| |
| |||||||
Log-Analyse und Auswertung: BKA/GVU-Virus vollständig entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
18.02.2013, 19:22
| #1 |
 |  BKA/GVU-Virus vollständig entfernen Hallo Trojaner-Board-Team. Habe mir Ende letzter Woche über wetter.com den bekannten GVU/BKA-Trojaner eingefangen. Gestern startete ich einen ersten Versuch den Rechner zu "desinfizieren" und habe folgende Schritte durchgeführt: 1. Da Abgesicherter Modus automatisch heruntergefahren wurde über das Tool "System reparieren" bei Systemstart wurde der PC auf einen früheren Termin zurückgesetzt. 2. Nachdem damit das "Hauptsymptom" (der geblockte Desktop) behoben war habe ich mit Malwarebytes Anti-Malware, adwcleaner und ComboFix sowie eines komplett Systemchecks mit Antivir versucht den PC zu entseuchen. (Die Logs von Antivir, mbam und Combofix sind vorhanden) Anschließend spielte ich ca. 140 Windows-Updates auf den Rechner. (Die leider etwas vernachlässigt wurden) Das ganze war anscheinend nicht von Erfolg gekrönt, heute meldete die Firewall einen geblockten Prozesse: idfa.exe aus dem Ordner C Appdata/Roaming. Ein erneuter Check mit mbam Ergab 8 Funde (Log vorhanden). Um forenkonform zu bleiben habe ich nun Defogger, OTL und GMER ausgeführt, die Logs im Folgenden:OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.02.2013 18:13:30 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\pc\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,99 Gb Total Physical Memory | 7,71 Gb Available Physical Memory | 85,77% Memory free 17,98 Gb Paging File | 16,59 Gb Available in Paging File | 92,25% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 916,86 Gb Total Space | 687,44 Gb Free Space | 74,98% Space Free | Partition Type: NTFS Drive I: | 7,70 Gb Total Space | 1,60 Gb Free Space | 20,85% Space Free | Partition Type: FAT32 Computer Name: PC-PC | User Name: pc | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.18 18:02:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe PRC - [2013.02.17 18:28:47 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.17 18:28:04 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.02.17 18:28:04 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.01.19 20:01:35 | 000,281,224 | ---- | M] (Quick Heal Technologies Pvt. Ltd.) -- C:\Users\pc\AppData\Roaming\Tuyf\idfa.exe PRC - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.06.28 13:58:32 | 002,345,984 | ---- | M] (Koninklijke Philips Electronics N.V.) -- C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe PRC - [2010.06.21 10:14:30 | 000,308,736 | ---- | M] () -- C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe ========== Modules (No Company Name) ========== MOD - [2010.06.21 10:14:30 | 000,308,736 | ---- | M] () -- C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe ========== Services (SafeList) ========== SRV - [2013.02.17 18:28:47 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.17 18:28:04 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.09.21 13:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.17 18:29:13 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.02.17 18:29:13 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.02.17 18:29:12 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2010.09.16 18:33:42 | 001,918,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur) DRV:64bit: - [2010.06.26 10:23:39 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.02.08 04:45:06 | 000,024,064 | ---- | M] (WiFi Media Connect) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wfmcvad.sys -- (WFMC_VAD) DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.03 00:58:24 | 000,507,392 | ---- | M] (ITETech ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AF15BDA.sys -- (AF15BDA) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BC 90 9F 0A 50 3A CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Users\pc\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google) [2012.11.06 21:03:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pc\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions [2012.11.06 21:03:55 | 000,214,127 | ---- | M] () (No name found) -- C:\Users\pc\AppData\Roaming\mozilla\firefox\profiles\0\extensions\freehdsport@freehdsport.tv.xpi ========== Chrome ========== CHR - homepage: hxxp://www.google.de/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.de/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Users\pc\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - Extension: Google Drive = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013.02.17 18:02:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKCU..\Run: [Ysydyvagig] C:\Users\pc\AppData\Roaming\Tuyf\idfa.exe (Quick Heal Technologies Pvt. Ltd.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35F4AA8F-2F60-4825-803F-85B0950A4145}: DhcpNameServer = 134.93.48.210 134.93.48.196 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8A1D9CF-AD92-4CA0-99BB-D5A129FCC3B5}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.18 18:08:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe [2013.02.18 17:42:45 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Ufyq [2013.02.18 17:42:45 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Tuyf [2013.02.18 17:42:45 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Siyhas [2013.02.18 17:42:23 | 000,076,400 | ---- | C] (Quick Heal Technologies Pvt. Ltd.) -- C:\Users\pc\AppData\Roaming\kb3.exe [2013.02.17 21:13:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2013.02.17 19:14:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2013.02.17 18:39:22 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Avira [2013.02.17 18:33:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.02.17 18:33:48 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.02.17 18:33:48 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.02.17 18:33:48 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.02.17 18:33:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.02.17 18:33:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.02.17 18:09:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.02.17 18:03:24 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.02.17 17:56:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.02.17 17:56:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.02.17 17:56:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.02.17 17:56:12 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.02.17 17:55:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.02.17 17:40:37 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Malwarebytes [2013.02.17 17:40:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.17 17:40:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.17 17:40:28 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.17 17:40:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.17 17:39:29 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\Programs [2013.02.17 17:38:54 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\antivirusproggis [2013.02.14 16:36:04 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Zuew [2013.02.01 12:36:25 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\Cyberlink [2013.02.01 12:36:24 | 000,000,000 | ---D | C] -- C:\Users\pc\Documents\My Videos [2013.02.01 12:35:12 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink [2013.02.01 12:35:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nikon [2013.02.01 12:35:07 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PhotoDirector 3 [2013.02.01 12:34:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink [2013.02.01 12:33:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp [2013.02.01 12:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap ========== Files - Modified Within 30 Days ========== [2013.02.18 18:15:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.18 18:11:10 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.18 18:10:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.18 18:10:43 | 2945,847,295 | -HS- | M] () -- C:\hiberfil.sys [2013.02.18 18:09:57 | 000,014,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.18 18:09:57 | 000,014,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.18 18:09:23 | 000,000,020 | ---- | M] () -- C:\Users\pc\defogger_reenable [2013.02.18 18:09:06 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.18 18:09:06 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.18 18:09:06 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.18 18:09:06 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.18 18:09:06 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.18 18:02:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe [2013.02.18 18:02:16 | 000,050,477 | ---- | M] () -- C:\Users\pc\Desktop\Defogger.exe [2013.02.18 17:42:23 | 000,076,400 | ---- | M] (Quick Heal Technologies Pvt. Ltd.) -- C:\Users\pc\AppData\Roaming\kb3.exe [2013.02.17 