| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Groupon TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.03.2013, 14:06
| #1 |
 |  Groupon Trojaner Hallo liebe Trojaner Zerstörer, Ich habe mir gestern auch den Trojaner über eine Nachricht von Groupon eingefangen und bräuchte eure Hilfe. Habe die Zip. Datei geöffnet aber alles blockiert was danach kam, hab meinen PC vom Internet getrennt und mit der Malwarebytes Software und Ariva die Trojaner gesucht und zerstört. Ich habe soweit Zugriff auf alle meine Dateien und sonst auch keine Probleme, allerdings findet Malwarebytes bei jedem neuen Suchlauf immer wieder neue Trojaner, oder denselben... Fühle mich nicht sicher und würde gerne eure Meinung zu dem Thema hören und was zu tun ist, denn ich weiß nicht was das für ein Trojaner ist und was er anrichten kann... Anbei sämtliche Logfiles. (die von Avira konnte ich iwie nicht finden) Beste Grüße Muccy Email habe ich bereits weitergeleitet. Sollte ich die Email Adresse dann löschen oder kann ich sie behalten?  Anhang 51377 Anhang 51378 Anhang 51379 Anhang 51380 Anhang 51381 Anhang 51382 Anhang 51383 Geändert von muccy (08.03.2013 um 14:20 Uhr) |
|
08.03.2013, 15:52
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Groupon Trojaner Hallo muccy und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ |
|
08.03.2013, 16:29
| #3 |
| | Groupon Trojaner Ich würde wirklich gerne mehr darüber erfahren, um was für einen Trojaner es sich handelt und inwiefern er mir schadet.
__________________Habe wie gesagt keine sichtbaren Einschränkungen, Sperrbildschirme oder Verschlüsselungen, bin in großer Sorge, um meine Bankdaten, vieleicht kannst du mich da beruhigen? Vielen Danke schonmal bist meine Rettung! Hier sind die Infos aus dem OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 3/8/2013 4:03:36 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Muccy3001\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4.00 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 59.58% Memory free 8.00 Gb Paging File | 6.17 Gb Available in Paging File | 77.11% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1366.17 Gb Total Space | 1107.25 Gb Free Space | 81.05% Space Free | Partition Type: NTFS Drive D: | 30.00 Gb Total Space | 10.38 Gb Free Space | 34.59% Space Free | Partition Type: NTFS Computer Name: MUCCY3001-PC | User Name: Muccy3001 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Muccy3001\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\Muccy3001\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) PRC - C:\Users\Muccy3001\AppData\Roaming\Urobz\taqeh.exe () PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () MOD - C:\Users\Muccy3001\AppData\Roaming\Urobz\taqeh.exe () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros) DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros) DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros) DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros) DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros) DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros) DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros) DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices) DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices) DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software) DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3511931958-2117292522-3197319374-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKU\S-1-5-21-3511931958-2117292522-3197319374-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3511931958-2117292522-3197319374-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=ca8fa289000000000000000272b0b9d0 IE - HKU\S-1-5-21-3511931958-2117292522-3197319374-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-3511931958-2117292522-3197319374-1000\..\SearchScopes\{02B3E1F1-C35B-49BA-BCFF-A1B1F4B87383}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393 IE - HKU\S-1-5-21-3511931958-2117292522-3197319374-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=ca8fa289000000000000000272b0b9d0 IE - HKU\S-1-5-21-3511931958-2117292522-3197319374-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3511931958-2117292522-3197319374-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=ca8fa289000000000000000272b0b9d0" FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=110819&babsrc=KW_ss&mntrId=ca8fa289000000000000000272b0b9d0&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 09:20:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/08 09:20:00 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 09:20:02 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/08 09:20:00 | 000,000,000 | ---D | M] [2011/03/11 11:19:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Muccy3001\AppData\Roaming\mozilla\Extensions [2013/02/26 17:44:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Muccy3001\AppData\Roaming\mozilla\Firefox\Profiles\ikvvofgf.default\extensions [2013/02/26 17:44:22 | 000,021,487 | ---- | M] () (No name found) -- C:\Users\Muccy3001\AppData\Roaming\mozilla\firefox\profiles\ikvvofgf.default\extensions\plugin@yontoo.com.xpi [2012/12/12 18:14:59 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Muccy3001\AppData\Roaming\mozilla\firefox\profiles\ikvvofgf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013/02/15 19:01:59 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Muccy3001\AppData\Roaming\mozilla\firefox\profiles\ikvvofgf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013/03/08 09:19:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013/03/08 09:20:02 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013/01/17 01:11:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/06/05 00:37:58 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2013/01/17 01:11:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013/01/17 01:11:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013/01/17 01:11:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013/01/17 01:11:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013/01/17 01:11:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3:64bit: - HKU\S-1-5-21-3511931958-2117292522-3197319374-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [JAVA] C:\Windows\java.vbs () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3511931958-2117292522-3197319374-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKU\S-1-5-21-3511931958-2117292522-3197319374-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKU\S-1-5-21-3511931958-2117292522-3197319374-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found O4 - HKU\S-1-5-21-3511931958-2117292522-3197319374-1000..\Run: [monag] "C:\Users\Muccy3001\AppData\Roaming\monag.exe" -autorun File not found O4 - HKU\S-1-5-21-3511931958-2117292522-3197319374-1000..\Run: [Oxycenpyi] C:\Users\Muccy3001\AppData\Roaming\Urobz\taqeh.exe () O4 - HKU\S-1-5-21-3511931958-2117292522-3197319374-1000..\Run: [Wyadsym] C:\Users\Muccy3001\AppData\Roaming\Tyvifo\kifea.exe File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Muccy3001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Muccy3001\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Muccy3001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Muccy3001\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Muccy3001\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.17.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1FC4AE18-1088-4A4E-A5C3-01A88EF86339}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{968D1D2D-689F-407A-9952-71D7A2706EF2}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{e54b6737-4538-11e0-bd9b-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{e54b6737-4538-11e0-bd9b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.bat O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/03/08 16:00:48 | 000,000,000 | R--D | C] -- C:\Users\Muccy3001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2013/03/08 14:49:07 | 000,000,000 | ---D | C] -- C:\Users\Muccy3001\AppData\Roaming\Zoas [2013/03/08 14:49:07 | 000,000,000 | ---D | C] -- C:\Users\Muccy3001\AppData\Roaming\Zesua [2013/03/08 14:49:07 | 000,000,000 | ---D | C] -- C:\Users\Muccy3001\AppData\Roaming\Anakab [2013/03/08 14:37:44 | 000,000,000 | ---D | C] -- C:\Users\Muccy3001\Dtvmr [2013/03/08 13:37:03 | 000,000,000 | -H-D | C] -- C:\Users\Muccy3001\AppData\Roaming\E8BEE989 [2013/03/08 12:14:44 | 000,000,000 | ---D | C] -- C:\Users\Muccy3001\AppData\Roaming\Zuluud [2013/03/08 12:14:44 | 000,000,000 | ---D | C] -- C:\Users\Muccy3001\AppData\Roaming\Wucyhy [2013/03/08 12:14:44 | 000,000,000 | ---D | C] -- C:\Users\Muccy3001\AppData\Roaming\Urobz [2013/03/08 09:19:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/03/08 05:21:22 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013/03/07 23:14:06 | 000,000,000 | ---D | C] -- C:\Users\Muccy3001\AppData\Roaming\Malwarebytes [2013/03/07 23:13:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/03/07 23:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/03/07 23:13:49 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/03/07 23:13:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/03/07 23:13:34 | 000,000,000 | ---D | C] -- C:\Users\Muccy3001\AppData\Local\Programs [2013/03/07 21:41:16 | 000,000,000 | ---D | C] -- C:\Users\Muccy3001\AppData\Roaming\Tyvifo [2013/03/07 21:41:16 | 000,000,000 | ---D | C] -- C:\Users\Muccy3001\AppData\Roaming\Myhu [2013/03/07 21:41:16 | 000,000,000 | ---D | C] -- C:\Users\Muccy3001\AppData\Roaming\Ahyld [2013/03/06 21:08:29 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013/03/06 21:08:07 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013/02/27 18:49:09 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013/02/27 18:49:08 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013/02/27 18:49:08 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013/02/27 18:49:08 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013/02/27 18:49:05 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013/02/27 18:49:05 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013/02/27 18:49:02 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013/02/27 18:49:02 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013/02/27 18:49:02 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013/02/27 18:49:02 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013/02/27 18:49:02 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013/02/27 18:49:02 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013/02/27 18:49:02 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013/02/27 18:49:02 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013/02/27 18:49:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013/02/27 18:49:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013/02/27 18:49:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013/02/27 18:49:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013/02/27 18:49:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013/02/27 18:49:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013/02/27 18:49:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013/02/27 18:49:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013/02/27 18:49:02 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013/02/27 18:49:02 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013/02/27 18:49:01 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013/02/27 18:49:01 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013/02/27 18:49:01 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013/02/27 18:49:01 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013/02/27 18:49:01 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013/02/27 18:49:01 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013/02/27 18:49:01 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013/02/27 18:49:01 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013/02/27 18:49:01 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013/02/27 18:49:01 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013/02/27 18:49:01 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013/02/27 18:49:01 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013/02/27 18:49:01 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013/02/27 18:49:00 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013/02/27 18:49:00 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013/02/27 18:49:00 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013/02/27 18:49:00 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013/02/27 18:30:40 | 000,000,000 | R--D | C] -- C:\Users\Muccy3001\Documents\Scanned Documents [2013/02/27 18:30:39 | 000,000,000 | ---D | C] -- C:\Users\Muccy3001\Documents\Fax [2013/02/25 15:02:01 | 000,000,000 | ---D | C] -- C:\Users\Muccy3001\Desktop\Rheinenergie [2013/02/13 18:34:30 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013/02/13 18:34:27 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013/02/13 18:34:27 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013/02/13 18:34:07 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/02/13 18:34:04 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/02/13 18:34:03 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/02/13 18:34:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/02/13 18:34:03 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/02/13 18:34:03 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/02/13 18:34:03 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/02/13 18:33:58 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013/02/13 18:33:57 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013/02/13 18:33:56 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013/02/13 18:33:56 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013/02/13 18:33:56 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013/02/13 18:33:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013/02/13 18:33:54 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/03/08 16:08:06 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/03/08 16:08:06 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/03/08 16:00:43 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini [2013/03/08 16:00:41 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/03/08 16:00:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/03/08 16:00:18 | 3220,664,320 | -HS- | M] () -- C:\hiberfil.sys [2013/03/08 14:48:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/03/08 14:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/03/08 05:21:20 | 564,114,586 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013/03/07 23:13:52 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/03/07 21:47:47 | 001,526,786 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/03/07 21:47:47 | 000,668,692 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013/03/07 21:47:47 | 000,620,284 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/03/07 21:47:47 | 000,134,540 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013/03/07 21:47:47 | 000,110,472 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/03/06 21:08:24 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013/03/06 21:08:24 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013/03/06 21:08:24 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013/03/06 21:08:24 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013/03/06 21:08:24 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013/03/06 21:08:24 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013/03/04 19:21:53 | 000,013,455 | ---- | M] () -- C:\Users\Muccy3001\Desktop\Remigiusstr. 14 Übersicht.ods [2013/02/28 19:15:14 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/02/28 19:15:14 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/02/14 20:15:09 | 000,306,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/02/07 20:29:36 | 000,001,061 | ---- | M] () -- C:\Users\Muccy3001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/03/08 05:21:20 | 564,114,586 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013/03/07 23:13:52 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/03/04 19:21:50 | 000,013,455 | ---- | C] () -- C:\Users\Muccy3001\Desktop\Remigiusstr. 14 Übersicht.ods [2012/02/01 18:46:48 | 000,000,000 | ---- | C] () -- C:\Users\Muccy3001\AppData\Local\{44BBEA8D-CE39-4449-A097-59734AADA1CD} [2011/11/10 03:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2011/11/10 03:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011/11/09 22:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2011/11/09 22:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011/09/13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011/08/08 10:58:00 | 000,000,000 | ---- | C] () -- C:\Users\Muccy3001\AppData\Local\{91DE0AFF-B692-42D4-9A53-173573533C95} [2011/05/24 17:18:39 | 000,000,000 | ---- | C] () -- C:\Users\Muccy3001\AppData\Local\{0CB6DFF5-08C6-4E2F-81FB-1BE86D7E0E80} [2011/05/24 17:16:41 | 000,000,000 | ---- | C] () -- C:\Users\Muccy3001\AppData\Local\{1C162DBE-D987-4BC5-8DCE-AEDAFCE1922D} ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > [code] OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 3/8/2013 4:03:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Muccy3001\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4.00 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 59.58% Memory free
8.00 Gb Paging File | 6.17 Gb Available in Paging File | 77.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1366.17 Gb Total Space | 1107.25 Gb Free Space | 81.05% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 10.38 Gb Free Space | 34.59% Space Free | Partition Type: NTFS
