 8160 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:18:56.0963 8160 sppsvc - ok
16:18:56.0979 8160 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:18:57.0026 8160 sppuinotify - ok
16:18:57.0057 8160 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:18:57.0088 8160 srv - ok
16:18:57.0119 8160 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:18:57.0135 8160 srv2 - ok
16:18:57.0151 8160 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:18:57.0166 8160 srvnet - ok
16:18:57.0229 8160 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:18:57.0322 8160 SSDPSRV - ok
16:18:57.0353 8160 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:18:57.0431 8160 SstpSvc - ok
16:18:57.0494 8160 [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
16:18:57.0525 8160 ssudmdm - ok
16:18:57.0634 8160 [ 9E1222C417291BC836210743624A8E5E ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:18:57.0665 8160 Stereo Service - ok
16:18:57.0697 8160 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
16:18:57.0712 8160 stexstor - ok
16:18:57.0743 8160 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
16:18:57.0806 8160 StillCam - ok
16:18:57.0868 8160 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:18:57.0915 8160 stisvc - ok
16:18:57.0946 8160 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:18:57.0946 8160 swenum - ok
16:18:57.0977 8160 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:18:58.0024 8160 swprv - ok
16:18:58.0102 8160 [ 7E8902F9929A5D9FFD0F545332CE0F10 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
16:18:58.0149 8160 SynTP - ok
16:18:58.0196 8160 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:18:58.0243 8160 SysMain - ok
16:18:58.0258 8160 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:18:58.0289 8160 TabletInputService - ok
16:18:58.0321 8160 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:18:58.0383 8160 TapiSrv - ok
16:18:58.0414 8160 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:18:58.0461 8160 TBS - ok
16:18:58.0539 8160 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:18:58.0617 8160 Tcpip - ok
16:18:58.0664 8160 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:18:58.0695 8160 TCPIP6 - ok
16:18:58.0711 8160 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:18:58.0757 8160 tcpipreg - ok
16:18:58.0804 8160 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:18:58.0835 8160 TDPIPE - ok
16:18:58.0867 8160 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:18:58.0913 8160 TDTCP - ok
16:18:58.0945 8160 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:18:58.0976 8160 tdx - ok
16:18:59.0054 8160 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:18:59.0085 8160 TermDD - ok
16:18:59.0116 8160 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:18:59.0163 8160 TermService - ok
16:18:59.0179 8160 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:18:59.0210 8160 Themes - ok
16:18:59.0257 8160 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:18:59.0303 8160 THREADORDER - ok
16:18:59.0303 8160 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:18:59.0366 8160 TrkWks - ok
16:18:59.0397 8160 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:18:59.0428 8160 TrustedInstaller - ok
16:18:59.0444 8160 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:18:59.0475 8160 tssecsrv - ok
16:18:59.0506 8160 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:18:59.0553 8160 TsUsbFlt - ok
16:18:59.0569 8160 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
16:18:59.0615 8160 TsUsbGD - ok
16:18:59.0756 8160 [ E8985332F611F56ADBCFF987E7D67D51 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
16:18:59.0803 8160 TuneUp.UtilitiesSvc - ok
16:18:59.0834 8160 [ 7BC3381C0713F613B31ACDE38B71CB53 ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys
16:18:59.0834 8160 TuneUpUtilitiesDrv - ok
16:18:59.0896 8160 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:18:59.0974 8160 tunnel - ok
16:19:00.0005 8160 [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
16:19:00.0005 8160 TurboB - ok
16:19:00.0052 8160 [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
16:19:00.0052 8160 TurboBoost - ok
16:19:00.0068 8160 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:19:00.0083 8160 uagp35 - ok
16:19:00.0099 8160 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:19:00.0193 8160 udfs - ok
16:19:00.0239 8160 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:19:00.0302 8160 UI0Detect - ok
16:19:00.0349 8160 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:19:00.0380 8160 uliagpkx - ok
16:19:00.0427 8160 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:19:00.0489 8160 umbus - ok
16:19:00.0505 8160 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
16:19:00.0551 8160 UmPass - ok
16:19:00.0707 8160 [ EB79C6C91A99930015EF29AE7FA802D1 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
16:19:00.0754 8160 UNS - ok
16:19:00.0770 8160 Update-Service - ok
