| |
| |||||||
Log-Analyse und Auswertung: Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.02.2013, 23:45
| #1 |
 |  Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de) Habe heute eine Email von o.g. Absender bekommen mit einer Rechnung als ZIP-Datei. War über den Rechnungsbetrag so entsetzt, dass ich den Anhang ohne zu überlegen geöffnet habe. Datei ließ sich aber nicht öffnen. Microsoft Security Essentials zeigt jetzt dauernd an, dass die Bedrohung entfernt wurde und keine weiteren Aktionen notwendig sind. Fundort file:C:\Users\Ralph\AppData\Local\Temp\{11377-4BF4E8-4BF8E8}. Ist mein Computer jetzt wieder in Ordnung? |
|
22.02.2013, 00:08
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de) Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ |
|
22.02.2013, 18:32
| #3 |
| | Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de) OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 22.02.2013 18:06:55 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Acer\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,19 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 55,49% Memory free
6,37 Gb Paging File | 4,82 Gb Available in Paging File | 75,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 293,33 Gb Total Space | 215,35 Gb Free Space | 73,41% Space Free | Partition Type: NTFS
Drive D: | 293,08 Gb Total Space | 215,70 Gb Free Space | 73,60% Space Free | Partition Type: NTFS
Computer Name: ACER-PC | User Name:*********** Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Acer\Downloads\OTL(5).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Ralph\AppData\Roaming\Kuev\hyemo.exe ()
PRC - C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
PRC - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\ba39e27ea796912fce296963622dfbae\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\12630df9abc4ebf7ff67de989b8e8123\System.Configuration.Install.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\ddbbfda715843c275166d3867d28e67a\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a0445401f2473a1aa4b66c9c0791c7f6\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\c1b67737c13c99776cde5989ec2885c8\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\dcb0e7d56ffca14d7c483103235b11ad\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e7b4706dfe18f29486dbaf5d35e01765\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\9071f089ab65d518d1bd7e8fa857a95f\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\Ralph\AppData\Roaming\Kuev\hyemo.exe ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
========== Driver Services (SafeList) ==========
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (cpuz135) -- D:\treiber und software\pc-wizard_2012.2.0\pcwiz_x64.sys (CPUID)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Acer\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = hxxp://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&userid=EB_USER_ID&ctid=CT2625848&SSPV=TB_IESB21
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE 58 79 58 C7 4B CD 01 [binary data]
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Acer\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.iminent.com/?appId=e6f5e873-ec9d-47a6-bce3-eaaef6f74c75&lcid=1031&ref=homepage
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1003\..\SearchScopes,DefaultScope = {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1003\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = hxxp://search.iminent.com/?appId=e6f5e873-ec9d-47a6-bce3-eaaef6f74c75&lcid=1031&ref=toolbox&q={searchTerms}
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..CT2625848.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.selectedEngine: "DVDVideoSoftTB DE Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2625848&SearchSource=13&CUI=SB_CUI"
FF - prefs.js..extensions.enabledAddons: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}:10.13.40.15
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q="
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.02.11 19:34:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.02 10:59:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012.06.19 12:13:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\mozilla\Extensions
[2013.02.22 17:21:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\ghp7knlq.default\extensions
[2012.12.25 16:04:17 | 000,000,000 | ---D | M] (DVDVideoSoftTB DE) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\ghp7knlq.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
[2012.12.25 16:04:28 | 000,001,064 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\mozilla\firefox\profiles\ghp7knlq.default\searchplugins\dvdvideosofttb-de-customized-web-search.xml
[2012.06.17 16:42:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.08.02 10:59:12 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.14 23:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Acer\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Acer\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-370788336-4045942230-824405379-1000\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-370788336-4045942230-824405379-1003\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1000..\Run: [ASRockIES] File not found
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1000..\Run: [ASRockOCTuner] File not found
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1003..\Run: [ljyrunnu] C:\Users\Ralph\AppData\Local\Temp\Llrn\fezqkunnu.exe ()
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1003..\Run: [mhwxelle] C:\Users\Ralph\AppData\Local\Temp\Gepy\pgkymfwelle.exe ()
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1003..\Run: [mixerd] C:\Users\Ralph\AppData\Roaming\mixerd.exe ()
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1003..\Run: [Vekiuwule] C:\Users\Ralph\AppData\Roaming\Kuev\hyemo.exe ()
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_Plugin.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{342748DA-103B-4BD7-9A8D-3A3A35BED687}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0DF9C30-4BA1-41D0-A66F-25C127C5BBFF}: DhcpNameServer = 193.189.244.225 193.189.244.206
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.02.22 17:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013.02.22 17:42:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.02.22 17:42:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.02.22 17:25:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.02.22 17:25:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.02.18 19:55:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.18 19:55:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.02.18 19:55:03 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.02.14 16:40:43 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.14 16:40:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.14 16:40:42 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.14 16:40:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.14 16:40:41 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.14 16:40:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.14 16:40:41 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.14 16:40:41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.14 16:40:40 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.14 16:40:40 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.14 16:40:40 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.14 16:40:40 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.14 16:40:38 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.14 16:40:38 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.14 16:40:38 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.14 15:53:43 | 005,500,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.14 15:53:41 | 003,957,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.14 15:53:41 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.14 15:53:33 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013.02.14 15:53:33 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.02.14 15:53:33 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013.02.14 15:53:33 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.02.14 15:53:33 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.14 15:53:32 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.02.14 15:53:32 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.14 15:53:32 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.02.14 15:53:32 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.14 15:53:32 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.14 15:53:32 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.14 15:53:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.02.14 15:53:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.02.14 15:53:31 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013.02.14 15:53:31 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.02.14 15:53:31 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.02.14 15:53:31 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.02.14 15:53:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.02.14 15:53:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.02.14 15:53:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.02.14 15:53:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.02.14 15:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.02.14 15:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.02.14 15:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.02.14 15:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.02.14 15:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.02.14 15:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.02.14 15:53:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.02.14 15:53:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.02.14 15:53:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.02.14 15:53:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.02.14 15:53:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.02.14 15:53:29 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.02.14 15:53:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.02.14 15:53:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.02.14 15:53:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.02.14 15:53:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.02.14 15:53:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.02.14 15:53:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.02.14 15:53:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.02.14 15:53:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.02.14 15:53:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.14 15:53:25 | 000,287,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.11 19:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013.02.11 19:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013.02.06 20:26:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.02.06 20:24:09 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.06 20:24:04 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.06 20:24:04 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.06 20:24:04 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
========== Files - Modified Within 30 Days ==========
[2013.02.22 17:42:54 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.02.22 17:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.22 17:14:25 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.22 17:14:25 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.22 17:09:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.22 17:09:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2013.02.22 17:09:13 | 2566,365,184 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.14 16:50:45 | 000,376,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.14 16:43:33 | 001,518,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.14 16:43:33 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.14 16:43:33 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.14 16:43:33 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.14 16:43:33 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.11 21:23:02 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.11 19:38:27 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.11 19:38:26 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.06 20:23:58 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.06 20:23:55 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.06 20:23:55 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.06 20:23:55 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.06 20:23:54 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013.02.06 20:23:54 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
========== Files Created - No Company Name ==========
[2013.02.22 17:42:54 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.02.22 17:42:54 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012.06.17 17:04:16 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.17 12:45:41 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.06.17 12:45:41 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012.01.18 05:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 05:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 05:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.02.11 19:34:32 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\DVDVideoSoft
[2013.02.11 19:34:04 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.06.16 16:54:55 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Foxit Software
[2012.06.16 16:55:32 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Iminent
[2012.08.15 13:29:16 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Lexware
[2012.06.16 16:57:15 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\MAGIX
[2012.06.16 15:33:49 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\OpenOffice.org
[2012.07.05 13:04:27 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\PhotoScape
[2013.01.22 13:53:44 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\DVDVideoSoft
[2012.07.10 14:04:19 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Foxit Software
[2012.06.16 17:57:24 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Iminent
[2012.08.17 18:06:39 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Lexware
[2012.12.03 12:31:09 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\MAGIX
[2012.06.17 15:58:35 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\OpenOffice.org
[2012.08.03 14:00:08 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\PhotoScape
[2013.02.22 09:45:34 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Bafeyz
[2012.12.25 16:11:14 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\DVDVideoSoft
[2013.02.02 20:09:58 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\FILEminimizerPictures
[2012.07.28 14:04:23 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Foxit Software
[2012.06.16 17:56:48 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Iminent
[2013.02.22 13:16:32 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Ipidy
[2013.02.22 09:45:34 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Kuev
[2012.08.16 07:49:29 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Lexware
[2012.06.20 21:01:07 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\MAGIX
[2012.06.17 14:06:15 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\OpenOffice.org
[2012.08.07 19:08:56 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\PhotoScape
========== Purity Check ==========
< End of report >
OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.02.2013 18:48:55 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Acer\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,19 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 47,59% Memory free
6,37 Gb Paging File | 4,62 Gb Available in Paging File | 72,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 293,33 Gb Total Space | 215,34 Gb Free Space | 73,41% Space Free | Partition Type: NTFS
Drive D: | 293,08 Gb Total Space | 215,70 Gb Free Space | 73,60% Space Free | Partition Type: NTFS
Computer Name: ACER-PC | User Name: Acer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-370788336-4045942230-824405379-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Users\Ralph\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0102FE8B-254B-40D5-9D7F-FFC79D9A0423}" = lport=10243 | protocol=6 | dir=in | app=system |
"{030F8F94-1BFC-4060-B0D7-9773B22D9D9C}" = lport=138 | protocol=17 | dir=in | app=system |
"{1B5B6CBA-3A90-4582-9089-F332C8F7FB5E}" = lport=137 | protocol=17 | dir=in | app=system |
"{1F2191F4-8B8C-40A1-BDD4-D0210C5644B1}" = lport=139 | protocol=6 | dir=in | app=system |
"{1FE81CE1-7D45-4863-977E-4F56A59BD922}" = rport=138 | protocol=17 | dir=out | app=system |
"{23343BD9-7F28-4BD8-9B71-2DA5DF98FC99}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2C4D9537-42B2-41A0-A540-F00B0D478D8B}" = rport=139 | protocol=6 | dir=out | app=system |
"{45D77A20-079E-4CFF-95E3-F6D531B2357A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{546471DB-116B-43F9-8C9A-163D9F3AA182}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7567F652-9642-4F0D-A27E-2117E02113AF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{76D5E7E9-1522-4AE1-92CB-1100F719D8E1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{843E6327-1BF1-4E4C-8F24-243078861A89}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9443823F-99D8-4B01-9AF7-2EA257236E53}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AD60B028-B1C7-4E0C-8499-0745BF8593DD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CE666B1D-2997-4481-86C3-5BB39A866F68}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E10A967C-2CAA-4ED0-B532-69ABC9164691}" = rport=445 | protocol=6 | dir=out | app=system |
"{E31E9FBF-DC08-4056-A755-048C26749213}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E48E4404-CA9B-4B50-82FB-643DEE564E48}" = lport=445 | protocol=6 | dir=in | app=system |
"{EC738DD2-8E7D-4443-A517-AC4466EA61AD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FB9D9FA6-1CB2-4F28-8A0B-927DD02375A8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FBF73F83-EE14-4ED0-AB08-60D4603159D8}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C929B62-EBAD-447B-9C10-8EE1ED7176DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1050FC65-D7E4-4740-96BB-F7271D20570D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{15514EFE-1234-438D-9616-022E5B0FA596}" = protocol=6 | dir=out | app=system |
"{1B8B3054-CA7B-40B5-8469-FE9BC55449CD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{254870A2-465F-4720-920A-CF8CEA628189}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{385D6BCB-099E-45C4-9A3E-FC0369EF956A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{40ECCEF8-F147-45C1-AAD7-8F25512F5E60}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{471EA1DA-DEB0-496E-A84D-07EF756AEE5B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{4CDFB222-B31A-47B9-AF5E-9C578BE429A4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4D4309E0-5886-4C60-BE07-978110C24B06}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5AE6AA16-D4F1-4B21-AA9A-A264CBAE9171}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{640DB87C-F0F9-4803-B308-67B4C0924A30}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6ECB6A22-94E7-4442-BFFD-145EDC05B7CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8A7177CD-FD0E-4F8A-9752-7DD435895C44}" = dir=in | app=c:\program files (x86)\iminent\iminent.exe |
"{8E2ED69D-9376-4CF0-AAA2-00E2E7418A7B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{940ACFE7-2CCF-4EF1-9D4B-8E2DFEBE5942}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A0EE29E8-5CB4-4F91-9D09-B48E99E5CA72}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AF4876BD-911B-4FF7-BE80-47D7C62ED40B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B27E2BD6-5348-4737-82CC-B68B71C28D57}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B47FC13D-21E4-42A2-9645-D7FE79D25A78}" = dir=in | app=c:\program files (x86)\iminent\iminent.messengers.exe |
"{BBB45D23-12FA-4993-8E08-4C2F27B488A3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BEA9861C-F3C7-477A-97AA-00DE0008C104}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C551BFB8-DD01-4C9D-9975-BA57C1D86103}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CFE55414-B6AD-4AD9-A7CE-9A7AD5B33B15}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DBAB3F01-A59E-4E15-AAEE-2181323F5650}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DDDBD26D-603D-435A-B7E0-B19B67CF8562}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E70B622F-ED5E-4409-8070-9FD5C136F25D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EF4A51AB-00CD-4F06-9C08-887B215F84CD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{CC4739AF-8724-4CD0-B8F5-DE4AA2DCC808}C:\users\ralph\appdata\roaming\kuev\hyemo.exe" = protocol=6 | dir=in | app=c:\users\ralph\appdata\roaming\kuev\hyemo.exe |
"UDP Query User{BEFDAACB-2D02-4E1F-9904-6E9D3D83D832}C:\users\ralph\appdata\roaming\kuev\hyemo.exe" = protocol=17 | dir=in | app=c:\users\ralph\appdata\roaming\kuev\hyemo.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FE89496-456F-4689-9FFE-41AA127B70B3}" = MAGIX Music Maker Silver
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{39AF5C9F-9673-438F-BBF9-47690B989F7F}" = QuickSteuer 2012
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}" = IMinent Toolbar
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D366D527-EE72-42C2-80BC-531BB30D924A}" = MAGIX Photo Manager 10
"{E3CDAAD3-F806-4F2A-BACF-487AD2E5B3EB}" = QuickSteuer 2011
"{E80714D0-951E-4B4F-8716-F24C9CCC27C9}" = CK Gruß- und Einladungskarten Designer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F7538994-FA9A-41AC-A390-808A6E26B971}" = MAGIX Screenshare
"{F7CF0E9A-D48B-4942-9537-259ED0568DF4}" = Iminent
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASRock IES_is1" = ASRock IES v2.0.8
"ASRock OC Tuner_is1" = ASRock OC Tuner v2.2.93
"FILEminimizer Pictures_is1" = FILEminimizer Pictures
"Foxit Reader_is1" = Foxit Reader
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"IMBoosterARP" = Iminent
"MAGIX_MSI_Foto_Manager_10" = MAGIX Photo Manager 10
"MAGIX_MSI_mm17_silver" = MAGIX Music Maker Silver
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PhotoCardMaker_is1" = PhotoCardMaker 1.0.2
"PhotoScape" = PhotoScape
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CT2625848" = DVDVideoSoftTB DE Toolbar
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-370788336-4045942230-824405379-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.02.2013 12:15:45 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
Zeitstempel: 0x5000b729 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00a7000a ID des fehlerhaften
Prozesses: 0xf44 Startzeit der fehlerhaften Anwendung: 0x01ce1117de6f4cf7 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 1c4214ec-7d0b-11e2-baf8-002522e80768
Error - 22.02.2013 12:17:05 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
Zeitstempel: 0x5000b729 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x05a3000a ID des fehlerhaften
Prozesses: 0xb70 Startzeit der fehlerhaften Anwendung: 0x01ce11180d832bdc Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 4c122797-7d0b-11e2-baf8-002522e80768
Error - 22.02.2013 12:17:10 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
Zeitstempel: 0x5000b729 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x02ca000a ID des fehlerhaften
Prozesses: 0xb64 Startzeit der fehlerhaften Anwendung: 0x01ce111810def1d0 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 4f10f0d1-7d0b-11e2-baf8-002522e80768
Error - 22.02.2013 12:28:17 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
Zeitstempel: 0x5000b729 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00b5000a ID des fehlerhaften
Prozesses: 0x11a8 Startzeit der fehlerhaften Anwendung: 0x01ce11199df657c6 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: dcab4275-7d0c-11e2-baf8-002522e80768
Error - 22.02.2013 12:29:07 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
Zeitstempel: 0x5000b729 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x04d3000a ID des fehlerhaften
Prozesses: 0x268 Startzeit der fehlerhaften Anwendung: 0x01ce1119bac42b6f Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: fa45f386-7d0c-11e2-baf8-002522e80768
Error - 22.02.2013 12:31:39 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
Zeitstempel: 0x5000b729 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x030e000a ID des fehlerhaften
Prozesses: 0x102c Startzeit der fehlerhaften Anwendung: 0x01ce111a144a3601 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 551241ae-7d0d-11e2-baf8-002522e80768
Error - 22.02.2013 12:35:03 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
Zeitstempel: 0x5000b729 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x04d2000a ID des fehlerhaften
Prozesses: 0x474 Startzeit der fehlerhaften Anwendung: 0x01ce111a8eeb9623 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: cea8e0a1-7d0d-11e2-baf8-002522e80768
Error - 22.02.2013 12:57:20 | Computer Name = Acer-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 14.0.1.4577 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 12b8 Startzeit:
01ce111b04790e01 Endzeit: 130 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
e30db135-7d10-11e2-baf8-002522e80768
Error - 22.02.2013 12:58:26 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
Zeitstempel: 0x5000b729 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x04ed000a ID des fehlerhaften
Prozesses: 0xc50 Startzeit der fehlerhaften Anwendung: 0x01ce111dd404eb4d Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 12562a52-7d11-11e2-baf8-002522e80768
Error - 22.02.2013 13:04:42 | Computer Name = Acer-PC | Source = Application Hang | ID = 1002
Description = Programm OTL(4).exe, Version 3.2.69.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: aa4 Startzeit:
01ce111e01eb7d3b Endzeit: 4 Anwendungspfad: C:\Users\Acer\Downloads\OTL(4).exe Berichts-ID:
[ System Events ]
Error - 26.09.2012 11:36:46 | Computer Name = Acer-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 26.09.2012 11:36:47 | Computer Name = Acer-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 24.10.2012 15:29:58 | Computer Name = Acer-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst lmhosts erreicht.