Computer Name: MUCCY3001-PC | User Name: Muccy3001 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-3511931958-2117292522-3197319374-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\windows\system32\rundll32.exe" "C:\windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06CDE38E-2885-4D26-ACD2-B9195F2963E4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0945B96D-BAF5-4BAC-99E7-CFB7A32A2E97}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1B23C507-E817-4FC5-811F-F7981539F711}" = lport=138 | protocol=17 | dir=in | app=system |
"{1FCDF2E3-14C1-4863-9B17-79FE3F626D53}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{260DDC66-2E99-41AE-ACEB-FA8D58F04692}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{274BB6E4-D970-4421-889F-97E245254889}" = lport=139 | protocol=6 | dir=in | app=system |
"{38B2CD93-155E-4C1F-BA51-426A4FD22750}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3B619D04-5C1F-4DB4-9302-0216D4945162}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5F681FF8-A0EF-48BF-B7A3-DA6A61C3D683}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7271F9FB-336F-4615-BE2F-37E37A1E3723}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{80591EF5-A4A2-46D9-B4FF-D46C8FC39EEA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{93E8355B-7270-4F7C-8596-705E2CB2BD62}" = rport=445 | protocol=6 | dir=out | app=system |
"{9BA27086-A1EF-44F5-8566-F91568F052F4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A98E8EFB-15AE-4740-A5CA-9EDEAF78E59F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A9EAF0F2-A11D-45FA-9B0D-1583BAF6617A}" = rport=137 | protocol=17 | dir=out | app=system |
"{AF6FFF33-55A7-4A56-9441-7C023B0F50CF}" = rport=139 | protocol=6 | dir=out | app=system |
"{B1EBA578-B569-4AB7-881A-75C6F45380F2}" = lport=445 | protocol=6 | dir=in | app=system |
"{B4D588A5-F106-4293-9C62-D18C2700EEBF}" = lport=137 | protocol=17 | dir=in | app=system |
"{BEE6AC12-3C94-4C08-885F-C00E1634B74A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C42790FE-87E4-4FAE-95A5-CC9DAC73D954}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C57ED8A6-760A-4C02-B208-AB276902C170}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DC7CC21E-20DB-4EFD-B71A-8AE62CE076B9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EB55A1E1-FC0E-4D06-BBF4-54AB788CD657}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{051963CD-35CA-43DA-B51C-CC4D1D0F72A6}" = protocol=6 | dir=out | app=system |
"{0D86D9F9-F8DC-4F21-B839-03352DAD7A14}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0F30EE61-5868-4128-8CAF-2DAF7E152BE6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{13149270-227A-4615-A9BC-2EBDBF0A4D43}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{1436E55B-C6B2-4870-873A-0292C1D9211D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{167E6C97-7346-4B14-AAE9-870D254E7DAC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{19712371-E774-471B-920B-817732D0DB34}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1DA3BD12-BE16-407A-879C-896557BC9080}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{24076498-DA07-409A-AD52-50DAEDFB6944}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2E0ABF55-5B5A-457B-A523-ABA8020738FD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3AB97D1A-58D1-4B60-968C-17B4FD8AAB5C}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{44025FC2-A026-4483-89C1-03531B1907A1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{53C95FBD-86E1-48C8-966B-BC0A5CDF125C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5CF842B2-1484-400D-93C9-508B1176A83D}" = protocol=6 | dir=in | app=c:\users\muccy3001\appdata\roaming\dropbox\bin\dropbox.exe |
"{6B2DA4EA-1D4C-41A7-83FE-39F01A513EDF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6DBF9567-D9B3-45B6-85F1-A94E7B9E54BB}" = protocol=17 | dir=in | app=c:\users\muccy3001\appdata\roaming\dropbox\bin\dropbox.exe |
"{734A1096-E8E6-4544-9901-261828D00602}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{745C78EC-0174-478F-B218-3466CE54AB7A}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{7C22EBDB-02C9-4762-BD52-F6CC2771544C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7E8223FE-FB5D-49B2-93BD-0A2A50876342}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8CB35B77-6A70-46AA-B733-C6AA455AA0C7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A076DD21-514E-4173-82C5-B0A92E179B05}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A4E362A9-0BE1-497A-AB9D-4B9545823BB8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{AB1C0002-0BE0-4BA8-94DF-C90E63398D2E}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{AEE44679-64A1-4A4C-94C9-8DA50E2A872C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B5A02968-C342-4A68-A1AE-FEC85BD641C4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC517430-0569-4CC0-9555-4884DA1E1EEF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BDDDA87F-BCF5-4913-9B87-09ABD57FC443}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{BFE7D5E7-3A6B-4029-8B8F-DF9738734047}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C8F43C5B-F9D3-4A82-BD69-56555369219D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D8058E8F-A6BA-45D4-91A3-B044CDAEE49C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EA63862D-702F-4CD1-BD0D-5E0A9C6E9EF5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F5F71530-2FF7-4974-A6C8-68D339D863E0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FB73772E-D22E-4CA3-A1BC-0B42BD479028}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{1314A973-54CE-4666-8C8E-3DE78A6D67AE}C:\users\muccy3001\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\muccy3001\appdata\roaming\spotify\spotify.exe |
"TCP Query User{77CE6796-4CB7-4812-8965-36561911DA06}C:\program files (x86)\hp\hp deskjet 3050 j610 series\bin\scantopcactivationapp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hp\hp deskjet 3050 j610 series\bin\scantopcactivationapp.exe |
"TCP Query User{7865432B-49A4-42D4-9939-CFABEE09E189}C:\users\muccy3001\appdata\roaming\urobz\taqeh.exe" = protocol=6 | dir=in | app=c:\users\muccy3001\appdata\roaming\urobz\taqeh.exe |
"TCP Query User{796401D1-92E9-42CF-A2AF-38BB788D1CFA}C:\users\muccy3001\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\muccy3001\appdata\roaming\spotify\spotify.exe |
"TCP Query User{B7F375BB-6EB2-441C-BE80-BDD051B54C3B}C:\users\muccy3001\appdata\roaming\tyvifo\kifea.exe" = protocol=6 | dir=in | app=c:\users\muccy3001\appdata\roaming\tyvifo\kifea.exe |
"TCP Query User{D952A323-5F03-45F3-9FA1-DD514FE0FAC8}C:\users\muccy3001\appdata\roaming\urobz\taqeh.exe" = protocol=6 | dir=in | app=c:\users\muccy3001\appdata\roaming\urobz\taqeh.exe |
"UDP Query User{26AD5D05-A868-405C-BC78-33B8C15321A9}C:\users\muccy3001\appdata\roaming\tyvifo\kifea.exe" = protocol=17 | dir=in | app=c:\users\muccy3001\appdata\roaming\tyvifo\kifea.exe |
"UDP Query User{5420A7FE-C61A-4115-888E-00D06F6ECC8B}C:\program files (x86)\hp\hp deskjet 3050 j610 series\bin\scantopcactivationapp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hp\hp deskjet 3050 j610 series\bin\scantopcactivationapp.exe |
"UDP Query User{6D54D3AA-F48F-4FF6-A616-2A06F5E398A9}C:\users\muccy3001\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\muccy3001\appdata\roaming\spotify\spotify.exe |
"UDP Query User{B8AC3E98-3723-4638-A0BE-8E0A9597F969}C:\users\muccy3001\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\muccy3001\appdata\roaming\spotify\spotify.exe |
"UDP Query User{C86E6077-4E53-4D5C-AA8F-75719A91A608}C:\users\muccy3001\appdata\roaming\urobz\taqeh.exe" = protocol=17 | dir=in | app=c:\users\muccy3001\appdata\roaming\urobz\taqeh.exe |
"UDP Query User{DED651CA-A5D0-41B2-B719-F7247BB3C0B8}C:\users\muccy3001\appdata\roaming\urobz\taqeh.exe" = protocol=17 | dir=in | app=c:\users\muccy3001\appdata\roaming\urobz\taqeh.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{122C8DA5-1978-7BB6-6179-BE41806E8086}" = ccc-utility64
"{19DCDC0D-9D87-46DB-A4B0-08B35AA333A3}" = Corel Shell Extension - 64Bit
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{3DF2B8CD-072D-49F5-BCF8-1DB86B0DF632}" = HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89BDAE1A-7B8E-4A0E-A169-02F7F366451D}" = iCloud
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{03BB06DB-15FE-47F0-B872-E6477933C986}" = Windows Live UX Platform Language Pack
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{0482617D-DDC3-D703-2572-7D1E55FA24CB}" = Catalyst Control Center Graphics Previews Vista
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE}" = Windows Live UX Platform Language Pack
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{13FAE3E3-283E-4BF4-8FE5-17D256EDDD77}" = Windows Live UX Platform Language Pack
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E87F5D4-3502-4F8E-86A5-61DE5AAD1060}" = Windows Live UX Platform Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{216BE2D3-5317-10C1-6F02-C4665CFB4507}" = CCC Help Japanese
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{26E276AC-F6C2-883E-E665-E97C735AA0AA}" = CCC Help French
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{31760C30-2C21-75D1-675E-3388AAC04068}" = CCC Help Dutch
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{5380E159-9445-C146-ECBC-5DF6E97FAB85}" = CCC Help Swedish
"{543E6ACA-51B7-4283-82F2-57C0582A53C5}" = Windows Live UX Platform Language Pack
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{54F89819-7AF7-9A0A-1F45-2E19F0CA18A8}" = CCC Help Finnish
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{59F324A2-667C-EA14-0A8D-DC3794330056}" = CCC Help Danish
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B0A2ECE-E4C6-4BA3-AE9D-8B827F03B992}" = Windows Live UX Platform Language Pack
"{6B318C80-7BE4-4D79-9F53-4290958EA984}" = Windows Live UX Platform Language Pack
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{7189F66A-1560-1573-05C9-DE53613AEA1A}" = Versandhelfer
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{76046298-768C-492C-8C93-2983C9E3719E}" = Windows Live UX Platform Language Pack
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7D14B7C4-10DA-173B-D073-DED305D55099}" = Catalyst Control Center Localization All
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{934331FE-E81E-B486-A049-382715BE7416}" = CCC Help German
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A850B824-9CE5-EEDE-D762-3C9518ABAC98}" = ccc-core-static
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA0F476C-CA5F-F382-67B2-F0085C1EBC6E}" = CCC Help Norwegian
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B765F43A-6189-61F7-5D8A-0B9E8A851193}" = CCC Help English
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01AE05C-3C8C-75B3-C9F0-1B525DD3697C}" = Catalyst Control Center InstallProxy
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2131BFA-A0D6-4FDE-8614-75B07A9B15EE}" = Windows Live UX Platform Language Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE2A3E12-3592-1A8B-D3B3-60E2C07C52C2}" = CCC Help Italian
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED86C4AB-D1E5-42CF-BFA3-56BAAE617D4E}" = Windows Live UX Platform Language Pack
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F354B79F-C895-AC25-EC8F-72DAFF960B83}" = CCC Help Spanish
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Hilfe
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Photo Optimizer_is1" = Ashampoo Photo Optimizer
"Ashampoo Snap_is1" = Ashampoo Snap
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"dpdhl.versandhelfer.medionpc.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1" = Versandhelfer
"Free iPad Video Converter_is1" = Free iPad Video Converter 3.7.2.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"HP Photo Creations" = HP Photo Creations
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"VLC media player" = VLC media player 1.1.9
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"ZipALot" = ZipALot (remove only)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3511931958-2117292522-3197319374-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"PDF Reader" = PDF Reader
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 3/7/2013 9:05:53 PM | Computer Name = Muccy3001-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 561588
Error - 3/7/2013 9:06:09 PM | Computer Name = Muccy3001-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 3/7/2013 9:06:09 PM | Computer Name = Muccy3001-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 577188
Error - 3/7/2013 9:06:09 PM | Computer Name = Muccy3001-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 577188
Error - 3/7/2013 9:06:25 PM | Computer Name = Muccy3001-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 3/7/2013 9:06:25 PM | Computer Name = Muccy3001-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 592788
Error - 3/7/2013 9:06:25 PM | Computer Name = Muccy3001-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 592788
Error - 3/8/2013 8:37:06 AM | Computer Name = Muccy3001-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: KB00410889.exe, Version: 8.7.3.5,
Zeitstempel: 0x50ef19f6 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001af056 ID des fehlerhaften
Prozesses: 0x156c Startzeit der fehlerhaften Anwendung: 0x01ce1bf9a2a616ea Pfad der
fehlerhaften Anwendung: C:\Users\Muccy3001\AppData\Roaming\KB00410889.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: e273bce9-87ec-11e2-93eb-000272b0b9d0
Error - 3/8/2013 9:38:13 AM | Computer Name = Muccy3001-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: KB00410889.exe, Version: 8.7.3.5,
Zeitstempel: 0x50ef19f6 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001af056 ID des fehlerhaften
Prozesses: 0x164c Startzeit der fehlerhaften Anwendung: 0x01ce1c022cdab358 Pfad der
fehlerhaften Anwendung: C:\Users\Muccy3001\AppData\Roaming\KB00410889.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: 6bcfbc1e-87f5-11e2-93eb-000272b0b9d0
Error - 3/8/2013 9:42:29 AM | Computer Name = Muccy3001-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 19.0.2.4814,
Zeitstempel: 0x5138a1d3 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce6c3 ID des fehlerhaften
Prozesses: 0xf80 Startzeit der fehlerhaften Anwendung: 0x01ce1bfa4602a878 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 046cd56e-87f6-11e2-93eb-000272b0b9d0
[ System Events ]
Error - 4/17/2012 2:52:23 AM | Computer Name = Muccy3001-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 4/17/2012 2:58:08 AM | Computer Name = Muccy3001-PC | Source = Service Control Manager | ID = 7043
Description = Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements
nicht richtig heruntergefahren werden.
Error - 7/15/2012 9:33:54 AM | Computer Name = Muccy3001-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 7/27/2012 6:13:54 AM | Computer Name = Muccy3001-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 8/16/2012 3:15:37 AM | Computer Name = Muccy3001-PC | Source = BTHUSB | ID = 327696
Description = Die beiderseitige Authentifizierung zwischen dem lokalen Bluetooth-Adapter
und einem Gerät mit Bluetooth-Adapteradresse (78:ca:39:4a:a7:04) ist fehlgeschlagen.
Error - 9/3/2012 6:19:06 AM | Computer Name = Muccy3001-PC | Source = DCOM | ID = 10010
Description =
Error - 9/21/2012 4:40:34 AM | Computer Name = Muccy3001-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 9/21/2012 4:40:52 AM | Computer Name = Muccy3001-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 9/21/2012 4:41:52 AM | Computer Name = Muccy3001-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Apple Mobile Device" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
ist fehlgeschlagen. Fehler: %%1056
Error - 9/28/2012 4:30:49 AM | Computer Name = Muccy3001-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?09.?2012 um 10:28:51 unerwartet heruntergefahren.
