| |
| |||||||
Log-Analyse und Auswertung: Auf meinem Notebook PUP.FCTPlugin entdeckt --> FaceThemeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
06.05.2013, 18:36
| #1 |
 |  Auf meinem Notebook PUP.FCTPlugin entdeckt --> FaceTheme Hallo Gemeinde, ich habe einfach mal so das Malwarebytes-Anti-Rootkit über meinen Laptop laufen lassen und musst schockiert feststellen, dass dieser Scan sage und schreibe 46 Malware-Items gefunden hat. :-( Kann mir bitte jemand auch in diesem Fall helfen und sich meiner annehmen? Ich weiß zwar nicht ob es hilft, werde aber einfach mal den LOG hier anhängen. Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.05.06.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Bernd :: BERNDS-NOTEBOOK [administrator]
06.05.2013 19:15:47
mbar-log-2013-05-06 (19-15-47).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 32128
Time elapsed: 18 minute(s), 50 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 6
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{70C6E9DE-F30E-4A40-8A6F-9572C2328320} (PUP.FCTPlugin) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{70C6E9DE-F30E-4A40-8A6F-9572C2328320} (PUP.FCTPlugin) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{70C6E9DE-F30E-4A40-8A6F-9572C2328320} (PUP.FCTPlugin) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{70C6E9DE-F30E-4A40-8A6F-9572C2328320} (PUP.FCTPlugin) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\facetheme (PUP.FCTPlugin) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Delete on reboot.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 9
c:\Program Files (x86)\Object (PUP.FCTPlugin) -> Delete on reboot.
c:\Program Files (x86)\Object\chromeaddon (PUP.FCTPlugin) -> Delete on reboot.
c:\Program Files (x86)\Object\facetheme (PUP.FCTPlugin) -> Delete on reboot.
c:\Program Files (x86)\Object\facetheme\content (PUP.FCTPlugin) -> Delete on reboot.
c:\Program Files (x86)\Object\facetheme\defaults (PUP.FCTPlugin) -> Delete on reboot.
c:\Program Files (x86)\Object\facetheme\defaults\preferences (PUP.FCTPlugin) -> Delete on reboot.
c:\Program Files (x86)\Object\facetheme\locale (PUP.FCTPlugin) -> Delete on reboot.
c:\Program Files (x86)\Object\facetheme\locale\en-US (PUP.FCTPlugin) -> Delete on reboot.
c:\Program Files (x86)\Object\facetheme\skin (PUP.FCTPlugin) -> Delete on reboot.
Files Detected: 31
c:\Program Files (x86)\Object\bho_project.dll (PUP.FCTPlugin) -> Delete on reboot.
c:\Users\Bernd\AppData\Local\Temp\AddLyrics.exe (Adware.AdLyrics) -> Delete on reboot.
c:\Program Files (x86)\Object\status.txt (PUP.FCTPlugin) -> Delete on reboot.
c:\Program Files (x86)\Object\ChromeAddon.pem (PUP.FCTPlugin) -> Delete on reboot.
c:\Program Files (x86)\Object\config.ini (PUP.FCTPlugin) -> Delete on reboot.
c:\Program Files (x86)\Object\facetheme_uninstall.exe (PUP.FCTPlugin) -> Delete on reboot.
c:\Program Files (x86)\Object\status2.txt (PUP.FCTPlugin) -> Delete on reboot.
c:\Program Files (x86)\Object\chromeaddon\._included.js (PUP.FCTPlugin) -> Delete on reboot.
c:\Program Files (x86)\Object\chromeaddon\background.html (PUP.FCTPlugin) -> Delete on reboot.
c:\Program Files (x86)\Object\chromeaddon\included.js (PUP.FCTPlugin) -> Delete on reboot.
c:\Program Files (x86)\Object\chromeaddon\manifest.json (PUP.FCTPlugin) -> Delete on reboot.
c:\Program Files (x86)\Object\facetheme\build.sh (PUP.FCTPlugin) -> Delete on reboot.
c:\Program Files (x86)\Object\facetheme\chrome.manifest (PUP.FCTPlugin) -> Delete on reboot.
c:\Program Files (x86)\Object\facetheme\config_build.sh (PUP.FCTPlugin) -> Delete on reboot.
c:\Program Files (x86)\Object\facetheme\files (PUP.FCTPlugin) -> Delete on reboot.
c:\Program Files (x86)\Object\facetheme\install.rdf (PUP.FCTPlugin) -> Delete on reboot.
c:\Program Files (x86)\Object\facetheme\readme.txt (PUP.FCTPlugin) -> Delete on reboot.
c:\Program Files (x86)\Object\facetheme\content\.DS_Store (PUP.FCTPlugin) -> Delete on reboot.
c:\Program Files (x86)\Object\facetheme\content\firefoxOverlay.xul (PUP.FCTPlugin) -> Delete on reboot.
c:\Program Files (x86)\Object\facetheme\content\installid.js (PUP.FCTPlugin) -> Delete on reboot.
c:\Program Files (x86)\Object\facetheme\content\overlay.js (PUP.FCTPlugin) -> Delete on reboot.
c:\Program Files (x86)\Object\facetheme\content\sudoku.js (PUP.FCTPlugin) -> Delete on reboot.
c:\Program Files (x86)\Object\facetheme\defaults\.DS_Store (PUP.FCTPlugin) -> Delete on reboot.
c:\Program Files (x86)\Object\facetheme\defaults\preferences\.DS_Store (PUP.FCTPlugin) -> Delete on reboot.
c:\Program Files (x86)\Object\facetheme\defaults\preferences\._sudoku.js (PUP.FCTPlugin) -> Delete on reboot.
c:\Program Files (x86)\Object\facetheme\defaults\preferences\sudoku.js (PUP.FCTPlugin) -> Delete on reboot.
c:\Program Files (x86)\Object\facetheme\locale\.DS_Store (PUP.FCTPlugin) -> Delete on reboot.
c:\Program Files (x86)\Object\facetheme\locale\en-US\.DS_Store (PUP.FCTPlugin) -> Delete on reboot.
c:\Program Files (x86)\Object\facetheme\locale\en-US\sudoku.dtd (PUP.FCTPlugin) -> Delete on reboot.
c:\Program Files (x86)\Object\facetheme\locale\en-US\sudoku.properties (PUP.FCTPlugin) -> Delete on reboot.
c:\Program Files (x86)\Object\facetheme\skin\overlay.css (PUP.FCTPlugin) -> Delete on reboot.
(end)
Gruß, Suppi |
|
06.05.2013, 18:55
| #2 |
| /// TB-Ausbilder   | Auf meinem Notebook PUP.FCTPlugin entdeckt --> FaceTheme Hi,
__________________MBAR ist noch im beta-Stadium und sollte nicht einfach so mal laufen gelassen werden, wenn man nicht so richtig weiss, was man macht.. Wenn du deinen Rechner nach Malware untersuchen lassen willst, dann arbeite bitte diese Anleitung ab und poste die entsprechenden Logfiles.
__________________ |
|
06.05.2013, 22:01
| #3 |
| | Auf meinem Notebook PUP.FCTPlugin entdeckt --> FaceTheme Verzeiht bitte meine Naivität.