Error - 17.11.2012 15:06:09 | Computer Name = Acer-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.139.2168.0 Aktualisierungsquelle:
%%859 Aktualisierungsphase: %%854 Quellpfad: Microsoft Deutschland | Geräte und Dienste Signaturtyp:
%%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion:
Vorherige Modulversion: 1.1.8904.0 Fehlercode: 0x80070643 Fehlerbeschreibung: Schwerwiegender
Fehler bei der Installation.
Error - 17.11.2012 15:06:14 | Computer Name = Acer-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Definitionsupdate für Microsoft Security Essentials
– KB2310138 (Definition 1.139.2310.0)
Error - 17.11.2012 15:06:56 | Computer Name = Acer-PC | Source = WMPNetworkSvc | ID = 866333
Description =
Error - 25.11.2012 14:07:26 | Computer Name = Acer-PC | Source = WMPNetworkSvc | ID = 866333
Description =
Error - 03.12.2012 13:28:32 | Computer Name = Acer-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 03.12.2012 13:28:41 | Computer Name = Acer-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 03.12.2012 13:29:41 | Computer Name = Acer-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Apple Mobile Device" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
ist fehlgeschlagen. Fehler: %%1056
< End of report >
OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.02.2013 18:48:55 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Acer\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,19 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 47,59% Memory free
6,37 Gb Paging File | 4,62 Gb Available in Paging File | 72,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 293,33 Gb Total Space | 215,34 Gb Free Space | 73,41% Space Free | Partition Type: NTFS
Drive D: | 293,08 Gb Total Space | 215,70 Gb Free Space | 73,60% Space Free | Partition Type: NTFS
Computer Name: ACER-PC | User Name: Acer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-370788336-4045942230-824405379-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Users\Ralph\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0102FE8B-254B-40D5-9D7F-FFC79D9A0423}" = lport=10243 | protocol=6 | dir=in | app=system |
"{030F8F94-1BFC-4060-B0D7-9773B22D9D9C}" = lport=138 | protocol=17 | dir=in | app=system |
"{1B5B6CBA-3A90-4582-9089-F332C8F7FB5E}" = lport=137 | protocol=17 | dir=in | app=system |
"{1F2191F4-8B8C-40A1-BDD4-D0210C5644B1}" = lport=139 | protocol=6 | dir=in | app=system |
"{1FE81CE1-7D45-4863-977E-4F56A59BD922}" = rport=138 | protocol=17 | dir=out | app=system |
"{23343BD9-7F28-4BD8-9B71-2DA5DF98FC99}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2C4D9537-42B2-41A0-A540-F00B0D478D8B}" = rport=139 | protocol=6 | dir=out | app=system |
"{45D77A20-079E-4CFF-95E3-F6D531B2357A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{546471DB-116B-43F9-8C9A-163D9F3AA182}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7567F652-9642-4F0D-A27E-2117E02113AF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{76D5E7E9-1522-4AE1-92CB-1100F719D8E1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{843E6327-1BF1-4E4C-8F24-243078861A89}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9443823F-99D8-4B01-9AF7-2EA257236E53}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AD60B028-B1C7-4E0C-8499-0745BF8593DD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CE666B1D-2997-4481-86C3-5BB39A866F68}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E10A967C-2CAA-4ED0-B532-69ABC9164691}" = rport=445 | protocol=6 | dir=out | app=system |
"{E31E9FBF-DC08-4056-A755-048C26749213}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E48E4404-CA9B-4B50-82FB-643DEE564E48}" = lport=445 | protocol=6 | dir=in | app=system |
"{EC738DD2-8E7D-4443-A517-AC4466EA61AD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FB9D9FA6-1CB2-4F28-8A0B-927DD02375A8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FBF73F83-EE14-4ED0-AB08-60D4603159D8}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C929B62-EBAD-447B-9C10-8EE1ED7176DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1050FC65-D7E4-4740-96BB-F7271D20570D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{15514EFE-1234-438D-9616-022E5B0FA596}" = protocol=6 | dir=out | app=system |
"{1B8B3054-CA7B-40B5-8469-FE9BC55449CD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{254870A2-465F-4720-920A-CF8CEA628189}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{385D6BCB-099E-45C4-9A3E-FC0369EF956A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{40ECCEF8-F147-45C1-AAD7-8F25512F5E60}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{471EA1DA-DEB0-496E-A84D-07EF756AEE5B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{4CDFB222-B31A-47B9-AF5E-9C578BE429A4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4D4309E0-5886-4C60-BE07-978110C24B06}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5AE6AA16-D4F1-4B21-AA9A-A264CBAE9171}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{640DB87C-F0F9-4803-B308-67B4C0924A30}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6ECB6A22-94E7-4442-BFFD-145EDC05B7CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8A7177CD-FD0E-4F8A-9752-7DD435895C44}" = dir=in | app=c:\program files (x86)\iminent\iminent.exe |
"{8E2ED69D-9376-4CF0-AAA2-00E2E7418A7B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{940ACFE7-2CCF-4EF1-9D4B-8E2DFEBE5942}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A0EE29E8-5CB4-4F91-9D09-B48E99E5CA72}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AF4876BD-911B-4FF7-BE80-47D7C62ED40B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B27E2BD6-5348-4737-82CC-B68B71C28D57}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B47FC13D-21E4-42A2-9645-D7FE79D25A78}" = dir=in | app=c:\program files (x86)\iminent\iminent.messengers.exe |
"{BBB45D23-12FA-4993-8E08-4C2F27B488A3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BEA9861C-F3C7-477A-97AA-00DE0008C104}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C551BFB8-DD01-4C9D-9975-BA57C1D86103}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CFE55414-B6AD-4AD9-A7CE-9A7AD5B33B15}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DBAB3F01-A59E-4E15-AAEE-2181323F5650}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DDDBD26D-603D-435A-B7E0-B19B67CF8562}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E70B622F-ED5E-4409-8070-9FD5C136F25D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EF4A51AB-00CD-4F06-9C08-887B215F84CD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{CC4739AF-8724-4CD0-B8F5-DE4AA2DCC808}C:\users\ralph\appdata\roaming\kuev\hyemo.exe" = protocol=6 | dir=in | app=c:\users\ralph\appdata\roaming\kuev\hyemo.exe |
"UDP Query User{BEFDAACB-2D02-4E1F-9904-6E9D3D83D832}C:\users\ralph\appdata\roaming\kuev\hyemo.exe" = protocol=17 | dir=in | app=c:\users\ralph\appdata\roaming\kuev\hyemo.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FE89496-456F-4689-9FFE-41AA127B70B3}" = MAGIX Music Maker Silver
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{39AF5C9F-9673-438F-BBF9-47690B989F7F}" = QuickSteuer 2012
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}" = IMinent Toolbar
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D366D527-EE72-42C2-80BC-531BB30D924A}" = MAGIX Photo Manager 10
"{E3CDAAD3-F806-4F2A-BACF-487AD2E5B3EB}" = QuickSteuer 2011
"{E80714D0-951E-4B4F-8716-F24C9CCC27C9}" = CK Gruß- und Einladungskarten Designer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F7538994-FA9A-41AC-A390-808A6E26B971}" = MAGIX Screenshare
"{F7CF0E9A-D48B-4942-9537-259ED0568DF4}" = Iminent
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASRock IES_is1" = ASRock IES v2.0.8
"ASRock OC Tuner_is1" = ASRock OC Tuner v2.2.93
"FILEminimizer Pictures_is1" = FILEminimizer Pictures
"Foxit Reader_is1" = Foxit Reader
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"IMBoosterARP" = Iminent
"MAGIX_MSI_Foto_Manager_10" = MAGIX Photo Manager 10
"MAGIX_MSI_mm17_silver" = MAGIX Music Maker Silver
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PhotoCardMaker_is1" = PhotoCardMaker 1.0.2
"PhotoScape" = PhotoScape
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CT2625848" = DVDVideoSoftTB DE Toolbar
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-370788336-4045942230-824405379-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.02.2013 12:15:45 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
Zeitstempel: 0x5000b729 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00a7000a ID des fehlerhaften
Prozesses: 0xf44 Startzeit der fehlerhaften Anwendung: 0x01ce1117de6f4cf7 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 1c4214ec-7d0b-11e2-baf8-002522e80768
Error - 22.02.2013 12:17:05 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
Zeitstempel: 0x5000b729 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x05a3000a ID des fehlerhaften
Prozesses: 0xb70 Startzeit der fehlerhaften Anwendung: 0x01ce11180d832bdc Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 4c122797-7d0b-11e2-baf8-002522e80768
Error - 22.02.2013 12:17:10 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
Zeitstempel: 0x5000b729 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x02ca000a ID des fehlerhaften
Prozesses: 0xb64 Startzeit der fehlerhaften Anwendung: 0x01ce111810def1d0 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 4f10f0d1-7d0b-11e2-baf8-002522e80768
Error - 22.02.2013 12:28:17 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
Zeitstempel: 0x5000b729 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00b5000a ID des fehlerhaften
Prozesses: 0x11a8 Startzeit der fehlerhaften Anwendung: 0x01ce11199df657c6 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: dcab4275-7d0c-11e2-baf8-002522e80768
Error - 22.02.2013 12:29:07 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
Zeitstempel: 0x5000b729 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x04d3000a ID des fehlerhaften
Prozesses: 0x268 Startzeit der fehlerhaften Anwendung: 0x01ce1119bac42b6f Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: fa45f386-7d0c-11e2-baf8-002522e80768
Error - 22.02.2013 12:31:39 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
Zeitstempel: 0x5000b729 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x030e000a ID des fehlerhaften
Prozesses: 0x102c Startzeit der fehlerhaften Anwendung: 0x01ce111a144a3601 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 551241ae-7d0d-11e2-baf8-002522e80768
Error - 22.02.2013 12:35:03 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
Zeitstempel: 0x5000b729 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x04d2000a ID des fehlerhaften
Prozesses: 0x474 Startzeit der fehlerhaften Anwendung: 0x01ce111a8eeb9623 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: cea8e0a1-7d0d-11e2-baf8-002522e80768
Error - 22.02.2013 12:57:20 | Computer Name = Acer-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 14.0.1.4577 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 12b8 Startzeit:
01ce111b04790e01 Endzeit: 130 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
e30db135-7d10-11e2-baf8-002522e80768
Error - 22.02.2013 12:58:26 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
Zeitstempel: 0x5000b729 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x04ed000a ID des fehlerhaften
Prozesses: 0xc50 Startzeit der fehlerhaften Anwendung: 0x01ce111dd404eb4d Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 12562a52-7d11-11e2-baf8-002522e80768
Error - 22.02.2013 13:04:42 | Computer Name = Acer-PC | Source = Application Hang | ID = 1002
Description = Programm OTL(4).exe, Version 3.2.69.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: aa4 Startzeit:
01ce111e01eb7d3b Endzeit: 4 Anwendungspfad: C:\Users\Acer\Downloads\OTL(4).exe Berichts-ID:
[ System Events ]
Error - 26.09.2012 11:36:46 | Computer Name = Acer-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 26.09.2012 11:36:47 | Computer Name = Acer-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 24.10.2012 15:29:58 | Computer Name = Acer-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst lmhosts erreicht.
Error - 17.11.2012 15:06:09 | Computer Name = Acer-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.139.2168.0 Aktualisierungsquelle:
%%859 Aktualisierungsphase: %%854 Quellpfad: Microsoft Deutschland | Geräte und Dienste Signaturtyp:
%%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion:
Vorherige Modulversion: 1.1.8904.0 Fehlercode: 0x80070643 Fehlerbeschreibung: Schwerwiegender
Fehler bei der Installation.