< End of report >
[code] |
|
08.03.2013, 17:06
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Groupon Trojaner Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus. Anleitung MBAR: Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
08.03.2013, 18:42
| #5 |
| | Groupon Trojaner Ich hoffe ich habe soweit alles richtig gemacht. Es gab auch beim 2ten durchlauf keine Funde mehr. Ich musste den GMER leider teilen die anderen logs kommen auch im nächsten beitrag! GMER Teil 1 Code:
ATTFilter
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-08 17:27:47
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000055 ST315005 rev.CC34 1397,27GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\MUCCY3~1\AppData\Local\Temp\kxliiuog.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775008fc 6 bytes [68, 93, 5C, 08, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000775125fd 6 bytes [68, D6, FC, 07, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007751c45a 6 bytes [68, BE, 5D, 08, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077522a63 6 bytes [68, 1C, FD, 07, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077544128 6 bytes [68, 62, FD, 07, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007754e659 6 bytes [68, A8, FD, 07, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 000000007549455c 6 bytes [68, 27, 60, 08, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000754979f8 6 bytes [68, E6, 5F, 08, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007686c592 6 bytes [68, A4, 60, 08, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000768a2538 6 bytes [68, 8D, 60, 08, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!GetDC 00000000762e72c4 6 bytes [68, FA, B0, 07, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!ReleaseDC 00000000762e7446 6 bytes [68, 78, B1, 07, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!TranslateMessage 00000000762e7809 6 bytes [68, 2C, B8, 07, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000762e78e2 6 bytes [68, 37, 5B, 08, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000762e7bd3 6 bytes [68, 5F, 5B, 08, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000762e8048 6 bytes [68, 39, B1, 07, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!RegisterClassW 00000000762e8a65 6 bytes [68, DA, FF, 07, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!RegisterClassExW 00000000762eb17d 6 bytes [68, 74, 00, 08, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!RegisterClassExA 00000000762edb98 6 bytes [68, C6, 00, 08, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000762f05ba 6 bytes [68, 87, 5B, 08, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!CallWindowProcW 00000000762f0d32 6 bytes [68, 0C, FF, 07, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!GetCursorPos 00000000762f1218 6 bytes [68, 6A, 59, 08, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!EndPaint 00000000762f1341 6 bytes [68, 5F, B0, 07, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!BeginPaint 00000000762f1361 6 bytes [68, EF, AF, 07, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!GetMessagePos 00000000762f2a8d 6 bytes [68, 38, 59, 08, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!GetCapture 00000000762f2aac 6 bytes [68, 98, 5A, 08, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!GetDCEx 00000000762f3391 6 bytes [68, 9F, B0, 07, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!RegisterClassA 00000000762f434b 6 bytes [68, 27, 00, 08, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000762f5f74 6 bytes [68, B2, 5B, 08, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 00000000762f6222 6 bytes [68, 4B, B2, 07, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!CallWindowProcA 00000000762f792f 6 bytes [68, 55, FF, 07, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!DefFrameProcA 00000000762f7fbb 6 bytes [68, 37, FE, 07, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000762f810c 6 bytes [68, C6, FE, 07, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!DefFrameProcW 00000000762f85c1 6 bytes [68, EE, FD, 07, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 00000000762f86b4 6 bytes [68, 80, FE, 07, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007630d41f 6 bytes [68, B8, B1, 07, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!ReleaseCapture 000000007630ed49 6 bytes [68, 48, 5A, 08, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!SetCapture 000000007630ed56 6 bytes [68, EE, 59, 08, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000076329854 6 bytes [68, B8, FC, 07, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076329cfd 6 bytes [68, B1, 59, 08, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076329f1d 6 bytes [68, DB, B9, 07, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000763487cb 6 bytes [68, 68, FC, 07, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075443918 6 bytes [68, D4, 06, 08, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000075444296 6 bytes [68, E5, 02, 08, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075444406 6 bytes [68, 2D, 07, 08, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\WS2_32.dll!send 0000000075446f01 6 bytes [68, 0C, 07, 08, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075457673 6 bytes [68, 75, 02, 08, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076bb1224 6 bytes [68, 51, 5C, 07, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000763ea336 6 bytes [68, 16, 74, 07, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 00000000763eab41 6 bytes [68, 76, 72, 07, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000763eb3fe 6 bytes [68, E3, 72, 07, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 00000000763f4a42 6 bytes [68, 74, 6F, 07, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000763f4c7d 6 bytes [68, B8, 6F, 07, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 00000000763f5e5d 6 bytes [68, EA, 73, 07, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000763fba12 6 bytes [68, FC, 6F, 07, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 00000000764045e2 6 bytes [68, E0, 71, 07, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000076404a35 6 bytes [68, A6, 70, 07, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 000000007641ae56 6 bytes [68, 11, 73, 07, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 000000007644b04e 6 bytes [68, 90, 73, 07, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000076461962 6 bytes [68, 43, 71, 07, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 00000000764619e5 6 bytes [68, 2B, 72, 07, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2728] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000076461a48 6 bytes [68, 51, 70, 07, 02, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775008fc 6 bytes [68, 93, 5C, 07, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000775125fd 6 bytes [68, D6, FC, 06, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007751c45a 6 bytes [68, BE, 5D, 07, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077522a63 6 bytes [68, 1C, FD, 06, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077544128 6 bytes [68, 62, FD, 06, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007754e659 6 bytes [68, A8, FD, 06, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 000000007549455c 6 bytes [68, 27, 60, 07, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000754979f8 6 bytes [68, E6, 5F, 07, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007686c592 6 bytes [68, A4, 60, 07, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000768a2538 6 bytes [68, 8D, 60, 07, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!GetDC 00000000762e72c4 6 bytes [68, FA, B0, 06, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!ReleaseDC 00000000762e7446 6 bytes [68, 78, B1, 06, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!TranslateMessage 00000000762e7809 6 bytes [68, 2C, B8, 06, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000762e78e2 6 bytes [68, 37, 5B, 07, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000762e7bd3 6 bytes [68, 5F, 5B, 07, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000762e8048 6 bytes [68, 39, B1, 06, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!RegisterClassW 00000000762e8a65 6 bytes [68, DA, FF, 06, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!RegisterClassExW 00000000762eb17d 6 bytes [68, 74, 00, 07, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!RegisterClassExA 00000000762edb98 6 bytes [68, C6, 00, 07, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000762f05ba 6 bytes [68, 87, 5B, 07, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!CallWindowProcW 00000000762f0d32 6 bytes [68, 0C, FF, 06, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!GetCursorPos 00000000762f1218 6 bytes [68, 6A, 59, 07, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!EndPaint 00000000762f1341 6 bytes [68, 5F, B0, 06, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!BeginPaint 00000000762f1361 6 bytes [68, EF, AF, 06, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!GetMessagePos 00000000762f2a8d 6 bytes [68, 38, 59, 07, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!GetCapture 00000000762f2aac 6 bytes [68, 98, 5A, 07, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!GetDCEx 00000000762f3391 6 bytes [68, 9F, B0, 06, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!RegisterClassA 00000000762f434b 6 bytes [68, 27, 00, 07, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000762f5f74 6 bytes [68, B2, 5B, 07, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 00000000762f6222 6 bytes [68, 4B, B2, 06, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!CallWindowProcA 00000000762f792f 6 bytes [68, 55, FF, 06, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!DefFrameProcA 00000000762f7fbb 6 bytes [68, 37, FE, 06, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000762f810c 6 bytes [68, C6, FE, 06, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!DefFrameProcW 00000000762f85c1 6 bytes [68, EE, FD, 06, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 00000000762f86b4 6 bytes [68, 80, FE, 06, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007630d41f 6 bytes [68, B8, B1, 06, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!ReleaseCapture 000000007630ed49 6 bytes [68, 48, 5A, 07, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!SetCapture 000000007630ed56 6 bytes [68, EE, 59, 07, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000076329854 6 bytes [68, B8, FC, 06, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076329cfd 6 bytes [68, B1, 59, 07, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076329f1d 6 bytes [68, DB, B9, 06, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000763487cb 6 bytes [68, 68, FC, 06, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075443918 6 bytes [68, D4, 06, 07, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000075444296 6 bytes [68, E5, 02, 07, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075444406 6 bytes [68, 2D, 07, 07, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\WS2_32.dll!send 0000000075446f01 6 bytes [68, 0C, 07, 07, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075457673 6 bytes [68, 75, 02, 07, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076bb1224 6 bytes [68, 51, 5C, 06, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000763ea336 6 bytes [68, 16, 74, 06, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 00000000763eab41 6 bytes [68, 76, 72, 06, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000763eb3fe 6 bytes [68, E3, 72, 06, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 00000000763f4a42 6 bytes [68, 74, 6F, 06, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000763f4c7d 6 bytes [68, B8, 6F, 06, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 00000000763f5e5d 6 bytes [68, EA, 73, 06, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000763fba12 6 bytes [68, FC, 6F, 06, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 00000000764045e2 6 bytes [68, E0, 71, 06, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000076404a35 6 bytes [68, A6, 70, 06, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 000000007641ae56 6 bytes [68, 11, 73, 06, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 000000007644b04e 6 bytes [68, 90, 73, 06, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000076461962 6 bytes [68, 43, 71, 06, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 00000000764619e5 6 bytes [68, 2B, 72, 06, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000076461a48 6 bytes [68, 51, 70, 06, 03, C3]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753a1465 2 bytes [3A, 75]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753a14bb 2 bytes [3A, 75]
.text ... * 2
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775008fc 6 bytes [68, 93, 5C, B3, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000775125fd 6 bytes [68, D6, FC, B2, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007751c45a 6 bytes [68, BE, 5D, B3, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077522a63 6 bytes [68, 1C, FD, B2, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077544128 6 bytes [68, 62, FD, B2, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007754e659 6 bytes [68, A8, FD, B2, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 000000007549455c 6 bytes [68, 27, 60, B3, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000754979f8 6 bytes [68, E6, 5F, B3, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!GetDC 00000000762e72c4 6 bytes [68, FA, B0, B2, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!ReleaseDC 00000000762e7446 6 bytes [68, 78, B1, B2, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!TranslateMessage 00000000762e7809 6 bytes [68, 2C, B8, B2, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000762e78e2 6 bytes [68, 37, 5B, B3, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000762e7bd3 6 bytes [68, 5F, 5B, B3, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000762e8048 6 bytes [68, 39, B1, B2, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!RegisterClassW 00000000762e8a65 6 bytes [68, DA, FF, B2, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!RegisterClassExW 00000000762eb17d 6 bytes [68, 74, 00, B3, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!RegisterClassExA 00000000762edb98 6 bytes [68, C6, 00, B3, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000762f05ba 6 bytes [68, 87, 5B, B3, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!CallWindowProcW 00000000762f0d32 6 bytes [68, 0C, FF, B2, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!GetCursorPos 00000000762f1218 6 bytes [68, 6A, 59, B3, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!EndPaint 00000000762f1341 6 bytes [68, 5F, B0, B2, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!BeginPaint 00000000762f1361 6 bytes [68, EF, AF, B2, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!GetMessagePos 00000000762f2a8d 6 bytes [68, 38, 59, B3, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!GetCapture 00000000762f2aac 6 bytes [68, 98, 5A, B3, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!GetDCEx 00000000762f3391 6 bytes [68, 9F, B0, B2, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!RegisterClassA 00000000762f434b 6 bytes [68, 27, 00, B3, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000762f5f74 6 bytes [68, B2, 5B, B3, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 00000000762f6222 6 bytes [68, 4B, B2, B2, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!CallWindowProcA 00000000762f792f 6 bytes [68, 55, FF, B2, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!DefFrameProcA 00000000762f7fbb 6 bytes [68, 37, FE, B2, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000762f810c 6 bytes [68, C6, FE, B2, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!DefFrameProcW 00000000762f85c1 6 bytes [68, EE, FD, B2, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 00000000762f86b4 6 bytes [68, 80, FE, B2, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007630d41f 6 bytes [68, B8, B1, B2, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!ReleaseCapture 000000007630ed49 6 bytes [68, 48, 5A, B3, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!SetCapture 000000007630ed56 6 bytes [68, EE, 59, B3, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000076329854 6 bytes [68, B8, FC, B2, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076329cfd 6 bytes [68, B1, 59, B3, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076329f1d 6 bytes [68, DB, B9, B2, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000763487cb 6 bytes [68, 68, FC, B2, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007686c592 6 bytes [68, A4, 60, B3, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000768a2538 6 bytes [68, 8D, 60, B3, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075443918 6 bytes [68, D4, 06, B3, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000075444296 6 bytes [68, E5, 02, B3, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075444406 6 bytes [68, 2D, 07, B3, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\WS2_32.dll!send 0000000075446f01 6 bytes [68, 0C, 07, B3, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075457673 6 bytes [68, 75, 02, B3, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076bb1224 6 bytes [68, 51, 5C, B2, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000763ea336 6 bytes [68, 16, 74, B2, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 00000000763eab41 6 bytes [68, 76, 72, B2, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000763eb3fe 6 bytes [68, E3, 72, B2, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 00000000763f4a42 6 bytes [68, 74, 6F, B2, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000763f4c7d 6 bytes [68, B8, 6F, B2, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 00000000763f5e5d 6 bytes [68, EA, 73, B2, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000763fba12 6 bytes [68, FC, 6F, B2, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 00000000764045e2 6 bytes [68, E0, 71, B2, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000076404a35 6 bytes [68, A6, 70, B2, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 000000007641ae56 6 bytes [68, 11, 73, B2, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 000000007644b04e 6 bytes [68, 90, 73, B2, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000076461962 6 bytes [68, 43, 71, B2, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 00000000764619e5 6 bytes [68, 2B, 72, B2, 02, C3]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3044] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000076461a48 6 bytes [68, 51, 70, B2, 02, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775008fc 4 bytes [68, 93, 5C, 73]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 0000000077500901 1 byte [C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000775125fd 6 bytes [68, D6, FC, 72, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007751c45a 6 bytes [68, BE, 5D, 73, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077522a63 6 bytes [68, 1C, FD, 72, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077544128 6 bytes [68, 62, FD, 72, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007754e659 6 bytes [68, A8, FD, 72, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 000000007549455c 6 bytes [68, 27, 60, 73, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000754979f8 6 bytes [68, E6, 5F, 73, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!GetDC 00000000762e72c4 4 bytes [68, FA, B0, 72]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!GetDC + 5 00000000762e72c9 1 byte [C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!ReleaseDC 00000000762e7446 6 bytes [68, 78, B1, 72, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!TranslateMessage 00000000762e7809 6 bytes [68, 2C, B8, 72, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000762e78e2 6 bytes [68, 37, 5B, 73, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000762e7bd3 6 bytes [68, 5F, 5B, 73, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000762e8048 4 bytes [68, 39, B1, 72]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000762e804d 1 byte [C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!RegisterClassW 00000000762e8a65 6 bytes [68, DA, FF, 72, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!RegisterClassExW 00000000762eb17d 6 bytes [68, 74, 00, 73, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!RegisterClassExA 00000000762edb98 6 bytes [68, C6, 00, 73, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000762f05ba 6 bytes [68, 87, 5B, 73, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!CallWindowProcW 00000000762f0d32 6 bytes [68, 0C, FF, 72, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!GetCursorPos 00000000762f1218 6 bytes [68, 6A, 59, 73, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!EndPaint 00000000762f1341 4 bytes [68, 5F, B0, 72]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!EndPaint + 5 00000000762f1346 1 byte [C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!BeginPaint 00000000762f1361 4 bytes [68, EF, AF, 72]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 00000000762f1366 1 byte [C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!GetMessagePos 00000000762f2a8d 6 bytes [68, 38, 59, 73, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!GetCapture 00000000762f2aac 6 bytes [68, 98, 5A, 73, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!GetDCEx 00000000762f3391 4 bytes [68, 9F, B0, 72]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 00000000762f3396 1 byte [C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!RegisterClassA 00000000762f434b 6 bytes [68, 27, 00, 73, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000762f5f74 6 bytes [68, B2, 5B, 73, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 00000000762f6222 6 bytes [68, 4B, B2, 72, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!CallWindowProcA 00000000762f792f 6 bytes [68, 55, FF, 72, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!DefFrameProcA 00000000762f7fbb 6 bytes [68, 37, FE, 72, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000762f810c 6 bytes [68, C6, FE, 72, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!DefFrameProcW 00000000762f85c1 6 bytes [68, EE, FD, 72, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 00000000762f86b4 6 bytes [68, 80, FE, 72, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007630d41f 6 bytes [68, B8, B1, 72, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!ReleaseCapture 000000007630ed49 6 bytes [68, 48, 5A, 73, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!SetCapture 000000007630ed56 4 bytes [68, EE, 59, 73]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!SetCapture + 5 000000007630ed5b 1 byte [C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000076329854 6 bytes [68, B8, FC, 72, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076329cfd 6 bytes [68, B1, 59, 73, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076329f1d 6 bytes [68, DB, B9, 72, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000763487cb 4 bytes [68, 68, FC, 72]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 00000000763487d0 1 byte [C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007686c592 6 bytes [68, A4, 60, 73, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000768a2538 6 bytes [68, 8D, 60, 73, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076bb1224 6 bytes [68, 51, 5C, 72, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075443918 6 bytes [68, D4, 06, 73, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000075444296 6 bytes [68, E5, 02, 73, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075444406 6 bytes [68, 2D, 07, 73, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\WS2_32.dll!send 0000000075446f01 6 bytes [68, 0C, 07, 73, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075457673 6 bytes [68, 75, 02, 73, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000763ea336 6 bytes [68, 16, 74, 72, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 00000000763eab41 6 bytes [68, 76, 72, 72, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000763eb3fe 6 bytes [68, E3, 72, 72, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 00000000763f4a42 6 bytes [68, 74, 6F, 72, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000763f4c7d 6 bytes [68, B8, 6F, 72, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 00000000763f5e5d 6 bytes [68, EA, 73, 72, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000763fba12 6 bytes [68, FC, 6F, 72, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 00000000764045e2 6 bytes [68, E0, 71, 72, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000076404a35 6 bytes [68, A6, 70, 72, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 000000007641ae56 6 bytes [68, 11, 73, 72, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 000000007644b04e 6 bytes [68, 90, 73, 72, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000076461962 6 bytes [68, 43, 71, 72, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 00000000764619e5 6 bytes [68, 2B, 72, 72, 00, C3]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3060] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000076461a48 6 bytes [68, 51, 70, 72, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775008fc 4 bytes [68, 93, 5C, 43]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 0000000077500901 1 byte [C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000775125fd 6 bytes [68, D6, FC, 42, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007751c45a 6 bytes [68, BE, 5D, 43, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077522a63 6 bytes [68, 1C, FD, 42, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077544128 6 bytes [68, 62, FD, 42, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007754e659 6 bytes [68, A8, FD, 42, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 000000007549455c 6 bytes [68, 27, 60, 43, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000754979f8 6 bytes [68, E6, 5F, 43, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!GetDC 00000000762e72c4 4 bytes [68, FA, B0, 42]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!GetDC + 5 00000000762e72c9 1 byte [C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!ReleaseDC 00000000762e7446 6 bytes [68, 78, B1, 42, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!TranslateMessage 00000000762e7809 6 bytes [68, 2C, B8, 42, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000762e78e2 6 bytes [68, 37, 5B, 43, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000762e7bd3 6 bytes [68, 5F, 5B, 43, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000762e8048 4 bytes [68, 39, B1, 42]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000762e804d 1 byte [C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!RegisterClassW 00000000762e8a65 6 bytes [68, DA, FF, 42, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!RegisterClassExW 00000000762eb17d 6 bytes [68, 74, 00, 43, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!RegisterClassExA 00000000762edb98 6 bytes [68, C6, 00, 43, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000762f05ba 6 bytes [68, 87, 5B, 43, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!CallWindowProcW 00000000762f0d32 6 bytes [68, 0C, FF, 42, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!GetCursorPos 00000000762f1218 6 bytes [68, 6A, 59, 43, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!EndPaint 00000000762f1341 4 bytes [68, 5F, B0, 42]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!EndPaint + 5 00000000762f1346 1 byte [C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!BeginPaint 00000000762f1361 4 bytes [68, EF, AF, 42]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 00000000762f1366 1 byte [C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!GetMessagePos 00000000762f2a8d 6 bytes [68, 38, 59, 43, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!GetCapture 00000000762f2aac 6 bytes [68, 98, 5A, 43, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!GetDCEx 00000000762f3391 4 bytes [68, 9F, B0, 42]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 00000000762f3396 1 byte [C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!RegisterClassA 00000000762f434b 6 bytes [68, 27, 00, 43, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000762f5f74 6 bytes [68, B2, 5B, 43, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 00000000762f6222 6 bytes [68, 4B, B2, 42, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!CallWindowProcA 00000000762f792f 6 bytes [68, 55, FF, 42, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!DefFrameProcA 00000000762f7fbb 6 bytes [68, 37, FE, 42, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000762f810c 6 bytes [68, C6, FE, 42, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!DefFrameProcW 00000000762f85c1 6 bytes [68, EE, FD, 42, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 00000000762f86b4 6 bytes [68, 80, FE, 42, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007630d41f 6 bytes [68, B8, B1, 42, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!ReleaseCapture 000000007630ed49 6 bytes [68, 48, 5A, 43, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!SetCapture 000000007630ed56 4 bytes [68, EE, 59, 43]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!SetCapture + 5 000000007630ed5b 1 byte [C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000076329854 6 bytes [68, B8, FC, 42, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076329cfd 6 bytes [68, B1, 59, 43, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076329f1d 6 bytes [68, DB, B9, 42, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000763487cb 4 bytes [68, 68, FC, 42]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 00000000763487d0 1 byte [C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007686c592 6 bytes [68, A4, 60, 43, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000768a2538 6 bytes [68, 8D, 60, 43, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075443918 6 bytes [68, D4, 06, 43, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000075444296 6 bytes [68, E5, 02, 43, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075444406 6 bytes [68, 2D, 07, 43, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\WS2_32.dll!send 0000000075446f01 6 bytes [68, 0C, 07, 43, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075457673 6 bytes [68, 75, 02, 43, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076bb1224 6 bytes [68, 51, 5C, 42, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000763ea336 6 bytes [68, 16, 74, 42, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 00000000763eab41 6 bytes [68, 76, 72, 42, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000763eb3fe 6 bytes [68, E3, 72, 42, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 00000000763f4a42 6 bytes [68, 74, 6F, 42, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000763f4c7d 6 bytes [68, B8, 6F, 42, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 00000000763f5e5d 6 bytes [68, EA, 73, 42, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000763fba12 6 bytes [68, FC, 6F, 42, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 00000000764045e2 6 bytes [68, E0, 71, 42, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000076404a35 6 bytes [68, A6, 70, 42, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 000000007641ae56 6 bytes [68, 11, 73, 42, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 000000007644b04e 6 bytes [68, 90, 73, 42, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000076461962 6 bytes [68, 43, 71, 42, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 00000000764619e5 6 bytes [68, 2B, 72, 42, 00, C3]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2640] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000076461a48 6 bytes [68, 51, 70, 42, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775008fc 4 bytes [68, 93, 5C, 21]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 0000000077500901 1 byte [C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000775125fd 6 bytes [68, D6, FC, 20, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007751c45a 6 bytes [68, BE, 5D, 21, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077522a63 6 bytes [68, 1C, FD, 20, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077544128 6 bytes [68, 62, FD, 20, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007754e659 6 bytes [68, A8, FD, 20, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 000000007549455c 6 bytes [68, 27, 60, 21, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000754979f8 6 bytes [68, E6, 5F, 21, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007686c592 6 bytes [68, A4, 60, 21, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000768a2538 6 bytes [68, 8D, 60, 21, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!GetDC 00000000762e72c4 4 bytes [68, FA, B0, 20]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!GetDC + 5 00000000762e72c9 1 byte [C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!ReleaseDC 00000000762e7446 6 bytes [68, 78, B1, 20, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!TranslateMessage 00000000762e7809 6 bytes [68, 2C, B8, 20, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000762e78e2 6 bytes [68, 37, 5B, 21, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000762e7bd3 6 bytes [68, 5F, 5B, 21, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000762e8048 4 bytes [68, 39, B1, 20]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000762e804d 1 byte [C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!RegisterClassW 00000000762e8a65 6 bytes [68, DA, FF, 20, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!RegisterClassExW 00000000762eb17d 6 bytes [68, 74, 00, 21, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!RegisterClassExA 00000000762edb98 6 bytes [68, C6, 00, 21, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000762f05ba 6 bytes [68, 87, 5B, 21, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!CallWindowProcW 00000000762f0d32 6 bytes [68, 0C, FF, 20, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!GetCursorPos 00000000762f1218 6 bytes [68, 6A, 59, 21, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!EndPaint 00000000762f1341 4 bytes [68, 5F, B0, 20]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!EndPaint + 5 00000000762f1346 1 byte [C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!BeginPaint 00000000762f1361 4 bytes [68, EF, AF, 20]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 00000000762f1366 1 byte [C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!GetMessagePos 00000000762f2a8d 6 bytes [68, 38, 59, 21, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!GetCapture 00000000762f2aac 6 bytes [68, 98, 5A, 21, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!GetDCEx 00000000762f3391 4 bytes [68, 9F, B0, 20]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 00000000762f3396 1 byte [C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!RegisterClassA 00000000762f434b 6 bytes [68, 27, 00, 21, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000762f5f74 6 bytes [68, B2, 5B, 21, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 00000000762f6222 6 bytes [68, 4B, B2, 20, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!CallWindowProcA 00000000762f792f 6 bytes [68, 55, FF, 20, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!DefFrameProcA 00000000762f7fbb 6 bytes [68, 37, FE, 20, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000762f810c 6 bytes [68, C6, FE, 20, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!DefFrameProcW 00000000762f85c1 6 bytes [68, EE, FD, 20, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 00000000762f86b4 6 bytes [68, 80, FE, 20, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007630d41f 6 bytes [68, B8, B1, 20, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!ReleaseCapture 000000007630ed49 6 bytes [68, 48, 5A, 21, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!SetCapture 000000007630ed56 4 bytes [68, EE, 59, 21]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!SetCapture + 5 000000007630ed5b 1 byte [C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000076329854 6 bytes [68, B8, FC, 20, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076329cfd 6 bytes [68, B1, 59, 21, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076329f1d 6 bytes [68, DB, B9, 20, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000763487cb 4 bytes [68, 68, FC, 20]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 00000000763487d0 1 byte [C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075443918 6 bytes [68, D4, 06, 21, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000075444296 6 bytes [68, E5, 02, 21, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075444406 6 bytes [68, 2D, 07, 21, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\WS2_32.dll!send 0000000075446f01 6 bytes [68, 0C, 07, 21, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075457673 6 bytes [68, 75, 02, 21, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076bb1224 6 bytes [68, 51, 5C, 20, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000763ea336 6 bytes [68, 16, 74, 20, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 00000000763eab41 6 bytes [68, 76, 72, 20, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000763eb3fe 6 bytes [68, E3, 72, 20, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 00000000763f4a42 6 bytes [68, 74, 6F, 20, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000763f4c7d 6 bytes [68, B8, 6F, 20, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 00000000763f5e5d 6 bytes [68, EA, 73, 20, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000763fba12 6 bytes [68, FC, 6F, 20, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 00000000764045e2 6 bytes [68, E0, 71, 20, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000076404a35 6 bytes [68, A6, 70, 20, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 000000007641ae56 6 bytes [68, 11, 73, 20, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 000000007644b04e 6 bytes [68, 90, 73, 20, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000076461962 6 bytes [68, 43, 71, 20, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 00000000764619e5 6 bytes [68, 2B, 72, 20, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1432] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000076461a48 6 bytes [68, 51, 70, 20, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775008fc 4 bytes [68, 93, 5C, 2B]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 0000000077500901 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000775125fd 6 bytes [68, D6, FC, 2A, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007751c45a 6 bytes [68, BE, 5D, 2B, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077522a63 6 bytes [68, 1C, FD, 2A, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077544128 6 bytes [68, 62, FD, 2A, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007754e659 6 bytes [68, A8, FD, 2A, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 000000007549455c 6 bytes [68, 27, 60, 2B, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000754979f8 6 bytes [68, E6, 5F, 2B, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007686c592 6 bytes [68, A4, 60, 2B, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000768a2538 6 bytes [68, 8D, 60, 2B, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!GetDC 00000000762e72c4 4 bytes [68, FA, B0, 2A]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!GetDC + 5 00000000762e72c9 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!ReleaseDC 00000000762e7446 6 bytes [68, 78, B1, 2A, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!TranslateMessage 00000000762e7809 6 bytes [68, 2C, B8, 2A, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000762e78e2 6 bytes [68, 37, 5B, 2B, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000762e7bd3 6 bytes [68, 5F, 5B, 2B, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000762e8048 4 bytes [68, 39, B1, 2A]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000762e804d 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!RegisterClassW 00000000762e8a65 6 bytes [68, DA, FF, 2A, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!RegisterClassExW 00000000762eb17d 6 bytes [68, 74, 00, 2B, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!RegisterClassExA 00000000762edb98 6 bytes [68, C6, 00, 2B, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000762f05ba 6 bytes [68, 87, 5B, 2B, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!CallWindowProcW 00000000762f0d32 6 bytes [68, 0C, FF, 2A, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!GetCursorPos 00000000762f1218 6 bytes [68, 6A, 59, 2B, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!EndPaint 00000000762f1341 4 bytes [68, 5F, B0, 2A]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!EndPaint + 5 00000000762f1346 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!BeginPaint 00000000762f1361 4 bytes [68, EF, AF, 2A]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 00000000762f1366 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!GetMessagePos 00000000762f2a8d 6 bytes [68, 38, 59, 2B, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!GetCapture 00000000762f2aac 6 bytes [68, 98, 5A, 2B, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!GetDCEx 00000000762f3391 4 bytes [68, 9F, B0, 2A]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 00000000762f3396 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!RegisterClassA 00000000762f434b 6 bytes [68, 27, 00, 2B, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000762f5f74 6 bytes [68, B2, 5B, 2B, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 00000000762f6222 6 bytes [68, 4B, B2, 2A, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!CallWindowProcA 00000000762f792f 6 bytes [68, 55, FF, 2A, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!DefFrameProcA 00000000762f7fbb 6 bytes [68, 37, FE, 2A, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000762f810c 6 bytes [68, C6, FE, 2A, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!DefFrameProcW 00000000762f85c1 6 bytes [68, EE, FD, 2A, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 00000000762f86b4 6 bytes [68, 80, FE, 2A, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007630d41f 6 bytes [68, B8, B1, 2A, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!ReleaseCapture 000000007630ed49 6 bytes [68, 48, 5A, 2B, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!SetCapture 000000007630ed56 4 bytes [68, EE, 59, 2B]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!SetCapture + 5 000000007630ed5b 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000076329854 6 bytes [68, B8, FC, 2A, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076329cfd 6 bytes [68, B1, 59, 2B, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076329f1d 6 bytes [68, DB, B9, 2A, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000763487cb 4 bytes [68, 68, FC, 2A]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 00000000763487d0 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000763ea336 6 bytes [68, 16, 74, 2A, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 00000000763eab41 6 bytes [68, 76, 72, 2A, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000763eb3fe 6 bytes [68, E3, 72, 2A, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 00000000763f4a42 6 bytes [68, 74, 6F, 2A, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000763f4c7d 6 bytes [68, B8, 6F, 2A, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 00000000763f5e5d 6 bytes [68, EA, 73, 2A, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000763fba12 6 bytes [68, FC, 6F, 2A, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 00000000764045e2 6 bytes [68, E0, 71, 2A, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000076404a35 6 bytes [68, A6, 70, 2A, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 000000007641ae56 6 bytes [68, 11, 73, 2A, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 000000007644b04e 6 bytes [68, 90, 73, 2A, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000076461962 6 bytes [68, 43, 71, 2A, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 00000000764619e5 6 bytes [68, 2B, 72, 2A, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000076461a48 6 bytes [68, 51, 70, 2A, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076bb1224 6 bytes [68, 51, 5C, 2A, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075443918 6 bytes [68, D4, 06, 2B, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000075444296 6 bytes [68, E5, 02, 2B, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075444406 6 bytes [68, 2D, 07, 2B, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\WS2_32.dll!send 0000000075446f01 6 bytes [68, 0C, 07, 2B, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[992] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075457673 6 bytes [68, 75, 02, 2B, 00, C3]
.text C:\Users\Muccy3001\AppData\Roaming\Urobz\taqeh.exe[3096] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000075444296 6 bytes [68, E5, 02, 42, 00, C3]
.text C:\Users\Muccy3001\AppData\Roaming\Urobz\taqeh.exe[3096] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075457673 6 bytes [68, 75, 02, 42, 00, C3]
.text C:\Users\Muccy3001\AppData\Roaming\Urobz\taqeh.exe[3096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753a1465 2 bytes [3A, 75]
.text C:\Users\Muccy3001\AppData\Roaming\Urobz\taqeh.exe[3096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753a14bb 2 bytes [3A, 75]
.text ...
|
|
08.03.2013, 18:45
| #6 |
| | Groupon Trojaner GMER Teil 2: Code:
ATTFilter * 2
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775008fc 4 bytes [68, 93, 5C, 41]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 0000000077500901 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000775125fd 6 bytes [68, D6, FC, 40, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007751c45a 6 bytes [68, BE, 5D, 41, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077522a63 6 bytes [68, 1C, FD, 40, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077544128 6 bytes [68, 62, FD, 40, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007754e659 6 bytes [68, A8, FD, 40, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 000000007549455c 6 bytes [68, 27, 60, 41, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000754979f8 6 bytes [68, E6, 5F, 41, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007686c592 6 bytes [68, A4, 60, 41, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000768a2538 6 bytes [68, 8D, 60, 41, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!GetDC 00000000762e72c4 4 bytes [68, FA, B0, 40]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!GetDC + 5 00000000762e72c9 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!ReleaseDC 00000000762e7446 6 bytes [68, 78, B1, 40, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!TranslateMessage 00000000762e7809 6 bytes [68, 2C, B8, 40, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000762e78e2 6 bytes [68, 37, 5B, 41, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000762e7bd3 6 bytes [68, 5F, 5B, 41, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000762e8048 4 bytes [68, 39, B1, 40]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000762e804d 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!RegisterClassW 00000000762e8a65 6 bytes [68, DA, FF, 40, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!RegisterClassExW 00000000762eb17d 6 bytes [68, 74, 00, 41, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!RegisterClassExA 00000000762edb98 6 bytes [68, C6, 00, 41, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000762f05ba 6 bytes [68, 87, 5B, 41, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!CallWindowProcW 00000000762f0d32 6 bytes [68, 0C, FF, 40, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!GetCursorPos 00000000762f1218 6 bytes [68, 6A, 59, 41, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!EndPaint 00000000762f1341 4 bytes [68, 5F, B0, 40]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!EndPaint + 5 00000000762f1346 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!BeginPaint 00000000762f1361 4 bytes [68, EF, AF, 40]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 00000000762f1366 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!GetMessagePos 00000000762f2a8d 6 bytes [68, 38, 59, 41, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!GetCapture 00000000762f2aac 6 bytes [68, 98, 5A, 41, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!GetDCEx 00000000762f3391 4 bytes [68, 9F, B0, 40]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 00000000762f3396 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!RegisterClassA 00000000762f434b 6 bytes [68, 27, 00, 41, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000762f5f74 6 bytes [68, B2, 5B, 41, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 00000000762f6222 6 bytes [68, 4B, B2, 40, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!CallWindowProcA 00000000762f792f 6 bytes [68, 55, FF, 40, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!DefFrameProcA 00000000762f7fbb 6 bytes [68, 37, FE, 40, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000762f810c 6 bytes [68, C6, FE, 40, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!DefFrameProcW 00000000762f85c1 6 bytes [68, EE, FD, 40, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 00000000762f86b4 6 bytes [68, 80, FE, 40, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007630d41f 6 bytes [68, B8, B1, 40, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!ReleaseCapture 000000007630ed49 6 bytes [68, 48, 5A, 41, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!SetCapture 000000007630ed56 4 bytes [68, EE, 59, 41]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!SetCapture + 5 000000007630ed5b 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000076329854 6 bytes [68, B8, FC, 40, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076329cfd 6 bytes [68, B1, 59, 41, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076329f1d 6 bytes [68, DB, B9, 40, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000763487cb 4 bytes [68, 68, FC, 40]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 00000000763487d0 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075443918 6 bytes [68, D4, 06, 41, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000075444296 6 bytes [68, E5, 02, 41, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075444406 6 bytes [68, 2D, 07, 41, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\WS2_32.dll!send 0000000075446f01 6 bytes [68, 0C, 07, 41, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075457673 6 bytes [68, 75, 02, 41, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076bb1224 6 bytes [68, 51, 5C, 40, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000763ea336 6 bytes [68, 16, 74, 40, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 00000000763eab41 6 bytes [68, 76, 72, 40, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000763eb3fe 6 bytes [68, E3, 72, 40, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 00000000763f4a42 6 bytes [68, 74, 6F, 40, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000763f4c7d 6 bytes [68, B8, 6F, 40, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 00000000763f5e5d 6 bytes [68, EA, 73, 40, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000763fba12 6 bytes [68, FC, 6F, 40, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 00000000764045e2 6 bytes [68, E0, 71, 40, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000076404a35 6 bytes [68, A6, 70, 40, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 000000007641ae56 6 bytes [68, 11, 73, 40, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 000000007644b04e 6 bytes [68, 90, 73, 40, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000076461962 6 bytes [68, 43, 71, 40, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 00000000764619e5 6 bytes [68, 2B, 72, 40, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000076461a48 6 bytes [68, 51, 70, 40, 00, C3]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753a1465 2 bytes [3A, 75]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753a14bb 2 bytes [3A, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4292:4576] 000007fefb762a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4292:4556] 000007feed9dd618
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4292:4596] 000007fef8f55124
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272b0b9d0
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272b0b9d0@78ca394aa704 0x1C 0x5D 0xA6 0x4A ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272b0b9d0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272b0b9d0@78ca394aa704 0x1C 0x5D 0xA6 0x4A ...