21:10:44 | 000,416,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.17 19:20:28 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.02.17 19:20:28 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.02.17 18:33:59 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.02.17 18:29:13 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.02.17 18:29:13 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.02.17 18:29:12 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.02.17 18:02:11 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.02.17 17:40:29 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.09 16:48:21 | 003,918,396 | ---- | M] () -- C:\Users\pc\Desktop\IMG_6538.JPG [2013.02.01 12:35:07 | 000,001,505 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PhotoDirector 3.lnk [2013.01.23 21:11:03 | 001,140,736 | ---- | M] () -- C:\Users\pc\Desktop\GetAttachment.pot ========== Files Created - No Company Name ========== [2013.02.18 18:09:22 | 000,000,020 | ---- | C] () -- C:\Users\pc\defogger_reenable [2013.02.18 18:08:18 | 000,050,477 | ---- | C] () -- C:\Users\pc\Desktop\Defogger.exe [2013.02.17 19:39:31 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.02.17 19:20:28 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.02.17 19:20:28 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.02.17 19:06:23 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.02.17 18:33:59 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.02.17 17:56:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.02.17 17:56:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.02.17 17:56:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.02.17 17:56:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.02.17 17:56:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.02.17 17:40:29 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.09 16:48:20 | 003,918,396 | ---- | C] () -- C:\Users\pc\Desktop\IMG_6538.JPG [2013.02.01 12:35:07 | 000,001,505 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PhotoDirector 3.lnk [2013.01.23 21:11:03 | 001,140,736 | ---- | C] () -- C:\Users\pc\Desktop\GetAttachment.pot [2011.04.28 16:41:59 | 000,000,600 | ---- | C] () -- C:\Users\pc\AppData\Local\PUTTY.RND [2010.12.10 00:24:42 | 000,007,602 | ---- | C] () -- C:\Users\pc\AppData\Local\Resmon.ResmonCfg [2010.06.18 16:27:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2010.06.26 10:36:36 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\DAEMON Tools Lite [2010.08.15 18:27:58 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\DVDVideoSoftIEHelpers [2012.04.24 23:35:02 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\FileZilla [2012.02.16 18:58:10 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\ICQ [2008.04.26 10:38:56 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Opera [2013.02.18 17:42:45 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Siyhas [2013.02.18 17:42:45 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Tuyf [2013.02.18 17:43:16 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Ufyq [2011.10.23 20:42:15 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\XBMC [2013.02.17 16:25:18 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Zuew ========== Purity Check ========== < End of report > Ich hoffe die Angaben sind vollständig. Vielen Dank schonmal im Voraus für die Hilfe, Mit freundlichen Grüßen, Jamal Der OTL Extras Log: OTL EXTRAS Logfile: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 18.02.2013 18:13:30 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\pc\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,99 Gb Total Physical Memory | 7,71 Gb Available Physical Memory | 85,77% Memory free
17,98 Gb Paging File | 16,59 Gb Available in Paging File | 92,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916,86 Gb Total Space | 687,44 Gb Free Space | 74,98% Space Free | Partition Type: NTFS
Drive I: | 7,70 Gb Total Space | 1,60 Gb Free Space | 20,85% Space Free | Partition Type: FAT32
Computer Name: PC-PC | User Name: pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{167035DE-E9B7-410F-BED0-A9559097AAD4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4D5EEA2B-5E56-44AE-9A93-8E5C016B3055}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4F103CEB-D44D-427E-8AD2-67D04DFD1D60}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{57CCBB38-5B99-4800-A6BB-441DA9983537}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{600061AF-5E78-43CD-87E6-19D00B120536}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{601FFEAF-C4EE-429E-9DA2-49504B1188A4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6934D9E5-30E1-4524-A0AF-F529EED228C0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6C6A2413-AE74-4462-ADE9-B5112AC33C44}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6EF012DB-F973-4B35-A2C7-C119C16B5E60}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{795D1175-58AF-4483-A546-9C2447B0E285}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8322DD19-2F01-4351-A019-79FC550DE0D4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{8DC9A4CB-CB05-4F5A-BE5F-66D462BA23E8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9D2A8C88-AF87-41F8-8DEB-8E98C08F14B9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A077629F-FAE7-4F2E-9E5A-E96CE81C8B2E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A23FC620-19B8-403B-A2A2-B9ED59C9A940}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AA935FC8-124F-443D-A94A-A8A77C4452AD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B6929ADC-A628-44BF-B38F-84EA7200662E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C8758779-492D-4037-B236-1FEC80750631}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D5D28E66-F00D-4215-83FC-CB46D2680206}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F82DB053-1BEE-4D91-830B-23BD4E1E179F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BD609B-38C8-4E9C-BF9F-5F8F8BF28FFB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{060498C4-763C-4E99-B70C-133409A1C84B}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{0790550A-FAD9-4154-BADF-18B7DCBB65CA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{07E4848E-6B47-49F5-8E33-8390DC11CCB7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1547F9D4-4E23-41B6-B099-8EDF87930457}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{15CA6C37-619A-46BD-983D-372BE410801A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{17879ABD-4604-4CE2-A1C1-D0CDC212683A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1C10CF8C-C400-46B1-B11F-FE3FF13E6549}" = protocol=6 | dir=in | app=c:\program files (x86)\philips\wi-fi mediaconnect\wi-fi mediaconnect.exe |
"{1CB5199B-E7EB-4208-A432-5B1BEFC9F474}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{240AB0E2-FEE8-4D9D-977D-A963B83C8410}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{26B29C07-4749-4A82-960C-2D86B51AB131}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{2B32C4FB-3BC8-42F9-8568-B614E63D4487}" = protocol=6 | dir=out | app=system |
"{31B9EF43-D4EF-446E-93A0-267A099238E7}" = protocol=1 | dir=out | name=winulum |
"{32960A06-08C7-459E-B722-27BCE98879E9}" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3\totalmedia.exe |
"{352BF790-355E-4FE0-8563-25F774490BF8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3574BDFA-632F-4F01-8D91-AE8285110075}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{42D6DBB7-844F-42EF-B9F7-6C8F16B2C6A0}" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3\totalmedia.exe |
"{43F2D7D0-5C84-40E0-AE64-49873475295E}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{4BBBFE14-2231-4B8F-8327-79F79CA2006D}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{57393FE5-35E1-496B-AB20-C3E5B3870703}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5A517A47-8F75-4581-88B1-65E62C9FC2E1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5E7D87AE-DDC7-4D67-A2FF-01A2C6FDA8DC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{657FD387-6613-4745-8338-98F7A3544384}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{659D08D4-8A3D-4E2F-8A33-09ED90028591}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{7D40EC24-B5A2-4580-8CBD-650B48E74D3B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8903593E-2C52-4B1A-B513-B40268145D9B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9260B6DA-E8CC-4939-A947-3052C569CC0D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9C2EC05C-AD82-4C65-BB90-E4429B652F6F}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{9EFEB637-E8B6-478C-8007-52DF2449201E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{AC10BE99-5E61-4607-922C-05F2FA5664EE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B9B0EEBB-596B-4ECC-A9CF-810CCA2E01ED}" = protocol=1 | dir=in | name=winulum |
"{BDF08A4E-72FF-4006-ACE6-EF3E8CFB4DF6}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{D3CC3C07-268C-46C6-A590-7AC81A0A65E1}" = protocol=17 | dir=in | app=c:\program files (x86)\philips\wi-fi mediaconnect\wi-fi mediaconnect.exe |