__________________Ich dachte ein Scan schadet nichts .... Dennoch hier die Ergebnisse aus OTL: OTL.Txt Code:
ATTFilter OTL logfile created on: 06.05.2013 22:39:18 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bla\Desktop\TrojanerBoard 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 50,77% Memory free 7,99 Gb Paging File | 5,85 Gb Available in Paging File | 73,22% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 144,04 Gb Total Space | 34,82 Gb Free Space | 24,17% Space Free | Partition Type: NTFS Drive D: | 137,50 Gb Total Space | 22,54 Gb Free Space | 16,39% Space Free | Partition Type: NTFS Drive E: | 1,75 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: BlaS-NOTEBOOK | User Name: Bla | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.06 17:14:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bla\Desktop\TrojanerBoard\OTL.exe PRC - [2013.04.23 13:48:20 | 000,844,144 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2013.04.23 13:48:16 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2013.04.23 13:48:12 | 001,561,968 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe PRC - [2013.04.12 11:49:53 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.04.08 18:44:12 | 001,320,496 | ---- | M] (pdfforge GmbH) -- C:\Program Files (x86)\PDF Architect\HelperService.exe PRC - [2013.04.08 18:43:36 | 000,799,280 | ---- | M] (pdfforge GmbH) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe PRC - [2013.03.12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Bla\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.12.24 05:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.09.24 16:05:36 | 000,581,496 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe PRC - [2012.09.24 16:05:00 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe PRC - [2012.08.19 04:03:20 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Family\Engine\2.6.0.73\ccSvcHst.exe PRC - [2012.07.16 16:31:32 | 007,445,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe PRC - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012.07.16 16:22:42 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe PRC - [2011.10.14 08:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe PRC - [2011.10.14 08:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe PRC - [2011.10.14 08:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe PRC - [2011.08.12 17:13:26 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2010.02.06 22:12:48 | 000,053,760 | ---- | M] () -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe PRC - [2010.01.18 15:05:36 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe PRC - [2009.12.15 20:11:48 | 001,115,728 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe ========== Modules (No Company Name) ========== MOD - [2013.04.12 11:49:53 | 003,133,336 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013.02.13 17:57:25 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll MOD - [2013.01.11 12:15:28 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\07753c0a8ed7f9bc61b0ee718f3c779d\System.Runtime.Remoting.ni.dll MOD - [2013.01.11 12:14:30 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll MOD - [2013.01.10 00:30:08 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll MOD - [2013.01.10 00:29:51 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll MOD - [2013.01.10 00:29:48 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll MOD - [2013.01.10 00:29:47 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll MOD - [2013.01.10 00:29:39 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll MOD - [2013.01.10 00:29:39 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll MOD - [2013.01.10 00:29:34 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll MOD - [2013.01.10 00:29:25 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll MOD - [2012.12.12 07:32:26 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll MOD - [2012.10.05 12:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2012.10.05 12:53:24 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll MOD - [2012.08.31 12:59:19 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll MOD - [2012.05.30 08:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.3.1.22\wincfi39.dll MOD - [2011.12.25 22:42:15 | 005,255,168 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.05 03:58:50 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2010.11.05 03:58:14 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2010.11.05 03:58:10 | 000,114,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll MOD - [2010.11.05 03:58:04 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2010.02.06 22:12:48 | 000,053,760 | ---- | M] () -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe MOD - [2009.06.10 23:22:40 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.06.03 02:13:02 | 000,721,712 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vfsFPService.exe -- (vfsFPService) SRV - [2013.04.17 20:48:07 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.04.12 11:49:53 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.04.08 18:44:12 | 001,320,496 | ---- | M] (pdfforge GmbH) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service) SRV - [2013.04.08 18:43:36 | 000,799,280 | ---- | M] (pdfforge GmbH) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service) SRV - [2013.01.27 10:04:34 | 000,183,264 | ---- | M] (Soluto) [Auto | Running] -- C:\Programme\Soluto\SolutoLauncherService.exe -- (SolutoLauncherService) SRV - [2013.01.27 10:04:32 | 000,553,440 | ---- | M] (Soluto) [Auto | Running] -- C:\Programme\Soluto\SolutoService.exe -- (SolutoService) SRV - [2013.01.27 10:00:18 | 001,239,552 | ---- | M] (Soluto) [On_Demand | Stopped] -- C:\Programme\Soluto\SolutoRemoteService.exe -- (SolutoRemoteService) SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [On_Demand | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.24 05:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe -- (NIS) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.17 15:46:50 | 000,137,488 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2012.09.24 16:05:00 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc) SRV - [2012.09.24 16:04:32 | 000,393,080 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc) SRV - [2012.08.19 04:03:20 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Family\Engine\2.6.0.73\ccSvcHst.exe -- (NSM) SRV - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.06.25 16:06:30 | 003,325,232 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV - [2012.06.25 16:06:08 | 000,272,688 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV - [2012.06.25 16:05:54 | 000,628,016 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2012.06.25 16:05:28 | 000,149,296 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2012.04.23 17:23:28 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV - [2012.03.15 07:09:20 | 000,659,976 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.10.14 08:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent) SRV - [2011.10.14 08:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2011.09.10 11:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- D:\Werkzeuge\xampp\apache\bin\httpd.exe -- (Apache2.2) SRV - [2011.08.12 17:13:26 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2010.05.18 15:13:58 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.10 10:43:34 | 000,506,880 | ---- | M] (AVerMedia Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\SnugTV\SnugTV Station\AMAServer.exe -- (SnugTV Service) SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009.12.03 13:14:06 | 000,169,472 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe -- (AVerUpdateServer) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) SRV - [2009.06.03 02:12:50 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vfsFPService.exe -- (vfsFPService) SRV - [2009.04.09 11:49:30 | 000,344,064 | ---- | M] (AVerMedia) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote) SRV - [2009.03.01 03:55:52 | 000,071,832 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- D:\Werkzeuge\SiSoftware Sandra Business 2013.SP2\RpcAgentSrv.exe -- (SandraAgentSrv) SRV - [2008.12.10 18:01:50 | 000,405,504 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.03 09:58:18 | 000,203,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2013.04.03 09:58:18 | 000,103,064 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2013.02.12 06:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2013.01.31 05:18:18 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403010.016\symnets.sys -- (SymNetS) DRV:64bit: - [2013.01.31 05:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1403010.016\symefa64.sys -- (SymEFA) DRV:64bit: - [2013.01.29 03:45:19 | 000,796,248 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403010.016\srtsp64.sys -- (SRTSP) DRV:64bit: - [2013.01.29 03:45:19 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403010.016\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2013.01.27 09:59:58 | 000,054,728 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Soluto.sys -- (Soluto) DRV:64bit: - [2013.01.22 04:15:33 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1403010.016\symds64.sys -- (SymDS) DRV:64bit: - [2012.12.19 15:47:20 | 000,132,008 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2012.12.01 14:01:01 | 000,175,928 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2012.12.01 14:00:11 | 000,019,304 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb) DRV:64bit: - [2012.12.01 13:58:51 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2012.12.01 13:58:51 | 000,028,216 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF) DRV:64bit: - [2012.11.16 04:22:01 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403010.016\ironx64.sys -- (SymIRON) DRV:64bit: - [2012.11.16 04:18:04 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403010.016\ccsetx64.sys -- (ccSet_NIS) DRV:64bit: - [2012.11.15 15:03:58 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2012.11.05 16:52:53 | 000,147,456 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\acedrv06.sys -- (acedrv06) DRV:64bit: - [2012.10.26 18:24:11 | 008,616,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2012.10.26 