Error - 17.11.2012 15:06:14 | Computer Name = Acer-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Definitionsupdate für Microsoft Security Essentials
– KB2310138 (Definition 1.139.2310.0)
Error - 17.11.2012 15:06:56 | Computer Name = Acer-PC | Source = WMPNetworkSvc | ID = 866333
Description =
Error - 25.11.2012 14:07:26 | Computer Name = Acer-PC | Source = WMPNetworkSvc | ID = 866333
Description =
Error - 03.12.2012 13:28:32 | Computer Name = Acer-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 03.12.2012 13:28:41 | Computer Name = Acer-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 03.12.2012 13:29:41 | Computer Name = Acer-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Apple Mobile Device" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
ist fehlgeschlagen. Fehler: %%1056
< End of report >
|
|
22.02.2013, 18:57
| #4 |
| | Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de) OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.02.2013 18:48:55 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Acer\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,19 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 47,59% Memory free
6,37 Gb Paging File | 4,62 Gb Available in Paging File | 72,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 293,33 Gb Total Space | 215,34 Gb Free Space | 73,41% Space Free | Partition Type: NTFS
Drive D: | 293,08 Gb Total Space | 215,70 Gb Free Space | 73,60% Space Free | Partition Type: NTFS
Computer Name: ACER-PC | User Name: Acer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Acer\Downloads\OTL(5).exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Ralph\AppData\Roaming\Kuev\hyemo.exe ()
PRC - C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
PRC - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\ba39e27ea796912fce296963622dfbae\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\12630df9abc4ebf7ff67de989b8e8123\System.Configuration.Install.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\ddbbfda715843c275166d3867d28e67a\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a0445401f2473a1aa4b66c9c0791c7f6\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\c1b67737c13c99776cde5989ec2885c8\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\dcb0e7d56ffca14d7c483103235b11ad\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e7b4706dfe18f29486dbaf5d35e01765\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\9071f089ab65d518d1bd7e8fa857a95f\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\Ralph\AppData\Roaming\Kuev\hyemo.exe ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
========== Driver Services (SafeList) ==========
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (cpuz135) -- D:\treiber und software\pc-wizard_2012.2.0\pcwiz_x64.sys (CPUID)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Acer\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = hxxp://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Suche
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE 58 79 58 C7 4B CD 01 [binary data]
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Acer\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.iminent.com/?appId=e6f5e873-ec9d-47a6-bce3-eaaef6f74c75&lcid=1031&ref=homepage
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1003\..\SearchScopes,DefaultScope = {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1003\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = hxxp://search.iminent.com/?appId=e6f5e873-ec9d-47a6-bce3-eaaef6f74c75&lcid=1031&ref=toolbox&q={searchTerms}
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..CT2625848.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.selectedEngine: "DVDVideoSoftTB DE Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2625848&SearchSource=13&CUI=SB_CUI"
FF - prefs.js..extensions.enabledAddons: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}:10.13.40.15
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q="
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.02.11 19:34:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.02 10:59:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012.06.19 12:13:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\mozilla\Extensions
[2013.02.22 17:21:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\ghp7knlq.default\extensions
[2012.12.25 16:04:17 | 000,000,000 | ---D | M] (DVDVideoSoftTB DE) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\ghp7knlq.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
[2012.12.25 16:04:28 | 000,001,064 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\mozilla\firefox\profiles\ghp7knlq.default\searchplugins\dvdvideosofttb-de-customized-web-search.xml
[2012.06.17 16:42:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.08.02 10:59:12 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.14 23:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Acer\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Acer\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-370788336-4045942230-824405379-1000\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-370788336-4045942230-824405379-1003\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1000..\Run: [ASRockIES] File not found
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1000..\Run: [ASRockOCTuner] File not found
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1003..\Run: [ljyrunnu] C:\Users\Ralph\AppData\Local\Temp\Llrn\fezqkunnu.exe ()
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1003..\Run: [mhwxelle] C:\Users\Ralph\AppData\Local\Temp\Gepy\pgkymfwelle.exe ()
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1003..\Run: [mixerd] C:\Users\Ralph\AppData\Roaming\mixerd.exe ()
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1003..\Run: [Vekiuwule] C:\Users\Ralph\AppData\Roaming\Kuev\hyemo.exe ()
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_Plugin.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{342748DA-103B-4BD7-9A8D-3A3A35BED687}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0DF9C30-4BA1-41D0-A66F-25C127C5BBFF}: DhcpNameServer = 193.189.244.225 193.189.244.206
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.02.22 17:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013.02.22 17:42:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.02.22 17:42:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.02.22 17:25:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.02.22 17:25:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.02.18 19:55:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.18 19:55:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.02.18 19:55:03 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.02.14 16:40:43 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.14 16:40:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.14 16:40:42 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.14 16:40:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.14 16:40:41 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.14 16:40:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.14 16:40:41 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.14 16:40:41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.14 16:40:40 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.14 16:40:40 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.14 16:40:40 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.14 16:40:40 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.14 16:40:38 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.14 16:40:38 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.14 16:40:38 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.14 15:53:43 | 005,500,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.14 15:53:41 | 003,957,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.14 15:53:41 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.14 15:53:33 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013.02.14 15:53:33 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.02.14 15:53:33 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013.02.14 15:53:33 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.02.14 15:53:33 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.14 15:53:32 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.02.14 15:53:32 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.14 15:53:32 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.02.14 15:53:32 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.14 15:53:32 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.14 15:53:32 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.14 15:53:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.02.14 15:53:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.02.14 15:53:31 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013.02.14 15:53:31 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.02.14 15:53:31 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.02.14 15:53:31 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.02.14 15:53:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.02.14 15:53:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.02.14 15:53:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.02.14 15:53:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.02.14 15:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.02.14 15:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.02.14 15:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.02.14 15:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.02.14 15:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.02.14 15:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.02.14 15:53:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.02.14 15:53:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.02.14 15:53:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.02.14 15:53:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.02.14 15:53:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.02.14 15:53:29 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.02.14 15:53:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.02.14 15:53:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.02.14 15:53:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.02.14 15:53:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.02.14 15:53:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.02.14 15:53:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.02.14 15:53:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.02.14 15:53:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.02.14 15:53:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.14 15:53:25 | 000,287,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.11 19:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013.02.11 19:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013.02.06 20:26:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.02.06 20:24:09 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.06 20:24:04 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.06 20:24:04 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.06 20:24:04 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
========== Files - Modified Within 30 Days ==========
[2013.02.22 18:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.22 17:42:54 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.02.22 17:14:25 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.22 17:14:25 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.22 17:09:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.22 17:09:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2013.02.22 17:09:13 | 2566,365,184 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.14 16:50:45 | 000,376,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.14 16:43:33 | 001,518,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.14 16:43:33 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.14 16:43:33 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.14 16:43:33 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.14 16:43:33 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.11 21:23:02 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.11 19:38:27 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.11 19:38:26 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.06 20:23:58 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.06 20:23:55 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.06 20:23:55 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.06 20:23:55 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.06 20:23:54 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013.02.06 20:23:54 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
========== Files Created - No Company Name ==========
[2013.02.22 17:42:54 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.02.22 17:42:54 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012.06.17 17:04:16 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.17 12:45:41 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.06.17 12:45:41 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012.01.18 05:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 05:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 05:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.02.11 19:34:32 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\DVDVideoSoft
[2013.02.11 19:34:04 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.06.16 16:54:55 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Foxit Software
[2012.06.16 16:55:32 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Iminent
[2012.08.15 13:29:16 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Lexware
[2012.06.16 16:57:15 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\MAGIX
[2012.06.16 15:33:49 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\OpenOffice.org
[2012.07.05 13:04:27 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\PhotoScape
[2013.01.22 13:53:44 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\DVDVideoSoft
[2012.07.10 14:04:19 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Foxit Software
[2012.06.16 17:57:24 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Iminent
[2012.08.17 18:06:39 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Lexware
[2012.12.03 12:31:09 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\MAGIX
[2012.06.17 15:58:35 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\OpenOffice.org
[2012.08.03 14:00:08 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\PhotoScape
[2013.02.22 09:45:34 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Bafeyz
[2012.12.25 16:11:14 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\DVDVideoSoft
[2013.02.02 20:09:58 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\FILEminimizerPictures
[2012.07.28 14:04:23 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Foxit Software
[2012.06.16 17:56:48 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Iminent
[2013.02.22 13:16:32 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Ipidy
[2013.02.22 09:45:34 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Kuev
[2012.08.16 07:49:29 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Lexware
[2012.06.20 21:01:07 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\MAGIX
[2012.06.17 14:06:15 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\OpenOffice.org
[2012.08.07 19:08:56 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\PhotoScape
========== Purity Check ==========
< End of report >
Sorry, falls ich etwas doppelt gemacht habe, bin leider nur Buchhalterin und computertechnisch nicht so bewandert. Ist keine böse Absicht |
|
22.02.2013, 22:51
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de) Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner? Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus. Anleitung MBAR: Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
23.02.2013, 00:43
| #6 |
| | Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de) Vielen Dankk für deine schnelle Antwort. Es handelt sich um meinen privaten Computer zu Hause. Habe im Moment Probleme mit Modzilla Firefox. Kann nur im abgesicherten Modus arbeiten. Beim Starten des Computers erscheint jetzt immer eine Fehlermeldung: fezqkunnu.exe Anwendungsfehler: Die Anwendung konnte nicht korrekt gestartet werden (0xc0000018). Klicken Sie auf "OK", um die Anwendung zu schließen: |
|
23.02.2013, 01:00
| #7 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de)Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.02.2013, 02:43
| #8 |
| | Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de) ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000770208ac 4 bytes [68, 93, 5C, 17] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 00000000770208b1 1 byte [C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007703260d 6 bytes [68, D6, FC, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007703c4aa 6 bytes [68, BE, 5D, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077042a93 6 bytes [68, 1C, FD, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077064170 6 bytes [68, 62, FD, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007706e6b5 6 bytes [68, A8, FD, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000074e832f2 6 bytes [68, 27, 60, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000074e8734e 6 bytes [68, E6, 5F, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetDC 0000000076177246 4 bytes [68, FA, B0, 16] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetDC + 5 000000007617724b 1 byte [C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007617730e 6 bytes [68, 78, B1, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000761779d8 4 bytes [68, 39, B1, 16] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000761779dd 1 byte [C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076177d79 6 bytes [68, 2C, B8, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076177e92 6 bytes [68, 37, 5B, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007617811b 6 bytes [68, 5F, 5B, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076178bd6 6 bytes [68, DA, FF, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076179ed3 6 bytes [68, 74, 00, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007617dd6d 6 bytes [68, C6, 00, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076180112 6 bytes [68, 87, 5B, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076180abb 6 bytes [68, 0C, FF, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076180e0d 6 bytes [68, 6A, 59, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076180e9a 4 bytes [68, 5F, B0, 16] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000076180e9f 1 byte [C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076180eba 4 bytes [68, EF, AF, 16] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000076180ebf 1 byte [C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076182bc7 6 bytes [68, 38, 59, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076182dbd 6 bytes [68, 98, 5A, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076182ec4 6 bytes [68, 48, 5A, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076182ed1 4 bytes [68, EE, 59, 17] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000076182ed6 1 byte [C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076183001 4 bytes [68, 9F, B0, 16] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000076183006 1 byte [C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076184b80 6 bytes [68, 27, 00, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076187af4 6 bytes [68, 55, FF, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007618808f 6 bytes [68, 37, FE, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000761881e0 6 bytes [68, C6, FE, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076188632 6 bytes [68, EE, FD, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076188807 6 bytes [68, 80, FE, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007619ed58 6 bytes [68, B2, 5B, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007619f1fe 6 bytes [68, 4B, B2, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetUpdateRect 00000000761a011b 6 bytes [68, B8, B1, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000761b97e4 6 bytes [68, B8, FC, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000761b9c8d 6 bytes [68, B1, 59, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000761b9f3b 6 bytes [68, DB, B9, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761d895b 4 bytes [68, 68, FC, 16] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 00000000761d8960 1 byte [C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 00000000764fbbdb 6 bytes [68, A4, 60, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000765314fd 6 bytes [68, 8D, 60, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000074b53bed 6 bytes [68, D4, 06, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000074b56737 6 bytes [68, E5, 02, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000074b568a7 6 bytes [68, 2D, 07, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WS2_32.dll!send 0000000074b5c4c8 6 bytes [68, 0C, 07, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000074b67133 6 bytes [68, 75, 02, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000747e12b0 6 bytes [68, 51, 5C, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000074bfc664 6 bytes [68, 76, 72, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000074bfe13a 6 bytes [68, 16, 74, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000074bff8d8 6 bytes [68, E3, 72, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000074c03184 6 bytes [68, EA, 73, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000074c25761 6 bytes [68, B8, 6F, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000074c25fef 6 bytes [68, 74, 6F, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000074c2632d 6 bytes [68, FC, 6F, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000074c2fa49 6 bytes [68, 11, 73, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000074c3f564 6 bytes [68, A6, 70, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000074c3f639 6 bytes [68, E0, 71, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000074c54f2f 6 bytes [68, 90, 73, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000074c5525a 6 bytes [68, 51, 70, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000074c9ece5 6 bytes [68, 43, 71, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000074c9edb7 6 bytes [68, 2B, 72, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000770208ac 6 bytes [68, 93, 5C, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007703260d 6 bytes [68, D6, FC, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007703c4aa 6 bytes [68, BE, 5D, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077042a93 6 bytes [68, 1C, FD, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077064170 6 bytes [68, 62, FD, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007706e6b5 6 bytes [68, A8, FD, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000074e832f2 6 bytes [68, 27, 60, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000074e8734e 6 bytes [68, E6, 5F, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetDC 0000000076177246 6 bytes [68, FA, B0, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007617730e 6 bytes [68, 78, B1, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000761779d8 6 bytes [68, 39, B1, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076177d79 6 bytes [68, 2C, B8, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076177e92 6 bytes [68, 37, 5B, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007617811b 6 bytes [68, 5F, 5B, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076178bd6 6 bytes [68, DA, FF, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076179ed3 6 bytes [68, 74, 00, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007617dd6d 6 bytes [68, C6, 00, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076180112 6 bytes [68, 87, 5B, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076180abb 6 bytes [68, 0C, FF, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076180e0d 6 bytes [68, 6A, 59, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076180e9a 6 bytes [68, 5F, B0, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076180eba 6 bytes [68, EF, AF, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076182bc7 6 bytes [68, 38, 59, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076182dbd 6 bytes [68, 98, 5A, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076182ec4 6 bytes [68, 48, 5A, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076182ed1 6 bytes [68, EE, 59, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076183001 6 bytes [68, 9F, B0, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076184b80 6 bytes [68, 27, 00, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076187af4 6 bytes [68, 55, FF, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007618808f 6 bytes [68, 37, FE, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000761881e0 6 bytes [68, C6, FE, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076188632 6 bytes [68, EE, FD, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076188807 6 bytes [68, 80, FE, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007619ed58 6 bytes [68, B2, 5B, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007619f1fe 6 bytes [68, 4B, B2, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetUpdateRect 00000000761a011b 6 bytes [68, B8, B1, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000761b97e4 6 bytes [68, B8, FC, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000761b9c8d 6 bytes [68, B1, 59, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000761b9f3b 6 bytes [68, DB, B9, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761d895b 6 bytes [68, 68, FC, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 00000000764fbbdb 6 bytes [68, A4, 60, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000765314fd 6 bytes [68, 8D, 60, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000074b53bed 6 bytes [68, D4, 06, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000074b56737 6 bytes [68, E5, 02, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000074b568a7 6 bytes [68, 2D, 07, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WS2_32.dll!send 0000000074b5c4c8 6 bytes [68, 0C, 07, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000074b67133 6 bytes [68, 75, 02, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fd1465 2 bytes [FD, 76] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fd14bb 2 bytes [FD, 76] .text ... * 2 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000747e12b0 6 bytes [68, 51, 5C, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000074bfc664 6 bytes [68, 76, 72, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000074bfe13a 6 bytes [68, 16, 74, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000074bff8d8 6 bytes [68, E3, 72, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000074c03184 6 bytes [68, EA, 73, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000074c25761 6 bytes [68, B8, 6F, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000074c25fef 6 bytes [68, 74, 6F, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000074c2632d 6 bytes [68, FC, 6F, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000074c2fa49 6 bytes [68, 11, 73, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000074c3f564 6 bytes [68, A6, 70, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000074c3f639 6 bytes [68, E0, 71, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000074c54f2f 6 bytes [68, 90, 73, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000074c5525a 6 bytes [68, 51, 70, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000074c9ece5 6 bytes [68, 43, 71, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000074c9edb7 6 bytes [68, 2B, 72, 34, 05, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000770208ac 6 bytes [68, 93, 5C, 1B, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007703260d 6 bytes [68, D6, FC, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007703c4aa 6 bytes [68, BE, 5D, 1B, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077042a93 6 bytes [68, 1C, FD, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077064170 6 bytes [68, 62, FD, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007706e6b5 6 bytes [68, A8, FD, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\KERNEL32.dll!GetFileAttributesExW 0000000074e832f2 6 bytes [68, 27, 60, 1B, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\KERNEL32.dll!ExitProcess 0000000074e8734e 6 bytes [68, E6, 5F, 1B, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetDC 0000000076177246 6 bytes [68, FA, B0, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007617730e 6 bytes [68, 78, B1, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000761779d8 6 bytes [68, 39, B1, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076177d79 6 bytes [68, 2C, B8, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076177e92 6 bytes [68, 37, 5B, 1B, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007617811b 6 bytes [68, 5F, 5B, 1B, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076178bd6 6 bytes [68, DA, FF, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076179ed3 6 bytes [68, 74, 00, 1B, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007617dd6d 6 bytes [68, C6, 00, 1B, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076180112 6 bytes [68, 87, 5B, 1B, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076180abb 6 bytes [68, 0C, FF, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076180e0d 6 bytes [68, 6A, 59, 1B, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076180e9a 6 bytes [68, 5F, B0, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076180eba 6 bytes [68, EF, AF, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076182bc7 6 bytes [68, 38, 59, 1B, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076182dbd 6 bytes [68, 98, 5A, 1B, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076182ec4 6 bytes [68, 48, 5A, 1B, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076182ed1 6 bytes [68, EE, 59, 1B, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076183001 6 bytes [68, 9F, B0, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076184b80 6 bytes [68, 27, 00, 1B, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076187af4 6 bytes [68, 55, FF, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007618808f 6 bytes [68, 37, FE, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000761881e0 6 bytes [68, C6, FE, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076188632 6 bytes [68, EE, FD, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076188807 6 bytes [68, 80, FE, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007619ed58 6 bytes [68, B2, 5B, 1B, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007619f1fe 6 bytes [68, 4B, B2, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetUpdateRect 00000000761a011b 6 bytes [68, B8, B1, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000761b97e4 6 bytes [68, B8, FC, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000761b9c8d 6 bytes [68, B1, 59, 1B, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000761b9f3b 6 bytes [68, DB, B9, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761d895b 6 bytes [68, 68, FC, 1A, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000770208ac 6 bytes [68, 93, 5C, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007703260d 6 bytes [68, D6, FC, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007703c4aa 6 bytes [68, BE, 5D, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077042a93 6 bytes [68, 1C, FD, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077064170 6 bytes [68, 62, FD, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007706e6b5 6 bytes [68, A8, FD, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000074e832f2 6 bytes [68, 27, 60, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000074e8734e 6 bytes [68, E6, 5F, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!InternetCloseHandle 0000000074bfc664 6 bytes [68, 76, 72, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!HttpQueryInfoA 0000000074bfe13a 6 bytes [68, 16, 74, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!InternetReadFile 0000000074bff8d8 6 bytes [68, E3, 72, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!InternetQueryDataAvailable 0000000074c03184 6 bytes [68, EA, 73, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!HttpOpenRequestA 0000000074c25761 6 bytes [68, B8, 6F, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!HttpOpenRequestW 0000000074c25fef 6 bytes [68, 74, 6F, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!HttpSendRequestW 0000000074c2632d 6 bytes [68, FC, 6F, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!InternetReadFileExA 0000000074c2fa49 6 bytes [68, 11, 73, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!HttpSendRequestExW 0000000074c3f564 6 bytes [68, A6, 70, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!HttpEndRequestA 0000000074c3f639 6 bytes [68, E0, 71, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!InternetSetFilePointer 0000000074c54f2f 6 bytes [68, 90, 73, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!HttpSendRequestA 0000000074c5525a 6 bytes [68, 51, 70, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!HttpSendRequestExA 0000000074c9ece5 6 bytes [68, 43, 71, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!HttpEndRequestW 0000000074c9edb7 6 bytes [68, 2B, 72, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetDC 0000000076177246 6 bytes [68, FA, B0, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007617730e 6 bytes [68, 78, B1, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000761779d8 6 bytes [68, 39, B1, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076177d79 6 bytes [68, 2C, B8, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076177e92 6 bytes [68, 37, 5B, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007617811b 6 bytes [68, 5F, 5B, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076178bd6 6 bytes [68, DA, FF, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076179ed3 6 bytes [68, 74, 00, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007617dd6d 6 bytes [68, C6, 00, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076180112 6 bytes [68, 87, 5B, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076180abb 6 bytes [68, 0C, FF, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076180e0d 6 bytes [68, 6A, 59, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076180e9a 6 bytes [68, 5F, B0, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076180eba 6 bytes [68, EF, AF, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076182bc7 6 bytes [68, 38, 59, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076182dbd 6 bytes [68, 98, 5A, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076182ec4 6 bytes [68, 48, 5A, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076182ed1 6 bytes [68, EE, 59, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076183001 6 bytes [68, 9F, B0, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076184b80 6 bytes [68, 27, 00, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076187af4 6 bytes [68, 55, FF, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007618808f 6 bytes [68, 37, FE, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000761881e0 6 bytes [68, C6, FE, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076188632 6 bytes [68, EE, FD, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076188807 6 bytes [68, 80, FE, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007619ed58 6 bytes [68, B2, 5B, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007619f1fe 6 bytes [68, 4B, B2, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetUpdateRect 00000000761a011b 6 bytes [68, B8, B1, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000761b97e4 6 bytes [68, B8, FC, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000761b9c8d 6 bytes [68, B1, 59, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000761b9f3b 6 bytes [68, DB, B9, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761d895b 6 bytes [68, 68, FC, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 00000000764fbbdb 6 bytes [68, A4, 60, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000765314fd 6 bytes [68, 8D, 60, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\ws2_32.DLL!closesocket 0000000074b53bed 6 bytes [68, D4, 06, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\ws2_32.DLL!getaddrinfo 0000000074b56737 6 bytes [68, E5, 02, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\ws2_32.DLL!WSASend 0000000074b568a7 6 bytes [68, 2D, 07, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\ws2_32.DLL!send 0000000074b5c4c8 6 bytes [68, 0C, 07, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\ws2_32.DLL!gethostbyname 0000000074b67133 6 bytes [68, 75, 02, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\crypt32.DLL!PFXImportCertStore 00000000747e12b0 6 bytes [68, 51, 5C, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\SysWOW64\WINMM.dll!PlaySoundW 0000000072072d12 6 bytes [68, E2, 60, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\SysWOW64\WINMM.dll!PlaySound 0000000072093dad 6 bytes [68, BB, 60, 20, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000770208ac 6 bytes [68, 93, 5C, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007703260d 6 bytes [68, D6, FC, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007703c4aa 6 bytes [68, BE, 5D, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077042a93 6 bytes [68, 1C, FD, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077064170 6 bytes [68, 62, FD, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007706e6b5 6 bytes [68, A8, FD, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000074e832f2 6 bytes [68, 27, 60, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000074e8734e 6 bytes [68, E6, 5F, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 00000000764fbbdb 6 bytes [68, A4, 60, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000765314fd 6 bytes [68, 8D, 60, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetDC 0000000076177246 6 bytes [68, FA, B0, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007617730e 6 bytes [68, 78, B1, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000761779d8 6 bytes [68, 39, B1, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076177d79 6 bytes [68, 2C, B8, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076177e92 6 bytes [68, 37, 5B, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007617811b 6 bytes [68, 5F, 5B, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076178bd6 6 bytes [68, DA, FF, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076179ed3 6 bytes [68, 74, 00, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007617dd6d 6 bytes [68, C6, 00, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076180112 6 bytes [68, 87, 5B, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076180abb 6 bytes [68, 0C, FF, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076180e0d 6 bytes [68, 6A, 59, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076180e9a 6 bytes [68, 5F, B0, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076180eba 6 bytes [68, EF, AF, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076182bc7 6 bytes [68, 38, 59, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076182dbd 6 bytes [68, 98, 5A, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076182ec4 6 bytes [68, 48, 5A, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076182ed1 6 bytes [68, EE, 59, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076183001 6 bytes [68, 9F, B0, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076184b80 6 bytes [68, 27, 00, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076187af4 6 bytes [68, 55, FF, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007618808f 6 bytes [68, 37, FE, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000761881e0 6 bytes [68, C6, FE, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076188632 6 bytes [68, EE, FD, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076188807 6 bytes [68, 80, FE, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007619ed58 6 bytes [68, B2, 5B, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007619f1fe 6 bytes [68, 4B, B2, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetUpdateRect 00000000761a011b 6 bytes [68, B8, B1, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000761b97e4 6 bytes [68, B8, FC, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000761b9c8d 6 bytes [68, B1, 59, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000761b9f3b 6 bytes [68, DB, B9, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761d895b 6 bytes [68, 68, FC, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000074b53bed 6 bytes [68, D4, 06, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000074b56737 6 bytes [68, E5, 02, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000074b568a7 6 bytes [68, 2D, 07, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WS2_32.dll!send 0000000074b5c4c8 6 bytes [68, 0C, 07, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000074b67133 6 bytes [68, 75, 02, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000747e12b0 6 bytes [68, 51, 5C, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000074bfc664 6 bytes [68, 76, 72, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000074bfe13a 6 bytes [68, 16, 74, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000074bff8d8 6 bytes [68, E3, 72, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000074c03184 6 bytes [68, EA, 73, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000074c25761 6 bytes [68, B8, 6F, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000074c25fef 6 bytes [68, 74, 6F, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000074c2632d 6 bytes [68, FC, 6F, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000074c2fa49 6 bytes [68, 11, 73, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000074c3f564 6 bytes [68, A6, 70, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000074c3f639 6 bytes [68, E0, 71, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000074c54f2f 6 bytes [68, 90, 73, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000074c5525a 6 bytes [68, 51, 70, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000074c9ece5 6 bytes [68, 43, 71, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000074c9edb7 6 bytes [68, 2B, 72, 88, 02, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000770208ac 4 bytes [68, 93, 5C, 33] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 00000000770208b1 1 byte [C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007703260d 6 bytes [68, D6, FC, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007703c4aa 6 bytes [68, BE, 5D, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077042a93 6 bytes [68, 1C, FD, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077064170 6 bytes [68, 62, FD, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007706e6b5 6 bytes [68, A8, FD, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000074e832f2 6 bytes [68, 27, 60, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000074e8734e 6 bytes [68, E6, 5F, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 00000000764fbbdb 6 bytes [68, A4, 60, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000765314fd 6 bytes [68, 8D, 60, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetDC 0000000076177246 4 bytes [68, FA, B0, 32] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetDC + 5 000000007617724b 1 byte [C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007617730e 6 bytes [68, 78, B1, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000761779d8 4 bytes [68, 39, B1, 32] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000761779dd 1 byte [C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076177d79 6 bytes [68, 2C, B8, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076177e92 6 bytes [68, 37, 5B, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007617811b 6 bytes [68, 5F, 5B, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076178bd6 6 bytes [68, DA, FF, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076179ed3 6 bytes [68, 74, 00, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007617dd6d 6 bytes [68, C6, 00, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076180112 6 bytes [68, 87, 5B, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076180abb 6 bytes [68, 0C, FF, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076180e0d 6 bytes [68, 6A, 59, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076180e9a 4 bytes [68, 5F, B0, 32] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000076180e9f 1 byte [C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076180eba 4 bytes [68, EF, AF, 32] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000076180ebf 1 byte [C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076182bc7 6 bytes [68, 38, 59, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076182dbd 6 bytes [68, 98, 5A, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076182ec4 6 bytes [68, 48, 5A, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076182ed1 4 bytes [68, EE, 59, 33] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000076182ed6 1 byte [C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076183001 4 bytes [68, 9F, B0, 32] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000076183006 1 byte [C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076184b80 6 bytes [68, 27, 00, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076187af4 6 bytes [68, 55, FF, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007618808f 6 bytes [68, 37, FE, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000761881e0 6 bytes [68, C6, FE, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076188632 6 bytes [68, EE, FD, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076188807 6 bytes [68, 80, FE, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007619ed58 6 bytes [68, B2, 5B, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007619f1fe 6 bytes [68, 4B, B2, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetUpdateRect 00000000761a011b 6 bytes [68, B8, B1, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000761b97e4 