"{D566B2A9-17B2-4888-B6C2-5C439CBFA610}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{DBB78D83-D004-467C-9E5B-879BA0EBE28F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E1619E52-36CE-4ECC-9337-ACAA90FBECF3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E3F879C0-9207-49F2-AE7E-8727F6E7D79D}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{E9C066BD-43DF-4102-AE00-111C57F5E5D6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{ED129829-F94F-4920-A442-5248C0E25361}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{EF34D2C7-69E8-4A99-9334-0F40261A0284}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FEFD3862-5EED-4CED-8E11-847C96697785}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{09378625-D567-42A6-B4F3-6D83516C82DB}C:\users\pc\appdata\local\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\users\pc\appdata\local\google\google earth\client\googleearth.exe |
"TCP Query User{253C68EF-D22D-4BE1-97CA-48F762B9054D}C:\program files (x86)\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"TCP Query User{2C7C55F2-5DC4-483A-9AA4-DDB6ACA420F3}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"TCP Query User{45CFD23D-9F45-45D9-AD8D-957359FD6E70}C:\users\pc\appdata\local\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\users\pc\appdata\local\google\google earth\client\googleearth.exe |
"TCP Query User{4A85530D-429A-4226-9143-C84BDAF60ACA}C:\users\pc\appdata\roaming\tuyf\idfa.exe" = protocol=6 | dir=in | app=c:\users\pc\appdata\roaming\tuyf\idfa.exe |
"TCP Query User{7C5993C7-E8BC-438B-A7A1-07C95CEEE0B6}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{997DC2E8-FD19-4E39-8D7A-F47DAAB04E00}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{AAC1F72C-AE5E-4E1B-A52E-64A182E7D6EF}C:\program files (x86)\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counter-strike 1.6\hl.exe |
"TCP Query User{AEC95464-B826-45E9-985A-0C7D2105AE35}C:\program files (x86)\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counter-strike 1.6\hl.exe |
"TCP Query User{B6418A48-001C-4962-870A-3F9C3590CC23}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{BE980D1C-88C4-4D7A-B580-8DEEC1E802C5}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{07E1EA30-6DC6-459C-B809-349F5779FEFD}C:\program files (x86)\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counter-strike 1.6\hl.exe |
"UDP Query User{172FEFB9-D5E7-4699-BDBB-A6DCF27C64E2}C:\users\pc\appdata\local\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\users\pc\appdata\local\google\google earth\client\googleearth.exe |
"UDP Query User{1A67FE01-E77F-4AB0-B27F-2C23F4B9A0BE}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{302ADF43-A86A-453C-80F6-6712EBAA8376}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
"UDP Query User{3B425FE2-F773-4F7E-9A14-17867EE62DB6}C:\program files (x86)\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counter-strike 1.6\hl.exe |
"UDP Query User{81C681CD-DF65-4727-9C08-EB33F4B1D04B}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{82C22B70-79B7-486F-9801-90354416291E}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{85359E2C-B753-4271-9258-09F58CB6FCCF}C:\users\pc\appdata\roaming\tuyf\idfa.exe" = protocol=17 | dir=in | app=c:\users\pc\appdata\roaming\tuyf\idfa.exe |
"UDP Query User{A918492B-0427-4FE2-BF0F-117CBDDB26D8}C:\program files (x86)\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"UDP Query User{B90FBCD2-EDE7-4672-B046-099FEDAA6E2D}C:\users\pc\appdata\local\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\users\pc\appdata\local\google\google earth\client\googleearth.exe |
"UDP Query User{BCAAF969-3147-43BA-B2C7-4228C0423C47}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.2 Build #3525 Banner Remover 1.0
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2461F1D6-8749-498C-866C-4EF27C0B40F8}" = Update
"{268CF0B8-CA38-4E20-9E99-514A07F7C1F1}" = ArcSoft TotalMedia 3
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{39337565-330E-4ab6-A9AE-AC81E0720B10}" = CyberLink PhotoDirector 3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA58346A-A5D7-4659-91D6-38D07345BDCF}" = Wi-Fi MediaConnect
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{B9A431FF-FDB1-40E5-B5F3-215290FD62DE}" = TP-LINK Drahtlos Tool
"{BE06114F-559D-11E0-B5A1-001D0926B1BF}" = Google Earth
"{C171FBBE-E471-4509-AA63-DB2FB61F778E}" = FileBot
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Counter-Strike 1.6" = Counter-Strike 1.6
"FileZilla Client" = FileZilla Client 3.2.7.1
"Google Chrome" = Google Chrome
"InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}" = CyberLink PhotoDirector 3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 12.14.1738" = Opera 12.14
"PDFTK Builder_is1" = PDFTK Builder 3.5.3
"Shutter_is1" = Shutter
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.6
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"XBMC" = XBMC
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.04.2012 15:19:50 | Computer Name = pc-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vlc.exe, Version: 1.1.6.0, Zeitstempel:
0x4d3caf1f Name des fehlerhaften Moduls: libmkv_plugin.dll, Version: 0.0.0.0, Zeitstempel:
0x4d3caf24 Ausnahmecode: 0x40000015 Fehleroffset: 0x00081a11 ID des fehlerhaften Prozesses:
0xcc4 Startzeit der fehlerhaften Anwendung: 0x01cd174ee3ae6b1c Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Pfad des fehlerhaften Moduls:
C:\Program Files (x86)\VideoLAN\VLC\plugins\libmkv_plugin.dll Berichtskennung: 23e5ffce-8342-11e1-9293-002268493d27
Error - 21.05.2012 16:04:12 | Computer Name = pc-PC | Source = Application Hang | ID = 1002
Description = Programm vlc.exe, Version 1.1.6.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 8d0 Startzeit:
01cd377c18937140 Endzeit: 17 Anwendungspfad: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Berichts-ID:
Error - 20.06.2012 12:18:23 | Computer Name = pc-PC | Source = Application Hang | ID = 1002
Description = Programm AcroRd32.exe, Version 9.3.2.163 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 4bc Startzeit:
01cd4f0048c2e015 Endzeit: 5 Anwendungspfad: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
Berichts-ID:
8cf25a74-baf3-11e1-8798-002268493d27
Error - 22.08.2012 15:38:40 | Computer Name = pc-PC | Source = Application Hang | ID = 1002
Description = Programm opera.exe, Version 12.0.1467.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: d24 Startzeit:
01cd8098cf38f987 Endzeit: 5 Anwendungspfad: C:\Program Files (x86)\Opera\opera.exe
Berichts-ID:
f7e82f60-ec90-11e1-9685-002268493d27
Error - 18.09.2012 14:55:29 | Computer Name = pc-PC | Source = Application Hang | ID = 1002
Description = Programm opera.exe, Version 12.2.1578.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: a24 Startzeit:
01cd95c48db797e3 Endzeit: 6 Anwendungspfad: C:\Program Files (x86)\Opera\opera.exe
Berichts-ID:
62e6824e-01c2-11e2-84b2-002268493d27
Error - 28.11.2012 11:07:25 | Computer Name = pc-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7600.16385 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 74c Startzeit: 01cdcd79abb8408a Endzeit: 0 Anwendungspfad: C:\Windows\Explorer.EXE
Berichts-ID:
4da74849-396d-11e2-9ade-002268493d27
Error - 14.02.2013 11:38:25 | Computer Name = pc-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: avgnt.exe, Version: 10.0.13.18, Zeitstempel:
0x4beab9be Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00014a3f ID des fehlerhaften Prozesses:
0x9e4 Startzeit der fehlerhaften Anwendung: 0x01ce0ac94cb19fbf Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 91cb5a9b-76bc-11e2-983b-002268493d27
Error - 17.02.2013 14:33:55 | Computer Name = pc-PC | Source = MsiInstaller | ID = 11935
Description =
Error - 17.02.2013 16:09:06 | Computer Name = pc-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: nvSCPAPISvr.exe, Version: 7.17.13.697,
Zeitstempel: 0x506b2e31 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74816a64 ID des fehlerhaften
Prozesses: 0x350 Startzeit der fehlerhaften Anwendung: 0x01ce0d4a409e8c14 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: e1593a3c-793d-11e2-a3f6-002268493d27
Error - 17.02.2013 16:09:10 | Computer Name = pc-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: daemonu.exe, Version: 1.10.8.0, Zeitstempel:
0x506b2bc8 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74816a64 ID des fehlerhaften Prozesses:
0xaa8 Startzeit der fehlerhaften Anwendung: 0x01ce0d4a9caea48d Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: e3e311e6-793d-11e2-a3f6-002268493d27
[ System Events ]
Error - 17.02.2013 16:06:22 | Computer Name = pc-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126
Error - 17.02.2013 16:08:22 | Computer Name = pc-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 17.02.2013 16:08:44 | Computer Name = pc-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Google Update-Dienst (gupdate) erreicht.