18:10:56 | 000,019,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.10.26 18:10:34 | 000,027,960 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI) DRV:64bit: - [2012.10.26 18:10:23 | 000,018,832 | ---- | M] (PenMount) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pmkbdfltr.sys -- (pmkbdfltr) DRV:64bit: - [2012.08.08 19:50:44 | 000,043,680 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM) DRV:64bit: - [2012.08.07 04:24:46 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSMx64\0206000.049\ccsetx64.sys -- (ccSet_NSM) DRV:64bit: - [2012.07.21 08:53:40 | 000,243,872 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NSMx64\0206000.049\symrdrs.sys -- (SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}) DRV:64bit: - [2012.03.15 06:02:46 | 000,198,144 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2012.03.15 06:02:46 | 000,198,144 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.04 23:23:57 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD) DRV:64bit: - [2011.07.08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.06.28 08:50:34 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS) DRV:64bit: - [2011.05.10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.12.02 10:36:42 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64) DRV:64bit: - [2010.12.02 10:36:40 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.09.01 10:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI) DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2010.04.01 09:53:32 | 000,307,072 | ---- | M] (AVEO Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVEOdcnt.sys -- (AVEO) DRV:64bit: - [2010.03.29 11:17:57 | 000,064,040 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) DRV:64bit: - [2010.01.13 18:37:16 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) DRV:64bit: - [2009.11.09 12:10:44 | 000,037,392 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hotcore3.sys -- (hotcore3) DRV:64bit: - [2009.11.01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009.09.02 11:05:02 | 000,147,968 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw99bda.sys -- (HCW99BDA) DRV:64bit: - [2009.08.28 10:33:48 | 000,292,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.07.18 00:52:02 | 001,799,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.06 15:33:50 | 000,019,456 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw95rc.sys -- (hcw95rc) DRV:64bit: - [2009.07.06 15:32:36 | 000,658,432 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw95bda.sys -- (hcw95bda) DRV:64bit: - [2009.06.30 10:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot) DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.05.22 08:32:52 | 000,311,424 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVerAF15.sys -- (AVerAF15) DRV:64bit: - [2009.03.09 16:58:00 | 000,060,416 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir) DRV:64bit: - [2009.01.19 20:32:22 | 000,334,344 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2008.01.09 11:28:20 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri) DRV:64bit: - [2007.04.23 15:54:40 | 000,126,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115mgmt.sys -- (s115mgmt) DRV:64bit: - [2007.04.23 15:54:40 | 000,123,656 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115obex.sys -- (s115obex) DRV:64bit: - [2007.04.23 15:54:38 | 000,144,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115mdm.sys -- (s115mdm) DRV:64bit: - [2007.04.23 15:54:36 | 000,019,720 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115mdfl.sys -- (s115mdfl) DRV:64bit: - [2007.04.23 15:54:32 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115bus.sys -- (s115bus) DRV - [2013.04.18 12:09:20 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2013.04.13 01:53:05 | 001,390,680 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130412.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2013.02.26 15:40:53 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130506.006\ex64.sys -- (NAVEX15) DRV - [2013.02.26 15:40:53 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2013.02.26 15:40:53 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130506.006\eng64.sys -- (NAVENG) DRV - [2012.09.24 16:04:50 | 000,071,032 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv) DRV - [2012.09.18 15:36:12 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130505.002\IDSviA64.sys -- (IDSVia64) DRV - [2012.08.13 14:30:36 | 000,025,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\PerformanceTest\DirectIo64.sys -- (DIRECTIO) DRV - [2012.08.11 18:53:26 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2011.12.04 23:23:57 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2009.10.05 19:15:52 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/06/01 14:22:50] [Kernel | Auto | Running] -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- D:\Werkzeuge\SiSoftware Sandra Business 2013.SP2\WNt500x64\sandra.sys -- (SANDRA) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2007.12.16 11:57:20 | 000,075,776 | ---- | M] (Wasay) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\WSVD.sys -- (WSVD) DRV - [2007.12.15 17:38:52 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- D:\Werkzeuge\SetFSB\WinRing0x64.sys -- (WinRing0_1_0_1) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=24430f89-1393-477f-8171-a9fae0e510dc&searchtype=ds&q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=0&o=vp32&d=0709&m=aspire_8930 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=24430f89-1393-477f-8171-a9fae0e510dc&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=24430f89-1393-477f-8171-a9fae0e510dc&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=24430f89-1393-477f-8171-a9fae0e510dc&searchtype=hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=24430f89-1393-477f-8171-a9fae0e510dc&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=24430f89-1393-477f-8171-a9fae0e510dc&searchtype=ds&q={searchTerms} IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=24430f89-1393-477f-8171-a9fae0e510dc&searchtype=ds&q={searchTerms} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de IE - HKCU\..\SearchScopes\{B692121E-BADF-4BC3-B8B6-33FAA80A195C}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\..\SearchScopes\{E62FA99B-083E-4FF1-8757-00D917D5D87B}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_deDE334 IE - HKCU\..\SearchScopes\{E7BCBD07-A36D-401D-BA99-54500705C85E}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Bla\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Bla\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Bla\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Bla\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2013.05.06 22:35:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.6.0.43\coFFFw\ [2013.05.06 22:37:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\facetheme FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.13 14:00:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2012.09.19 06:36:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.08 21:25:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.04.24 11:39:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 11:49:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 11:49:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\facetheme FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 11:49:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 11:49:41 | 000,000,000 | ---D | M] [2011.04.30 22:56:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bla\AppData\Roaming\mozilla\Extensions [2011.04.30 22:56:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bla\AppData\Roaming\mozilla\Extensions\MediaCoderPrefs [2013.05.06 21:05:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bla\AppData\Roaming\mozilla\Firefox\Profiles\e0zpy63m.Bla\extensions [2013.04.08 10:40:43 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Bla\AppData\Roaming\mozilla\Firefox\Profiles\e0zpy63m.Bla\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013.04.12 13:15:04 | 000,000,000 | ---D | M] (DVDVideoSoftTB) -- C:\Users\Bla\AppData\Roaming\mozilla\Firefox\Profiles\e0zpy63m.Bla\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2012.10.10 13:12:54 | 000,000,000 | ---D | M] (Clippings) -- C:\Users\Bla\AppData\Roaming\mozilla\Firefox\Profiles\e0zpy63m.Bla\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271} [2013.02.23 18:53:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Bla\AppData\Roaming\mozilla\Firefox\Profiles\e0zpy63m.Bla\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013.02.01 19:35:45 | 000,000,000 | ---D | M] (New Tab King) -- C:\Users\Bla\AppData\Roaming\mozilla\Firefox\Profiles\e0zpy63m.Bla\extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF} [2013.04.16 16:14:09 | 000,000,000 | ---D | M] (Wörterbuch Deutsch (de-DE), Hunspell-unterstützt) -- C:\Users\Bla\AppData\Roaming\mozilla\Firefox\Profiles\e0zpy63m.Bla\extensions\de_DE@dicts.j3e.de [2013.04.14 18:45:40 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\Bla\AppData\Roaming\mozilla\Firefox\Profiles\e0zpy63m.Bla\extensions\fb_add_on@avm.de [2012.10.28 10:14:49 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Users\Bla\AppData\Roaming\mozilla\Firefox\Profiles\e0zpy63m.Bla\extensions\netvideohunter@netvideohunter.com [2013.02.23 17:14:12 | 002,163,784 | ---- | M] () (No name found) -- C:\Users\Bla\AppData\Roaming\mozilla\firefox\profiles\e0zpy63m.Bla\extensions\firebug@software.joehewitt.com.xpi [2011.10.07 16:56:10 | 000,011,036 | ---- | M] () (No name found) -- C:\Users\Bla\AppData\Roaming\mozilla\firefox\profiles\e0zpy63m.Bla\extensions\searchhighlight@piwisoft.com.xpi [2012.11.13 09:48:35 | 000,090,868 | ---- | M] () (No name found) -- C:\Users\Bla\AppData\Roaming\mozilla\firefox\profiles\e0zpy63m.Bla\extensions\tinyurl.addon@fast-chat.co.uk.xpi [2013.03.04 16:42:49 | 000,872,587 | ---- | M] () (No name found) -- C:\Users\Bla\AppData\Roaming\mozilla\firefox\profiles\e0zpy63m.Bla\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2013.05.06 21:05:12 | 001,360,435 | ---- | M] () (No name found) -- C:\Users\Bla\AppData\Roaming\mozilla\firefox\profiles\e0zpy63m.Bla\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2013.02.14 16:51:22 