16:19:00.0801 8160 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:19:00.0879 8160 upnphost - ok
16:19:00.0941 8160 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
16:19:00.0988 8160 USBAAPL64 - ok
16:19:01.0035 8160 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
16:19:01.0097 8160 usbaudio - ok
16:19:01.0144 8160 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:19:01.0191 8160 usbccgp - ok
16:19:01.0253 8160 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:19:01.0331 8160 usbcir - ok
16:19:01.0347 8160 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
16:19:01.0394 8160 usbehci - ok
16:19:01.0441 8160 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:19:01.0472 8160 usbhub - ok
16:19:01.0487 8160 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:19:01.0503 8160 usbohci - ok
16:19:01.0519 8160 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:19:01.0550 8160 usbprint - ok
16:19:01.0597 8160 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:19:01.0659 8160 usbscan - ok
16:19:01.0675 8160 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:19:01.0690 8160 USBSTOR - ok
16:19:01.0706 8160 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:19:01.0753 8160 usbuhci - ok
16:19:01.0799 8160 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
16:19:01.0862 8160 usbvideo - ok
16:19:01.0893 8160 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:19:01.0924 8160 UxSms - ok
16:19:01.0987 8160 [ 0089C14DFBBEB6B3A22BE14A44A4CE1F ] UxTuneUp C:\Windows\System32\uxtuneup.dll
16:19:02.0018 8160 UxTuneUp - ok
16:19:02.0033 8160 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:19:02.0065 8160 VaultSvc - ok
16:19:02.0096 8160 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:19:02.0111 8160 vdrvroot - ok
16:19:02.0143 8160 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:19:02.0205 8160 vds - ok
16:19:02.0236 8160 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:19:02.0252 8160 vga - ok
16:19:02.0267 8160 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:19:02.0283 8160 VgaSave - ok
16:19:02.0299 8160 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:19:02.0314 8160 vhdmp - ok
16:19:02.0330 8160 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:19:02.0330 8160 viaide - ok
16:19:02.0361 8160 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:19:02.0377 8160 volmgr - ok
16:19:02.0408 8160 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:19:02.0423 8160 volmgrx - ok
16:19:02.0455 8160 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:19:02.0486 8160 volsnap - ok
16:19:02.0517 8160 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:19:02.0533 8160 vsmraid - ok
16:19:02.0579 8160 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:19:02.0689 8160 VSS - ok
16:19:02.0720 8160 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:19:02.0767 8160 vwifibus - ok
16:19:02.0798 8160 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:19:02.0829 8160 vwififlt - ok
16:19:02.0845 8160 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
16:19:02.0876 8160 vwifimp - ok
16:19:02.0923 8160 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:19:03.0001 8160 W32Time - ok
16:19:03.0016 8160 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:19:03.0047 8160 WacomPen - ok
16:19:03.0063 8160 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:19:03.0094 8160 WANARP - ok
16:19:03.0110 8160 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:19:03.0141 8160 Wanarpv6 - ok
16:19:03.0172 8160 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:19:03.0250 8160 wbengine - ok
16:19:03.0266 8160 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:19:03.0281 8160 WbioSrvc - ok
16:19:03.0297 8160 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:19:03.0344 8160 wcncsvc - ok
16:19:03.0359 8160 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:19:03.0406 8160 WcsPlugInService - ok
16:19:03.0437 8160 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
16:19:03.0469 8160 Wd - ok
16:19:03.0562 8160 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:19:03.0640 8160 Wdf01000 - ok
16:19:03.0671 8160 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:19:03.0703 8160 WdiServiceHost - ok
16:19:03.0703 8160 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:19:03.0734 8160 WdiSystemHost - ok
16:19:03.0796 8160 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:19:03.0843 8160 WebClient - ok
16:19:03.0874 8160 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:19:03.0952 8160 Wecsvc - ok
16:19:03.0983 8160 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:19:04.0046 8160 wercplsupport - ok
16:19:04.0093 8160 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:19:04.0171 8160 WerSvc - ok
16:19:04.0186 8160 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:19:04.0217 8160 WfpLwf - ok
16:19:04.0249 8160 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
16:19:04.0249 8160 WimFltr - ok