Error - 17.02.2013 16:08:44 | Computer Name = pc-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 17.02.2013 16:10:53 | Computer Name = pc-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126
Error - 17.02.2013 16:12:23 | Computer Name = pc-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler
beendet: %%16405
Error - 17.02.2013 16:14:47 | Computer Name = pc-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80242016 fehlgeschlagen: Update für die Kompatibilitätsansichtsliste für
Internet Explorer*8 für Windows 7 für x64-basierte Systeme (KB2598845)
Error - 17.02.2013 16:14:47 | Computer Name = pc-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80242016 fehlgeschlagen: Sicherheitsupdate für Internet Explorer 8 unter
Windows 7 für x64-basierte Systeme (KB2797052)
Error - 18.02.2013 11:10:06 | Computer Name = pc-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126
Error - 18.02.2013 12:26:15 | Computer Name = pc-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126
< End of report >
--- --- --- Der OTL Extras Log: OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 18.02.2013 18:13:30 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\pc\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,99 Gb Total Physical Memory | 7,71 Gb Available Physical Memory | 85,77% Memory free
17,98 Gb Paging File | 16,59 Gb Available in Paging File | 92,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916,86 Gb Total Space | 687,44 Gb Free Space | 74,98% Space Free | Partition Type: NTFS
Drive I: | 7,70 Gb Total Space | 1,60 Gb Free Space | 20,85% Space Free | Partition Type: FAT32
Computer Name: PC-PC | User Name: pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{167035DE-E9B7-410F-BED0-A9559097AAD4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4D5EEA2B-5E56-44AE-9A93-8E5C016B3055}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4F103CEB-D44D-427E-8AD2-67D04DFD1D60}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{57CCBB38-5B99-4800-A6BB-441DA9983537}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{600061AF-5E78-43CD-87E6-19D00B120536}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{601FFEAF-C4EE-429E-9DA2-49504B1188A4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6934D9E5-30E1-4524-A0AF-F529EED228C0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6C6A2413-AE74-4462-ADE9-B5112AC33C44}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6EF012DB-F973-4B35-A2C7-C119C16B5E60}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{795D1175-58AF-4483-A546-9C2447B0E285}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8322DD19-2F01-4351-A019-79FC550DE0D4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{8DC9A4CB-CB05-4F5A-BE5F-66D462BA23E8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9D2A8C88-AF87-41F8-8DEB-8E98C08F14B9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A077629F-FAE7-4F2E-9E5A-E96CE81C8B2E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A23FC620-19B8-403B-A2A2-B9ED59C9A940}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AA935FC8-124F-443D-A94A-A8A77C4452AD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B6929ADC-A628-44BF-B38F-84EA7200662E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C8758779-492D-4037-B236-1FEC80750631}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D5D28E66-F00D-4215-83FC-CB46D2680206}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F82DB053-1BEE-4D91-830B-23BD4E1E179F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BD609B-38C8-4E9C-BF9F-5F8F8BF28FFB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{060498C4-763C-4E99-B70C-133409A1C84B}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{0790550A-FAD9-4154-BADF-18B7DCBB65CA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{07E4848E-6B47-49F5-8E33-8390DC11CCB7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1547F9D4-4E23-41B6-B099-8EDF87930457}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{15CA6C37-619A-46BD-983D-372BE410801A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{17879ABD-4604-4CE2-A1C1-D0CDC212683A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1C10CF8C-C400-46B1-B11F-FE3FF13E6549}" = protocol=6 | dir=in | app=c:\program files (x86)\philips\wi-fi mediaconnect\wi-fi mediaconnect.exe |
"{1CB5199B-E7EB-4208-A432-5B1BEFC9F474}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{240AB0E2-FEE8-4D9D-977D-A963B83C8410}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{26B29C07-4749-4A82-960C-2D86B51AB131}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{2B32C4FB-3BC8-42F9-8568-B614E63D4487}" = protocol=6 | dir=out | app=system |
"{31B9EF43-D4EF-446E-93A0-267A099238E7}" = protocol=1 | dir=out | name=winulum |
"{32960A06-08C7-459E-B722-27BCE98879E9}" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3\totalmedia.exe |
"{352BF790-355E-4FE0-8563-25F774490BF8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3574BDFA-632F-4F01-8D91-AE8285110075}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{42D6DBB7-844F-42EF-B9F7-6C8F16B2C6A0}" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3\totalmedia.exe |
"{43F2D7D0-5C84-40E0-AE64-49873475295E}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{4BBBFE14-2231-4B8F-8327-79F79CA2006D}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{57393FE5-35E1-496B-AB20-C3E5B3870703}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5A517A47-8F75-4581-88B1-65E62C9FC2E1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5E7D87AE-DDC7-4D67-A2FF-01A2C6FDA8DC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{657FD387-6613-4745-8338-98F7A3544384}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{659D08D4-8A3D-4E2F-8A33-09ED90028591}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{7D40EC24-B5A2-4580-8CBD-650B48E74D3B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8903593E-2C52-4B1A-B513-B40268145D9B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9260B6DA-E8CC-4939-A947-3052C569CC0D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9C2EC05C-AD82-4C65-BB90-E4429B652F6F}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{9EFEB637-E8B6-478C-8007-52DF2449201E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{AC10BE99-5E61-4607-922C-05F2FA5664EE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B9B0EEBB-596B-4ECC-A9CF-810CCA2E01ED}" = protocol=1 | dir=in | name=winulum |
"{BDF08A4E-72FF-4006-ACE6-EF3E8CFB4DF6}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{D3CC3C07-268C-46C6-A590-7AC81A0A65E1}" = protocol=17 | dir=in | app=c:\program files (x86)\philips\wi-fi mediaconnect\wi-fi mediaconnect.exe |
"{D566B2A9-17B2-4888-B6C2-5C439CBFA610}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{DBB78D83-D004-467C-9E5B-879BA0EBE28F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E1619E52-36CE-4ECC-9337-ACAA90FBECF3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E3F879C0-9207-49F2-AE7E-8727F6E7D79D}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{E9C066BD-43DF-4102-AE00-111C57F5E5D6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{ED129829-F94F-4920-A442-5248C0E25361}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{EF34D2C7-69E8-4A99-9334-0F40261A0284}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FEFD3862-5EED-4CED-8E11-847C96697785}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{09378625-D567-42A6-B4F3-6D83516C82DB}C:\users\pc\appdata\local\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\users\pc\appdata\local\google\google earth\client\googleearth.exe |
"TCP Query User{253C68EF-D22D-4BE1-97CA-48F762B9054D}C:\program files (x86)\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"TCP Query User{2C7C55F2-5DC4-483A-9AA4-DDB6ACA420F3}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"TCP Query User{45CFD23D-9F45-45D9-AD8D-957359FD6E70}C:\users\pc\appdata\local\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\users\pc\appdata\local\google\google earth\client\googleearth.exe |