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Bla\AppData\Roaming\mozilla\firefox\profiles\e0zpy63m.Bla\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.04.20 11:52:10 | 000,765,412 | ---- | M] () (No name found) -- C:\Users\Bla\AppData\Roaming\mozilla\firefox\profiles\e0zpy63m.Bla\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013.04.12 11:49:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.12 11:49:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.04.12 11:49:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.04.12 11:49:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013.04.12 11:49:53 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.16 12:05:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.16 12:05:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.16 12:05:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.16 12:05:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.16 12:05:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.16 12:05:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.06.30 11:17:35 | 000,001,476 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 iw2.slysoft.com # AnyDVD O1 - Hosts: 127.0.0.1 h3.slysoft.com # AnyDVD O1 - Hosts: 127.0.0.1 update.slysoft.com # AnyDVD O1 - Hosts: 127.0.0.1 slysoft.com # AnyDVD O1 - Hosts: 127.0.0.1 sb2slysoft.com # AnyDVD O1 - Hosts: 127.0.0.1 ns6.gandi.net # AnyDVD O1 - Hosts: 127.0.0.1 ev1slysoft.com # AnyDVD O1 - Hosts: 127.0.0.1 reverse.privatedns.com # AnyDVD O1 - Hosts: 127.0.0.1 update.slysoft.com # AnyDVD O1 - Hosts: 127.0.0.1 ev1slysoft.com # AnyDVD O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com # Alcohol 120% O1 - Hosts: 127.0.0.1 alcohol-soft.com # Alcohol 120% O1 - Hosts: 127.0.0.1 images.alcohol-soft.com # Alcohol 120% O1 - Hosts: 127.0.0.1 mermaidconsulting.dk # Alcohol 120% O1 - Hosts: 127.0.0.1 195.137.236.101 # Alcohol 120% O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Norton Family BHO) - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files (x86)\Norton Family\Engine\2.6.0.73\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found. O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [AlSrvN] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe () O4 - HKCU..\Run: [Directory Opus Desktop Dblclk] C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe (GP Software) O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - Startup: C:\Users\Bla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Directory Opus (Autostart).lnk = File not found O4 - Startup: C:\Users\Bla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Bla\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Bla\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Bla\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Users\Bla\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Bla\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5FDFE86F-E4E0-4AF2-9646-16B3C9A184A1}: DhcpNameServer = 10.111.81.129 10.129.32.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB80BB64-0C03-4339-8778-252949213388}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (c:\program files\soluto\soluto.exe /userinit) - c:\program files\soluto\soluto.exe (Soluto) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\taskmgr.exe: Debugger - C:\PROGRAM FILES (X86)\PROCESSEXPLORER\PROCEXP.EXE (Sysinternals - www.sysinternals.com) O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\PROGRAM FILES (X86)\PROCESSEXPLORER\PROCEXP.EXE (Sysinternals - www.sysinternals.com) O28:64bit: - HKLM ShellExecuteHooks: {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Programme\GPSoftware\Directory Opus\dopuslib.dll (GP Software) O28 - HKLM ShellExecuteHooks: {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Programme\GPSoftware\Directory Opus\dopuslib32.dll (GP Software) O28 - HKCU ShellExecuteHooks: {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - Reg Error: Value error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{22f7e4f8-6999-11df-824a-001e331d8665}\Shell - "" = AutoRun O33 - MountPoints2\{22f7e4f8-6999-11df-824a-001e331d8665}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe O33 - MountPoints2\{4c668722-0c1c-11e0-85dc-001e331d8665}\Shell - "" = AutoRun O33 - MountPoints2\{4c668722-0c1c-11e0-85dc-001e331d8665}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{8828b03a-68c8-11df-bd0e-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{8828b03a-68c8-11df-bd0e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe O33 - MountPoints2\{bd76efc0-a304-11e0-8727-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{bd76efc0-a304-11e0-8727-806e6f6e6963}\Shell\AutoRun\command - "" = F:\BBCAuto.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.06 18:55:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.04 16:12:26 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2013.05.03 20:30:40 | 000,203,672 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys [2013.05.03 20:30:40 | 000,103,064 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys [2013.05.03 20:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec [2013.05.03 20:26:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyFree Codec [2013.05.03 20:23:15 | 000,233,472 | ---- | C] (Teruten) -- C:\Windows\SysWow64\FsUsbExService.Exe [2013.05.03 20:21:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny [2013.05.02 11:04:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.05.01 18:24:21 | 000,000,000 | ---D | C] -- C:\Users\Bla\AppData\Roaming\PDF Architect [2013.04.24 11:39:39 | 000,000,000 | ---D | C] -- C:\Users\Bla\Documents\PDF Architect Files [2013.04.24 11:39:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect [2013.04.24 11:39:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Architect [2013.04.24 11:39:19 | 000,000,000 | ---D | C] -- C:\Users\Bla\AppData\Roaming\pdfforge [2013.04.24 11:39:13 | 000,110,264 | ---- | C] (pdfforge GmbH) -- C:\Windows\SysNative\pdfcmon.dll [2013.04.24 11:39:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2013.04.24 07:14:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\phase-6 [2013.04.24 07:09:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.04.12 22:21:33 | 000,000,000 | ---D | C] -- C:\Users\Bla\Documents\3DMark 11 [2013.04.12 22:21:10 | 000,000,000 | ---D | C] -- C:\Users\Bla\AppData\Local\Futuremark [2013.04.12 22:17:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys [2013.04.12 22:08:51 | 000,000,000 | ---D | C] -- C:\Users\Bla\Documents\PassMark [2013.04.12 22:08:47 | 000,000,000 | ---D | C] -- C:\Users\Bla\AppData\Local\PassMark [2013.04.12 22:08:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerformanceTest [2013.04.12 22:08:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Passmark [2013.04.12 22:08:34 | 000,000,000 | ---D | C] -- C:\Program Files\PerformanceTest [2013.04.12 20:09:05 | 000,000,000 | ---D | C] -- C:\Users\Bla\AppData\Local\Futuremark_Corporation [2013.04.12 20:08:47 | 000,000,000 | ---D | C] -- C:\Users\Bla\Documents\PCMark 7 [2013.04.12 19:56:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Futuremark [2013.04.12 19:56:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Futuremark [2013.04.12 19:56:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark [2013.04.12 19:56:19 | 000,000,000 | ---D | C] -- C:\Program Files\Futuremark [2013.04.12 11:48:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.09 20:14:56 | 000,000,000 | ---D | C] -- C:\Users\Bla\Desktop\Garmin Export [2013.04.07 10:55:56 | 000,000,000 | ---D | C] -- C:\Users\Bla\Desktop\Zoo [2011.06.22 10:42:55 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Bla\AppData\Roaming\pcouffin.sys [2011.04.16 16:12:20 | 003,116,051 | ---- | C] (Landesfinanzdirektion Thüringen) -- C:\Program Files (x86)\uninstall.exe [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.06 22:46:14 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.06 22:46:14 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.06 22:35:29 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.06 22:34:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.06 22:33:44 | 3218,833,408 | -HS- | M] () -- C:\hiberfil.sys [2013.05.06 22:31:12 | 000,000,216 | ---- | M] () -- C:\Users\Bla\defogger_reenable [2013.05.06 22:12:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.06 21:53:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.06 17:08:37 | 001,629,878 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.06 17:08:37 | 000,702,788 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.06 17:08:37 | 000,657,370 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.06 17:08:37 | 000,151,322 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.06 17:08:37 | 000,123,676 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.05 20:06:57 | 000,022,914 | ---- | M] () -- C:\Users\Bla\Desktop\Bestellung Nummer 100005217 drucken _ www.elektrogeraete-neumann24.de.pdf [2013.05.04 10:23:22 | 002,487,596 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1403010.016\Cat.DB [2013.05.02 16:18:09 | 000,004,242 | ---- | M] () -- C:\Users\Bla\AppData\Local\recently-used.xbel [2013.05.02 11:04:33 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013.04.30 06:32:06 | 762,313,848 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.04.28 10:53:44 | 000,001,336 | ---- | M] () -- C:\Users\Bla\Desktop\Norton-Installationsdateien.lnk [2013.04.28 10:48:31 | 000,000,680 | RHS- | M] () -- C:\Users\Bla\ntuser.pol [2013.04.26 11:44:41 | 000,102,236 | ---- | M] () -- C:\Users\Bla\Desktop\Mainova Zählerstand ablesung - fail.PNG [2013.04.24 07:14:07 | 000,001,269 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk [2013.04.18 19:08:14 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll [2013.04.18 19:06:08 | 000,821,824 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll [2013.04.18 16:13:00 | 000,001,391 | ---- | M] () -- C:\Users\Bla\Documents\ax_files.xml [2013.04.18 12:09:20 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\SysWow64\FsUsbExService.Exe [2013.04.18 12:09:20 | 000,037,344 | ---- | M] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys [2013.04.17 13:25:39 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1403010.016\VT20130115.021 [2013.04.13 23:18:54 | 013,729,792 | ---- | M] () -- C:\Users\Bla\AppData\Roaming\Sandra.mdb [2013.04.13 22:12:44 | 000,000,064 | ---- | M] () -- C:\Users\Bla\AppData\Roaming\Sandra.ldb [2013.04.12 07:35:47 | 000,422,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.09 15:13:52 | 000,110,264 | ---- | M] (pdfforge GmbH) -- C:\Windows\SysNative\pdfcmon.dll [2013.04.08 10:56:00 | 003,605,885 | ---- | M] () -- C:\Users\Bla\Desktop\26.07.2010 - 01.08.2010_history.tcx [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.06 22:31:11 | 000,000,216 | ---- | C] () -- C:\Users\Bla\defogger_reenable [2013.05.05 20:06:56 | 000,022,914 | ---- | C] () -- C:\Users\Bla\Desktop\Bestellung Nummer 100005217 drucken _ www.elektrogeraete-neumann24.de.pdf [2013.05.03 20:23:15 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll [2013.05.03 20:23:15 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys [2013.05.02 16:18:09 | 000,004,242 | ---- | C] () -- C:\Users\Bla\AppData\Local\recently-used.xbel [2013.05.02 11:04:33 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013.04.28 10:53:42 | 000,001,336 | ---- | C] () -- C:\Users\Bla\Desktop\Norton-Installationsdateien.lnk [2013.04.26 11:44:41 | 000,102,236 | ---- | C] () -- C:\Users\Bla\Desktop\Mainova Zählerstand ablesung - fail.PNG [2013.04.13 22:11:52 | 000,000,064 | ---- | C] () -- C:\Users\Bla\AppData\Roaming\Sandra.ldb [2013.04.08 10:55:56 | 003,605,885 | ---- | C] () -- C:\Users\Bla\Desktop\26.07.2010 - 01.08.2010_history.tcx [2013.03.30 19:28:39 | 013,729,792 | ---- | C] () -- C:\Users\Bla\AppData\Roaming\Sandra.mdb [2013.02.02 21:22:47 | 000,000,098 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc [2012.11.28 15:17:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.11.28 15:17:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.11.28 15:17:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.11.28 15:17:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.11.28 15:17:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.11.27 09:50:43 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2012.11.05 16:52:15 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv06.dll [2012.10.30 13:53:10 | 001,607,772 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.10.18 16:04:23 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2012.10.10 13:19:55 | 000,036,141 | ---- | C] () -- C:\Users\Bla\clipdat2.rdf [2012.03.28 13:40:33 | 000,000,915 | ---- | C] () -- C:\Users\Bla\AppData\Roaming\CoreAvc.ini [2012.01.10 00:12:17 | 000,853,275 | ---- | C] () -- C:\Users\Bla\AppData\Local\census.cache [2012.01.10 00:11:18 | 000,143,303 | ---- | C] () -- C:\Users\Bla\AppData\Local\ars.cache [2012.01.09 23:59:33 | 000,000,036 | ---- | C] () -- C:\Users\Bla\AppData\Local\housecall.guid.cache [2011.12.16 17:54:23 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.10.23 19:35:13 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AVerIO.dll [2011.10.23 19:35:13 | 000,003,456 | ---- | C] () -- C:\Windows\SysWow64\AVerIO.sys [2011.10.23 19:35:12 | 000,565,248 | ---- | C] () -- C:\Windows\SysWow64\sptlib21.dll [2011.10.23 19:35:12 | 000,294,912 | ---- | C] () -- C:\Windows\SysWow64\sptlib11.dll [2011.10.23 19:35:12 | 000,290,816 | ---- | C] () -- C:\Windows\SysWow64\sptlib22.dll [2011.10.23 19:35:12 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\sptlib01.dll [2011.10.23 19:35:12 | 000,245,760 | ---- | C] () -- C:\Windows\SysWow64\sptlib03.dll [2011.10.23 19:35:12 | 000,241,664 | ---- | C] () -- C:\Windows\SysWow64\sptlib02.dll [2011.10.23 19:35:12 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\sptlib12.dll [2011.10.22 22:52:40 | 000,000,135 | ---- | C] () -- C:\Users\Bla\AppData\Roaming\default.rss [2011.10.18 11:39:09 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2011.10.18 11:39:09 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe [2011.10.18 11:39:09 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini [2011.08.14 15:25:39 | 000,007,680 | ---- | C] () -- C:\Users\Bla\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.16 12:56:53 | 000,000,288 | ---- | C] () -- C:\Users\Bla\AppData\Roaming\.backup.dm [2011.06.22 10:42:55 | 000,099,384 | ---- | C] () -- C:\Users\Bla\AppData\Roaming\inst.exe [2011.06.22 10:42:55 | 000,007,859 | ---- | C] () -- C:\Users\Bla\AppData\Roaming\pcouffin.cat [2011.06.22 10:42:55 | 000,001,167 | ---- | C] () -- C:\Users\Bla\AppData\Roaming\pcouffin.inf [2011.04.16 16:12:22 | 000,000,889 | ---- | C] () -- C:\Program Files (x86)\Uninstall ElsterFormular.lnk [2011.03.02 20:27:37 | 000,000,680 | RHS- | C] () -- C:\Users\Bla\ntuser.pol [2011.03.01 20:58:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.11.10 10:19:15 | 000,000,022 | -HS- | C] () -- C:\Users\Bla\AppData\Roaming\Sys6925.Config Collection.sys [2009.11.29 00:32:03 | 002,639,074 | -H-- | C] () -- C:\Users\Bla\AppData\Local\IconCache (1).db [2009.11.14 16:32:18 | 000,000,017 | ---- | C] () -- C:\Users\Bla\AppData\Local\resmon.resmoncfg [2009.11.03 12:10:34 | 000,000,000 | ---- | C] () -- C:\Users\Bla\AppData\Local\WavXMapDrive.bat [2009.11.01 14:32:49 | 000,108,824 | ---- | C] () -- C:\Users\Bla\AppData\Local\GDIPFONTCACHEV1 (1).DAT [2009.08.13 09:25:06 | 000,000,004 | ---- | C] () -- C:\Users\Bla\tray.pid [2009.08.11 20:45:20 | 000,000,120 | ---- | C] () -- C:\Users\Bla\.asadminpass [2009.08.11 20:45:00 | 000,000,818 | ---- | C] () -- C:\Users\Bla\.asadmintruststore [2009.07.14 13:59:30 | 000,001,024 | ---- | C] () -- C:\Users\Bla\.rnd [2003.10.06 10:21:31 | 000,000,000 | -H-- | C] () -- C:\ProgramData\sdpsenv.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2010.06.10 13:15:09 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\Amazon [2011.01.04 21:19:53 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\AnvSoft [2012.11.08 00:09:34 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\avidemux [2011.04.30 22:56:19 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\Broad Intelligence [2012.10.08 15:12:17 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\Cornelsen [2012.12.03 13:04:18 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\DAEMON Tools Lite [2013.05.06 22:38:41 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\Dropbox [2012.12.08 21:28:06 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\DVDVideoSoft [2012.12.08 21:28:07 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\DVDVideoSoftIEHelpers [2012.04.03 10:27:54 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\elsterformular [2012.11.07 20:40:22 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\EXIF Date Changer [2011.05.13 13:10:48 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\Fit3DLive [2011.01.04 21:12:22 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\FreeFLVConverter [2011.01.11 10:27:40 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\FRITZ! [2011.01.11 10:18:54 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\FRITZ!fax für FRITZ!Box [2011.05.04 06:28:56 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\GARMIN [2010.10.16 10:38:56 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\GetRightToGo [2010.05.26 12:42:47 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\GPSoftware [2012.09.27 19:44:51 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\gtk-2.0 [2012.12.08 21:20:38 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\Haenlein-Software [2012.10.18 21:10:53 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\HandBrake [2011.07.13 14:59:20 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\HTC [2011.05.04 15:30:24 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2010.05.27 20:19:02 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\LG Electronics [2011.06.21 06:15:40 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\MD5 Checksum Verifier [2011.07.07 21:20:34 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\MP3 Quality Modifier [2013.04.26 16:43:23 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\Mp3tag [2012.10.19 18:53:18 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\MusicBrainz [2011.05.22 20:45:59 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\MyPhoneExplorer [2011.05.04 15:34:44 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\Outlook [2013.05.05 20:07:10 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\PDF Architect [2013.04.24 11:39:19 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\pdfforge [2012.08.22 06:20:11 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\Phase6 [2010.06.01 16:50:39 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\PowerCinema [2012.06.08 14:57:28 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\ProtectDisc [2010.09.15 11:03:18 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\Rominator Data [2013.04.16 10:18:35 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\RToolDS [2013.05.03 21:33:01 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\Samsung [2010.06.02 07:18:39 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\SoftDMA [2012.07.09 15:24:40 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\SpiritON TV Software [2011.02.21 21:26:22 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\TeamViewer [2011.06.06 11:08:34 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\Tific [2012.10.26 17:58:26 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\Uniblue [2012.03.13 00:04:42 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\Vso [2011.06.18 16:17:45 | 000,000,000 | ---D | M] -- C:\Users\Bla\AppData\Roaming\Xilisoft ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 160 bytes -> C:\ProgramData\sdpsenv.dat:naughtypirates < End of report > Code:
ATTFilter OTL Extras logfile created on: 06.05.2013 22:39:18 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bla\Desktop\TrojanerBoard
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 50,77% Memory free
7,99 Gb Paging File | 5,85 Gb Available in Paging File | 73,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 144,04 Gb Total Space | 34,82 Gb Free Space | 24,17% Space Free | Partition Type: NTFS
Drive D: | 137,50 Gb Total Space | 22,54 Gb Free Space | 16,39% Space Free | Partition Type: NTFS
Drive E: | 1,75 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: BlaS-NOTEBOOK | User Name: Bla | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoschau] -- "H:\portableApps\Pixum Fotobuch\Fotoschau.exe" -d "%1"