6 bytes [68, B8, FC, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000761b9c8d 6 bytes [68, B1, 59, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000761b9f3b 6 bytes [68, DB, B9, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761d895b 4 bytes [68, 68, FC, 32] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 00000000761d8960 1 byte [C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000074bfc664 6 bytes [68, 76, 72, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000074bfe13a 6 bytes [68, 16, 74, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000074bff8d8 6 bytes [68, E3, 72, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000074c03184 6 bytes [68, EA, 73, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000074c25761 6 bytes [68, B8, 6F, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000074c25fef 6 bytes [68, 74, 6F, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000074c2632d 6 bytes [68, FC, 6F, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000074c2fa49 6 bytes [68, 11, 73, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000074c3f564 6 bytes [68, A6, 70, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000074c3f639 6 bytes [68, E0, 71, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000074c54f2f 6 bytes [68, 90, 73, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000074c5525a 6 bytes [68, 51, 70, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000074c9ece5 6 bytes [68, 43, 71, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000074c9edb7 6 bytes [68, 2B, 72, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000074b53bed 6 bytes [68, D4, 06, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000074b56737 6 bytes [68, E5, 02, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000074b568a7 6 bytes [68, 2D, 07, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WS2_32.dll!send 0000000074b5c4c8 6 bytes [68, 0C, 07, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000074b67133 6 bytes [68, 75, 02, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000747e12b0 6 bytes [68, 51, 5C, 32, 00, C3] .text C:\Users\Ralph\AppData\Roaming\Kuev\hyemo.exe[3116] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000074b56737 6 bytes [68, E5, 02, 42, 00, C3] .text C:\Users\Ralph\AppData\Roaming\Kuev\hyemo.exe[3116] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000074b67133 6 bytes [68, 75, 02, 42, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000770208ac 4 bytes [68, 93, 5C, B3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 00000000770208b1 1 byte [C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007703260d 6 bytes [68, D6, FC, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007703c4aa 6 bytes [68, BE, 5D, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077042a93 6 bytes [68, 1C, FD, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077064170 6 bytes [68, 62, FD, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007706e6b5 6 bytes [68, A8, FD, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000074e832f2 6 bytes [68, 27, 60, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000074e8734e 6 bytes [68, E6, 5F, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000074bfc664 6 bytes [68, 76, 72, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000074bfe13a 6 bytes [68, 16, 74, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000074bff8d8 6 bytes [68, E3, 72, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000074c03184 6 bytes [68, EA, 73, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000074c25761 6 bytes [68, B8, 6F, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000074c25fef 6 bytes [68, 74, 6F, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000074c2632d 6 bytes [68, FC, 6F, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000074c2fa49 6 bytes [68, 11, 73, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000074c3f564 6 bytes [68, A6, 70, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000074c3f639 6 bytes [68, E0, 71, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000074c54f2f 6 bytes [68, 90, 73, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000074c5525a 6 bytes [68, 51, 70, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000074c9ece5 6 bytes [68, 43, 71, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000074c9edb7 6 bytes [68, 2B, 72, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetDC 0000000076177246 4 bytes [68, FA, B0, B2] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetDC + 5 000000007617724b 1 byte [C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007617730e 6 bytes [68, 78, B1, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000761779d8 4 bytes [68, 39, B1, B2] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000761779dd 1 byte [C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076177d79 6 bytes [68, 2C, B8, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076177e92 6 bytes [68, 37, 5B, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007617811b 6 bytes [68, 5F, 5B, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076178bd6 6 bytes [68, DA, FF, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076179ed3 6 bytes [68, 74, 00, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007617dd6d 6 bytes [68, C6, 00, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076180112 6 bytes [68, 87, 5B, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076180abb 6 bytes [68, 0C, FF, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076180e0d 6 bytes [68, 6A, 59, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076180e9a 4 bytes [68, 5F, B0, B2] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000076180e9f 1 byte [C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076180eba 4 bytes [68, EF, AF, B2] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000076180ebf 1 byte [C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076182bc7 6 bytes [68, 38, 59, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076182dbd 6 bytes [68, 98, 5A, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076182ec4 6 bytes [68, 48, 5A, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076182ed1 4 bytes [68, EE, 59, B3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000076182ed6 1 byte [C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076183001 4 bytes [68, 9F, B0, B2] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000076183006 1 byte [C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076184b80 6 bytes [68, 27, 00, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076187af4 6 bytes [68, 55, FF, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007618808f 6 bytes [68, 37, FE, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000761881e0 6 bytes [68, C6, FE, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076188632 6 bytes [68, EE, FD, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076188807 6 bytes [68, 80, FE, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007619ed58 6 bytes [68, B2, 5B, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007619f1fe 6 bytes [68, 4B, B2, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetUpdateRect 00000000761a011b 6 bytes [68, B8, B1, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000761b97e4 6 bytes [68, B8, FC, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000761b9c8d 6 bytes [68, B1, 59, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000761b9f3b 6 bytes [68, DB, B9, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761d895b 4 bytes [68, 68, FC, B2] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 00000000761d8960 1 byte [C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 00000000764fbbdb 6 bytes [68, A4, 60, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000765314fd 6 bytes [68, 8D, 60, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000747e12b0 6 bytes [68, 51, 5C, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fd1465 2 bytes [FD, 76] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fd14bb 2 bytes [FD, 76] .text ... * 2 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000074b53bed 6 bytes [68, D4, 06, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000074b56737 6 bytes [68, E5, 02, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000074b568a7 6 bytes [68, 2D, 07, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WS2_32.dll!send 0000000074b5c4c8 6 bytes [68, 0C, 07, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000074b67133 6 bytes [68, 75, 02, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007701f941 8 bytes {MOV EDX, 0xd03e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 000000007701f94b 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 000000007701f9bd 8 bytes {MOV EDX, 0xd01a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15 000000007701f9c7 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 000000007701fad5 8 bytes {MOV EDX, 0xd0168; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15 000000007701fadf 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007701fb85 8 bytes {MOV EDX, 0xd0428; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 000000007701fb8f 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007701fbb5 8 bytes {MOV EDX, 0xd0368; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 000000007701fbbf 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007701fbcd 8 bytes {MOV EDX, 0xd0128; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 000000007701fbd7 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007701fbe5 8 bytes {MOV EDX, 0xd04e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 000000007701fbef 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007701fc15 8 bytes {MOV EDX, 0xd0528; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 000000007701fc1f 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007701fc95 8 bytes {MOV EDX, 0xd04a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 000000007701fc9f 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007701fcad 8 bytes {MOV EDX, 0xd0468; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 000000007701fcb7 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007701fcf9 8 bytes {MOV EDX, 0xd0068; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 000000007701fd03 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5 000000007701fd5d 8 bytes {MOV EDX, 0xd02e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15 000000007701fd67 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007701fdf1 8 bytes {MOV EDX, 0xd00a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 000000007701fdfb 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5 000000007701ff39 8 bytes {MOV EDX, 0xd02a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15 000000007701ff43 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077020049 8 bytes {MOV EDX, 0xd0028; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 0000000077020053 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5 0000000077020731 8 bytes {MOV EDX, 0xd0268; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15 000000007702073b 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000770208ac 6 bytes [68, 93, 5C, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 0000000077020fad 8 bytes {MOV EDX, 0xd01e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15 0000000077020fb7 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5 000000007702100d 8 bytes {MOV EDX, 0xd0228; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15 0000000077021017 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077021055 8 bytes {MOV EDX, 0xd03a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 000000007702105f 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000770210cd 8 bytes {MOV EDX, 0xd0328; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 00000000770210d7 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000770212d1 8 bytes {MOV EDX, 0xd00e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 00000000770212db 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007703260d 6 bytes [68, D6, FC, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007703c4aa 6 bytes [68, BE, 5D, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077042a93 6 bytes [68, 1C, FD, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077064170 6 bytes [68, 62, FD, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007706e6b5 6 bytes [68, A8, FD, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000074e8102d 5 bytes JMP 0000000100010030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000074e81062 5 bytes JMP 0000000100010070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000074e832f2 6 bytes [68, 27, 60, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000074e8734e 6 bytes [68, E6, 5F, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\KERNELBASE.dll!CreateEventW 000000007533119f 5 bytes JMP 0000000100020030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\KERNELBASE.dll!OpenEventW 00000000753311cf 5 bytes JMP 0000000100020070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000074c25fef 6 bytes [68, 74, 6F, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000074c2632d 6 bytes [68, FC, 6F, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000074c2fa49 6 bytes [68, 11, 73, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000074c3f564 6 bytes [68, A6, 70, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000074c54f2f 6 bytes [68, 90, 73, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000074c9edb7 6 bytes [68, 2B, 72, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps 00000000753d4df0 5 bytes JMP 00000001000f03b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SelectObject 00000000753d4eb0 5 bytes JMP 00000001000f05f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SetBkMode 00000000753d50eb 5 bytes JMP 00000001000f08f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SetTextColor 00000000753d5176 5 bytes JMP 00000001000f0a30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!DeleteObject 00000000753d5689 5 bytes JMP 00000001000f01b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000753d5876 5 bytes JMP 00000001000f0170 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetCurrentObject 00000000753d6abf 5 bytes JMP 00000001000f0370 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SaveDC 00000000753d6e3b 5 bytes JMP 00000001000f0570 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!RestoreDC 00000000753d6ee3 5 bytes JMP 00000001000f0530 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode 00000000753d6fb9 5 bytes JMP 00000001000f06b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!StretchDIBits 00000000753d726e 5 bytes JMP 00000001000f0770 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!IntersectClipRect 00000000753d7a94 5 bytes JMP 00000001000f03f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetTextAlign 00000000753d7ca5 5 bytes JMP 00000001000f0d70 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW 00000000753d7e47 5 bytes JMP 00000001000f0e30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SetTextAlign 00000000753d8080 5 bytes JMP 00000001000f09f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!ExtTextOutW 00000000753d834a 5 bytes JMP 00000001000f0970 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!MoveToEx 00000000753d86b6 5 bytes JMP 00000001000f0470 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn 00000000753d89e9 5 bytes JMP 00000001000f02f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SelectClipRgn 00000000753d8c0d 5 bytes JMP 00000001000f05b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000753d95f4 5 bytes JMP 00000001000f00b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetClipBox 00000000753d988e 5 bytes JMP 00000001000f0330 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetTextFaceW 00000000753dac0a 5 bytes JMP 00000001000f0d30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetFontData 00000000753daf37 5 bytes JMP 00000001000f0c70 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!Rectangle 00000000753db7c5 5 bytes JMP 00000001000f09b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!LineTo 00000000753dbba5 5 bytes JMP 00000001000f0430 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SetICMMode 00000000753dbf60 5 bytes JMP 00000001000f0db0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!CreateICW 00000000753dc208 5 bytes JMP 00000001000f0130 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W 00000000753dc4db 5 bytes JMP 00000001000f0670 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SetWorldTransform 00000000753dc6f6 5 bytes JMP 00000001000f06f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA 00000000753dcfb9 5 bytes JMP 00000001000f0df0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A 00000000753dd0d5 5 bytes JMP 00000001000f0630 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!ExtTextOutA 00000000753dd8bf 5 bytes JMP 00000001000f0930 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000753de45d 5 bytes JMP 00000001000f00f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!ExtEscape 00000000753dfd24 5 bytes JMP 00000001000f02b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!Escape 00000000753e13bd 5 bytes JMP 00000001000f0270 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetTextFaceA 00000000753e18d0 5 bytes JMP 00000001000f0cf0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode 00000000753e4bd0 5 bytes JMP 00000001000f0b30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SetMiterLimit 00000000753e4d07 5 bytes JMP 00000001000f0b70 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!EndPage 00000000753e6665 5 bytes JMP 00000001000f0230 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!ResetDCW 00000000753ee135 5 bytes JMP 00000001000f0ab0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW 00000000753f93cd 5 bytes JMP 00000001000f0cb0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW 00000000753fc5d9 5 bytes JMP 00000001000f0bb0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!AddFontResourceW 00000000753fd26a 5 bytes JMP 00000001000f0bf0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW 00000000753fd8d1 5 bytes JMP 00000001000f0c30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!AbortDoc 0000000075403acc 5 bytes JMP 00000001000f0030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!EndDoc 0000000075403f19 5 bytes JMP 00000001000f01f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!StartPage 000000007540400a 5 bytes JMP 00000001000f0730 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!StartDocW 0000000075404c41 5 bytes JMP 00000001000f07f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!BeginPath 00000000754053ed 5 bytes JMP 00000001000f0830 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SelectClipPath 0000000075405444 5 bytes JMP 00000001000f0af0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!CloseFigure 000000007540549f 5 bytes JMP 00000001000f0070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!EndPath 00000000754054f6 5 bytes JMP 00000001000f0a70 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!StrokePath 000000007540572f 5 bytes JMP 00000001000f07b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!FillPath 00000000754057c2 5 bytes JMP 00000001000f0870 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!PolylineTo 0000000075405c34 5 bytes JMP 00000001000f04f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!PolyBezierTo 0000000075405cc5 5 bytes JMP 00000001000f04b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!PolyDraw 0000000075405d77 5 bytes JMP 00000001000f08b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetDC 0000000076177246 6 bytes [68, FA, B0, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007617730e 6 bytes [68, 78, B1, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000761779d8 6 bytes [68, 39, B1, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076177d79 6 bytes [68, 2C, B8, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076177e92 6 bytes [68, 37, 5B, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007617811b 6 bytes [68, 5F, 5B, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!MapWindowPoints 000000007617819d 5 bytes JMP 0000000100100570 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076178bd6 6 bytes [68, DA, FF, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076179ed3 6 bytes [68, 74, 00, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 000000007617c55d 5 bytes JMP 00000001001002b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007617dd6d 6 bytes [68, C6, 00, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076180112 6 bytes [68, 87, 5B, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 00000000761805ff 5 bytes JMP 00000001001002f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetClientRect 00000000761808e5 7 bytes JMP 00000001001005b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076180abb 6 bytes [68, 0C, FF, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetParent 0000000076180b0e 7 bytes JMP 00000001001006f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!IsWindowVisible 0000000076180cd5 7 bytes JMP 00000001001006b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076180e0d 6 bytes [68, 6A, 59, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076180e9a 6 bytes [68, 5F, B0, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076180eba 6 bytes [68, EF, AF, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076180f14 5 bytes JMP 00000001001005f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!MonitorFromWindow 00000000761827db 7 bytes JMP 0000000100100630 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076182bc7 6 bytes [68, 38, 59, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076182dbd 6 bytes [68, 98, 5A, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076182ec4 6 bytes [68, 48, 5A, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076182ed1 6 bytes [68, EE, 59, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076183001 6 bytes [68, 9F, B0, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!ScreenToClient 000000007618361b 7 bytes JMP 0000000100100670 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!SetCursor 0000000076184076 5 bytes JMP 0000000100100530 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076184b80 6 bytes [68, 27, 00, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetTopWindow 0000000076187a54 7 bytes JMP 0000000100100730 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076187af4 6 bytes [68, 55, FF, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007618808f 6 bytes [68, 37, FE, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000761881e0 6 bytes [68, C6, FE, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076188632 6 bytes [68, EE, FD, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable 00000000761887c9 5 bytes JMP 00000001001000f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber 00000000761887e9 5 bytes JMP 0000000100100330 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076188807 6 bytes [68, 80, FE, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] Geändert von fantie (23.02.2013 um 02:48 Uhr) Grund: falsch versendet |
|
23.02.2013, 02:49
| #9 |
| | Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de) C:\Windows\syswow64\USER32.dll!CloseClipboard 00000000761891f4 5 bytes JMP 00000001001000b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!OpenClipboard 0000000076189232 5 bytes JMP 0000000100100070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout 0000000076189485 5 bytes JMP 00000001001004f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats 000000007618b779 5 bytes JMP 00000001001001b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow 000000007618b798 5 bytes JMP 00000001001003f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!CountClipboardFormats 000000007618b7b6 5 bytes JMP 00000001001001f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007618b7e6 5 bytes JMP 00000001001004b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetClipboardOwner 000000007618cee9 5 bytes JMP 0000000100100370 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW 0000000076190880 5 bytes JMP 0000000100100230 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain 000000007619ec67 5 bytes JMP 0000000100100430 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007619ed58 6 bytes [68, B2, 5B, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007619f1fe 6 bytes [68, 4B, B2, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA 000000007619f66f 5 bytes JMP 0000000100100270 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetUpdateRect 00000000761a011b 6 bytes [68, B8, B1, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!SetClipboardData 00000000761b8de7 5 bytes JMP 0000000100100170 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000761b97e4 6 bytes [68, B8, FC, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000761b9c8d 5 bytes JMP 00000001037859b1 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000761b9f3b 5 bytes JMP 000000010377b9db .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!EmptyClipboard 00000000761d7e49 5 bytes JMP 0000000100100130 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetClipboardViewer 00000000761d82a1 5 bytes JMP 0000000100100470 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat 00000000761d84bf 5 bytes JMP 00000001001003b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761d895b 6 bytes [68, 68, FC, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 00000000764fbbdb 6 bytes [68, A4, 60, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000765314fd 6 bytes [68, 8D, 60, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\SspiCli.dll!FreeContextBuffer 00000000746f9556 5 bytes JMP 00000001002100f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\SspiCli.dll!FreeCredentialsHandle 00000000747004d3 5 bytes JMP 0000000100210130 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\SspiCli.dll!DeleteSecurityContext 0000000074700b0b 5 bytes JMP 0000000100210270 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\SspiCli.dll!ApplyControlToken 0000000074700b80 5 bytes JMP 00000001002101b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\SspiCli.dll!QueryContextAttributesA 0000000074700e80 5 bytes JMP 0000000100210070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\SspiCli.dll!QueryCredentialsAttributesA 0000000074700fe8 5 bytes JMP 00000001002100b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 00000000747011a0 5 bytes JMP 00000001002101f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 00000000747011ef 5 bytes JMP 0000000100210230 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\SspiCli.dll!AcquireCredentialsHandleA 0000000074701479 5 bytes JMP 0000000100210030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\SspiCli.dll!InitializeSecurityContextA 00000000747014e2 5 bytes JMP 0000000100210170 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\ole32.dll!OleSetClipboard 0000000074d6f2fe 5 bytes JMP 0000000100220030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard 0000000074d72489 5 bytes JMP 0000000100220070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\ole32.dll!OleGetClipboard 0000000074d9f825 5 bytes JMP 00000001002200b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000747e12b0 6 bytes [68, 51, 5C, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fd1465 2 bytes [FD, 76] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fd14bb 2 bytes [FD, 76] .text ... * 2 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000074b53bed 6 bytes [68, D4, 06, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000074b56737 6 bytes [68, E5, 02, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000074b568a7 6 bytes [68, 2D, 07, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WS2_32.dll!send 0000000074b5c4c8 6 bytes [68, 0C, 07, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000074b67133 6 bytes [68, 75, 02, 78, 03, C3] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fd1465 2 bytes [FD, 76] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fd14bb 2 bytes [FD, 76] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\svchost.exe [1492:2764] 000007fef6f72888 Thread C:\Windows\SysWOW64\svchost.exe [3020:2792] 000000007ef90000 Thread C:\Windows\SysWOW64\svchost.exe [3020:2788] 000000007ef93177 Thread C:\Windows\SysWOW64\svchost.exe [3020:3112] 000000007ef96b9b Thread C:\Windows\SysWOW64\svchost.exe [3020:4064] 000000007efa1486 Thread C:\Windows\SysWOW64\svchost.exe [3020:4068] 000000007ef95538 Thread C:\Windows\SysWOW64\svchost.exe [3020:3924] 000000007ef95ab0 Thread C:\Windows\SysWOW64\svchost.exe [3020:3896] 000000007ef95ab0 Thread C:\Windows\SysWOW64\svchost.exe [3020:236] 000000007ef95ab0 Thread C:\Windows\SysWOW64\svchost.exe [3020:3488] 000000007ef95ab0 Thread C:\Windows\SysWOW64\svchost.exe [3020:616] 000000007ef95ab0 Thread C:\Windows\SysWOW64\svchost.exe [3020:4076] 000000007ef95ab0 Thread C:\Windows\SysWOW64\svchost.exe [3020:3304] 000000007ef95ab0 Thread C:\Windows\SysWOW64\svchost.exe [3020:2292] 000000007ef95ab0 Thread C:\Windows\SysWOW64\svchost.exe [3020:4184] 000000007ef95ab0 Thread C:\Windows\SysWOW64\svchost.exe [3020:4208] 000000007ef95ab0 Thread C:\Windows\SysWOW64\svchost.exe [3020:4216] 000000007ef95ab0 Thread C:\Windows\SysWOW64\svchost.exe [3020:4240] 000000007ef95ab0 Thread C:\Windows\SysWOW64\svchost.exe [3020:4252] 000000007ef95ab0 Thread C:\Windows\SysWOW64\svchost.exe [3020:4268] 000000007ef95ab0 Thread C:\Windows\SysWOW64\svchost.exe [3020:4288] 000000007ef95ab0 Thread C:\Windows\SysWOW64\svchost.exe [3020:4300] 000000007ef95ab0 Thread C:\Windows\SysWOW64\svchost.exe [3020:4320] 000000007ef95ab0 Thread C:\Windows\SysWOW64\svchost.exe [3020:4412] 000000007ef95ab0 Thread C:\Windows\SysWOW64\svchost.exe [3020:4448] 000000007ef95ab0 Thread C:\Windows\SysWOW64\svchost.exe [3020:4488] 000000007ef95ab0 Thread C:\Windows\SysWOW64\svchost.exe [3020:4508] 000000007ef95beb Thread C:\Windows\SysWOW64\svchost.exe [3020:4516] 000000007ef95beb Thread C:\Windows\SysWOW64\svchost.exe [3020:4532] 000000007ef95beb Thread C:\Windows\SysWOW64\svchost.exe [3020:4548] 000000007ef95beb Thread C:\Windows\SysWOW64\svchost.exe [3020:4572] 000000007ef95beb Thread C:\Windows\SysWOW64\svchost.exe [3020:4648] 000000007ef95beb Thread C:\Windows\SysWOW64\svchost.exe [3020:4652] 000000007ef95beb Thread C:\Windows\SysWOW64\svchost.exe [3020:4656] 000000007ef95beb Thread C:\Windows\SysWOW64\svchost.exe [3020:4756] 000000007ef95beb Thread C:\Windows\SysWOW64\svchost.exe [3020:4780] 000000007ef95beb Thread C:\Windows\SysWOW64\svchost.exe [3020:4824] 000000007ef95beb Thread C:\Windows\SysWOW64\svchost.exe [3020:4844] 000000007ef95beb Thread C:\Windows\SysWOW64\svchost.exe [3020:4852] 000000007ef95beb Thread C:\Windows\SysWOW64\svchost.exe [3020:4856] 000000007ef95beb Thread C:\Windows\SysWOW64\svchost.exe [3020:4936] 000000007ef95beb Thread C:\Windows\SysWOW64\svchost.exe [3020:4912] 000000007ef98a3d Thread C:\Windows\SysWOW64\svchost.exe [3020:2536] 000000007ef98a3d Thread C:\Windows\SysWOW64\svchost.exe [3020:4616] 000000007ef98a3d ---- EOF - GMER 2.1 ---- |
|
23.02.2013, 03:31
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de) Die Logs sollten in CODE-Tags gepostet werden! Wenn zu groß dann nur das zu große Log zippen und hier anhängen außerdem fehlt das Log von MBAR  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.02.2013, 04:04
| #11 |
| | Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de) Malwarebytes Anti-Rootkit BETA 1.01.0.1020 www.malwarebytes.org Database version: v2013.02.22.01 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Acer :: ACER-PC [administrator] 23.02.2013 03:30:24 mbar-log-2013-02-23 (03-30-24).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 28297 Time elapsed: 8 minute(s), 51 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 c:\Users\Ralph\Downloads\7 zip.exe (PUP.Offerware) -> Delete on reboot. (end) Malwarebytes Anti-Rootkit BETA 1.01.0.1020 Malwarebytes : Free Anti-Malware download Database version: v2013.02.22.01 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Acer :: ACER-PC [administrator] 23.02.2013 03:30:24 mbar-log-2013-02-23 (03-30-24).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 28297 Time elapsed: 8 minute(s), 51 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 c:\Users\Ralph\Downloads\7 zip.exe (PUP.Offerware) -> Delete on reboot. (end) Malwarebytes Anti-Rootkit BETA 1.01.0.1020 Malwarebytes : Free Anti-Malware download Database version: v2013.02.23.02 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Acer :: ACER-PC [administrator] 23.02.2013 03:47:31 mbar-log-2013-02-23 (03-47-31).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 28292 Time elapsed: 10 minute(s), 20 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Es tut mir wirklich sehr leid, wenn ich dir Umstände bereite, aber als unerfahrene 50jährige Frau habe ich mein Bestes gegeben und bin jetzt auch vollkommen mit durch. Ich hoffe, du kannst trotzdem etwas damit anfangen und übst etwas Nachsicht. Habe auch versucht, Codes-Tags hinzubekommen, ist mir leider nicht geglückt, da fehlt dann doch einiges an Fachwissen. Wusste bis gestern nicht mal was Log-files sind und wie sie erstellt werden. Habe mich da auch durch das Forum gewurschtelt. Aber jetzt sehe ich auch nicht mehr durch und hoffe, du hilfst mir trotzdem weiter. Dafür schon mal vielen Dank im Voraus. |
|
23.02.2013, 04:48
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de) aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.02.2013, 12:50
| #13 |
| | Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de) Hallo, habe jetzt ein Riesenproblem. Mein Computer ist jetzt angeblich vom Bundesamt für Sicherheit gesperrt worden und ich soll 100 € sofort bezahlen. Kann an meinem Rechner nichts mehr machen. Empfänge meine Emails übers IPhone. Ist noch was zu retten?? Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-23 15:50:56
-----------------------------
15:50:56.638 OS Version: Windows x64 6.1.7600
15:50:56.638 Number of processors: 4 586 0xF0B
15:50:56.638 ComputerName: ACER-PC UserName: Acer
15:50:57.408 Initialize success
15:52:21.472 AVAST engine defs: 13022300
15:52:44.045 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
15:52:44.045 Disk 0 Vendor: WDC_WD6400AAKS-22A7B0 01.03B01 Size: 610480MB BusType: 3
15:52:44.060 Disk 0 MBR read successfully
15:52:44.060 Disk 0 MBR scan
15:52:44.076 Disk 0 Windows 7 default MBR code
15:52:44.076 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9993 MB offset 63
15:52:44.091 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 300374 MB offset 20467712
15:52:44.107 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 300111 MB offset 635633664
15:52:44.123 Disk 0 scanning C:\Windows\system32\drivers
15:52:50.193 Service scanning
15:53:03.495 Modules scanning
15:53:03.495 Disk 0 trace - called modules:
15:53:03.515 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
15:53:03.525 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800377e060]
15:53:03.525 3 CLASSPNP.SYS[fffff8800196043f] -> nt!IofCallDriver -> [0xfffffa8003528520]
15:53:03.535 5 ACPI.sys[fffff88000f3b781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8003525060]
15:53:04.625 AVAST engine scan C:\Windows
15:53:06.010 AVAST engine scan C:\Windows\system32
15:54:54.602 AVAST engine scan C:\Windows\system32\drivers
15:55:01.700 AVAST engine scan C:\Users\Acer
15:55:37.707 AVAST engine scan C:\ProgramData
15:57:20.125 Disk 0 MBR has been saved successfully to "C:\Users\Acer\Documents\MBR.dat"
15:57:20.125 The log file has been saved successfully to "C:\Users\Acer\Documents\aswMBR.txt"
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-23 15:50:56
-----------------------------
15:50:56.638 OS Version: Windows x64 6.1.7600
15:50:56.638 Number of processors: 4 586 0xF0B
15:50:56.638 ComputerName: ACER-PC UserName: Acer
15:50:57.408 Initialize success
15:52:21.472 AVAST engine defs: 13022300
15:52:44.045 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
15:52:44.045 Disk 0 Vendor: WDC_WD6400AAKS-22A7B0 01.03B01 Size: 610480MB BusType: 3
15:52:44.060 Disk 0 MBR read successfully
15:52:44.060 Disk 0 MBR scan
15:52:44.076 Disk 0 Windows 7 default MBR code
15:52:44.076 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9993 MB offset 63
15:52:44.091 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 300374 MB offset 20467712
15:52:44.107 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 300111 MB offset 635633664
15:52:44.123 Disk 0 scanning C:\Windows\system32\drivers
15:52:50.193 Service scanning
15:53:03.495 Modules scanning
15:53:03.495 Disk 0 trace - called modules:
15:53:03.515 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
15:53:03.525 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800377e060]
15:53:03.525 3 CLASSPNP.SYS[fffff8800196043f] -> nt!IofCallDriver -> [0xfffffa8003528520]
15:53:03.535 5 ACPI.sys[fffff88000f3b781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8003525060]
15:53:04.625 AVAST engine scan C:\Windows
15:53:06.010 AVAST engine scan C:\Windows\system32
15:54:54.602 AVAST engine scan C:\Windows\system32\drivers
15:55:01.700 AVAST engine scan C:\Users\Acer
15:55:37.707 AVAST engine scan C:\ProgramData
15:57:20.125 Disk 0 MBR has been saved successfully to "C:\Users\Acer\Documents\MBR.dat"
15:57:20.125 The log file has been saved successfully to "C:\Users\Acer\Documents\aswMBR.txt"
15:57:22.090 Scan finished successfully
15:57:37.243 Disk 0 MBR has been saved successfully to "C:\Users\Acer\Documents\MBR.dat"
15:57:37.259 The log file has been saved successfully to "C:\Users\Acer\Documents\aswMBR.txt"
Code:
ATTFilter 16:31:52.0920 4584 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:31:53.0091 4584 ============================================================
16:31:53.0091 4584 Current date / time: 2013/02/23 16:31:53.0091
16:31:53.0091 4584 SystemInfo:
16:31:53.0091 4584
16:31:53.0091 4584 OS Version: 6.1.7600 ServicePack: 0.0
16:31:53.0091 4584 Product type: Workstation
16:31:53.0091 4584 ComputerName: ACER-PC
16:31:53.0091 4584 UserName: Acer
16:31:53.0091 4584 Windows directory: C:\Windows
16:31:53.0091 4584 System windows directory: C:\Windows
16:31:53.0091 4584 Running under WOW64
16:31:53.0091 4584 Processor architecture: Intel x64
16:31:53.0091 4584 Number of processors: 4
16:31:53.0091 4584 Page size: 0x1000
16:31:53.0091 4584 Boot type: Normal boot
16:31:53.0091 4584 ============================================================
16:31:54.0261 4584 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:31:54.0480 4584 ============================================================
16:31:54.0480 4584 \Device\Harddisk0\DR0:
16:31:54.0480 4584 MBR partitions:
16:31:54.0480 4584 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1385000, BlocksNum 0x24AAB000
16:31:54.0480 4584 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x25E30000, BlocksNum 0x24A27800
16:31:54.0480 4584 ============================================================
16:31:54.0511 4584 C: <-> \Device\Harddisk0\DR0\Partition1
16:31:54.0558 4584 D: <-> \Device\Harddisk0\DR0\Partition2
16:31:54.0558 4584 ============================================================
16:31:54.0558 4584 Initialize success
16:31:54.0558 4584 ============================================================
16:32:27.0125 1916 ============================================================
16:32:27.0125 1916 Scan started
16:32:27.0125 1916 Mode: Manual; SigCheck; TDLFS;
16:32:27.0125 1916 ============================================================
16:32:27.0561 1916 ================ Scan system memory ========================
16:32:27.0561 1916 System memory - ok
16:32:27.0561 1916 ================ Scan services =============================
16:32:27.0671 1916 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
16:32:27.0717 1916 1394ohci - ok
16:32:27.0733 1916 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
16:32:27.0749 1916 ACPI - ok
16:32:27.0749 1916 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
16:32:27.0764 1916 AcpiPmi - ok
16:32:27.0842 1916 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:32:27.0858 1916 AdobeARMservice - ok
16:32:27.0920 1916 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:32:27.0936 1916 AdobeFlashPlayerUpdateSvc - ok
16:32:27.0967 1916 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:32:27.0998 1916 adp94xx - ok
16:32:28.0014 1916 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:32:28.0029 1916 adpahci - ok
16:32:28.0045 1916 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:32:28.0061 1916 adpu320 - ok
16:32:28.0076 1916 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:32:28.0107 1916 AeLookupSvc - ok
16:32:28.0139 1916 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
16:32:28.0154 1916 AFD - ok
16:32:28.0170 1916 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
16:32:28.0185 1916 agp440 - ok
16:32:28.0201 1916 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:32:28.0217 1916 ALG - ok
16:32:28.0217 1916 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
16:32:28.0232 1916 aliide - ok
16:32:28.0232 1916 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
16:32:28.0248 1916 amdide - ok
16:32:28.0263 1916 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:32:28.0279 1916 AmdK8 - ok
16:32:28.0295 1916 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:32:28.0295 1916 AmdPPM - ok
16:32:28.0326 1916 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:32:28.0341 1916 amdsata - ok
16:32:28.0341 1916 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:32:28.0357 1916 amdsbs - ok
16:32:28.0373 1916 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:32:28.0388 1916 amdxata - ok
16:32:28.0404 1916 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
16:32:28.0419 1916 AppID - ok
16:32:28.0419 1916 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:32:28.0466 1916 AppIDSvc - ok
16:32:28.0466 1916 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
16:32:28.0482 1916 Appinfo - ok
16:32:28.0529 1916 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:32:28.0544 1916 Apple Mobile Device - ok
16:32:28.0560 1916 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
16:32:28.0575 1916 AppMgmt - ok
16:32:28.0591 1916 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
16:32:28.0607 1916 arc - ok
16:32:28.0622 1916 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:32:28.0622 1916 arcsas - ok
16:32:28.0653 1916 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:32:28.0685 1916 AsyncMac - ok
16:32:28.0685 1916 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
16:32:28.0700 1916 atapi - ok
16:32:28.0716 1916 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:32:28.0763 1916 AudioEndpointBuilder - ok
16:32:28.0778 1916 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:32:28.0809 1916 AudioSrv - ok
16:32:28.0825 1916 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:32:28.0841 1916 AxInstSV - ok
16:32:28.0856 1916 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
16:32:28.0872 1916 b06bdrv - ok
16:32:28.0903 1916 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:32:28.0919 1916 b57nd60a - ok
16:32:28.0919 1916 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:32:28.0934 1916 BDESVC - ok
16:32:28.0965 1916 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:32:28.0997 1916 Beep - ok
16:32:29.0028 1916 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
16:32:29.0059 1916 BFE - ok
16:32:29.0090 1916 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
16:32:29.0121 1916 BITS - ok
16:32:29.0137 1916 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:32:29.0153 1916 blbdrive - ok
16:32:29.0199 1916 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:32:29.0215 1916 Bonjour Service - ok
16:32:29.0231 1916 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:32:29.0246 1916 bowser - ok
16:32:29.0246 1916 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:32:29.0262 1916 BrFiltLo - ok
16:32:29.0277 1916 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:32:29.0293 1916 BrFiltUp - ok
16:32:29.0324 1916 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
16:32:29.0340 1916 Browser - ok
16:32:29.0355 1916 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:32:29.0371 1916 Brserid - ok
16:32:29.0371 1916 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:32:29.0387 1916 BrSerWdm - ok
16:32:29.0402 1916 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:32:29.0418 1916 BrUsbMdm - ok
16:32:29.0418 1916 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:32:29.0433 1916 BrUsbSer - ok
16:32:29.0433 1916 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:32:29.0449 1916 BTHMODEM - ok
16:32:29.0465 1916 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:32:29.0496 1916 bthserv - ok
16:32:29.0511 1916 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:32:29.0543 1916 cdfs - ok
16:32:29.0558 1916 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:32:29.0558 1916 cdrom - ok
16:32:29.0589 1916 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
16:32:29.0621 1916 CertPropSvc - ok
16:32:29.0621 1916 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:32:29.0636 1916 circlass - ok
16:32:29.0652 1916 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:32:29.0667 1916 CLFS - ok
16:32:29.0714 1916 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:32:29.0730 1916 clr_optimization_v2.0.50727_32 - ok
16:32:29.0761 1916 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:32:29.0777 1916 clr_optimization_v2.0.50727_64 - ok
16:32:29.0823 1916 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:32:29.0839 1916 clr_optimization_v4.0.30319_32 - ok
16:32:29.0855 1916 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:32:29.0870 1916 clr_optimization_v4.0.30319_64 - ok
16:32:29.0886 1916 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:32:29.0901 1916 CmBatt - ok
16:32:29.0917 1916 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
16:32:29.0933 1916 cmdide - ok
16:32:29.0979 1916 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
16:32:30.0011 1916 CNG - ok
16:32:30.0026 1916 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:32:30.0042 1916 Compbatt - ok
16:32:30.0073 1916 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
16:32:30.0104 1916 CompositeBus - ok
16:32:30.0104 1916 COMSysApp - ok
16:32:30.0182 1916 [ 8F5B84350BFC4FE3A65D921B4BD0E737 ] cpuz135 D:\treiber und software\pc-wizard_2012.2.0\pcwiz_x64.sys
16:32:30.0213 1916 cpuz135 - ok