"TCP Query User{4A85530D-429A-4226-9143-C84BDAF60ACA}C:\users\pc\appdata\roaming\tuyf\idfa.exe" = protocol=6 | dir=in | app=c:\users\pc\appdata\roaming\tuyf\idfa.exe |
"TCP Query User{7C5993C7-E8BC-438B-A7A1-07C95CEEE0B6}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{997DC2E8-FD19-4E39-8D7A-F47DAAB04E00}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{AAC1F72C-AE5E-4E1B-A52E-64A182E7D6EF}C:\program files (x86)\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counter-strike 1.6\hl.exe |
"TCP Query User{AEC95464-B826-45E9-985A-0C7D2105AE35}C:\program files (x86)\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counter-strike 1.6\hl.exe |
"TCP Query User{B6418A48-001C-4962-870A-3F9C3590CC23}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{BE980D1C-88C4-4D7A-B580-8DEEC1E802C5}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{07E1EA30-6DC6-459C-B809-349F5779FEFD}C:\program files (x86)\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counter-strike 1.6\hl.exe |
"UDP Query User{172FEFB9-D5E7-4699-BDBB-A6DCF27C64E2}C:\users\pc\appdata\local\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\users\pc\appdata\local\google\google earth\client\googleearth.exe |
"UDP Query User{1A67FE01-E77F-4AB0-B27F-2C23F4B9A0BE}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{302ADF43-A86A-453C-80F6-6712EBAA8376}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
"UDP Query User{3B425FE2-F773-4F7E-9A14-17867EE62DB6}C:\program files (x86)\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counter-strike 1.6\hl.exe |
"UDP Query User{81C681CD-DF65-4727-9C08-EB33F4B1D04B}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{82C22B70-79B7-486F-9801-90354416291E}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{85359E2C-B753-4271-9258-09F58CB6FCCF}C:\users\pc\appdata\roaming\tuyf\idfa.exe" = protocol=17 | dir=in | app=c:\users\pc\appdata\roaming\tuyf\idfa.exe |
"UDP Query User{A918492B-0427-4FE2-BF0F-117CBDDB26D8}C:\program files (x86)\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"UDP Query User{B90FBCD2-EDE7-4672-B046-099FEDAA6E2D}C:\users\pc\appdata\local\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\users\pc\appdata\local\google\google earth\client\googleearth.exe |
"UDP Query User{BCAAF969-3147-43BA-B2C7-4228C0423C47}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.2 Build #3525 Banner Remover 1.0
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2461F1D6-8749-498C-866C-4EF27C0B40F8}" = Update
"{268CF0B8-CA38-4E20-9E99-514A07F7C1F1}" = ArcSoft TotalMedia 3
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{39337565-330E-4ab6-A9AE-AC81E0720B10}" = CyberLink PhotoDirector 3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA58346A-A5D7-4659-91D6-38D07345BDCF}" = Wi-Fi MediaConnect
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{B9A431FF-FDB1-40E5-B5F3-215290FD62DE}" = TP-LINK Drahtlos Tool
"{BE06114F-559D-11E0-B5A1-001D0926B1BF}" = Google Earth
"{C171FBBE-E471-4509-AA63-DB2FB61F778E}" = FileBot
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Counter-Strike 1.6" = Counter-Strike 1.6
"FileZilla Client" = FileZilla Client 3.2.7.1
"Google Chrome" = Google Chrome
"InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}" = CyberLink PhotoDirector 3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 12.14.1738" = Opera 12.14
"PDFTK Builder_is1" = PDFTK Builder 3.5.3
"Shutter_is1" = Shutter
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.6
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"XBMC" = XBMC
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.04.2012 15:19:50 | Computer Name = pc-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vlc.exe, Version: 1.1.6.0, Zeitstempel:
0x4d3caf1f Name des fehlerhaften Moduls: libmkv_plugin.dll, Version: 0.0.0.0, Zeitstempel:
0x4d3caf24 Ausnahmecode: 0x40000015 Fehleroffset: 0x00081a11 ID des fehlerhaften Prozesses:
0xcc4 Startzeit der fehlerhaften Anwendung: 0x01cd174ee3ae6b1c Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Pfad des fehlerhaften Moduls:
C:\Program Files (x86)\VideoLAN\VLC\plugins\libmkv_plugin.dll Berichtskennung: 23e5ffce-8342-11e1-9293-002268493d27
Error - 21.05.2012 16:04:12 | Computer Name = pc-PC | Source = Application Hang | ID = 1002
Description = Programm vlc.exe, Version 1.1.6.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 8d0 Startzeit:
01cd377c18937140 Endzeit: 17 Anwendungspfad: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Berichts-ID:
Error - 20.06.2012 12:18:23 | Computer Name = pc-PC | Source = Application Hang | ID = 1002
Description = Programm AcroRd32.exe, Version 9.3.2.163 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 4bc Startzeit:
01cd4f0048c2e015 Endzeit: 5 Anwendungspfad: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
Berichts-ID:
8cf25a74-baf3-11e1-8798-002268493d27
Error - 22.08.2012 15:38:40 | Computer Name = pc-PC | Source = Application Hang | ID = 1002
Description = Programm opera.exe, Version 12.0.1467.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: d24 Startzeit:
01cd8098cf38f987 Endzeit: 5 Anwendungspfad: C:\Program Files (x86)\Opera\opera.exe
Berichts-ID:
f7e82f60-ec90-11e1-9685-002268493d27
Error - 18.09.2012 14:55:29 | Computer Name = pc-PC | Source = Application Hang | ID = 1002
Description = Programm opera.exe, Version 12.2.1578.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: a24 Startzeit:
01cd95c48db797e3 Endzeit: 6 Anwendungspfad: C:\Program Files (x86)\Opera\opera.exe
Berichts-ID:
62e6824e-01c2-11e2-84b2-002268493d27
Error - 28.11.2012 11:07:25 | Computer Name = pc-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7600.16385 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 74c Startzeit: 01cdcd79abb8408a Endzeit: 0 Anwendungspfad: C:\Windows\Explorer.EXE
Berichts-ID:
4da74849-396d-11e2-9ade-002268493d27
Error - 14.02.2013 11:38:25 | Computer Name = pc-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: avgnt.exe, Version: 10.0.13.18, Zeitstempel:
0x4beab9be Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00014a3f ID des fehlerhaften Prozesses:
0x9e4 Startzeit der fehlerhaften Anwendung: 0x01ce0ac94cb19fbf Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 91cb5a9b-76bc-11e2-983b-002268493d27
Error - 17.02.2013 14:33:55 | Computer Name = pc-PC | Source = MsiInstaller | ID = 11935
Description =
Error - 17.02.2013 16:09:06 | Computer Name = pc-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: nvSCPAPISvr.exe, Version: 7.17.13.697,
Zeitstempel: 0x506b2e31 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74816a64 ID des fehlerhaften
Prozesses: 0x350 Startzeit der fehlerhaften Anwendung: 0x01ce0d4a409e8c14 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: e1593a3c-793d-11e2-a3f6-002268493d27
Error - 17.02.2013 16:09:10 | Computer Name = pc-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: daemonu.exe, Version: 1.10.8.0, Zeitstempel:
0x506b2bc8 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74816a64 ID des fehlerhaften Prozesses:
0xaa8 Startzeit der fehlerhaften Anwendung: 0x01ce0d4a9caea48d Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: e3e311e6-793d-11e2-a3f6-002268493d27
[ System Events ]
Error - 17.02.2013 16:06:22 | Computer Name = pc-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126
Error - 17.02.2013 16:08:22 | Computer Name = pc-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 17.02.2013 16:08:44 | Computer Name = pc-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Google Update-Dienst (gupdate) erreicht.