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [Pixum Fotobuch] -- "H:\portableApps\Pixum Fotobuch\Pixum Fotobuch.exe" "%1"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoschau] -- "H:\portableApps\Pixum Fotobuch\Fotoschau.exe" -d "%1"
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [Pixum Fotobuch] -- "H:\portableApps\Pixum Fotobuch\Pixum Fotobuch.exe" "%1"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B7FB37E-8EF9-4AF3-8009-1ED580D2DB19}," = lport=3389 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}" = Intel® PROSet/Wireless WiFi-Software
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{32F9DBC7-95D1-469F-B7A3-678948D6DA32}" = Soluto
"{4AD57DCD-14DD-4440-BA20-AADDB9D2A6CB}" = MySQL Connector/ODBC 5.1
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{986A654F-F1E4-11DD-9FCA-005056C00008}" = Paragon Partition Manager™ 10.0 Personal
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{A8A0B1C1-FBC7-4790-8E26-9DA1A6A95452}" = Oracle VM VirtualBox 4.2.6
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1" = SiSoftware Sandra Business 2013.SP2
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F65B8208-5221-43D9-AA12-DDEA64EC4AF6}" = Validity Sensors software
"{FA53034E-566C-477E-BA56-93AFA4DE6092}" = MySQL Connector/ODBC 3.51
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"CCleaner" = CCleaner
"ffdshow64_is1" = ffdshow x64 v1.2.4422 [2012-04-09]
"GIMP-2_is1" = GIMP 2.8.2
"MediaCoder x64" = MediaCoder x64 2011
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"PerformanceTest 8_is1" = PerformanceTest v8.0
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB 2.0 UVC HD WebCam" = USB 2.0 UVC HD WebCam
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime
"{064A929A-4DE8-40CF-A901-BD40C14E4D25}" = PDF Architect
"{086A7D8C-0A38-4C7F-819A-620275550D5C}" = Nero Burning ROM Help
"{087945F4-8C75-4504-BC13-47713ADECA50}" = SnugTV Station
"{0A844D8F-A965-11E2-9E77-B8AC6F98CCE3}" = Google Earth
"{0DA5CAC0-6790-4C8E-B18A-036C68756688}" = Fritz und Fertig 2
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1C00C7C5-E615-4139-B817-7F4003DE68C0}" = Nero PhotoSnap Help
"{1C943495-B69F-4D41-AE0E-23C57ECD90EE}" = Debugging Tools for Windows
"{1E524A62-E9EF-4DCB-A2B2-09AF39DB51C2}_is1" = Druckverlust 7.2
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{26CA1B07-BC53-4196-B9C2-A11C6F6F3E08}_is1" = EXIF Date Changer v3.00
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{328687A2-2504-49FA-AE3E-08B0DEDB51EC}" = MSRedist
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{367EDD83-302F-48E6-8F77-B0B056125C2D}" = Bob baut einen Park
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3F9FB449-93DB-4C47-BB5B-7334C4D1736E}" = SD Formatter
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E1E1394-F813-420E-A4D0-63D6FE26ACBE}" = BlueStacks
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{53646626-11D9-33C6-8BB1-472536192DC4}" = Google Talk Plugin
"{56ABA277-EE53-4478-A607-FA42208FF5A9}" = Menu Templates - Pack 1
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57250E78-F6E2-4DCE-9A84-50B28A70AB84}" = Menu Templates - Pack 3
"{583FEF6C-0F55-4B98-8055-7A8BE27D4477}" = Duden Rechtschreibtrainer
"{5842A2D8-618F-4A2A-BD2D-9715526CB272}_is1" = DS ROM Organizer 3.0.0.3
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5D4F167D-CCC8-413E-A6EE-F2FABBBBF50D}" = GPSoftware Directory Opus
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{5E08ECD1-C98E-4711-BF65-8FD736B3F969}" = Nero RescueAgent Help
"{5E9B69BA-1CE0-4619-953D-9B54082CDB01}" = Bob der Baumeister - Abenteuer auf der Ritterburg
"{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}" = System Requirements Lab for Intel
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6AAD644F-548B-43FC-B983-38303E2D647C}" = Bouquetter
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{75C3C9C0-6CE6-42FA-A0E9-658E8F539124}" = PCMark 7
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7D542452-84EB-47C0-97BA-735C523AB555}" = Garmin Training Center
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{84ca181c-6e7b-4c6d-9220-1d9d82e778f7}" = Nero 9
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8F2D21F9-F428-4EF2-8111-953EF3299EFB}" = Bob der Baumeister
"{8F311E72-C27F-4DF0-8254-B739A1831668}_is1" = SUPER © v2012.build.53 (Sep 13, 2012) Version v2012.build.53
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1" = Panda Cloud Cleaner
"{92C41B26-EBC5-41C5-8B6F-E3EF7E57FF16}" = AVerMedia Applications
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94895EA7-873E-4FCB-9C7B-DD3F7019D618}_is1" = Free Video Cutter 1.1
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{98A67610-A3B5-4098-A423-3708040026D3}" = "Nero SoundTrax Help
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB8E6CE-CE6D-43A0-B54E-422425524FF9}" = Menu Templates - Pack 2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A1430C24-93CF-4182-9252-B333A76F2CDD}" = Garmin Training Center
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{AD6BC5CC-2EF0-49C4-B33D-CDC8B2C4DC80}" = Nero Recode Help
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CCD438F0-5D72-4945-9E72-6560C7E5E0D0}" = Captcha Brotherhood
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D0990B88-0D93-4950-93B6-FA4E0954A42E}" = DVR-Studio HD 3
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D5B18B60-4FC3-42AD-A629-9CA10ACC06CD}" = HTC Sync
"{D6174060-52D9-4886-8DBF-4EBF7C1CBCAA}" = MSRedx64
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.18
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F425DD1D-0097-41C3-B545-B79E3D51100E}" = Movie Templates - Pack 1
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Alcohol 120%" = Alcohol 120% 2.0.1.2033 XCV Edition
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Any Video Converter_is1" = Any Video Converter 3.2.5
"AnyDVD" = AnyDVD
"AVerMedia E554/E534 (ExpressCard, DVB-T)" = AVerMedia E554/E534 (ExpressCard, DVB-T) 1.0.64.61
"Avidemux 2.6 (64-bit)" = Avidemux 2.6
"CANHacker_is1" = CANHacker V2.00.01
"CDex" = CDex - Open Source Digital Audio CD Extractor
"CloneDVD2" = CloneDVD2
"Company of Heroes" = Company of Heroes
"DATA BECKER Die große Einladungs-Druckerei" = DATA BECKER Die große Einladungs-Druckerei
"Die Olchis" = Die Olchis
"DivX Setup" = DivX-Setup
"DVDFab 9_is1" = DVDFab 9.0.1.6 (14/12/2012) Qt
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Eastern Front" = Eastern Front
"ElsterFormular" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Free FLV Converter_is1" = Free FLV Converter V 6.93.0
"Free Studio_is1" = Free Studio version 5.8.0.1201
"Free Video Dub_is1" = Free Video Dub version 2.0.15.1031
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.4.1228
"Free WebM Video Converter_is1" = Free WebM Video Converter version 5.0.19.1015
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"GUT 1" = GUT 1
"HaaliMkx" = Haali Media Splitter
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{92C41B26-EBC5-41C5-8B6F-E3EF7E57FF16}" = AVerMedia Applications
"InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"jv16 PowerTools 2010" = jv16 PowerTools 2010
"LesenLernen" = LesenLernen
"LManager" = Launch Manager
"MD5 Checksum Verifier_is1" = MD5 Checksum Verifier 4.5
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.54
"MPE" = MyPhoneExplorer
"NIS" = Norton Internet Security
"NSM" = Norton Family
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.5a
"phase-6" = phase-6 2.3.2b
"Picasa 3" = Picasa 3
"Pixum Fotobuch" = Pixum Fotobuch
"Playlist Creator 3.6.2" = Playlist Creator 3.6.2
"PlexUtil" = SmartPack 1.21.0
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"S2TNG" = Die Siedler II - Die nächste Generation
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"Teachmaster 4.3" = Teachmaster 4.3 (nur Entfernen)
"TeamViewer 7" = TeamViewer 7
"uniquemagicmp3taggerappid_is1" = Magic MP3 Tagger 2.2.6
"VLC media player" = VLC media player 2.0.5
"xampp" = XAMPP 1.7.7
"Xilisoft DPG Converter 6" = Xilisoft DPG Converter 6
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Dropbox" = Dropbox
"MyFreeCodec" = MyFreeCodec
"Skat XXL" = Skat XXL
"Skat-Online V9" = Skat-Online V9
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04.05.2013 05:25:33 | Computer Name = Blas-Notebook | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\mediacoder\codecs64\lencod.exe".
Die
abhängige Assemblierung "Microsoft.VC90.OpenMP,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 04.05.2013 09:22:14 | Computer Name = Blas-Notebook | Source = BstHdAndroidSvc | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.ApplicationException:
Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)
Error - 04.05.2013 12:08:44 | Computer Name = Blas-Notebook | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 20.0.1.4847 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: fe4 Startzeit:
01ce48d6f3f60ce9 Endzeit: 718 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
e22b790c-b4d4-11e2-bd74-001e331d8665
Error - 05.05.2013 07:53:14 | Computer Name = Blas-Notebook | Source = BstHdAndroidSvc | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.ApplicationException:
Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)
Error - 05.05.2013 10:16:30 | Computer Name = Blas-Notebook | Source = .NET Runtime | ID = 1026
Description =
Error - 05.05.2013 10:16:36 | Computer Name = Blas-Notebook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Kies.exe, Version: 1.0.0.1328, Zeitstempel:
0x51761237 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015,
Zeitstempel: 0x50b83c8a Ausnahmecode: 0xe0434352 Fehleroffset: 0x0000c41f ID des fehlerhaften
Prozesses: 0x1aa0 Startzeit der fehlerhaften Anwendung: 0x01ce499b1e88e0eb Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Samsung\Kies\Kies.exe Pfad des fehlerhaften
Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 649b0672-b58e-11e2-bf55-ee724ef24119
Error - 06.05.2013 06:17:14 | Computer Name = Blas-Notebook | Source = BstHdAndroidSvc | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.ApplicationException:
Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)
Error - 06.05.2013 06:34:40 | Computer Name = Blas-Notebook | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\mediacoder\codecs64\lencod.exe".