16:19:04.0280 8160 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:19:04.0280 8160 WIMMount - ok
16:19:04.0311 8160 WinDefend - ok
16:19:04.0311 8160 WinHttpAutoProxySvc - ok
16:19:04.0358 8160 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:19:04.0451 8160 Winmgmt - ok
16:19:04.0545 8160 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:19:04.0654 8160 WinRM - ok
16:19:04.0701 8160 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:19:04.0701 8160 WinUsb - ok
16:19:04.0748 8160 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:19:04.0857 8160 Wlansvc - ok
16:19:04.0951 8160 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:19:04.0966 8160 wlcrasvc - ok
16:19:05.0075 8160 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:19:05.0107 8160 wlidsvc - ok
16:19:05.0153 8160 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:19:05.0200 8160 WmiAcpi - ok
16:19:05.0247 8160 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:19:05.0309 8160 wmiApSrv - ok
16:19:05.0341 8160 WMPNetworkSvc - ok
16:19:05.0387 8160 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:19:05.0434 8160 WPCSvc - ok
16:19:05.0450 8160 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:19:05.0465 8160 WPDBusEnum - ok
16:19:05.0497 8160 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:19:05.0590 8160 ws2ifsl - ok
16:19:05.0606 8160 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
16:19:05.0621 8160 wscsvc - ok
16:19:05.0684 8160 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
16:19:05.0762 8160 WSDPrintDevice - ok
16:19:05.0762 8160 WSearch - ok
16:19:05.0855 8160 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:19:05.0887 8160 wuauserv - ok
16:19:05.0918 8160 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:19:05.0949 8160 WudfPf - ok
16:19:05.0980 8160 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:19:06.0043 8160 WUDFRd - ok
16:19:06.0058 8160 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:19:06.0136 8160 wudfsvc - ok
16:19:06.0183 8160 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:19:06.0245 8160 WwanSvc - ok
16:19:06.0308 8160 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
16:19:06.0355 8160 xusb21 - ok
16:19:06.0401 8160 ================ Scan global ===============================
16:19:06.0433 8160 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:19:06.0448 8160 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
16:19:06.0464 8160 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
16:19:06.0495 8160 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:19:06.0511 8160 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:19:06.0526 8160 [Global] - ok
16:19:06.0526 8160 ================ Scan MBR ==================================
16:19:06.0526 8160 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:19:06.0932 8160 \Device\Harddisk0\DR0 - ok
16:19:06.0932 8160 ================ Scan VBR ==================================
16:19:06.0932 8160 [ 33047DF1A8DBAF404F77E82927AEC3D7 ] \Device\Harddisk0\DR0\Partition1
16:19:06.0947 8160 \Device\Harddisk0\DR0\Partition1 - ok
16:19:06.0963 8160 [ E4E2338BBB92001ECBC46002F77046DE ] \Device\Harddisk0\DR0\Partition2
16:19:06.0979 8160 \Device\Harddisk0\DR0\Partition2 - ok
16:19:06.0979 8160 ============================================================
16:19:06.0979 8160 Scan finished
16:19:06.0979 8160 ============================================================
16:19:06.0994 7820 Detected object count: 7
16:19:06.0994 7820 Actual detected object count: 7
16:20:27.0194 7820 DfSdkS ( UnsignedFile.Multi.Generic ) - skipped by user
16:20:27.0194 7820 DfSdkS ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:20:27.0194 7820 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
16:20:27.0194 7820 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:20:27.0194 7820 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
16:20:27.0194 7820 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:20:27.0194 7820 HTCAND64 ( UnsignedFile.Multi.Generic ) - skipped by user
16:20:27.0194 7820 HTCAND64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:20:27.0194 7820 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
16:20:27.0194 7820 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:20:27.0194 7820 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:20:27.0194 7820 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:20:27.0194 7820 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:20:27.0194 7820 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
| Themen zu Arbeitsstationsdienst lässt sich nicht starten! |
| anschluss, arbeitsstationsdienst, c:\windows, check, computer, datei, einfach, folge, forum, funktioniert, funktioniert nicht, funktioniert nicht mehr, hilfe!, infektion, kaspersky, lanmanworkstation, microsoft, neu, neue, neuen, nicht mehr, rechner, starten, system, system32, trojaner, windows-explorer, windows-explorer funktioniert nicht, öffnen |
Linear-Darstellung