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.08.13
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Muccy3001 :: MUCCY3001-PC [administrator]
08.03.2013 17:54:34
mbar-log-2013-03-08 (17-54-34).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30676
Time elapsed: 9 minute(s), 38 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|JAVA (Backdoor.Bot) -> Data: C:\Windows\java.vbs -> Delete on reboot.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
c:\Windows\java.vbs (Backdoor.Bot) -> Delete on reboot.
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.08.13
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Muccy3001 :: MUCCY3001-PC [administrator]
08.03.2013 18:19:32
mbar-log-2013-03-08 (18-19-32).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30642
Time elapsed: 12 minute(s), 10 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Das ist wirklich keine Selbstverständlichkeit... |
|
08.03.2013, 19:24
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Groupon Trojaner aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.03.2013, 20:34
| #8 |
| | Groupon Trojaner Ich habe deine Anweisung befolgt und nur gescant und die logfiles kopiert: aswMBR: Code:
ATTFilter
Run date: 2013-03-08 19:49:28
-----------------------------
19:49:28.719 OS Version: Windows x64 6.1.7601 Service Pack 1
19:49:28.719 Number of processors: 4 586 0x503
19:49:28.719 ComputerName: MUCCY3001-PC UserName: Muccy3001
19:49:32.011 Initialize success
19:49:42.244 AVAST engine defs: 13030800
19:50:32.570 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055
19:50:32.570 Disk 0 Vendor: ST315005 CC34 Size: 1430799MB BusType: 11
19:50:32.585 Disk 0 MBR read successfully
19:50:32.585 Disk 0 MBR scan
19:50:32.617 Disk 0 unknown MBR code
19:50:32.632 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:50:32.648 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1398953 MB offset 206848
19:50:32.679 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 30720 MB offset 2865262592
19:50:32.695 Disk 0 Partition 4 00 12 Compaq diag NTFS 1024 MB offset 2928177152
19:50:32.757 Disk 0 scanning C:\Windows\system32\drivers
19:50:44.395 Service scanning
19:51:02.304 Modules scanning
19:51:02.319 Disk 0 trace - called modules:
19:51:02.350 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
19:51:02.366 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004620790]
19:51:02.366 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa80044b7b80]
19:51:02.382 5 amd_xata.sys[fffff880011497a8] -> nt!IofCallDriver -> \Device\00000055[0xfffffa80044b49c0]
19:51:06.453 AVAST engine scan C:\Windows
19:51:11.742 AVAST engine scan C:\Windows\system32
19:54:16.243 AVAST engine scan C:\Windows\system32\drivers
19:54:33.606 AVAST engine scan C:\Users\Muccy3001
20:16:23.214 AVAST engine scan C:\ProgramData
20:17:42.165 Scan finished successfully
20:21:30.129 Disk 0 MBR has been saved successfully to "C:\Users\Muccy3001\Desktop\MBR.dat"
20:21:30.129 The log file has been saved successfully to "C:\Users\Muccy3001\Desktop\aswMBR.txt"
Code:
ATTFilter 20:25:52.0385 6012 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:25:52.0634 6012 ============================================================
20:25:52.0634 6012 Current date / time: 2013/03/08 20:25:52.0634
20:25:52.0634 6012 SystemInfo:
20:25:52.0634 6012
20:25:52.0634 6012 OS Version: 6.1.7601 ServicePack: 1.0
20:25:52.0634 6012 Product type: Workstation
20:25:52.0634 6012 ComputerName: MUCCY3001-PC
20:25:52.0634 6012 UserName: Muccy3001
20:25:52.0634 6012 Windows directory: C:\Windows
20:25:52.0634 6012 System windows directory: C:\Windows
20:25:52.0634 6012 Running under WOW64
20:25:52.0634 6012 Processor architecture: Intel x64
20:25:52.0634 6012 Number of processors: 4
20:25:52.0634 6012 Page size: 0x1000
20:25:52.0634 6012 Boot type: Normal boot
20:25:52.0634 6012 ============================================================
20:25:53.0617 6012 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:25:53.0648 6012 ============================================================
20:25:53.0648 6012 \Device\Harddisk0\DR0:
20:25:53.0648 6012 MBR partitions:
20:25:53.0648 6012 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:25:53.0648 6012 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAAC54800
20:25:53.0648 6012 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xAAC87000, BlocksNum 0x3C00000
20:25:53.0648 6012 ============================================================
20:25:53.0679 6012 C: <-> \Device\Harddisk0\DR0\Partition2
20:25:53.0757 6012 D: <-> \Device\Harddisk0\DR0\Partition3
20:25:53.0757 6012 ============================================================
20:25:53.0757 6012 Initialize success
20:25:53.0757 6012 ============================================================
20:26:36.0143 5068 ============================================================
20:26:36.0143 5068 Scan started
20:26:36.0143 5068 Mode: Manual; SigCheck; TDLFS;
20:26:36.0143 5068 ============================================================
20:26:36.0564 5068 ================ Scan system memory ========================
20:26:36.0564 5068 System memory - ok
20:26:36.0564 5068 ================ Scan services =============================
20:26:36.0720 5068 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:26:36.0845 5068 1394ohci - ok
20:26:36.0876 5068 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:26:36.0891 5068 ACPI - ok
20:26:36.0907 5068 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:26:36.0985 5068 AcpiPmi - ok
20:26:37.0047 5068 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:26:37.0079 5068 AdobeARMservice - ok
20:26:37.0172 5068 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:26:37.0219 5068 AdobeFlashPlayerUpdateSvc - ok
20:26:37.0266 5068 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:26:37.0297 5068 adp94xx - ok
20:26:37.0313 5068 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:26:37.0359 5068 adpahci - ok
20:26:37.0375 5068 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:26:37.0391 5068 adpu320 - ok
20:26:37.0422 5068 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:26:37.0531 5068 AeLookupSvc - ok
20:26:37.0562 5068 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:26:37.0609 5068 AFD - ok
20:26:37.0640 5068 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:26:37.0671 5068 agp440 - ok
20:26:37.0687 5068 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:26:37.0734 5068 ALG - ok
20:26:37.0749 5068 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:26:37.0765 5068 aliide - ok
20:26:37.0812 5068 [ 5EC60409BD50953BD4F892B18840039E ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:26:37.0905 5068 AMD External Events Utility - ok
20:26:37.0921 5068 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:26:37.0937 5068 amdide - ok
20:26:37.0952 5068 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:26:37.0999 5068 AmdK8 - ok
20:26:38.0186 5068 [ 322E5C178990F116F00E3D923F4E6B1C ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:26:38.0498 5068 amdkmdag - ok
20:26:38.0514 5068 [ 961A81A84FDD700E361E8294528A37BA ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
20:26:38.0561 5068 amdkmdap - ok
20:26:38.0576 5068 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:26:38.0623 5068 AmdPPM - ok
20:26:38.0639 5068 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:26:38.0654 5068 amdsata - ok
20:26:38.0701 5068 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:26:38.0748 5068 amdsbs - ok
20:26:38.0763 5068 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:26:38.0779 5068 amdxata - ok
20:26:38.0810 5068 [ 08E8A4172C57ABD7693A6915CF1E7A99 ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
20:26:38.0841 5068 amd_sata - ok
20:26:38.0857 5068 [ 9866AF4E4AD7F16E810B6C0B8473F9CD ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
20:26:38.0873 5068 amd_xata - ok
20:26:38.0919 5068 [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:26:38.0951 5068 AntiVirSchedulerService - ok
20:26:38.0982 5068 [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:26:39.0029 5068 AntiVirService - ok
20:26:39.0075 5068 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:26:39.0231 5068 AppID - ok
20:26:39.0263 5068 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:26:39.0325 5068 AppIDSvc - ok
20:26:39.0372 5068 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
20:26:39.0450 5068 Appinfo - ok
20:26:39.0512 5068 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:26:39.0543 5068 Apple Mobile Device - ok
20:26:39.0575 5068 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
20:26:39.0621 5068 arc - ok
20:26:39.0637 5068 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:26:39.0653 5068 arcsas - ok
20:26:39.0684 5068 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:26:39.0746 5068 AsyncMac - ok
20:26:39.0777 5068 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:26:39.0777 5068 atapi - ok
20:26:39.0809 5068 [ CBE61B4494165F458BD87E37181EE934 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
20:26:39.0809 5068 AthBTPort - ok
20:26:39.0824 5068 [ 4119870B90E1B5E7797D6433D21F9216 ] ATHDFU C:\Windows\system32\Drivers\AthDfu.sys
20:26:39.0824 5068 ATHDFU - ok
20:26:39.0855 5068 [ 205F8BFB37BD15F00EA22C4FBBE0FCFA ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
20:26:39.0871 5068 AtherosSvc - ok
20:26:39.0902 5068 [ 230CF51113CD4B830B3BFD09B0D4C066 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
20:26:39.0902 5068 AtiHDAudioService - ok
20:26:39.0949 5068 [ E82E61F46D1336447F4DEFF8C074F13E ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie64.sys
20:26:39.0965 5068 AtiPcie - ok
20:26:39.0996 5068 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:26:40.0089 5068 AudioEndpointBuilder - ok
20:26:40.0105 5068 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:26:40.0136 5068 AudioSrv - ok
20:26:40.0152 5068 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
20:26:40.0167 5068 avgntflt - ok
20:26:40.0199 5068 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
20:26:40.0214 5068 avipbb - ok
20:26:40.0230 5068 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
20:26:40.0261 5068 avkmgr - ok
20:26:40.0277 5068 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:26:40.0339 5068 AxInstSV - ok
20:26:40.0370 5068 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:26:40.0417 5068 b06bdrv - ok
20:26:40.0448 5068 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:26:40.0495 5068 b57nd60a - ok
20:26:40.0573 5068 [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
20:26:40.0604 5068 BBSvc - ok
20:26:40.0651 5068 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:26:40.0682 5068 BDESVC - ok
20:26:40.0698 5068 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:26:40.0745 5068 Beep - ok
20:26:40.0776 5068 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
20:26:40.0838 5068 BFE - ok
20:26:40.0854 5068 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
20:26:40.0916 5068 BITS - ok
20:26:40.0947 5068 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:26:40.0994 5068 blbdrive - ok
20:26:41.0057 5068 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:26:41.0119 5068 Bonjour Service - ok
20:26:41.0135 5068 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:26:41.0181 5068 bowser - ok
20:26:41.0259 5068 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:26:41.0384 5068 BrFiltLo - ok
20:26:41.0384 5068 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:26:41.0415 5068 BrFiltUp - ok
20:26:41.0447 5068 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
20:26:41.0462 5068 Browser - ok
20:26:41.0478 5068 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:26:41.0509 5068 Brserid - ok
20:26:41.0525 5068 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:26:41.0571 5068 BrSerWdm - ok
20:26:41.0587 5068 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:26:41.0618 5068 BrUsbMdm - ok
20:26:41.0634 5068 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:26:41.0665 5068 BrUsbSer - ok
20:26:41.0696 5068 [ 227C8F308DE4AF4808E587465CEAB838 ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
20:26:41.0727 5068 BTATH_A2DP - ok
20:26:41.0743 5068 [ A83A91D07D1FE6BBE7A9DB46CA00434B ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys
20:26:41.0759 5068 BTATH_BUS - ok
20:26:41.0774 5068 [ C864FF85EE16D61C2BDD5EF76824625F ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys
20:26:41.0805 5068 BTATH_HCRP - ok
20:26:41.0821 5068 [ 0DEA505EFB5D771826D177EF8B8A208F ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
20:26:41.0837 5068 BTATH_LWFLT - ok
20:26:41.0868 5068 [ 724C8088C96EFE7A3E63FEC21D4681C0 ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys
20:26:41.0899 5068 BTATH_RCP - ok
20:26:41.0915 5068 [ DA96B275806CFBBB09F3E2A7849C2931 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
20:26:41.0930 5068 BtFilter - ok
20:26:41.0961 5068 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
20:26:42.0039 5068 BthEnum - ok
20:26:42.0071 5068 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:26:42.0117 5068 BTHMODEM - ok
20:26:42.0149 5068 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
20:26:42.0164 5068 BthPan - ok
20:26:42.0195 5068 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
20:26:42.0258 5068 BTHPORT - ok
20:26:42.0273 5068 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:26:42.0336 5068 bthserv - ok
20:26:42.0351 5068 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
20:26:42.0383 5068 BTHUSB - ok
20:26:42.0414 5068 [ 9887CA12F407D7FBC7F48F3678F5F0B6 ] BVRPMPR5a64 C:\Windows\system32\drivers\BVRPMPR5a64.SYS
20:26:42.0429 5068 BVRPMPR5a64 - ok
20:26:42.0461 5068 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:26:42.0539 5068 cdfs - ok
20:26:42.0554 5068 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\drivers\cdrom.sys
20:26:42.0601 5068 cdrom - ok
20:26:42.0632 5068 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:26:42.0726 5068 CertPropSvc - ok
20:26:42.0757 5068 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:26:42.0788 5068 circlass - ok
20:26:42.0788 5068 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:26:42.0819 5068 CLFS - ok
20:26:42.0866 5068 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:26:42.0913 5068 clr_optimization_v2.0.50727_32 - ok
20:26:42.0944 5068 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:26:42.0960 5068 clr_optimization_v2.0.50727_64 - ok
20:26:43.0007 5068 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:26:43.0053 5068 clr_optimization_v4.0.30319_32 - ok
20:26:43.0069 5068 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:26:43.0085 5068 clr_optimization_v4.0.30319_64 - ok
20:26:43.0116 5068 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:26:43.0163 5068 CmBatt - ok
20:26:43.0194 5068 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:26:43.0209 5068 cmdide - ok
20:26:43.0225 5068 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
20:26:43.0272 5068 CNG - ok
20:26:43.0287 5068 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:26:43.0287 5068 Compbatt - ok
20:26:43.0319 5068 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:26:43.0350 5068 CompositeBus - ok
20:26:43.0365 5068 COMSysApp - ok
20:26:43.0365 5068 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:26:43.0381 5068 crcdisk - ok
20:26:43.0397 5068 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:26:43.0443 5068 CryptSvc - ok
20:26:43.0459 5068 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:26:43.0506 5068 DcomLaunch - ok
20:26:43.0537 5068 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:26:43.0599 5068 defragsvc - ok
20:26:43.0631 5068 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:26:43.0662 5068 DfsC - ok
20:26:43.0677 5068 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:26:43.0740 5068 Dhcp - ok
20:26:43.0755 5068 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:26:43.0787 5068 discache - ok
20:26:43.0833 5068 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:26:43.0880 5068 Disk - ok
20:26:43.0896 5068 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:26:43.0943 5068 Dnscache - ok
20:26:43.0974 5068 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:26:44.0021 5068 dot3svc - ok
20:26:44.0036 5068 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:26:44.0130 5068 DPS - ok
20:26:44.0161 5068 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:26:44.0223 5068 drmkaud - ok
20:26:44.0239 5068 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:26:44.0286 5068 DXGKrnl - ok
20:26:44.0301 5068 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:26:44.0333 5068 EapHost - ok
20:26:44.0426 5068 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:26:44.0520 5068 ebdrv - ok
20:26:44.0535 5068 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:26:44.0598 5068 EFS - ok
20:26:44.0629 5068 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:26:44.0691 5068 ehRecvr - ok
20:26:44.0707 5068 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:26:44.0754 5068 ehSched - ok
20:26:44.0801 5068 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:26:44.0863 5068 elxstor - ok
20:26:44.0879 5068 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:26:44.0910 5068 ErrDev - ok
20:26:44.0925 5068 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:26:44.0988 5068 EventSystem - ok
20:26:45.0019 5068 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:26:45.0050 5068 exfat - ok
20:26:45.0066 5068 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:26:45.0097 5068 fastfat - ok
20:26:45.0128 5068 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
20:26:45.0175 5068 Fax - ok
20:26:45.0206 5068 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:26:45.0253 5068 fdc - ok
20:26:45.0269 5068 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:26:45.0347 5068 fdPHost - ok
20:26:45.0362 5068 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:26:45.0440 5068 FDResPub - ok
20:26:45.0440 5068 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:26:45.0456 5068 FileInfo - ok
20:26:45.0471 5068 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:26:45.0503 5068 Filetrace - ok
20:26:45.0534 5068 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:26:45.0565 5068 flpydisk - ok
20:26:45.0596 5068 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:26:45.0627 5068 FltMgr - ok
20:26:45.0674 5068 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
20:26:45.0768 5068 FontCache - ok
20:26:45.0815 5068 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:26:45.0846 5068 FontCache3.0.0.0 - ok
20:26:45.0877 5068 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:26:45.0908 5068 FsDepends - ok
20:26:45.0939 5068 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:26:45.0971 5068 Fs_Rec - ok
20:26:46.0002 5068 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:26:46.0049 5068 fvevol - ok
20:26:46.0049 5068 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:26:46.0064 5068 gagp30kx - ok
20:26:46.0111 5068 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:26:46.0127 5068 GEARAspiWDM - ok