Die
abhängige Assemblierung "Microsoft.VC90.OpenMP,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 06.05.2013 13:52:08 | Computer Name = Blas-Notebook | Source = BstHdAndroidSvc | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.ApplicationException:
Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)
Error - 06.05.2013 16:36:18 | Computer Name = Blas-Notebook | Source = BstHdAndroidSvc | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.ApplicationException:
Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)
[ AVer AutoUpdate Events ]
Error - 02.02.2013 13:36:21 | Computer Name = Blas-Notebook | Source = AVerUpdate Server | ID = 0
Description =
Error - 02.02.2013 13:36:42 | Computer Name = Blas-Notebook | Source = AVerUpdate Server | ID = 0
Description =
Error - 02.02.2013 14:36:21 | Computer Name = Blas-Notebook | Source = AVerUpdate Server | ID = 0
Description =
Error - 02.02.2013 15:36:21 | Computer Name = Blas-Notebook | Source = AVerUpdate Server | ID = 0
Description =
Error - 02.02.2013 16:36:47 | Computer Name = Blas-Notebook | Source = AVerUpdate Server | ID = 0
Description =
Error - 03.02.2013 12:36:21 | Computer Name = Blas-Notebook | Source = AVerUpdate Server | ID = 0
Description =
Error - 03.02.2013 13:36:21 | Computer Name = Blas-Notebook | Source = AVerUpdate Server | ID = 0
Description =
Error - 03.02.2013 13:36:42 | Computer Name = Blas-Notebook | Source = AVerUpdate Server | ID = 0
Description =
Error - 03.02.2013 14:36:21 | Computer Name = Blas-Notebook | Source = AVerUpdate Server | ID = 0
Description =
[ Media Center Events ]
Error - 29.06.2010 15:28:09 | Computer Name = Blas-Notebook | Source = MCUpdate | ID = 0
Description = 21:28:05 - Fehler beim Herstellen der Internetverbindung. 21:28:05
- Serververbindung konnte nicht hergestellt werden..
Error - 29.06.2010 16:28:17 | Computer Name = Blas-Notebook | Source = MCUpdate | ID = 0
Description = 22:28:17 - Fehler beim Herstellen der Internetverbindung. 22:28:17
- Serververbindung konnte nicht hergestellt werden..
Error - 29.06.2010 16:28:26 | Computer Name = Blas-Notebook | Source = MCUpdate | ID = 0
Description = 22:28:22 - Fehler beim Herstellen der Internetverbindung. 22:28:22
- Serververbindung konnte nicht hergestellt werden..
Error - 03.07.2010 14:11:05 | Computer Name = Blas-Notebook | Source = MCUpdate | ID = 0
Description = 20:11:05 - Fehler beim Herstellen der Internetverbindung. 20:11:05
- Serververbindung konnte nicht hergestellt werden..
Error - 03.07.2010 14:11:24 | Computer Name = Blas-Notebook | Source = MCUpdate | ID = 0
Description = 20:11:10 - Fehler beim Herstellen der Internetverbindung. 20:11:10
- Serververbindung konnte nicht hergestellt werden..
Error - 03.07.2010 14:13:28 | Computer Name = Blas-Notebook | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) AF9015 BDA
Filter
Error - 03.07.2010 15:11:32 | Computer Name = Blas-Notebook | Source = MCUpdate | ID = 0
Description = 21:11:32 - Fehler beim Herstellen der Internetverbindung. 21:11:32
- Serververbindung konnte nicht hergestellt werden..
Error - 03.07.2010 15:11:41 | Computer Name = Blas-Notebook | Source = MCUpdate | ID = 0
Description = 21:11:37 - Fehler beim Herstellen der Internetverbindung. 21:11:37
- Serververbindung konnte nicht hergestellt werden..
Error - 03.07.2010 16:11:49 | Computer Name = Blas-Notebook | Source = MCUpdate | ID = 0
Description = 22:11:49 - Fehler beim Herstellen der Internetverbindung. 22:11:49
- Serververbindung konnte nicht hergestellt werden..
Error - 03.07.2010 16:11:58 | Computer Name = Blas-Notebook | Source = MCUpdate | ID = 0
Description = 22:11:54 - Fehler beim Herstellen der Internetverbindung. 22:11:54
- Serververbindung konnte nicht hergestellt werden..
[ OSession Events ]
Error - 30.08.2011 12:45:37 | Computer Name = Blas-Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 59
seconds with 0 seconds of active time. This session ended with a crash.
Error - 03.10.2011 17:04:01 | Computer Name = Blas-Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 15867
seconds with 300 seconds of active time. This session ended with a crash.
Error - 06.11.2011 12:29:32 | Computer Name = Blas-Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 16311
seconds with 480 seconds of active time. This session ended with a crash.
Error - 21.11.2011 10:42:25 | Computer Name = Blas-Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 6833
seconds with 480 seconds of active time. This session ended with a crash.
Error - 16.01.2012 17:55:03 | Computer Name = Blas-Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 37686
seconds with 600 seconds of active time. This session ended with a crash.
Error - 01.02.2012 08:02:58 | Computer Name = Blas-Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 13834
seconds with 2580 seconds of active time. This session ended with a crash.
Error - 17.04.2012 02:00:25 | Computer Name = Blas-Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 127
seconds with 0 seconds of active time. This session ended with a crash.
Error - 08.05.2012 14:37:36 | Computer Name = Blas-Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1455
seconds with 900 seconds of active time. This session ended with a crash.
Error - 15.06.2012 08:10:33 | Computer Name = Blas-Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 40
seconds with 0 seconds of active time. This session ended with a crash.
Error - 06.12.2012 08:00:52 | Computer Name = Blas-Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 111
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 06.05.2013 13:52:08 | Computer Name = Blas-Notebook | Source = Service Control Manager | ID = 7023
Description = Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler
beendet: %%1064
Error - 06.05.2013 13:52:08 | Computer Name = Blas-Notebook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
acedrv06
Error - 06.05.2013 13:56:54 | Computer Name = Blas-Notebook | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Basisfiltermodul" wurde mit folgendem Fehler beendet:
%%5
Error - 06.05.2013 14:02:32 | Computer Name = Blas-Notebook | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
Error - 06.05.2013 14:02:32 | Computer Name = Blas-Notebook | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891
Error - 06.05.2013 14:25:26 | Computer Name = Blas-Notebook | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
Error - 06.05.2013 16:34:30 | Computer Name = Blas-Notebook | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
"\\?\Volume{3902b459-68a4-11df-86b4-806e6f6e6963}" können nicht gelesen werden.
Error - 06.05.2013 16:34:30 | Computer Name = Blas-Notebook | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
"\\?\Volume{b48c9b32-6d79-11df-b561-001e331d8665}" können nicht gelesen werden.
Error - 06.05.2013 16:36:18 | Computer Name = Blas-Notebook | Source = Service Control Manager | ID = 7023
Description = Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler
beendet: %%1064
Error - 06.05.2013 16:36:19 | Computer Name = Blas-Notebook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
acedrv06
< End of report >
Der Log kommt morgen früh. ;-) Gruß, und Danke ... Suppi |
|
07.05.2013, 02:19
| #4 | |
| /// TB-Ausbilder | Auf meinem Notebook PUP.FCTPlugin entdeckt --> FaceTheme Saubere Software ist bei uns aber eine nicht verhandelbare Voraussetzung für Support.. Zitat:
 Cracks und KeygensDie Logfiles deuten stark darauf hin, dass du nicht legal erworbene Software einsetzt. Nebst ihrer Illegalität sind Cracks und Patches aus dubioser Quelle auch sehr oft mit Schädlingen versehen, womit man sich also fast schon vorsätzlich infiziert. Wir haben uns hier auf dem Board darauf geeinigt, dass wir an dieser Stelle nicht weiter bereinigen, da wir ein solches Vorgehen nicht unterstützen. Wir haben dich in unserer Anleitung unter Punkt 8 der Foren-Regeln auch unmissverständlich darauf hingewiesen, wie wir damit umgehen werden. Diese Software hat ihren Preis und die Softwarefirmen leben von diesen Einnahmen. Als Alternative gibt es überall jede Menge sehr gute Freeware oder abgespeckte, günstig zu erwerbende Versionen. Unsere Empfehlung hier lautet, einen sauberen Neuanfang zu vollziehen, und unsere Hilfe beschränkt sich daher auf das Neuaufsetzen und Absichern deines Systems. Fragen dazu beantworten wir dir aber weiterhin gerne und zwar in unserem Unterforum Alles rund um Windows.