16:32:30.0229 1916 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:32:30.0245 1916 crcdisk - ok
16:32:30.0260 1916 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:32:30.0276 1916 CryptSvc - ok
16:32:30.0291 1916 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
16:32:30.0307 1916 CSC - ok
16:32:30.0338 1916 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
16:32:30.0354 1916 CscService - ok
16:32:30.0385 1916 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:32:30.0416 1916 DcomLaunch - ok
16:32:30.0447 1916 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:32:30.0479 1916 defragsvc - ok
16:32:30.0510 1916 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:32:30.0525 1916 DfsC - ok
16:32:30.0541 1916 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
16:32:30.0557 1916 Dhcp - ok
16:32:30.0572 1916 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:32:30.0603 1916 discache - ok
16:32:30.0635 1916 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:32:30.0635 1916 Disk - ok
16:32:30.0666 1916 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:32:30.0681 1916 Dnscache - ok
16:32:30.0697 1916 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
16:32:30.0728 1916 dot3svc - ok
16:32:30.0744 1916 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
16:32:30.0775 1916 DPS - ok
16:32:30.0791 1916 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:32:30.0806 1916 drmkaud - ok
16:32:30.0837 1916 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:32:30.0853 1916 DXGKrnl - ok
16:32:30.0869 1916 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:32:30.0900 1916 EapHost - ok
16:32:30.0978 1916 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
16:32:31.0025 1916 ebdrv - ok
16:32:31.0040 1916 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
16:32:31.0056 1916 EFS - ok
16:32:31.0103 1916 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:32:31.0118 1916 ehRecvr - ok
16:32:31.0149 1916 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:32:31.0149 1916 ehSched - ok
16:32:31.0196 1916 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:32:31.0212 1916 elxstor - ok
16:32:31.0227 1916 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
16:32:31.0227 1916 ErrDev - ok
16:32:31.0259 1916 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:32:31.0290 1916 EventSystem - ok
16:32:31.0305 1916 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:32:31.0337 1916 exfat - ok
16:32:31.0368 1916 Fabs - ok
16:32:31.0383 1916 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:32:31.0415 1916 fastfat - ok
16:32:31.0446 1916 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
16:32:31.0461 1916 Fax - ok
16:32:31.0477 1916 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:32:31.0477 1916 fdc - ok
16:32:31.0493 1916 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:32:31.0524 1916 fdPHost - ok
16:32:31.0539 1916 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:32:31.0571 1916 FDResPub - ok
16:32:31.0586 1916 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:32:31.0586 1916 FileInfo - ok
16:32:31.0602 1916 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:32:31.0633 1916 Filetrace - ok
16:32:31.0695 1916 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
16:32:31.0742 1916 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
16:32:31.0742 1916 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
16:32:31.0758 1916 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:32:31.0773 1916 flpydisk - ok
16:32:31.0805 1916 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:32:31.0820 1916 FltMgr - ok
16:32:31.0945 1916 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
16:32:31.0976 1916 FontCache - ok
16:32:32.0007 1916 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:32:32.0023 1916 FontCache3.0.0.0 - ok
16:32:32.0039 1916 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:32:32.0054 1916 FsDepends - ok
16:32:32.0070 1916 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:32:32.0085 1916 Fs_Rec - ok
16:32:32.0117 1916 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:32:32.0132 1916 fvevol - ok
16:32:32.0148 1916 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:32:32.0163 1916 gagp30kx - ok
16:32:32.0179 1916 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:32:32.0195 1916 GEARAspiWDM - ok
16:32:32.0226 1916 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
16:32:32.0241 1916 gpsvc - ok
16:32:32.0257 1916 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:32:32.0273 1916 hcw85cir - ok
16:32:32.0288 1916 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:32:32.0304 1916 HDAudBus - ok
16:32:32.0304 1916 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:32:32.0319 1916 HidBatt - ok
16:32:32.0319 1916 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:32:32.0335 1916 HidBth - ok
16:32:32.0351 1916 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:32:32.0366 1916 HidIr - ok
16:32:32.0382 1916 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
16:32:32.0413 1916 hidserv - ok
16:32:32.0444 1916 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:32:32.0460 1916 HidUsb - ok
16:32:32.0475 1916 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:32:32.0507 1916 hkmsvc - ok
16:32:32.0507 1916 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:32:32.0522 1916 HomeGroupListener - ok
16:32:32.0553 1916 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:32:32.0569 1916 HomeGroupProvider - ok
16:32:32.0585 1916 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
16:32:32.0600 1916 HpSAMD - ok
16:32:32.0616 1916 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:32:32.0663 1916 HTTP - ok
16:32:32.0678 1916 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:32:32.0678 1916 hwpolicy - ok
16:32:32.0709 1916 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:32:32.0725 1916 i8042prt - ok
16:32:32.0756 1916 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:32:32.0772 1916 iaStorV - ok
16:32:32.0803 1916 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:32:32.0819 1916 idsvc - ok
16:32:32.0850 1916 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:32:32.0850 1916 iirsp - ok
16:32:32.0881 1916 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
16:32:32.0928 1916 IKEEXT - ok
16:32:32.0975 1916 [ F04D22D7A49A1B2210DBADF0B803E870 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:32:33.0021 1916 IntcAzAudAddService - ok
16:32:33.0037 1916 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
16:32:33.0053 1916 intelide - ok
16:32:33.0053 1916 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:32:33.0068 1916 intelppm - ok
16:32:33.0084 1916 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:32:33.0115 1916 IPBusEnum - ok
16:32:33.0131 1916 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:32:33.0162 1916 IpFilterDriver - ok
16:32:33.0177 1916 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:32:33.0224 1916 iphlpsvc - ok
16:32:33.0224 1916 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:32:33.0240 1916 IPMIDRV - ok
16:32:33.0255 1916 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:32:33.0287 1916 IPNAT - ok
16:32:33.0318 1916 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:32:33.0349 1916 iPod Service - ok
16:32:33.0365 1916 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:32:33.0380 1916 IRENUM - ok
16:32:33.0380 1916 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
16:32:33.0396 1916 isapnp - ok
16:32:33.0411 1916 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:32:33.0411 1916 iScsiPrt - ok
16:32:33.0427 1916 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:32:33.0443 1916 kbdclass - ok
16:32:33.0458 1916 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:32:33.0474 1916 kbdhid - ok
16:32:33.0474 1916 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
16:32:33.0489 1916 KeyIso - ok
16:32:33.0505 1916 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:32:33.0521 1916 KSecDD - ok
16:32:33.0536 1916 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:32:33.0552 1916 KSecPkg - ok
16:32:33.0567 1916 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:32:33.0599 1916 ksthunk - ok
16:32:33.0614 1916 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:32:33.0661 1916 KtmRm - ok
16:32:33.0677 1916 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:32:33.0692 1916 LanmanServer - ok
16:32:33.0708 1916 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:32:33.0755 1916 LanmanWorkstation - ok
16:32:33.0770 1916 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:32:33.0801 1916 lltdio - ok
16:32:33.0817 1916 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:32:33.0848 1916 lltdsvc - ok
16:32:33.0879 1916 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:32:33.0911 1916 lmhosts - ok
16:32:33.0942 1916 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:32:33.0942 1916 LSI_FC - ok
16:32:33.0957 1916 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:32:33.0973 1916 LSI_SAS - ok
16:32:33.0989 1916 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:32:34.0004 1916 LSI_SAS2 - ok
16:32:34.0004 1916 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:32:34.0020 1916 LSI_SCSI - ok
16:32:34.0051 1916 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:32:34.0082 1916 luafv - ok
16:32:34.0191 1916 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
16:32:34.0269 1916 LVUVC64 - ok
16:32:34.0285 1916 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:32:34.0301 1916 Mcx2Svc - ok
16:32:34.0316 1916 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:32:34.0316 1916 megasas - ok
16:32:34.0332 1916 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:32:34.0347 1916 MegaSR - ok
16:32:34.0379 1916 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:32:34.0410 1916 MMCSS - ok
16:32:34.0425 1916 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:32:34.0457 1916 Modem - ok
16:32:34.0472 1916 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:32:34.0488 1916 monitor - ok
16:32:34.0488 1916 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:32:34.0503 1916 mouclass - ok
16:32:34.0519 1916 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:32:34.0535 1916 mouhid - ok
16:32:34.0550 1916 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:32:34.0550 1916 mountmgr - ok
16:32:34.0581 1916 [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:32:34.0597 1916 MozillaMaintenance - ok
16:32:34.0628 1916 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
16:32:34.0644 1916 MpFilter - ok
16:32:34.0659 1916 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
16:32:34.0675 1916 mpio - ok
16:32:34.0691 1916 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:32:34.0722 1916 mpsdrv - ok
16:32:34.0737 1916 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:32:34.0784 1916 MpsSvc - ok
16:32:34.0800 1916 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:32:34.0815 1916 MRxDAV - ok
16:32:34.0831 1916 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:32:34.0847 1916 mrxsmb - ok
16:32:34.0878 1916 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:32:34.0893 1916 mrxsmb10 - ok
16:32:34.0893 1916 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:32:34.0909 1916 mrxsmb20 - ok
16:32:34.0925 1916 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
16:32:34.0940 1916 msahci - ok
16:32:34.0940 1916 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
16:32:34.0956 1916 msdsm - ok
16:32:34.0971 1916 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:32:34.0987 1916 MSDTC - ok
16:32:35.0003 1916 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:32:35.0034 1916 Msfs - ok
16:32:35.0049 1916 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:32:35.0081 1916 mshidkmdf - ok
16:32:35.0096 1916 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
16:32:35.0112 1916 msisadrv - ok
16:32:35.0127 1916 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:32:35.0159 1916 MSiSCSI - ok
16:32:35.0174 1916 msiserver - ok
16:32:35.0190 1916 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:32:35.0221 1916 MSKSSRV - ok
16:32:35.0283 1916 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
16:32:35.0299 1916 MsMpSvc - ok
16:32:35.0299 1916 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:32:35.0346 1916 MSPCLOCK - ok
16:32:35.0361 1916 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:32:35.0393 1916 MSPQM - ok
16:32:35.0393 1916 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:32:35.0408 1916 MsRPC - ok
16:32:35.0424 1916 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:32:35.0439 1916 mssmbios - ok
16:32:35.0439 1916 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:32:35.0471 1916 MSTEE - ok
16:32:35.0486 1916 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:32:35.0502 1916 MTConfig - ok
16:32:35.0502 1916 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:32:35.0517 1916 Mup - ok
16:32:35.0549 1916 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
16:32:35.0580 1916 napagent - ok
16:32:35.0595 1916 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:32:35.0611 1916 NativeWifiP - ok
16:32:35.0642 1916 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
16:32:35.0673 1916 NDIS - ok
16:32:35.0689 1916 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:32:35.0720 1916 NdisCap - ok
16:32:35.0736 1916 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:32:35.0767 1916 NdisTapi - ok
16:32:35.0767 1916 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:32:35.0798 1916 Ndisuio - ok
16:32:35.0814 1916 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:32:35.0845 1916 NdisWan - ok
16:32:35.0861 1916 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:32:35.0892 1916 NDProxy - ok
16:32:35.0939 1916 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
16:32:35.0939 1916 Netaapl - ok
16:32:35.0954 1916 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:32:35.0985 1916 NetBIOS - ok
16:32:36.0017 1916 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:32:36.0048 1916 NetBT - ok
16:32:36.0063 1916 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
16:32:36.0063 1916 Netlogon - ok
16:32:36.0095 1916 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:32:36.0126 1916 Netman - ok
16:32:36.0141 1916 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:32:36.0188 1916 netprofm - ok
16:32:36.0204 1916 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:32:36.0204 1916 NetTcpPortSharing - ok
16:32:36.0235 1916 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:32:36.0251 1916 nfrd960 - ok
16:32:36.0282 1916 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:32:36.0297 1916 NisDrv - ok
16:32:36.0329 1916 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
16:32:36.0344 1916 NisSrv - ok
16:32:36.0360 1916 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:32:36.0407 1916 NlaSvc - ok
16:32:36.0422 1916 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:32:36.0453 1916 Npfs - ok
16:32:36.0453 1916 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:32:36.0500 1916 nsi - ok
16:32:36.0500 1916 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:32:36.0531 1916 nsiproxy - ok
16:32:36.0563 1916 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:32:36.0609 1916 Ntfs - ok
16:32:36.0609 1916 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:32:36.0641 1916 Null - ok
16:32:36.0859 1916 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:32:37.0062 1916 nvlddmkm - ok
16:32:37.0093 1916 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:32:37.0109 1916 nvraid - ok
16:32:37.0124 1916 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:32:37.0124 1916 nvstor - ok
16:32:37.0171 1916 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
16:32:37.0187 1916 nvsvc - ok
16:32:37.0233 1916 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:32:37.0265 1916 nvUpdatusService - ok
16:32:37.0296 1916 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
16:32:37.0296 1916 nv_agp - ok
16:32:37.0311 1916 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
16:32:37.0327 1916 ohci1394 - ok
16:32:37.0343 1916 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:32:37.0358 1916 p2pimsvc - ok
16:32:37.0374 1916 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:32:37.0389 1916 p2psvc - ok
16:32:37.0405 1916 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:32:37.0421 1916 Parport - ok
16:32:37.0436 1916 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:32:37.0452 1916 partmgr - ok
16:32:37.0467 1916 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:32:37.0483 1916 PcaSvc - ok
16:32:37.0499 1916 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
16:32:37.0514 1916 pci - ok
16:32:37.0530 1916 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
16:32:37.0530 1916 pciide - ok
16:32:37.0545 1916 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:32:37.0561 1916 pcmcia - ok
16:32:37.0577 1916 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:32:37.0577 1916 pcw - ok
16:32:37.0608 1916 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:32:37.0639 1916 PEAUTH - ok
16:32:37.0670 1916 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
16:32:37.0686 1916 PeerDistSvc - ok
16:32:37.0733 1916 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:32:37.0748 1916 PerfHost - ok
16:32:37.0795 1916 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
16:32:37.0842 1916 pla - ok
16:32:37.0857 1916 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:32:37.0873 1916 PlugPlay - ok
16:32:37.0889 1916 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:32:37.0904 1916 PNRPAutoReg - ok
16:32:37.0904 1916 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:32:37.0920 1916 PNRPsvc - ok
16:32:37.0951 1916 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:32:37.0982 1916 PolicyAgent - ok
16:32:38.0013 1916 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:32:38.0045 1916 Power - ok
16:32:38.0060 1916 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:32:38.0091 1916 PptpMiniport - ok
16:32:38.0107 1916 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:32:38.0123 1916 Processor - ok
16:32:38.0154 1916 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
16:32:38.0169 1916 ProfSvc - ok
16:32:38.0185 1916 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:32:38.0185 1916 ProtectedStorage - ok
16:32:38.0201 1916 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:32:38.0232 1916 Psched - ok
16:32:38.0279 1916 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:32:38.0310 1916 ql2300 - ok
16:32:38.0310 1916 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:32:38.0325 1916 ql40xx - ok
16:32:38.0341 1916 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:32:38.0357 1916 QWAVE - ok
16:32:38.0372 1916 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:32:38.0388 1916 QWAVEdrv - ok
16:32:38.0388 1916 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:32:38.0419 1916 RasAcd - ok
16:32:38.0435 1916 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:32:38.0481 1916 RasAgileVpn - ok
16:32:38.0481 1916 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:32:38.0528 1916 RasAuto - ok
16:32:38.0528 1916 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:32:38.0575 1916 Rasl2tp - ok
16:32:38.0591 1916 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
16:32:38.0622 1916 RasMan - ok
16:32:38.0637 1916 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:32:38.0669 1916 RasPppoe - ok
16:32:38.0669 1916 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:32:38.0700 1916 RasSstp - ok
16:32:38.0715 1916 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:32:38.0747 1916 rdbss - ok
16:32:38.0762 1916 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:32:38.0778 1916 rdpbus - ok
16:32:38.0793 1916 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:32:38.0825 1916 RDPCDD - ok
16:32:38.0840 1916 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
16:32:38.0856 1916 RDPDR - ok
16:32:38.0871 1916 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:32:38.0903 1916 RDPENCDD - ok
16:32:38.0918 1916 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:32:38.0949 1916 RDPREFMP - ok
16:32:38.0965 1916 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:32:38.0981 1916 RDPWD - ok
16:32:38.0981 1916 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:32:38.0996 1916 rdyboost - ok
16:32:39.0012 1916 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:32:39.0059 1916 RemoteAccess - ok
16:32:39.0074 1916 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:32:39.0105 1916 RemoteRegistry - ok
16:32:39.0137 1916 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:32:39.0168 1916 RpcEptMapper - ok
16:32:39.0183 1916 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:32:39.0199 1916 RpcLocator - ok
16:32:39.0215 1916 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
16:32:39.0246 1916 RpcSs - ok
16:32:39.0261 1916 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:32:39.0293 1916 rspndr - ok
16:32:39.0308 1916 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
16:32:39.0324 1916 RTL8167 - ok
16:32:39.0339 1916 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
16:32:39.0355 1916 s3cap - ok
16:32:39.0371 1916 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
16:32:39.0371 1916 SamSs - ok
16:32:39.0386 1916 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
16:32:39.0402 1916 sbp2port - ok
16:32:39.0417 1916 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:32:39.0449 1916 SCardSvr - ok
16:32:39.0527 1916 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:32:39.0573 1916 scfilter - ok
16:32:39.0605 1916 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
16:32:39.0620 1916 Schedule - ok
16:32:39.0651 1916 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:32:39.0683 1916 SCPolicySvc - ok
16:32:39.0698 1916 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:32:39.0714 1916 SDRSVC - ok
16:32:39.0714 1916 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:32:39.0745 1916 secdrv - ok
16:32:39.0761 1916 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
16:32:39.0792 1916 seclogon - ok
16:32:39.0823 1916 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
16:32:39.0854 1916 SENS - ok
16:32:39.0870 1916 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:32:39.0870 1916 SensrSvc - ok
16:32:39.0885 1916 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:32:39.0901 1916 Serenum - ok
16:32:39.0901 1916 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:32:39.0917 1916 Serial - ok
16:32:39.0932 1916 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:32:39.0932 1916 sermouse - ok
16:32:39.0948 1916 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
16:32:39.0995 1916 SessionEnv - ok
16:32:39.0995 1916 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
16:32:40.0010 1916 sffdisk - ok
16:32:40.0026 1916 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
16:32:40.0026 1916 sffp_mmc - ok
16:32:40.0041 1916 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
16:32:40.0057 1916 sffp_sd - ok
16:32:40.0057 1916 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:32:40.0073 1916 sfloppy - ok
16:32:40.0088 1916 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:32:40.0119 1916 SharedAccess - ok