20:26:46.0158 5068 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:26:46.0205 5068 gpsvc - ok
20:26:46.0251 5068 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:26:46.0267 5068 gupdate - ok
20:26:46.0283 5068 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:26:46.0283 5068 gupdatem - ok
20:26:46.0329 5068 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:26:46.0361 5068 gusvc - ok
20:26:46.0407 5068 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:26:46.0517 5068 hcw85cir - ok
20:26:46.0595 5068 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:26:46.0673 5068 HdAudAddService - ok
20:26:46.0719 5068 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:26:46.0782 5068 HDAudBus - ok
20:26:46.0813 5068 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:26:46.0860 5068 HidBatt - ok
20:26:46.0875 5068 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:26:46.0907 5068 HidBth - ok
20:26:46.0938 5068 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:26:46.0969 5068 HidIr - ok
20:26:47.0000 5068 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
20:26:47.0047 5068 hidserv - ok
20:26:47.0078 5068 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:26:47.0109 5068 HidUsb - ok
20:26:47.0125 5068 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:26:47.0172 5068 hkmsvc - ok
20:26:47.0187 5068 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:26:47.0219 5068 HomeGroupListener - ok
20:26:47.0250 5068 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:26:47.0265 5068 HomeGroupProvider - ok
20:26:47.0281 5068 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:26:47.0297 5068 HpSAMD - ok
20:26:47.0328 5068 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:26:47.0437 5068 HTTP - ok
20:26:47.0437 5068 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:26:47.0453 5068 hwpolicy - ok
20:26:47.0468 5068 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:26:47.0484 5068 i8042prt - ok
20:26:47.0499 5068 iaStor - ok
20:26:47.0515 5068 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:26:47.0546 5068 iaStorV - ok
20:26:47.0577 5068 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:26:47.0671 5068 idsvc - ok
20:26:47.0702 5068 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:26:47.0718 5068 iirsp - ok
20:26:47.0733 5068 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:26:47.0811 5068 IKEEXT - ok
20:26:47.0889 5068 [ CDB772F707AC24B43A20C821852CA61F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:26:47.0999 5068 IntcAzAudAddService - ok
20:26:47.0999 5068 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:26:48.0014 5068 intelide - ok
20:26:48.0030 5068 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:26:48.0061 5068 intelppm - ok
20:26:48.0077 5068 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:26:48.0108 5068 IPBusEnum - ok
20:26:48.0139 5068 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:26:48.0233 5068 IpFilterDriver - ok
20:26:48.0264 5068 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:26:48.0295 5068 iphlpsvc - ok
20:26:48.0311 5068 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:26:48.0342 5068 IPMIDRV - ok
20:26:48.0373 5068 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:26:48.0467 5068 IPNAT - ok
20:26:48.0560 5068 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:26:48.0607 5068 iPod Service - ok
20:26:48.0623 5068 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:26:48.0701 5068 IRENUM - ok
20:26:48.0716 5068 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:26:48.0747 5068 isapnp - ok
20:26:48.0763 5068 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:26:48.0794 5068 iScsiPrt - ok
20:26:48.0810 5068 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:26:48.0841 5068 kbdclass - ok
20:26:48.0857 5068 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:26:48.0872 5068 kbdhid - ok
20:26:48.0872 5068 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:26:48.0888 5068 KeyIso - ok
20:26:48.0919 5068 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:26:48.0935 5068 KSecDD - ok
20:26:48.0935 5068 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:26:48.0950 5068 KSecPkg - ok
20:26:48.0966 5068 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:26:49.0013 5068 ksthunk - ok
20:26:49.0028 5068 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:26:49.0091 5068 KtmRm - ok
20:26:49.0122 5068 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:26:49.0153 5068 LanmanServer - ok
20:26:49.0184 5068 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:26:49.0215 5068 LanmanWorkstation - ok
20:26:49.0247 5068 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:26:49.0293 5068 lltdio - ok
20:26:49.0309 5068 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:26:49.0356 5068 lltdsvc - ok
20:26:49.0371 5068 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:26:49.0403 5068 lmhosts - ok
20:26:49.0434 5068 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:26:49.0449 5068 LSI_FC - ok
20:26:49.0481 5068 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:26:49.0496 5068 LSI_SAS - ok
20:26:49.0496 5068 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:26:49.0512 5068 LSI_SAS2 - ok
20:26:49.0527 5068 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:26:49.0543 5068 LSI_SCSI - ok
20:26:49.0574 5068 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:26:49.0605 5068 luafv - ok
20:26:49.0637 5068 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:26:49.0683 5068 Mcx2Svc - ok
20:26:49.0715 5068 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:26:49.0746 5068 megasas - ok
20:26:49.0777 5068 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:26:49.0839 5068 MegaSR - ok
20:26:49.0855 5068 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:26:49.0902 5068 MMCSS - ok
20:26:49.0902 5068 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:26:49.0949 5068 Modem - ok
20:26:49.0964 5068 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:26:49.0980 5068 monitor - ok
20:26:50.0011 5068 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:26:50.0058 5068 mouclass - ok
20:26:50.0089 5068 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:26:50.0120 5068 mouhid - ok
20:26:50.0136 5068 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:26:50.0167 5068 mountmgr - ok
20:26:50.0198 5068 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:26:50.0214 5068 MozillaMaintenance - ok
20:26:50.0245 5068 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:26:50.0261 5068 mpio - ok
20:26:50.0292 5068 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:26:50.0323 5068 mpsdrv - ok
20:26:50.0354 5068 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:26:50.0417 5068 MpsSvc - ok
20:26:50.0448 5068 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:26:50.0463 5068 MRxDAV - ok
20:26:50.0495 5068 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:26:50.0557 5068 mrxsmb - ok
20:26:50.0588 5068 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:26:50.0651 5068 mrxsmb10 - ok
20:26:50.0666 5068 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:26:50.0729 5068 mrxsmb20 - ok
20:26:50.0744 5068 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:26:50.0760 5068 msahci - ok
20:26:50.0791 5068 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:26:50.0838 5068 msdsm - ok
20:26:50.0869 5068 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:26:50.0916 5068 MSDTC - ok
20:26:50.0931 5068 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:26:50.0978 5068 Msfs - ok
20:26:50.0994 5068 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:26:51.0025 5068 mshidkmdf - ok
20:26:51.0041 5068 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:26:51.0041 5068 msisadrv - ok
20:26:51.0072 5068 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:26:51.0103 5068 MSiSCSI - ok
20:26:51.0103 5068 msiserver - ok
20:26:51.0134 5068 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:26:51.0150 5068 MSKSSRV - ok
20:26:51.0165 5068 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:26:51.0212 5068 MSPCLOCK - ok
20:26:51.0212 5068 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:26:51.0243 5068 MSPQM - ok
20:26:51.0275 5068 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:26:51.0290 5068 MsRPC - ok
20:26:51.0306 5068 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:26:51.0321 5068 mssmbios - ok
20:26:51.0337 5068 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:26:51.0368 5068 MSTEE - ok
20:26:51.0384 5068 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:26:51.0415 5068 MTConfig - ok
20:26:51.0415 5068 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:26:51.0431 5068 Mup - ok
20:26:51.0446 5068 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:26:51.0477 5068 napagent - ok
20:26:51.0509 5068 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:26:51.0571 5068 NativeWifiP - ok
20:26:51.0602 5068 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:26:51.0696 5068 NDIS - ok
20:26:51.0727 5068 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:26:51.0758 5068 NdisCap - ok
20:26:51.0789 5068 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:26:51.0821 5068 NdisTapi - ok
20:26:51.0836 5068 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:26:51.0883 5068 Ndisuio - ok
20:26:51.0899 5068 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:26:51.0930 5068 NdisWan - ok
20:26:51.0945 5068 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:26:52.0023 5068 NDProxy - ok
20:26:52.0039 5068 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:26:52.0086 5068 NetBIOS - ok
20:26:52.0101 5068 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:26:52.0133 5068 NetBT - ok
20:26:52.0148 5068 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:26:52.0164 5068 Netlogon - ok
20:26:52.0195 5068 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:26:52.0226 5068 Netman - ok
20:26:52.0257 5068 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:26:52.0304 5068 netprofm - ok
20:26:52.0320 5068 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:26:52.0335 5068 NetTcpPortSharing - ok
20:26:52.0351 5068 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:26:52.0367 5068 nfrd960 - ok
20:26:52.0398 5068 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:26:52.0413 5068 NlaSvc - ok
20:26:52.0429 5068 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:26:52.0445 5068 Npfs - ok
20:26:52.0476 5068 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:26:52.0507 5068 nsi - ok
20:26:52.0523 5068 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:26:52.0554 5068 nsiproxy - ok
20:26:52.0585 5068 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:26:52.0647 5068 Ntfs - ok
20:26:52.0663 5068 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:26:52.0694 5068 Null - ok
20:26:52.0710 5068 [ A7127E86F9FFE2A53E271B56B2C4CEDF ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
20:26:52.0757 5068 nusb3hub - ok
20:26:52.0788 5068 [ 49BBEC6F48D5F9284B03ABF3A959B19B ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
20:26:52.0850 5068 nusb3xhc - ok
20:26:53.0084 5068 [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:26:53.0412 5068 nvlddmkm - ok
20:26:53.0443 5068 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:26:53.0459 5068 nvraid - ok
20:26:53.0474 5068 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:26:53.0490 5068 nvstor - ok
20:26:53.0505 5068 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:26:53.0521 5068 nv_agp - ok
20:26:53.0537 5068 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:26:53.0568 5068 ohci1394 - ok
20:26:53.0583 5068 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:26:53.0615 5068 p2pimsvc - ok
20:26:53.0630 5068 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:26:53.0646 5068 p2psvc - ok
20:26:53.0677 5068 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:26:53.0708 5068 Parport - ok
20:26:53.0724 5068 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:26:53.0771 5068 partmgr - ok
20:26:53.0771 5068 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:26:53.0817 5068 PcaSvc - ok
20:26:53.0833 5068 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:26:53.0864 5068 pci - ok
20:26:53.0880 5068 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:26:53.0895 5068 pciide - ok
20:26:53.0911 5068 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:26:53.0927 5068 pcmcia - ok
20:26:53.0958 5068 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:26:53.0989 5068 pcw - ok
20:26:54.0020 5068 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:26:54.0083 5068 PEAUTH - ok
20:26:54.0129 5068 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:26:54.0161 5068 PerfHost - ok
20:26:54.0207 5068 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:26:54.0285 5068 pla - ok
20:26:54.0301 5068 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:26:54.0332 5068 PlugPlay - ok
20:26:54.0348 5068 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:26:54.0363 5068 PNRPAutoReg - ok
20:26:54.0379 5068 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:26:54.0379 5068 PNRPsvc - ok
20:26:54.0410 5068 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:26:54.0457 5068 PolicyAgent - ok
20:26:54.0473 5068 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:26:54.0504 5068 Power - ok
20:26:54.0535 5068 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:26:54.0566 5068 PptpMiniport - ok
20:26:54.0582 5068 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:26:54.0629 5068 Processor - ok
20:26:54.0660 5068 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
20:26:54.0722 5068 ProfSvc - ok
20:26:54.0738 5068 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:26:54.0753 5068 ProtectedStorage - ok
20:26:54.0785 5068 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:26:54.0863 5068 Psched - ok
20:26:54.0894 5068 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
20:26:54.0909 5068 PSI_SVC_2 - ok
20:26:54.0956 5068 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:26:55.0050 5068 ql2300 - ok
20:26:55.0065 5068 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:26:55.0112 5068 ql40xx - ok
20:26:55.0159 5068 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:26:55.0206 5068 QWAVE - ok
20:26:55.0221 5068 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:26:55.0253 5068 QWAVEdrv - ok
20:26:55.0284 5068 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:26:55.0346 5068 RasAcd - ok
20:26:55.0377 5068 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:26:55.0424 5068 RasAgileVpn - ok
20:26:55.0424 5068 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:26:55.0471 5068 RasAuto - ok
20:26:55.0487 5068 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:26:55.0533 5068 Rasl2tp - ok
20:26:55.0549 5068 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:26:55.0596 5068 RasMan - ok
20:26:55.0611 5068 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:26:55.0643 5068 RasPppoe - ok
20:26:55.0658 5068 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:26:55.0689 5068 RasSstp - ok
20:26:55.0705 5068 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:26:55.0752 5068 rdbss - ok
20:26:55.0752 5068 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:26:55.0783 5068 rdpbus - ok
20:26:55.0814 5068 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:26:55.0845 5068 RDPCDD - ok
20:26:55.0861 5068 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:26:55.0892 5068 RDPENCDD - ok
20:26:55.0908 5068 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:26:55.0939 5068 RDPREFMP - ok
20:26:55.0970 5068 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:26:56.0033 5068 RDPWD - ok
20:26:56.0064 5068 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:26:56.0079 5068 rdyboost - ok
20:26:56.0095 5068 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:26:56.0142 5068 RemoteAccess - ok
20:26:56.0157 5068 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:26:56.0204 5068 RemoteRegistry - ok
20:26:56.0220 5068 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
20:26:56.0267 5068 RFCOMM - ok
20:26:56.0282 5068 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:26:56.0345 5068 RpcEptMapper - ok
20:26:56.0345 5068 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:26:56.0376 5068 RpcLocator - ok
20:26:56.0391 5068 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
20:26:56.0423 5068 RpcSs - ok
20:26:56.0454 5068 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:26:56.0516 5068 rspndr - ok
20:26:56.0532 5068 [ 20A466B9EA2BD828C0EC723F99B8CFE7 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
20:26:56.0563 5068 RTL8167 - ok
20:26:56.0594 5068 [ 4629C5C4772D223B0ECD1EA8BA7A2A33 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
20:26:56.0625 5068 RTL8192su - ok
20:26:56.0641 5068 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:26:56.0641 5068 SamSs - ok
20:26:56.0672 5068 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:26:56.0719 5068 sbp2port - ok
20:26:56.0750 5068 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:26:56.0844 5068 SCardSvr - ok
20:26:56.0875 5068 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:26:56.0922 5068 scfilter - ok
20:26:56.0953 5068 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:26:57.0000 5068 Schedule - ok
20:26:57.0015 5068 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:26:57.0047 5068 SCPolicySvc - ok
20:26:57.0062 5068 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:26:57.0093 5068 SDRSVC - ok
20:26:57.0140 5068 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
20:26:57.0187 5068 SeaPort - ok
20:26:57.0203 5068 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:26:57.0249 5068 secdrv - ok
20:26:57.0265 5068 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:26:57.0296 5068 seclogon - ok
20:26:57.0312 5068 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
20:26:57.0343 5068 SENS - ok
20:26:57.0359 5068 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:26:57.0390 5068 SensrSvc - ok
20:26:57.0421 5068 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:26:57.0468 5068 Serenum - ok
20:26:57.0483 5068 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:26:57.0515 5068 Serial - ok
20:26:57.0546 5068 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:26:57.0593 5068 sermouse - ok
20:26:57.0624 5068 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:26:57.0671 5068 SessionEnv - ok
20:26:57.0686 5068 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:26:57.0717 5068 sffdisk - ok
20:26:57.0717 5068 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:26:57.0733 5068 sffp_mmc - ok
20:26:57.0733 5068 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:26:57.0749 5068 sffp_sd - ok
20:26:57.0780 5068 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:26:57.0780 5068 sfloppy - ok
20:26:57.0827 5068 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:26:57.0905 5068 SharedAccess - ok
20:26:57.0920 5068 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:26:57.0967 5068 ShellHWDetection - ok