Error - 17.02.2013 16:08:44 | Computer Name = pc-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 17.02.2013 16:10:53 | Computer Name = pc-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126
Error - 17.02.2013 16:12:23 | Computer Name = pc-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler
beendet: %%16405
Error - 17.02.2013 16:14:47 | Computer Name = pc-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80242016 fehlgeschlagen: Update für die Kompatibilitätsansichtsliste für
Internet Explorer*8 für Windows 7 für x64-basierte Systeme (KB2598845)
Error - 17.02.2013 16:14:47 | Computer Name = pc-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80242016 fehlgeschlagen: Sicherheitsupdate für Internet Explorer 8 unter
Windows 7 für x64-basierte Systeme (KB2797052)
Error - 18.02.2013 11:10:06 | Computer Name = pc-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126
Error - 18.02.2013 12:26:15 | Computer Name = pc-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126
< End of report >
|
|
18.02.2013, 19:26
| #2 |
| | BKA/GVU-Virus vollständig entfernen Und der GMER Log:
__________________GMER Logfile: Code:
ATTFilter GMER 2.1.18952 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-02-18 18:53:07
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD10EAVS-00D7B1 rev.01.01A01 931,51GB
Running: GMER_2.1.18952.exe; Driver: C:\Users\pc\AppData\Local\Temp\pxldapoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000772108ac 4 bytes [68, 9D, 3D, CC]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 00000000772108b1 1 byte [C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007722260d 6 bytes [68, 68, 1C, CB, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007722c4aa 6 bytes [68, C8, 3E, CC, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077232a93 6 bytes [68, AE, 1C, CB, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077254170 6 bytes [68, F4, 1C, CB, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007725e6b5 6 bytes [68, 3A, 1D, CB, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 00000000761332f2 6 bytes [68, 31, 41, CC, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\kernel32.dll!ExitProcess 000000007613734e 6 bytes [68, F0, 40, CC, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\USER32.dll!GetDC 0000000075df7246 4 bytes [68, 14, A8, CA]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\USER32.dll!GetDC + 5 0000000075df724b 1 byte [C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\USER32.dll!ReleaseDC 0000000075df730e 6 bytes [68, 92, A8, CA, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\USER32.dll!GetWindowDC 0000000075df79d8 4 bytes [68, 53, A8, CA]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 0000000075df79dd 1 byte [C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000075df7d79 6 bytes [68, 51, B4, CA, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000075df7e92 6 bytes [68, 88, 52, CC, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000075df811b 6 bytes [68, B0, 52, CC, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000075df8bd6 6 bytes [68, 6C, 1F, CB, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000075df9ed3 6 bytes [68, 06, 20, CB, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\USER32.dll!RegisterClassExA 0000000075dfdd6d 6 bytes [68, 58, 20, CB, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075e00112 6 bytes [68, D8, 52, CC, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000075e00abb 6 bytes [68, 9E, 1E, CB, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000075e00e0d 6 bytes [68, BB, 50, CC, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\USER32.dll!EndPaint 0000000075e00e9a 4 bytes [68, 79, A7, CA]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000075e00e9f 1 byte [C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000075e00eba 4 bytes [68, 09, A7, CA]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000075e00ebf 1 byte [C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000075e02bc7 6 bytes [68, 89, 50, CC, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\USER32.dll!GetCapture 0000000075e02dbd 6 bytes [68, E9, 51, CC, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000075e02ec4 6 bytes [68, 99, 51, CC, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\USER32.dll!SetCapture 0000000075e02ed1 4 bytes [68, 3F, 51, CC]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000075e02ed6 1 byte [C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000075e03001 4 bytes [68, B9, A7, CA]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000075e03006 1 byte [C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000075e04b80 6 bytes [68, B9, 1F, CB, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000075e07af4 6 bytes [68, E7, 1E, CB, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000075e0808f 6 bytes [68, C9, 1D, CB, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 0000000075e081e0 6 bytes [68, 58, 1E, CB, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000075e08632 6 bytes [68, 80, 1D, CB, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000075e08807 6 bytes [68, 12, 1E, CB, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075e1ed58 6 bytes [68, 03, 53, CC, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000075e1f1fe 6 bytes [68, 65, A9, CA, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\USER32.dll!GetUpdateRect 0000000075e2011b 6 bytes [68, D2, A8, CA, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075e397e4 6 bytes [68, 4A, 1C, CB, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075e39c8d 6 bytes [68, 02, 51, CC, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075e39f3b 6 bytes [68, 00, B6, CA, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 0000000075e5895b 4 bytes [68, FA, 1B, CB]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 0000000075e58960 1 byte [C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007675bbdb 6 bytes [68, AE, 41, CC, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000767914fd 6 bytes [68, 97, 41, CC, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000765e3bed 6 bytes [68, C1, 17, CC, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 00000000765e6737 6 bytes [68, D2, 13, CC, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000765e68a7 6 bytes [68, 1A, 18, CC, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\WS2_32.dll!send 00000000765ec4c8 6 bytes [68, F9, 17, CC, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\WS2_32.dll!gethostbyname 00000000765f7133 6 bytes [68, 62, 13, CC, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 00000000763dc664 6 bytes [68, F7, DC, CB, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000763de13a 6 bytes [68, 97, DE, CB, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000763df8d8 6 bytes [68, 64, DD, CB, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 00000000763e3184 6 bytes [68, 6B, DE, CB, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000076405761 6 bytes [68, 39, DA, CB, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000076405fef 6 bytes [68, F5, D9, CB, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 000000007640632d 6 bytes [68, 7D, DA, CB, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 000000007640fa49 6 bytes [68, 92, DD, CB, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 000000007641f564 6 bytes [68, 27, DB, CB, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 000000007641f639 6 bytes [68, 61, DC, CB, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000076434f2f 6 bytes [68, 11, DE, CB, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 000000007643525a 6 bytes [68, D2, DA, CB, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 000000007647ece5 6 bytes [68, C4, DB, CB, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 000000007647edb7 6 bytes [68, AC, DC, CB, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe[2184] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000763412b0 6 bytes [68, D6, F4, CB, 00, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000772108ac 6 bytes [68, 9D, 3D, 47, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007722260d 6 bytes [68, 68, 1C, 46, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007722c4aa 6 bytes [68, C8, 3E, 47, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077232a93 6 bytes [68, AE, 1C, 46, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077254170 6 bytes [68, F4, 1C, 46, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007725e6b5 6 bytes [68, 3A, 1D, 46, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 00000000761332f2 6 bytes [68, 31, 41, 47, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\kernel32.dll!ExitProcess 000000007613734e 6 bytes [68, F0, 40, 47, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\USER32.dll!GetDC 0000000075df7246 6 bytes [68, 14, A8, 45, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\USER32.dll!ReleaseDC 0000000075df730e 6 bytes [68, 92, A8, 45, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\USER32.dll!GetWindowDC 0000000075df79d8 6 bytes [68, 53, A8, 45, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000075df7d79 6 bytes [68, 51, B4, 45, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000075df7e92 6 bytes [68, 88, 52, 47, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000075df811b 6 bytes [68, B0, 52, 47, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000075df8bd6 6 bytes [68, 6C, 1F, 46, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000075df9ed3 6 bytes [68, 06, 20, 46, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\USER32.dll!RegisterClassExA 0000000075dfdd6d 6 bytes [68, 58, 20, 46, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075e00112 6 bytes [68, D8, 52, 47, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000075e00abb 6 bytes [68, 9E, 1E, 46, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000075e00e0d 6 bytes [68, BB, 50, 47, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\USER32.dll!EndPaint 0000000075e00e9a 6 bytes [68, 79, A7, 45, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000075e00eba 6 bytes [68, 09, A7, 45, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000075e02bc7 6 bytes [68, 89, 50, 47, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\USER32.dll!GetCapture 0000000075e02dbd 6 bytes [68, E9, 51, 47, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000075e02ec4 6 bytes [68, 99, 51, 47, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\USER32.dll!SetCapture 0000000075e02ed1 6 bytes [68, 3F, 51, 47, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000075e03001 6 bytes [68, B9, A7, 45, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000075e04b80 6 bytes [68, B9, 1F, 46, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000075e07af4 6 bytes [68, E7, 1E, 46, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000075e0808f 6 bytes [68, C9, 1D, 46, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 0000000075e081e0 6 bytes [68, 58, 1E, 46, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000075e08632 6 bytes [68, 80, 1D, 46, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000075e08807 6 bytes [68, 12, 1E, 46, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075e1ed58 6 bytes [68, 03, 53, 47, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000075e1f1fe 6 bytes [68, 65, A9, 45, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\USER32.dll!GetUpdateRect 0000000075e2011b 6 bytes [68, D2, A8, 45, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075e397e4 6 bytes [68, 4A, 1C, 46, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075e39c8d 6 bytes [68, 02, 51, 47, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075e39f3b 6 bytes [68, 00, B6, 45, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 0000000075e5895b 6 bytes [68, FA, 1B, 46, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007675bbdb 6 bytes [68, AE, 41, 47, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000767914fd 6 bytes [68, 97, 41, 47, 02, C3]
? C:\Windows\system32\mmsys.cpl [2644] entry point in ".data" section 0000000073d41152
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\SysWOW64\WINMM.dll!PlaySoundW 0000000071ed2d12 6 bytes [68, EC, 41, 47, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\SysWOW64\WINMM.dll!PlaySound 0000000071ef3dad 6 bytes [68, C5, 41, 47, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000765e3bed 6 bytes [68, C1, 17, 47, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 00000000765e6737 6 bytes [68, D2, 13, 47, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000765e68a7 6 bytes [68, 1A, 18, 47, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\WS2_32.dll!send 00000000765ec4c8 6 bytes [68, F9, 17, 47, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\WS2_32.dll!gethostbyname 00000000765f7133 6 bytes [68, 62, 13, 47, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000763412b0 6 bytes [68, D6, F4, 46, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 00000000763dc664 6 bytes [68, F7, DC, 46, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000763de13a 6 bytes [68, 97, DE, 46, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000763df8d8 6 bytes [68, 64, DD, 46, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 00000000763e3184 6 bytes [68, 6B, DE, 46, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000076405761 6 bytes [68, 39, DA, 46, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000076405fef 6 bytes [68, F5, D9, 46, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 000000007640632d 6 bytes [68, 7D, DA, 46, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 000000007640fa49 6 bytes [68, 92, DD, 46, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 000000007641f564 6 bytes [68, 27, DB, 46, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 000000007641f639 6 bytes [68, 61, DC, 46, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000076434f2f 6 bytes [68, 11, DE, 46, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 000000007643525a 6 bytes [68, D2, DA, 46, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 000000007647ece5 6 bytes [68, C4, DB, 46, 02, C3]
.text C:\Windows\SysWOW64\rundll32.exe[2644] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 000000007647edb7 6 bytes [68, AC, DC, 46, 02, C3]
.text C:\Users\pc\AppData\Roaming\Tuyf\idfa.exe[2964] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 00000000765e6737 6 bytes [68, D2, 13, 42, 00, C3]
.text C:\Users\pc\AppData\Roaming\Tuyf\idfa.exe[2964] C:\Windows\syswow64\WS2_32.dll!gethostbyname 00000000765f7133 6 bytes [68, 62, 13, 42, 00, C3]
.text C:\Users\pc\AppData\Roaming\Tuyf\idfa.exe[2964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074cf1465 2 bytes [CF, 74]
.text C:\Users\pc\AppData\Roaming\Tuyf\idfa.exe[2964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074cf14bb 2 bytes [CF, 74]
.text ... * 2
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000772108ac 4 bytes [68, 9D, 3D, 07]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 00000000772108b1 1 byte [C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007722260d 6 bytes [68, 68, 1C, 06, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007722c4aa 6 bytes [68, C8, 3E, 07, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077232a93 6 bytes [68, AE, 1C, 06, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077254170 6 bytes [68, F4, 1C, 06, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007725e6b5 6 bytes [68, 3A, 1D, 06, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 00000000761332f2 6 bytes [68, 31, 41, 07, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\kernel32.dll!ExitProcess 000000007613734e 6 bytes [68, F0, 40, 07, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\USER32.dll!GetDC 0000000075df7246 4 bytes [68, 14, A8, 05]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\USER32.dll!GetDC + 5 0000000075df724b 1 byte [C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\USER32.dll!ReleaseDC 0000000075df730e 6 bytes [68, 92, A8, 05, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\USER32.dll!GetWindowDC 0000000075df79d8 4 bytes [68, 53, A8, 05]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 0000000075df79dd 1 byte [C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000075df7d79 6 bytes [68, 51, B4, 05, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000075df7e92 6 bytes [68, 88, 52, 07, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000075df811b 6 bytes [68, B0, 52, 07, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000075df8bd6 6 bytes [68, 6C, 1F, 06, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000075df9ed3 6 bytes [68, 06, 20, 06, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\USER32.dll!RegisterClassExA 0000000075dfdd6d 6 bytes [68, 58, 20, 06, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075e00112 6 bytes [68, D8, 52, 07, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000075e00abb 6 bytes [68, 9E, 1E, 06, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000075e00e0d 6 bytes [68, BB, 50, 07, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\USER32.dll!EndPaint 0000000075e00e9a 4 bytes [68, 79, A7, 05]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000075e00e9f 1 byte [C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000075e00eba 4 bytes [68, 09, A7, 05]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000075e00ebf 1 byte [C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000075e02bc7 6 bytes [68, 89, 50, 07, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\USER32.dll!GetCapture 0000000075e02dbd 6 bytes [68, E9, 51, 07, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000075e02ec4 6 bytes [68, 99, 51, 07, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\USER32.dll!SetCapture 0000000075e02ed1 4 bytes [68, 3F, 51, 07]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000075e02ed6 1 byte [C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000075e03001 4 bytes [68, B9, A7, 05]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000075e03006 1 byte [C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000075e04b80 6 bytes [68, B9, 1F, 06, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000075e07af4 6 bytes [68, E7, 1E, 06, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000075e0808f 6 bytes [68, C9, 1D, 06, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 0000000075e081e0 6 bytes [68, 58, 1E, 06, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000075e08632 6 bytes [68, 80, 1D, 06, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000075e08807 6 bytes [68, 12, 1E, 06, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075e1ed58 6 bytes [68, 03, 53, 07, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000075e1f1fe 6 bytes [68, 65, A9, 05, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\USER32.dll!GetUpdateRect 0000000075e2011b 6 bytes [68, D2, A8, 05, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075e397e4 6 bytes [68, 4A, 1C, 06, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075e39c8d 6 bytes [68, 02, 51, 07, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075e39f3b 6 bytes [68, 00, B6, 05, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 0000000075e5895b 4 bytes [68, FA, 1B, 06]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 0000000075e58960 1 byte [C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007675bbdb 6 bytes [68, AE, 41, 07, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000767914fd 6 bytes [68, 97, 41, 07, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000765e3bed 6 bytes [68, C1, 17, 07, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 00000000765e6737 6 bytes [68, D2, 13, 07, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000765e68a7 6 bytes [68, 1A, 18, 07, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\WS2_32.dll!send 00000000765ec4c8 6 bytes [68, F9, 17, 07, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\WS2_32.dll!gethostbyname 00000000765f7133 6 bytes [68, 62, 13, 07, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000763412b0 6 bytes [68, D6, F4, 06, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 00000000763dc664 6 bytes [68, F7, DC, 06, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000763de13a 6 bytes [68, 97, DE, 06, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000763df8d8 6 bytes [68, 64, DD, 06, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 00000000763e3184 6 bytes [68, 6B, DE, 06, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000076405761 6 bytes [68, 39, DA, 06, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000076405fef 6 bytes [68, F5, D9, 06, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 000000007640632d 6 bytes [68, 7D, DA, 06, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 000000007640fa49 6 bytes [68, 92, DD, 06, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 000000007641f564 6 bytes [68, 27, DB, 06, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 000000007641f639 6 bytes [68, 61, DC, 06, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000076434f2f 6 bytes [68, 11, DE, 06, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 000000007643525a 6 bytes [68, D2, DA, 06, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 000000007647ece5 6 bytes [68, C4, DB, 06, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 000000007647edb7 6 bytes [68, AC, DC, 06, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\SysWOW64\WINMM.dll!PlaySoundW 0000000071ed2d12 6 bytes [68, EC, 41, 07, 00, C3]
.text C:\Windows\SysWOW64\ctfmon.exe[2448] C:\Windows\SysWOW64\WINMM.dll!PlaySound 0000000071ef3dad 6 bytes [68, C5, 41, 07, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000772108ac 4 bytes [68, 9D, 3D, 1B]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 00000000772108b1 1 byte [C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007722260d 6 bytes [68, 68, 1C, 1A, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007722c4aa 6 bytes [68, C8, 3E, 1B, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077232a93 6 bytes [68, AE, 1C, 1A, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077254170 6 bytes [68, F4, 1C, 1A, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007725e6b5 6 bytes [68, 3A, 1D, 1A, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 00000000761332f2 6 bytes [68, 31, 41, 1B, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\kernel32.dll!ExitProcess 000000007613734e 6 bytes [68, F0, 40, 1B, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\USER32.dll!GetDC 0000000075df7246 4 bytes [68, 14, A8, 19]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\USER32.dll!GetDC + 5 0000000075df724b 1 byte [C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\USER32.dll!ReleaseDC 0000000075df730e 6 bytes [68, 92, A8, 19, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\USER32.dll!GetWindowDC 0000000075df79d8 4 bytes [68, 53, A8, 19]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 0000000075df79dd 1 byte [C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000075df7d79 6 bytes [68, 51, B4, 19, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000075df7e92 6 bytes [68, 88, 52, 1B, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000075df811b 6 bytes [68, B0, 52, 1B, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000075df8bd6 6 bytes [68, 6C, 1F, 1A, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000075df9ed3 6 bytes [68, 06, 20, 1A, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\USER32.dll!RegisterClassExA 0000000075dfdd6d 6 bytes [68, 58, 20, 1A, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075e00112 6 bytes [68, D8, 52, 1B, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000075e00abb 6 bytes [68, 9E, 1E, 1A, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000075e00e0d 6 bytes [68, BB, 50, 1B, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\USER32.dll!EndPaint 0000000075e00e9a 4 bytes [68, 79, A7, 19]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000075e00e9f 1 byte [C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000075e00eba 4 bytes [68, 09, A7, 19]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000075e00ebf 1 byte [C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000075e02bc7 6 bytes [68, 89, 50, 1B, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\USER32.dll!GetCapture 0000000075e02dbd 6 bytes [68, E9, 51, 1B, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000075e02ec4 6 bytes [68, 99, 51, 1B, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\USER32.dll!SetCapture 0000000075e02ed1 4 bytes [68, 3F, 51, 1B]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000075e02ed6 1 byte [C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000075e03001 4 bytes [68, B9, A7, 19]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000075e03006 1 byte [C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000075e04b80 6 bytes [68, B9, 1F, 1A, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000075e07af4 6 bytes [68, E7, 1E, 1A, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000075e0808f 6 bytes [68, C9, 1D, 1A, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 0000000075e081e0 6 bytes [68, 58, 1E, 1A, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000075e08632 6 bytes [68, 80, 1D, 1A, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000075e08807 6 bytes [68, 12, 1E, 1A, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075e1ed58 6 bytes [68, 03, 53, 1B, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000075e1f1fe 6 bytes [68, 65, A9, 19, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\USER32.dll!GetUpdateRect 0000000075e2011b 6 bytes [68, D2, A8, 19, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075e397e4 6 bytes [68, 4A, 1C, 1A, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075e39c8d 6 bytes [68, 02, 51, 1B, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075e39f3b 6 bytes [68, 00, B6, 19, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 0000000075e5895b 4 bytes [68, FA, 1B, 1A]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 0000000075e58960 1 byte [C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007675bbdb 6 bytes [68, AE, 41, 1B, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000767914fd 6 bytes [68, 97, 41, 1B, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000765e3bed 6 bytes [68, C1, 17, 1B, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 00000000765e6737 6 bytes [68, D2, 13, 1B, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000765e68a7 6 bytes [68, 1A, 18, 1B, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\WS2_32.dll!send 00000000765ec4c8 6 bytes [68, F9, 17, 1B, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\WS2_32.dll!gethostbyname 00000000765f7133 6 bytes [68, 62, 13, 1B, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000763412b0 6 bytes [68, D6, F4, 1A, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 00000000763dc664 6 bytes [68, F7, DC, 1A, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000763de13a 6 bytes [68, 97, DE, 1A, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000763df8d8 6 bytes [68, 64, DD, 1A, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 00000000763e3184 6 bytes [68, 6B, DE, 1A, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000076405761 6 bytes [68, 39, DA, 1A, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000076405fef 6 bytes [68, F5, D9, 1A, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 000000007640632d 6 bytes [68, 7D, DA, 1A, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 000000007640fa49 6 bytes [68, 92, DD, 1A, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 000000007641f564 6 bytes [68, 27, DB, 1A, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 000000007641f639 6 bytes [68, 61, DC, 1A, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000076434f2f 6 bytes [68, 11, DE, 1A, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 000000007643525a 6 bytes [68, D2, DA, 1A, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 000000007647ece5 6 bytes [68, C4, DB, 1A, 00, C3]
.text C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe[3168] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 000000007647edb7 6 bytes [68, AC, DC, 1A, 00, C3]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074cf1465 2 bytes [CF, 74]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074cf14bb 2 bytes [CF, 74]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1380:2596] 000007fefb9f2a88
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1380:2588] 000007fef043c0b0
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1380:1288] 000007fef7845124
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1380:2912] 000007fef03a9e68
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1380:948] 000007fef043c0b0
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x20 0x0A 0xEF 0xB6 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x78 0x26 0x7F 0xE2 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0E 0x20 0x67 0x95 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 (null)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x20 0x0A 0xEF 0xB6 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x78 0x26 0x7F 0xE2 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0E 0x20 0x67 0x95 ...
---- EOF - GMER 2.1 ----
|
|
18.02.2013, 19:29
| #3 |
| /// Malware-holic   | BKA/GVU-Virus vollständig entfernen hi
__________________als Info, bitte antworte dir, solltest du mal wieder ein Thema erstellen, nicht selbst, denn dann ist das Thema in arbeit und du bekommst deine Antwort erst evtl. später. Poste noch die malwarebytes, combofix und sonstigen Logs. aja, und combofix und andere Remover nicht mehr auf eigene Faust einsetzen bitte.
__________________ |
WARNUNG an die MITLESER: 
Linear-Darstellung