16:32:40.0135 1916 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:32:40.0151 1916 ShellHWDetection - ok
16:32:40.0166 1916 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:32:40.0166 1916 SiSRaid2 - ok
16:32:40.0182 1916 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:32:40.0197 1916 SiSRaid4 - ok
16:32:40.0229 1916 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
16:32:40.0244 1916 SkypeUpdate - ok
16:32:40.0275 1916 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:32:40.0322 1916 Smb - ok
16:32:40.0338 1916 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:32:40.0353 1916 SNMPTRAP - ok
16:32:40.0369 1916 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:32:40.0369 1916 spldr - ok
16:32:40.0400 1916 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
16:32:40.0416 1916 Spooler - ok
16:32:40.0478 1916 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
16:32:40.0525 1916 sppsvc - ok
16:32:40.0541 1916 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:32:40.0572 1916 sppuinotify - ok
16:32:40.0603 1916 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:32:40.0619 1916 srv - ok
16:32:40.0650 1916 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:32:40.0650 1916 srv2 - ok
16:32:40.0681 1916 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:32:40.0697 1916 srvnet - ok
16:32:40.0712 1916 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:32:40.0743 1916 SSDPSRV - ok
16:32:40.0759 1916 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:32:40.0790 1916 SstpSvc - ok
16:32:40.0821 1916 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:32:40.0837 1916 Stereo Service - ok
16:32:40.0853 1916 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:32:40.0868 1916 stexstor - ok
16:32:40.0899 1916 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
16:32:40.0931 1916 stisvc - ok
16:32:40.0931 1916 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
16:32:40.0946 1916 storflt - ok
16:32:40.0946 1916 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
16:32:40.0962 1916 storvsc - ok
16:32:40.0977 1916 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:32:40.0993 1916 swenum - ok
16:32:41.0024 1916 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:32:41.0055 1916 swprv - ok
16:32:41.0087 1916 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
16:32:41.0133 1916 SysMain - ok
16:32:41.0133 1916 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:32:41.0149 1916 TabletInputService - ok
16:32:41.0165 1916 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
16:32:41.0211 1916 TapiSrv - ok
16:32:41.0211 1916 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:32:41.0243 1916 TBS - ok
16:32:41.0305 1916 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:32:41.0352 1916 Tcpip - ok
16:32:41.0399 1916 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:32:41.0430 1916 TCPIP6 - ok
16:32:41.0445 1916 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:32:41.0477 1916 tcpipreg - ok
16:32:41.0492 1916 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:32:41.0508 1916 TDPIPE - ok
16:32:41.0523 1916 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:32:41.0539 1916 TDTCP - ok
16:32:41.0555 1916 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:32:41.0586 1916 tdx - ok
16:32:41.0601 1916 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:32:41.0601 1916 TermDD - ok
16:32:41.0633 1916 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
16:32:41.0664 1916 TermService - ok
16:32:41.0679 1916 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:32:41.0695 1916 Themes - ok
16:32:41.0695 1916 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:32:41.0726 1916 THREADORDER - ok
16:32:41.0742 1916 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:32:41.0773 1916 TrkWks - ok
16:32:41.0804 1916 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:32:41.0820 1916 TrustedInstaller - ok
16:32:41.0835 1916 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:32:41.0867 1916 tssecsrv - ok
16:32:41.0882 1916 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:32:41.0913 1916 tunnel - ok
16:32:41.0929 1916 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:32:41.0945 1916 uagp35 - ok
16:32:41.0960 1916 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:32:41.0991 1916 udfs - ok
16:32:42.0007 1916 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:32:42.0023 1916 UI0Detect - ok
16:32:42.0054 1916 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
16:32:42.0069 1916 uliagpkx - ok
16:32:42.0085 1916 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:32:42.0101 1916 umbus - ok
16:32:42.0116 1916 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:32:42.0132 1916 UmPass - ok
16:32:42.0147 1916 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
16:32:42.0147 1916 UmRdpService - ok
16:32:42.0179 1916 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
16:32:42.0210 1916 UMVPFSrv - ok
16:32:42.0225 1916 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:32:42.0257 1916 upnphost - ok
16:32:42.0288 1916 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
16:32:42.0303 1916 USBAAPL64 - ok
16:32:42.0335 1916 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
16:32:42.0350 1916 usbaudio - ok
16:32:42.0366 1916 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:32:42.0366 1916 usbccgp - ok
16:32:42.0381 1916 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
16:32:42.0397 1916 usbcir - ok
16:32:42.0428 1916 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:32:42.0444 1916 usbehci - ok
16:32:42.0459 1916 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:32:42.0475 1916 usbhub - ok
16:32:42.0475 1916 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:32:42.0491 1916 usbohci - ok
16:32:42.0506 1916 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:32:42.0522 1916 usbprint - ok
16:32:42.0537 1916 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:32:42.0553 1916 usbscan - ok
16:32:42.0569 1916 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:32:42.0584 1916 USBSTOR - ok
16:32:42.0584 1916 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:32:42.0600 1916 usbuhci - ok
16:32:42.0615 1916 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
16:32:42.0631 1916 usbvideo - ok
16:32:42.0647 1916 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:32:42.0678 1916 UxSms - ok
16:32:42.0678 1916 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
16:32:42.0693 1916 VaultSvc - ok
16:32:42.0709 1916 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
16:32:42.0725 1916 vdrvroot - ok
16:32:42.0740 1916 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
16:32:42.0756 1916 vds - ok
16:32:42.0771 1916 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:32:42.0787 1916 vga - ok
16:32:42.0787 1916 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:32:42.0818 1916 VgaSave - ok
16:32:42.0834 1916 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
16:32:42.0834 1916 vhdmp - ok
16:32:42.0849 1916 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
16:32:42.0865 1916 viaide - ok
16:32:42.0881 1916 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
16:32:42.0896 1916 vmbus - ok
16:32:42.0896 1916 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
16:32:42.0912 1916 VMBusHID - ok
16:32:42.0927 1916 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
16:32:42.0927 1916 volmgr - ok
16:32:42.0959 1916 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:32:42.0990 1916 volmgrx - ok
16:32:43.0005 1916 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:32:43.0021 1916 volsnap - ok
16:32:43.0052 1916 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:32:43.0052 1916 vsmraid - ok
16:32:43.0099 1916 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
16:32:43.0115 1916 VSS - ok
16:32:43.0130 1916 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
16:32:43.0146 1916 vwifibus - ok
16:32:43.0161 1916 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:32:43.0208 1916 W32Time - ok
16:32:43.0208 1916 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:32:43.0224 1916 WacomPen - ok
16:32:43.0239 1916 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:32:43.0271 1916 WANARP - ok
16:32:43.0271 1916 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:32:43.0302 1916 Wanarpv6 - ok
16:32:43.0333 1916 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
16:32:43.0364 1916 wbengine - ok
16:32:43.0380 1916 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:32:43.0395 1916 WbioSrvc - ok
16:32:43.0427 1916 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:32:43.0442 1916 wcncsvc - ok
16:32:43.0442 1916 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:32:43.0458 1916 WcsPlugInService - ok
16:32:43.0473 1916 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:32:43.0489 1916 Wd - ok
16:32:43.0520 1916 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:32:43.0536 1916 Wdf01000 - ok
16:32:43.0551 1916 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:32:43.0567 1916 WdiServiceHost - ok
16:32:43.0567 1916 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:32:43.0583 1916 WdiSystemHost - ok
16:32:43.0614 1916 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
16:32:43.0629 1916 WebClient - ok
16:32:43.0629 1916 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:32:43.0676 1916 Wecsvc - ok
16:32:43.0676 1916 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:32:43.0723 1916 wercplsupport - ok
16:32:43.0739 1916 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:32:43.0770 1916 WerSvc - ok
16:32:43.0785 1916 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:32:43.0817 1916 WfpLwf - ok
16:32:43.0832 1916 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:32:43.0832 1916 WIMMount - ok
16:32:43.0848 1916 WinDefend - ok
16:32:43.0848 1916 WinHttpAutoProxySvc - ok
16:32:43.0895 1916 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:32:43.0941 1916 Winmgmt - ok
16:32:44.0004 1916 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
16:32:44.0066 1916 WinRM - ok
16:32:44.0097 1916 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:32:44.0113 1916 WinUsb - ok
16:32:44.0144 1916 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:32:44.0175 1916 Wlansvc - ok
16:32:44.0175 1916 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:32:44.0191 1916 WmiAcpi - ok
16:32:44.0207 1916 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:32:44.0222 1916 wmiApSrv - ok
16:32:44.0238 1916 WMPNetworkSvc - ok
16:32:44.0253 1916 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:32:44.0253 1916 WPCSvc - ok
16:32:44.0269 1916 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:32:44.0285 1916 WPDBusEnum - ok
16:32:44.0300 1916 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:32:44.0331 1916 ws2ifsl - ok
16:32:44.0347 1916 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll
16:32:44.0363 1916 wscsvc - ok
16:32:44.0363 1916 WSearch - ok
16:32:44.0425 1916 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:32:44.0472 1916 wuauserv - ok
16:32:44.0487 1916 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:32:44.0503 1916 WudfPf - ok
16:32:44.0519 1916 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:32:44.0534 1916 WUDFRd - ok
16:32:44.0550 1916 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:32:44.0565 1916 wudfsvc - ok
16:32:44.0581 1916 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:32:44.0597 1916 WwanSvc - ok
16:32:44.0612 1916 ================ Scan global ===============================
16:32:44.0643 1916 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:32:44.0659 1916 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
16:32:44.0675 1916 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
16:32:44.0690 1916 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:32:44.0721 1916 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:32:44.0721 1916 [Global] - ok
16:32:44.0721 1916 ================ Scan MBR ==================================
16:32:44.0737 1916 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:32:44.0924 1916 \Device\Harddisk0\DR0 - ok
16:32:44.0924 1916 ================ Scan VBR ==================================
16:32:44.0940 1916 [ 270BAC60E90E625133D4A3F09F8934D3 ] \Device\Harddisk0\DR0\Partition1
16:32:44.0940 1916 \Device\Harddisk0\DR0\Partition1 - ok
16:32:44.0955 1916 [ 18C1231D4A1D6AF78B7D9838869EB9CC ] \Device\Harddisk0\DR0\Partition2
16:32:44.0955 1916 \Device\Harddisk0\DR0\Partition2 - ok
16:32:44.0955 1916 ============================================================
16:32:44.0955 1916 Scan finished
16:32:44.0955 1916 ============================================================
16:32:44.0971 1444 Detected object count: 1
16:32:44.0971 1444 Actual detected object count: 1
16:33:13.0881 1444 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
16:33:13.0881 1444 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:33:22.0383 4516 Deinitialize success
Hoffe, das ich jetzt alles richtig gemacht habe und du mir weiterhelfen kannst und ich den Computer nicht platt machen muss. Noch mal ich, jetzt ist mein Konto wieder total lahm gelegt und es erscheint nur das Bild vom BKA Virus. |
|
24.02.2013, 21:19
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de) Mit dem anderen Benutzerkonto kannst du aber noch arbeiten? Wenn ja: Dann bitte jetzt CF ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.02.2013, 23:40
| #15 |
| | Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de)Code:
ATTFilter ComboFix 13-02-24.01 - Acer 24.02.2013 23:28:55.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.3263.1810 [GMT 1:00]
ausgeführt von:: c:\users\Jenny\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\IMinent Toolbar\tbHElper.dll
c:\users\Jenny\vlc-0.9.9-win32.exe
c:\users\Ralph\AppData\Roaming\Kuev
c:\users\Ralph\AppData\Roaming\Kuev\hyemo.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-24 bis 2013-02-24 ))))))))))))))))))))))))))))))
.
.
2013-02-24 22:34 . 2013-02-24 22:34 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-02-24 22:34 . 2013-02-24 22:34 -------- d-----w- c:\users\Ralph\AppData\Local\temp
2013-02-24 22:34 . 2013-02-24 22:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-24 22:34 . 2013-02-24 22:34 -------- d-----w- c:\users\Acer\AppData\Local\temp
2013-02-24 22:18 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{977F6861-A8A1-4F1D-979D-466FA646EBD2}\mpengine.dll
2013-02-23 15:36 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-23 11:22 . 2013-02-23 11:22 -------- d-----w- c:\users\Ralph\AppData\Roaming\Rhliz
2013-02-23 02:20 . 2013-02-23 02:20 -------- d-----w- c:\programdata\Malwarebytes
2013-02-23 02:13 . 2013-02-23 02:13 -------- d-----w- c:\users\Ralph\AppData\Local\WinZip
2013-02-23 02:13 . 2013-02-23 11:33 -------- d-----w- c:\programdata\WinZip
2013-02-23 02:13 . 2013-02-23 02:13 -------- d-----w- c:\program files\WinZip
2013-02-23 00:48 . 2013-02-23 00:48 -------- d-----w- c:\users\Acer\AppData\Local\ElevatedDiagnostics
2013-02-23 00:32 . 2013-02-19 02:57 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{10533BF5-C9F0-4EBB-BE30-FD0672F70683}\mpengine.dll
2013-02-22 23:28 . 2013-02-22 23:28 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-02-22 16:43 . 2013-02-22 16:43 -------- d-----w- c:\programdata\McAfee
2013-02-22 16:42 . 2013-02-22 16:42 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-02-22 16:25 . 2013-02-22 16:25 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-02-22 16:25 . 2013-02-22 16:25 -------- d--h--w- c:\programdata\Common Files
2013-02-22 08:45 . 2013-02-23 11:37 -------- d-----w- c:\users\Ralph\AppData\Roaming\Ipidy
2013-02-22 08:45 . 2013-02-22 08:45 -------- d-----w- c:\users\Ralph\AppData\Roaming\Bafeyz
2013-02-18 18:55 . 2013-02-18 18:55 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-02-18 18:55 . 2013-02-18 18:55 -------- d-----r- c:\program files (x86)\Skype
2013-02-14 15:42 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 15:42 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 14:53 . 2013-01-05 05:57 5500776 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-11 18:34 . 2013-02-11 18:34 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2013-02-11 18:34 . 2013-02-11 18:34 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2013-02-06 19:26 . 2013-02-06 19:26 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-02-06 19:24 . 2013-02-06 19:23 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-06 19:19 . 2013-02-22 23:35 -------- d-----w- c:\users\Ralph\AppData\Local\Mozilla Firefox
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-14 15:44 . 2012-06-15 21:15 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-02-11 18:38 . 2012-06-15 21:38 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-11 18:38 . 2012-06-15 21:38 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-06 19:23 . 2012-06-16 14:34 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-02-06 19:23 . 2012-06-16 14:16 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-17 00:28 . 2012-06-15 20:56 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-14 14:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 16:52 . 2012-12-21 13:08 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:40 . 2012-12-21 13:08 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:25 . 2012-12-21 13:08 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:25 . 2012-12-21 13:08 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-07 05:41 . 2013-01-09 11:51 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 05:35 . 2013-01-09 11:51 2745856 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 05:04 . 2013-01-09 11:51 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 04:57 . 2013-01-09 11:51 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 03:45 . 2013-01-09 11:51 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 03:45 . 2013-01-09 11:51 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 03:45 . 2013-01-09 11:51 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 03:45 . 2013-01-09 11:51 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 03:45 . 2013-01-09 11:51 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 03:45 . 2013-01-09 11:51 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 03:45 . 2013-01-09 11:51 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 03:45 . 2013-01-09 11:51 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 03:45 . 2013-01-09 11:51 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 03:45 . 2013-01-09 11:51 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 03:45 . 2013-01-09 11:51 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 03:45 . 2013-01-09 11:51 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 03:45 . 2013-01-09 11:51 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 03:45 . 2013-01-09 11:51 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 03:21 . 2013-01-09 11:51 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 03:21 . 2013-01-09 11:51 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 03:21 . 2013-01-09 11:51 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 03:21 . 2013-01-09 11:51 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 03:21 . 2013-01-09 11:51 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 03:21 . 2013-01-09 11:51 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 03:21 . 2013-01-09 11:51 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 03:21 . 2013-01-09 11:51 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 03:21 . 2013-01-09 11:51 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 03:21 . 2013-01-09 11:51 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 03:21 . 2013-01-09 11:51 55296 ----a-w- c:\windows\SysWow64\cero.rs
2012-12-07 03:21 . 2013-01-09 11:51 51712 ----a-w- c:\windows\SysWow64\esrb.rs
2012-12-07 03:21 . 2013-01-09 11:51 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 03:21 . 2013-01-09 11:51 15360 ----a-w- c:\windows\SysWow64\djctq.rs
2012-11-28 18:58 . 2012-11-28 18:58 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4CCA90CA-3916-4274-8AB4-3BCB58578075}\gapaengine.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\users\Acer\AppData\LocalLow\CT2625848\ldrtbDVDV.dll" [2012-12-23 618904]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
2012-12-23 09:42 618904 ----a-w- c:\users\Acer\AppData\LocalLow\CT2625848\ldrtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
2010-07-02 07:54 2607872 ----a-w- c:\program files (x86)\IMinent Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-30 14:49 281760 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"= "c:\program files (x86)\IMinent Toolbar\tbcore3.dll" [2010-07-02 2607872]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\users\Acer\AppData\LocalLow\CT2625848\ldrtbDVDV.dll" [2012-12-23 618904]
.
[HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Iminent"="c:\program files (x86)\Iminent\Iminent.exe" [2012-04-27 1073744]
"IminentMessenger"="c:\program files (x86)\Iminent\Iminent.Messengers.exe" [2012-04-27 884816]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"LexwareInfoService"="c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
c:\users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 cpuz135;cpuz135;d:\treiber und software\pc-wizard_2012.2.0\pcwiz_x64.sys [2012-06-16 23816]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2012-03-26 22528]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-15 18:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-30 14:49 342176 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-18 8067616]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&userid=EB_USER_ID&ctid=CT2625848&SSPV=TB_IESB21
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\ghp7knlq.default\
FF - prefs.js: browser.search.selectedEngine - DVDVideoSoftTB DE Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2625848&SearchSource=13&CUI=SB_CUI
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=
FF - ExtSQL: 2012-12-25 16:03; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF - ExtSQL: 2012-12-25 16:04; {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}; c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\ghp7knlq.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
BHO-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
Wow6432Node-HKCU-Run-ASRockOCTuner - (no file)
Wow6432Node-HKCU-Run-ASRockIES - (no file)
Wow6432Node-HKLM-RunOnce-Z1 - c:\users\Ralph\Desktop\mbar\mbar.exe
Wow6432Node-HKLM-RunOnce- Malwarebytes Anti-Malware (cleanup) - c:\users\Ralph\Desktop\mbar\Data\cleanup.dll
WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
AddRemove-FILEminimizer Pictures_is1 - c:\fileminimizer pictures\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="PhotoManager10Deluxe.8.alb"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-24 23:36:22
ComboFix-quarantined-files.txt 2013-02-24 22:36
.
Vor Suchlauf: 9 Verzeichnis(se), 233.539.796.992 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 233.763.012.608 Bytes frei
.
- - End Of File - - 7D4C0121F694A5407B7A582F458DFB75
|
|
| Themen zu Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de) |
| absender, aktionen, anhang, appdata, bedrohung, computer, dauernd, email, entfernt, essen, file, free, heute, local, microsoft, notwendig, ordnung, rechnung, security, setzt, temp, troja, trojan, users, win |
Linear-Darstellung