20:26:57.0967 5068 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:26:57.0983 5068 SiSRaid2 - ok
20:26:57.0998 5068 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:26:58.0014 5068 SiSRaid4 - ok
20:26:58.0029 5068 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:26:58.0076 5068 Smb - ok
20:26:58.0107 5068 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:26:58.0154 5068 SNMPTRAP - ok
20:26:58.0154 5068 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:26:58.0170 5068 spldr - ok
20:26:58.0217 5068 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
20:26:58.0295 5068 Spooler - ok
20:26:58.0404 5068 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:26:58.0544 5068 sppsvc - ok
20:26:58.0560 5068 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:26:58.0591 5068 sppuinotify - ok
20:26:58.0622 5068 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:26:58.0669 5068 srv - ok
20:26:58.0685 5068 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:26:58.0700 5068 srv2 - ok
20:26:58.0716 5068 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:26:58.0747 5068 srvnet - ok
20:26:58.0747 5068 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:26:58.0794 5068 SSDPSRV - ok
20:26:58.0809 5068 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:26:58.0841 5068 SstpSvc - ok
20:26:58.0856 5068 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:26:58.0872 5068 stexstor - ok
20:26:58.0903 5068 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
20:26:58.0950 5068 StillCam - ok
20:26:58.0997 5068 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:26:59.0059 5068 stisvc - ok
20:26:59.0090 5068 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
20:26:59.0106 5068 swenum - ok
20:26:59.0121 5068 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:26:59.0199 5068 swprv - ok
20:26:59.0231 5068 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:26:59.0293 5068 SysMain - ok
20:26:59.0309 5068 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:26:59.0340 5068 TabletInputService - ok
20:26:59.0355 5068 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:26:59.0402 5068 TapiSrv - ok
20:26:59.0418 5068 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:26:59.0465 5068 TBS - ok
20:26:59.0511 5068 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:26:59.0589 5068 Tcpip - ok
20:26:59.0636 5068 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:26:59.0667 5068 TCPIP6 - ok
20:26:59.0699 5068 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:26:59.0730 5068 tcpipreg - ok
20:26:59.0761 5068 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:26:59.0808 5068 TDPIPE - ok
20:26:59.0823 5068 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:26:59.0870 5068 TDTCP - ok
20:26:59.0901 5068 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:26:59.0964 5068 tdx - ok
20:26:59.0995 5068 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:26:59.0995 5068 TermDD - ok
20:27:00.0026 5068 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:27:00.0089 5068 TermService - ok
20:27:00.0089 5068 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:27:00.0104 5068 Themes - ok
20:27:00.0104 5068 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:27:00.0135 5068 THREADORDER - ok
20:27:00.0151 5068 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:27:00.0229 5068 TrkWks - ok
20:27:00.0260 5068 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:27:00.0323 5068 TrustedInstaller - ok
20:27:00.0338 5068 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:27:00.0369 5068 tssecsrv - ok
20:27:00.0479 5068 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:27:00.0603 5068 TsUsbFlt - ok
20:27:00.0635 5068 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:27:00.0728 5068 tunnel - ok
20:27:00.0759 5068 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:27:00.0775 5068 uagp35 - ok
20:27:00.0791 5068 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:27:00.0837 5068 udfs - ok
20:27:00.0853 5068 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:27:00.0869 5068 UI0Detect - ok
20:27:00.0900 5068 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:27:00.0915 5068 uliagpkx - ok
20:27:00.0931 5068 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
20:27:00.0962 5068 umbus - ok
20:27:00.0978 5068 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:27:00.0993 5068 UmPass - ok
20:27:01.0009 5068 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:27:01.0040 5068 upnphost - ok
20:27:01.0056 5068 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
20:27:01.0071 5068 USBAAPL64 - ok
20:27:01.0103 5068 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:27:01.0134 5068 usbccgp - ok
20:27:01.0149 5068 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:27:01.0181 5068 usbcir - ok
20:27:01.0196 5068 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:27:01.0227 5068 usbehci - ok
20:27:01.0274 5068 [ DC2B306861F42EEEB92EF525F4119F08 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
20:27:01.0305 5068 usbfilter - ok
20:27:01.0337 5068 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:27:01.0383 5068 usbhub - ok
20:27:01.0383 5068 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:27:01.0415 5068 usbohci - ok
20:27:01.0430 5068 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:27:01.0446 5068 usbprint - ok
20:27:01.0477 5068 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:27:01.0524 5068 usbscan - ok
20:27:01.0539 5068 [ A60E7E0FA88FF067D049D525547CD5E9 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:27:01.0571 5068 USBSTOR - ok
20:27:01.0586 5068 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:27:01.0617 5068 usbuhci - ok
20:27:01.0633 5068 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:27:01.0695 5068 UxSms - ok
20:27:01.0711 5068 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:27:01.0727 5068 VaultSvc - ok
20:27:01.0758 5068 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:27:01.0758 5068 vdrvroot - ok
20:27:01.0789 5068 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:27:01.0820 5068 vds - ok
20:27:01.0836 5068 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:27:01.0851 5068 vga - ok
20:27:01.0898 5068 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:27:01.0992 5068 VgaSave - ok
20:27:02.0007 5068 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:27:02.0054 5068 vhdmp - ok
20:27:02.0070 5068 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:27:02.0085 5068 viaide - ok
20:27:02.0101 5068 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:27:02.0117 5068 volmgr - ok
20:27:02.0148 5068 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:27:02.0195 5068 volmgrx - ok
20:27:02.0210 5068 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:27:02.0241 5068 volsnap - ok
20:27:02.0273 5068 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:27:02.0288 5068 vsmraid - ok
20:27:02.0319 5068 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:27:02.0397 5068 VSS - ok
20:27:02.0413 5068 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
20:27:02.0429 5068 vwifibus - ok
20:27:02.0460 5068 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:27:02.0475 5068 vwififlt - ok
20:27:02.0507 5068 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
20:27:02.0553 5068 vwifimp - ok
20:27:02.0569 5068 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:27:02.0616 5068 W32Time - ok
20:27:02.0631 5068 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:27:02.0647 5068 WacomPen - ok
20:27:02.0678 5068 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:27:02.0709 5068 WANARP - ok
20:27:02.0709 5068 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:27:02.0741 5068 Wanarpv6 - ok
20:27:02.0787 5068 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:27:02.0834 5068 WatAdminSvc - ok
20:27:02.0881 5068 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:27:02.0928 5068 wbengine - ok
20:27:02.0959 5068 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:27:02.0990 5068 WbioSrvc - ok
20:27:03.0006 5068 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:27:03.0037 5068 wcncsvc - ok
20:27:03.0053 5068 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:27:03.0084 5068 WcsPlugInService - ok
20:27:03.0115 5068 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:27:03.0131 5068 Wd - ok
20:27:03.0162 5068 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:27:03.0240 5068 Wdf01000 - ok
20:27:03.0240 5068 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:27:03.0333 5068 WdiServiceHost - ok
20:27:03.0333 5068 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:27:03.0349 5068 WdiSystemHost - ok
20:27:03.0365 5068 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:27:03.0411 5068 WebClient - ok
20:27:03.0427 5068 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:27:03.0474 5068 Wecsvc - ok
20:27:03.0474 5068 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:27:03.0521 5068 wercplsupport - ok
20:27:03.0536 5068 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:27:03.0567 5068 WerSvc - ok
20:27:03.0583 5068 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:27:03.0614 5068 WfpLwf - ok
20:27:03.0630 5068 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:27:03.0645 5068 WIMMount - ok
20:27:03.0661 5068 WinDefend - ok
20:27:03.0661 5068 WinHttpAutoProxySvc - ok
20:27:03.0708 5068 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:27:03.0755 5068 Winmgmt - ok
20:27:03.0817 5068 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:27:03.0895 5068 WinRM - ok
20:27:03.0942 5068 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:27:03.0973 5068 WinUsb - ok
20:27:04.0004 5068 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:27:04.0051 5068 Wlansvc - ok
20:27:04.0113 5068 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:27:04.0145 5068 wlcrasvc - ok
20:27:04.0238 5068 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:27:04.0301 5068 wlidsvc - ok
20:27:04.0316 5068 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:27:04.0347 5068 WmiAcpi - ok
20:27:04.0363 5068 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:27:04.0394 5068 wmiApSrv - ok
20:27:04.0425 5068 WMPNetworkSvc - ok
20:27:04.0441 5068 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:27:04.0488 5068 WPCSvc - ok
20:27:04.0503 5068 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:27:04.0535 5068 WPDBusEnum - ok
20:27:04.0566 5068 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:27:04.0613 5068 ws2ifsl - ok
20:27:04.0644 5068 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
20:27:04.0659 5068 wscsvc - ok
20:27:04.0659 5068 WSearch - ok
20:27:04.0737 5068 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:27:04.0831 5068 wuauserv - ok
20:27:04.0862 5068 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:27:04.0878 5068 WudfPf - ok
20:27:04.0893 5068 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:27:04.0909 5068 WUDFRd - ok
20:27:04.0925 5068 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:27:04.0956 5068 wudfsvc - ok
20:27:04.0971 5068 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:27:05.0003 5068 WwanSvc - ok
20:27:05.0018 5068 ================ Scan global ===============================
20:27:05.0049 5068 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:27:05.0081 5068 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:27:05.0112 5068 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:27:05.0127 5068 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:27:05.0159 5068 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:27:05.0190 5068 [Global] - ok
20:27:05.0190 5068 ================ Scan MBR ==================================
20:27:05.0205 5068 [ 5D949EEA3BEEC2DF38A2D7900AD89A60 ] \Device\Harddisk0\DR0
20:27:07.0452 5068 \Device\Harddisk0\DR0 - ok
20:27:07.0452 5068 ================ Scan VBR ==================================
20:27:07.0452 5068 [ BB4EE181A3C3FB6FBA2D635B5D34CAE4 ] \Device\Harddisk0\DR0\Partition1
20:27:07.0467 5068 \Device\Harddisk0\DR0\Partition1 - ok
20:27:07.0499 5068 [ 4CB0A14ADB05C81F03E6366A728495D6 ] \Device\Harddisk0\DR0\Partition2
20:27:07.0499 5068 \Device\Harddisk0\DR0\Partition2 - ok
20:27:07.0530 5068 [ BB651F9BAC2C393879A04366C83F8A97 ] \Device\Harddisk0\DR0\Partition3
20:27:07.0530 5068 \Device\Harddisk0\DR0\Partition3 - ok
20:27:07.0530 5068 ============================================================
20:27:07.0530 5068 Scan finished
20:27:07.0530 5068 ============================================================
20:27:07.0545 2332 Detected object count: 0
20:27:07.0545 2332 Actual detected object count: 0
|
|
08.03.2013, 21:08
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Groupon Trojaner Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.03.2013, 21:48
| #10 |
| | Groupon Trojaner Hallo cosinus, auch diesen Auftrag habe ich ausgeführt, allerdings kam keine der fehlermeldungen von denen du geschrieben hast und ich habe manuell neugestartet, da kam nichts automatisch... hier der logfile: [code] Combofix Logfile: Code:
ATTFilter ComboFix 13-03-07.03 - Muccy3001 08.03.2013 21:30:41.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4095.2052 [GMT 1:00]
ausgeführt von:: c:\users\Muccy3001\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Muccy3001\AppData\Roaming\.#
c:\users\Muccy3001\AppData\Roaming\.#\MBX@1208@2112740.###
c:\users\Muccy3001\AppData\Roaming\.#\MBX@1208@2112770.###
c:\users\Muccy3001\AppData\Roaming\.#\MBX@12B0@6B2740.###
c:\users\Muccy3001\AppData\Roaming\.#\MBX@12B0@6B2770.###
c:\users\Muccy3001\AppData\Roaming\.#\MBX@838@1E72740.###
c:\users\Muccy3001\AppData\Roaming\.#\MBX@838@1E72770.###
c:\users\Muccy3001\AppData\Roaming\.#\MBX@99C@2F2740.###
c:\users\Muccy3001\AppData\Roaming\.#\MBX@99C@2F2770.###
c:\users\Muccy3001\AppData\Roaming\Anakab
c:\users\Muccy3001\AppData\Roaming\Anakab\atide.vov
c:\users\Muccy3001\AppData\Roaming\Urobz
c:\users\Muccy3001\AppData\Roaming\Urobz\taqeh.exe
c:\users\Muccy3001\AppData\Roaming\Zoas
c:\users\Muccy3001\AppData\Roaming\Zoas\ridub.xoa
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-08 bis 2013-03-08 ))))))))))))))))))))))))))))))
.
.
2013-03-08 20:35 . 2013-03-08 20:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-08 13:49 . 2013-03-08 14:06 -------- d-----w- c:\users\Muccy3001\AppData\Roaming\Zesua
2013-03-08 13:37 . 2013-03-08 14:06 -------- d-----w- c:\users\Muccy3001\Dtvmr
2013-03-08 12:37 . 2013-03-08 12:37 -------- d--h--w- c:\users\Muccy3001\AppData\Roaming\E8BEE989
2013-03-08 11:14 . 2013-03-08 16:09 -------- d-----w- c:\users\Muccy3001\AppData\Roaming\Zuluud
2013-03-08 11:14 . 2013-03-08 11:14 -------- d-----w- c:\users\Muccy3001\AppData\Roaming\Wucyhy
2013-03-07 22:14 . 2013-03-07 22:14 -------- d-----w- c:\users\Muccy3001\AppData\Roaming\Malwarebytes
2013-03-07 22:13 . 2013-03-07 22:13 -------- d-----w- c:\programdata\Malwarebytes
2013-03-07 22:13 . 2013-03-07 22:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-07 22:13 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-07 22:13 . 2013-03-07 22:13 -------- d-----w- c:\users\Muccy3001\AppData\Local\Programs
2013-03-07 20:41 . 2013-03-08 04:21 -------- d-----w- c:\users\Muccy3001\AppData\Roaming\Tyvifo
2013-03-07 20:41 . 2013-03-07 20:45 -------- d-----w- c:\users\Muccy3001\AppData\Roaming\Ahyld
2013-03-07 20:41 . 2013-03-07 20:41 -------- d-----w- c:\users\Muccy3001\AppData\Roaming\Myhu
2013-03-06 20:08 . 2013-03-06 20:08 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-05 21:33 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9E62D425-114C-4955-ACD7-27A5395EFB55}\mpengine.dll
2013-02-15 22:04 . 2013-02-15 22:04 208448 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-13 17:33 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 17:33 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-13 17:33 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-13 17:33 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-13 17:33 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-13 17:33 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-13 17:33 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 17:33 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 17:33 . 2012-12-26 05:47 1111040 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 17:33 . 2012-12-26 04:49 760320 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-06 20:08 . 2012-06-19 17:39 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-06 20:08 . 2010-07-07 16:34 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-28 18:15 . 2012-04-24 13:19 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-28 18:15 . 2011-05-23 19:29 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-13 18:53 . 2010-07-07 15:49 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-01-17 00:28 . 2010-07-07 15:48 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-13 17:33 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2013-01-08 16:22 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2013-01-08 16:22 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2013-01-08 16:22 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2013-01-08 16:22 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2012-01-19 00:09 194848 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-02 39408]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-11-28 59280]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-11-28 59280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-14 98304]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-02-13 385248]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\users\Muccy3001\Desktop\mbar-1.01.0.1021\mbar\mbar.exe" [2013-03-08 1363016]
.
c:\users\Muccy3001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-14 51872]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-02-10 35840]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-10 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-05-14 73856]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-05-14 28800]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-11-16 27800]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 204288]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-02-13 86752]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-14 52896]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-14 36000]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-14 298144]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-14 28832]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-14 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-14 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-14 154272]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-14 275104]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-31 333928]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-02-06 690208]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-06-14 38528]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 16386526
*NewlyCreated* - ASWMBR
*Deregistered* - 16386526
*Deregistered* - aswMBR
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 18:15]
.
2013-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-02 17:03]
.
2013-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-02 17:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-22 11490408]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-14 613536]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-14 379040]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=ca8fa289000000000000000272b0b9d0
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\Muccy3001\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Muccy3001\AppData\Roaming\Mozilla\Firefox\Profiles\ikvvofgf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=ca8fa289000000000000000272b0b9d0
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110819&babsrc=KW_ss&mntrId=ca8fa289000000000000000272b0b9d0&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKCU-Run-Wyadsym - c:\users\Muccy3001\AppData\Roaming\Tyvifo\kifea.exe
Wow6432Node-HKCU-Run-Oxycenpyi - c:\users\Muccy3001\AppData\Roaming\Urobz\taqeh.exe
Wow6432Node-HKCU-Run-monag - c:\users\Muccy3001\AppData\Roaming\monag.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-BsScanner
AddRemove-ALDI SÜD Mah Jong - c:\windows\system32\Uninstall ALDI SÜD Mah Jong.exe
AddRemove-PDF Reader - c:\program files (x86)\PDFReader\Uninstall\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-08 21:37:21
ComboFix-quarantined-files.txt 2013-03-08 20:37
.
Vor Suchlauf: 8 Verzeichnis(se), 1.231.136.473.088 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 1.231.405.850.624 Bytes frei
.
- - End Of File - - D76DA552119D0364C7D21B61C1E60374
hoffe bisher läuft alles nach plan...? Was muss ich als nächstes tun? |
|
10.03.2013, 15:14
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Groupon Trojaner Combofix-Skript
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.03.2013, 11:54
| #12 |
| | Groupon Trojaner Ich melde mich hier nochmal nicht, dass du denkst ich bräuchte keine Hilfe mehr  |
|
11.03.2013, 12:06
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Groupon Trojaner Was soll dieser Zwischenruf?? lass solche Zwischenrufe, poste nur wenn es Probleme gibt oder wenn du die Logs hast (diese dann auch posten in CODE-Tags)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.03.2013, 12:33
| #14 |
| | Groupon Trojaner Bei mir kam kein SUspect oder Collect und auch kein fenster zum upload von iwas, habe daher 2mal gemacht, aber auch beim 2ten kam nichts.... Hier ist der Log File vom 2. Versuch: Code:
ATTFilter ComboFix 13-03-11.01 - Muccy3001 11.03.2013 12:20:42.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4095.2440 [GMT 1:00]
ausgeführt von:: c:\users\Muccy3001\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Muccy3001\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-11 bis 2013-03-11 ))))))))))))))))))))))))))))))
.
.
2013-03-11 11:24 . 2013-03-11 11:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-11 11:01 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{955BA4F4-A30B-4360-8847-B6E23C9BE3C5}\mpengine.dll
2013-03-08 13:49 . 2013-03-08 14:06 -------- d-----w- c:\users\Muccy3001\AppData\Roaming\Zesua
2013-03-08 13:37 . 2013-03-08 14:06 -------- d-----w- c:\users\Muccy3001\Dtvmr
2013-03-08 12:37 . 2013-03-08 12:37 -------- d--h--w- c:\users\Muccy3001\AppData\Roaming\E8BEE989
2013-03-08 11:14 . 2013-03-08 16:09 -------- d-----w- c:\users\Muccy3001\AppData\Roaming\Zuluud
2013-03-08 11:14 . 2013-03-08 11:14 -------- d-----w- c:\users\Muccy3001\AppData\Roaming\Wucyhy
2013-03-07 22:14 . 2013-03-07 22:14 -------- d-----w- c:\users\Muccy3001\AppData\Roaming\Malwarebytes
2013-03-07 22:13 . 2013-03-07 22:13 -------- d-----w- c:\programdata\Malwarebytes
2013-03-07 22:13 . 2013-03-07 22:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-07 22:13 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-07 22:13 . 2013-03-07 22:13 -------- d-----w- c:\users\Muccy3001\AppData\Local\Programs
2013-03-07 20:41 . 2013-03-08 04:21 -------- d-----w- c:\users\Muccy3001\AppData\Roaming\Tyvifo
2013-03-07 20:41 . 2013-03-07 20:45 -------- d-----w- c:\users\Muccy3001\AppData\Roaming\Ahyld
2013-03-07 20:41 . 2013-03-07 20:41 -------- d-----w- c:\users\Muccy3001\AppData\Roaming\Myhu
2013-03-06 20:08 . 2013-03-06 20:08 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-15 22:04 . 2013-02-15 22:04 208448 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-13 17:33 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 17:33 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-13 17:33 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-13 17:33 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-13 17:33 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-13 17:33 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-13 17:33 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 17:33 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 17:33 . 2012-12-26 05:47 1111040 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 17:33 . 2012-12-26 04:49 760320 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-06 20:08 . 2012-06-19 17:39 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-06 20:08 . 2010-07-07 16:34 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-28 18:15 . 2012-04-24 13:19 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-28 18:15 . 2011-05-23 19:29 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-13 18:53 . 2010-07-07 15:49 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-01-17 00:28 . 2010-07-07 15:48 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-13 17:33 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2013-01-08 16:22 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2013-01-08 16:22 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2013-01-08 16:22 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2013-01-08 16:22 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\SysWow64\WindowsAccessBridge-32.dll ---
Company: Oracle Corporation
File Description:
File Version: 2, 0, 7, 0
Product Name: Java Access Bridge for Windows
Copyright: Copyright © 2013
Original Filename:
File size: 95648
Created time: 2013-03-06 20:08
Modified time: 2013-03-06 20:08
MD5: F003B6C8BFD5F675A4DD398D2A8AEB63
SHA1: 289F1D8D4825EBDBAABF7D061CE1D93BE9D1443B
.
---- Directory of c:\users\Muccy3001\AppData\Local\Programs ----
.
.
---- Directory of c:\users\Muccy3001\AppData\Roaming\Ahyld ----
.
2012-06-08 16:48 . 2013-03-07 20:41 11877 ----a-w- c:\users\Muccy3001\AppData\Roaming\Ahyld\yxyr.tmp
.
---- Directory of c:\users\Muccy3001\AppData\Roaming\E8BEE989 ----
.
.
---- Directory of c:\users\Muccy3001\AppData\Roaming\Myhu ----
.
2012-01-05 18:44 . 2013-03-07 20:41 399066 ----a-w- c:\users\Muccy3001\AppData\Roaming\Myhu\movyh.yxd
.
---- Directory of c:\users\Muccy3001\AppData\Roaming\Tyvifo ----
.
.
---- Directory of c:\users\Muccy3001\AppData\Roaming\Wucyhy ----
.
2011-10-05 15:11 . 2013-03-08 12:28 399066 ----a-w- c:\users\Muccy3001\AppData\Roaming\Wucyhy\nuyz.evs
.
---- Directory of c:\users\Muccy3001\AppData\Roaming\Zesua ----
.
.
---- Directory of c:\users\Muccy3001\AppData\Roaming\Zuluud ----
.
.
---- Directory of c:\users\Muccy3001\Dtvmr ----
.
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2012-01-19 00:09 194848 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-02 39408]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-11-28 59280]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-11-28 59280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-14 98304]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-02-13 385248]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Muccy3001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-14 51872]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-02-10 35840]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-10 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-05-14 73856]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-05-14 28800]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-11-16 27800]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 204288]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-02-13 86752]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-14 52896]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-14 36000]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-14 298144]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-14 28832]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-14 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-14 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-14 154272]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-14 275104]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-31 333928]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-02-06 690208]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-06-14 38528]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 18:15]
.
2013-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-02 17:03]
.
2013-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-02 17:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-22 11490408]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-14 613536]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-14 379040]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=ca8fa289000000000000000272b0b9d0
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\Muccy3001\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Muccy3001\AppData\Roaming\Mozilla\Firefox\Profiles\ikvvofgf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=ca8fa289000000000000000272b0b9d0
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110819&babsrc=KW_ss&mntrId=ca8fa289000000000000000272b0b9d0&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-ALDI SÜD Mah Jong - c:\windows\system32\Uninstall ALDI SÜD Mah Jong.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-11 12:26:15
ComboFix-quarantined-files.txt 2013-03-11 11:26
ComboFix2.txt 2013-03-11 11:15
ComboFix3.txt 2013-03-08 20:37
.
Vor Suchlauf: 10 Verzeichnis(se), 1.231.243.931.648 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 1.230.946.537.472 Bytes frei
.
- - End Of File - - D1E020108C139CFB19752FE2A03FE4FB
Hier ist noch der vom 1. Versuch, falls er wichtig ist: Code:
ATTFilter ComboFix 13-03-11.01 - Muccy3001 11.03.2013 12:08:18.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4095.2584 [GMT 1:00]
ausgeführt von:: c:\users\Muccy3001\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Muccy3001\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-11 bis 2013-03-11 ))))))))))))))))))))))))))))))
.
.
2013-03-11 11:13 . 2013-03-11 11:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-11 11:01 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{955BA4F4-A30B-4360-8847-B6E23C9BE3C5}\mpengine.dll
2013-03-08 13:49 . 2013-03-08 14:06 -------- d-----w- c:\users\Muccy3001\AppData\Roaming\Zesua
2013-03-08 13:37 . 2013-03-08 14:06 -------- d-----w- c:\users\Muccy3001\Dtvmr
2013-03-08 12:37 . 2013-03-08 12:37 -------- d--h--w- c:\users\Muccy3001\AppData\Roaming\E8BEE989
2013-03-08 11:14 . 2013-03-08 16:09 -------- d-----w- c:\users\Muccy3001\AppData\Roaming\Zuluud
2013-03-08 11:14 . 2013-03-08 11:14 -------- d-----w- c:\users\Muccy3001\AppData\Roaming\Wucyhy
2013-03-07 22:14 . 2013-03-07 22:14 -------- d-----w- c:\users\Muccy3001\AppData\Roaming\Malwarebytes
2013-03-07 22:13 . 2013-03-07 22:13 -------- d-----w- c:\programdata\Malwarebytes
2013-03-07 22:13 . 2013-03-07 22:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-07 22:13 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-07 22:13 . 2013-03-07 22:13 -------- d-----w- c:\users\Muccy3001\AppData\Local\Programs
2013-03-07 20:41 . 2013-03-08 04:21 -------- d-----w- c:\users\Muccy3001\AppData\Roaming\Tyvifo
2013-03-07 20:41 . 2013-03-07 20:45 -------- d-----w- c:\users\Muccy3001\AppData\Roaming\Ahyld
2013-03-07 20:41 . 2013-03-07 20:41 -------- d-----w- c:\users\Muccy3001\AppData\Roaming\Myhu
2013-03-06 20:08 . 2013-03-06 20:08 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-15 22:04 . 2013-02-15 22:04 208448 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-13 17:33 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 17:33 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-13 17:33 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-13 17:33 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-13 17:33 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-13 17:33 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-13 17:33 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 17:33 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 17:33 . 2012-12-26 05:47 1111040 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 17:33 . 2012-12-26 04:49 760320 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-06 20:08 . 2012-06-19 17:39 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-06 20:08 . 2010-07-07 16:34 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-28 18:15 . 2012-04-24 13:19 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-28 18:15 . 2011-05-23 19:29 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-13 18:53 . 2010-07-07 15:49 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-01-17 00:28 . 2010-07-07 15:48 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-13 17:33 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2013-01-08 16:22 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2013-01-08 16:22 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2013-01-08 16:22 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2013-01-08 16:22 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\SysWow64\WindowsAccessBridge-32.dll ---
Company: Oracle Corporation
File Description:
File Version: 2, 0, 7, 0
Product Name: Java Access Bridge for Windows
Copyright: Copyright © 2013
Original Filename:
File size: 95648
Created time: 2013-03-06 20:08
Modified time: 2013-03-06 20:08
MD5: F003B6C8BFD5F675A4DD398D2A8AEB63
SHA1: 289F1D8D4825EBDBAABF7D061CE1D93BE9D1443B
.
---- Directory of c:\users\Muccy3001\AppData\Local\Programs ----
.
.
---- Directory of c:\users\Muccy3001\AppData\Roaming\Ahyld ----
.
2012-06-08 16:48 . 2013-03-07 20:41 11877 ----a-w- c:\users\Muccy3001\AppData\Roaming\Ahyld\yxyr.tmp
.
---- Directory of c:\users\Muccy3001\AppData\Roaming\E8BEE989 ----
.
.
---- Directory of c:\users\Muccy3001\AppData\Roaming\Myhu ----
.
2012-01-05 18:44 . 2013-03-07 20:41 399066 ----a-w- c:\users\Muccy3001\AppData\Roaming\Myhu\movyh.yxd
.
---- Directory of c:\users\Muccy3001\AppData\Roaming\Tyvifo ----
.
.
---- Directory of c:\users\Muccy3001\AppData\Roaming\Wucyhy ----
.
2011-10-05 15:11 . 2013-03-08 12:28 399066 ----a-w- c:\users\Muccy3001\AppData\Roaming\Wucyhy\nuyz.evs
.
---- Directory of c:\users\Muccy3001\AppData\Roaming\Zesua ----
.
.
---- Directory of c:\users\Muccy3001\AppData\Roaming\Zuluud ----
.
.
---- Directory of c:\users\Muccy3001\Dtvmr ----
.
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2012-01-19 00:09 194848 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-02 39408]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-11-28 59280]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-11-28 59280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-14 98304]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-02-13 385248]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Muccy3001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-14 51872]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-02-10 35840]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-10 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-05-14 73856]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-05-14 28800]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-11-16 27800]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 204288]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-02-13 86752]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-14 52896]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-14 36000]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-14 298144]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-14 28832]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-14 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-14 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-14 154272]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-14 275104]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-31 333928]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-02-06 690208]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-06-14 38528]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 18:15]
.
2013-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-02 17:03]
.
2013-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-02 17:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Muccy3001\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-22 11490408]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-14 613536]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-14 379040]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=ca8fa289000000000000000272b0b9d0
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\Muccy3001\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Muccy3001\AppData\Roaming\Mozilla\Firefox\Profiles\ikvvofgf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=ca8fa289000000000000000272b0b9d0
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110819&babsrc=KW_ss&mntrId=ca8fa289000000000000000272b0b9d0&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-ALDI SÜD Mah Jong - c:\windows\system32\Uninstall ALDI SÜD Mah Jong.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-11 12:15:17
ComboFix-quarantined-files.txt 2013-03-11 11:15
ComboFix2.txt 2013-03-08 20:37
.
Vor Suchlauf: 10 Verzeichnis(se), 1.231.254.237.184 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 1.231.060.852.736 Bytes frei
.
- - End Of File - - 2A2A7E82D8B577BBCB1D497E43D72179
|
|
11.03.2013, 12:39
| #15 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Groupon TrojanerZitat:
Combofix-Skript
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Groupon Trojaner |
| alles blockiert, avira, blockiert, bräuchte, datei, dateien, eingefangen, gen, gestern, gesuch, gesucht, groupon, hören, interne, internet, malwarebytes, meinung, nachricht, neue, neuen, probleme, software, sämtliche, thema, trojaner, würde, zugriff |
WARNUNG an die MITLESER: 
Linear-Darstellung