__________________ cheers, Leo |
|
07.05.2013, 03:33
| #5 | |
| | Auf meinem Notebook PUP.FCTPlugin entdeckt --> FaceTheme ... und hier ist der Log von Gmer: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-07 04:28:18
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000082 ATA_____ rev.C40C 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Bla\AppData\Local\Temp\uwpcipow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80003409000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff8000340902f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000113e00 7 bytes [40, 96, F3, FF, 01, A2, F0]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000113e08 3 bytes [C0, 06, 02]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d8fc90 5 bytes JMP 00000001000b091c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d8fdf4 5 bytes JMP 00000001000b0048
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d8fe88 5 bytes JMP 00000001000b02ee
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d8ffe4 5 bytes JMP 00000001000b04b2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d90018 5 bytes JMP 00000001000b09fe
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d90048 5 bytes JMP 00000001000b0ae0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d90064 5 bytes JMP 000000010003004c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d9077c 5 bytes JMP 00000001000b012a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d9086c 5 bytes JMP 00000001000b0758
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d90884 5 bytes JMP 00000001000b0676
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d90dd4 5 bytes JMP 00000001000b03d0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d91900 5 bytes JMP 00000001000b0594
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d91bc4 5 bytes JMP 00000001000b083a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d91d50 5 bytes JMP 00000001000b020c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076d51492 7 bytes JMP 000000010017059e
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007599524f 7 bytes JMP 00000001000b0f52
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000759953d0 7 bytes JMP 0000000100170210
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075995677 1 byte JMP 0000000100170048
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075995679 5 bytes {JMP 0xffffffff8a7da9d1}
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007599589a 7 bytes JMP 00000001000b0ca6
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075995a1d 7 bytes JMP 00000001001703d8
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075995c9b 7 bytes JMP 000000010017012c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075995d87 7 bytes JMP 00000001001702f4
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075997240 7 bytes JMP 00000001000b0e6e
? C:\Windows\system32\mssprxy.dll [2632] entry point in ".rdata" section 000000006a8271e6
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2736] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d8fc90 5 bytes JMP 00000001000a091c
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2736] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d8fdf4 5 bytes JMP 00000001000a0048
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2736] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d8fe88 5 bytes JMP 00000001000a02ee
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2736] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d8ffe4 5 bytes JMP 00000001000a04b2
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2736] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d90018 5 bytes JMP 00000001000a09fe
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2736] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d90048 5 bytes JMP 00000001000a0ae0
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2736] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d90064 5 bytes JMP 000000010003004c
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2736] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d9077c 5 bytes JMP 00000001000a012a
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2736] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d9086c 5 bytes JMP 00000001000a0758
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2736] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d90884 5 bytes JMP 00000001000a0676
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2736] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d90dd4 5 bytes JMP 00000001000a03d0
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2736] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d91900 5 bytes JMP 00000001000a0594
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2736] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d91bc4 5 bytes JMP 00000001000a083a
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2736] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d91d50 5 bytes JMP 00000001000a020c
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2736] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007599524f 7 bytes JMP 00000001000a0f52
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2736] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000759953d0 7 bytes JMP 00000001000b0210
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2736] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075995677 1 byte JMP 00000001000b0048
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2736] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075995679 5 bytes {JMP 0xffffffff8a71a9d1}
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2736] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007599589a 7 bytes JMP 00000001000a0ca6
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2736] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075995a1d 7 bytes JMP 00000001000b03d8
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2736] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075995c9b 7 bytes JMP 00000001000b012c
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2736] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075995d87 7 bytes JMP 00000001000b02f4
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2736] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075997240 7 bytes JMP 00000001000a0e6e
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e01465 2 bytes [E0, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e014bb 2 bytes [E0, 76]
.text ... * 2
.text C:\Program Files (x86)\PDF Architect\HelperService.exe[2776] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d8fc90 5 bytes JMP 000000010029091c
.text C:\Program Files (x86)\PDF Architect\HelperService.exe[2776] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d8fdf4 5 bytes JMP 0000000100290048
.text C:\Program Files (x86)\PDF Architect\HelperService.exe[2776] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d8fe88 5 bytes JMP 00000001002902ee
.text C:\Program Files (x86)\PDF Architect\HelperService.exe[2776] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d8ffe4 5 bytes JMP 00000001002904b2
.text C:\Program Files (x86)\PDF Architect\HelperService.exe[2776] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d90018 5 bytes JMP 00000001002909fe
.text C:\Program Files (x86)\PDF Architect\HelperService.exe[2776] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d90048 5 bytes JMP 0000000100290ae0
.text C:\Program Files (x86)\PDF Architect\HelperService.exe[2776] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d90064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\PDF Architect\HelperService.exe[2776] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d9077c 5 bytes JMP 000000010029012a
.text C:\Program Files (x86)\PDF Architect\HelperService.exe[2776] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d9086c 5 bytes JMP 0000000100290758
.text C:\Program Files (x86)\PDF Architect\HelperService.exe[2776] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d90884 5 bytes JMP 0000000100290676
.text C:\Program Files (x86)\PDF Architect\HelperService.exe[2776] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d90dd4 5 bytes JMP 00000001002903d0
.text C:\Program Files (x86)\PDF Architect\HelperService.exe[2776] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d91900 5 bytes JMP 0000000100290594
.text C:\Program Files (x86)\PDF Architect\HelperService.exe[2776] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d91bc4 5 bytes JMP 000000010029083a
.text C:\Program Files (x86)\PDF Architect\HelperService.exe[2776] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d91d50 5 bytes JMP 000000010029020c
.text C:\Program Files (x86)\PDF Architect\HelperService.exe[2776] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076d51492 7 bytes JMP 00000001002a04bc
.text C:\Program Files (x86)\PDF Architect\HelperService.exe[2776] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007599524f 7 bytes JMP 0000000100290f52
.text C:\Program Files (x86)\PDF Architect\HelperService.exe[2776] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000759953d0 7 bytes JMP 00000001002a0210
.text C:\Program Files (x86)\PDF Architect\HelperService.exe[2776] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075995677 1 byte JMP 00000001002a0048
.text C:\Program Files (x86)\PDF Architect\HelperService.exe[2776] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075995679 5 bytes {JMP 0xffffffff8a90a9d1}
.text C:\Program Files (x86)\PDF Architect\HelperService.exe[2776] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007599589a 7 bytes JMP 0000000100290ca6
.text C:\Program Files (x86)\PDF Architect\HelperService.exe[2776] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075995a1d 7 bytes JMP 00000001002a03d8
.text C:\Program Files (x86)\PDF Architect\HelperService.exe[2776] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075995c9b 7 bytes JMP 00000001002a012c
.text C:\Program Files (x86)\PDF Architect\HelperService.exe[2776] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075995d87 7 bytes JMP 00000001002a02f4
.text C:\Program Files (x86)\PDF Architect\HelperService.exe[2776] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075997240 7 bytes JMP 0000000100290e6e
.text C:\Program Files (x86)\PDF Architect\ConversionService.exe[2932] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d8fc90 5 bytes JMP 000000010010091c
.text C:\Program Files (x86)\PDF Architect\ConversionService.exe[2932] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d8fdf4 5 bytes JMP 0000000100100048
.text C:\Program Files (x86)\PDF Architect\ConversionService.exe[2932] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d8fe88 5 bytes JMP 00000001001002ee
.text C:\Program Files (x86)\PDF Architect\ConversionService.exe[2932] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d8ffe4 5 bytes JMP 00000001001004b2
.text C:\Program Files (x86)\PDF Architect\ConversionService.exe[2932] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d90018 5 bytes JMP 00000001001009fe
.text C:\Program Files (x86)\PDF Architect\ConversionService.exe[2932] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d90048 5 bytes JMP 0000000100100ae0
.text C:\Program Files (x86)\PDF Architect\ConversionService.exe[2932] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d90064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\PDF Architect\ConversionService.exe[2932] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d9077c 5 bytes JMP 000000010010012a
.text C:\Program Files (x86)\PDF Architect\ConversionService.exe[2932] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d9086c 5 bytes JMP 0000000100100758
.text C:\Program Files (x86)\PDF Architect\ConversionService.exe[2932] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d90884 5 bytes JMP 0000000100100676
.text C:\Program Files (x86)\PDF Architect\ConversionService.exe[2932] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d90dd4 5 bytes JMP 00000001001003d0
.text C:\Program Files (x86)\PDF Architect\ConversionService.exe[2932] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d91900 5 bytes JMP 0000000100100594
.text C:\Program Files (x86)\PDF Architect\ConversionService.exe[2932] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d91bc4 5 bytes JMP 000000010010083a
.text C:\Program Files (x86)\PDF Architect\ConversionService.exe[2932] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d91d50 5 bytes JMP 000000010010020c
.text C:\Program Files (x86)\PDF Architect\ConversionService.exe[2932] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076d51492 7 bytes JMP 00000001002504bc
.text C:\Program Files (x86)\PDF Architect\ConversionService.exe[2932] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007599524f 7 bytes JMP 0000000100100f52
.text C:\Program Files (x86)\PDF Architect\ConversionService.exe[2932] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000759953d0 7 bytes JMP 0000000100250210
.text C:\Program Files (x86)\PDF Architect\ConversionService.exe[2932] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075995677 1 byte JMP 0000000100250048
.text C:\Program Files (x86)\PDF Architect\ConversionService.exe[2932] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075995679 5 bytes {JMP 0xffffffff8a8ba9d1}
.text C:\Program Files (x86)\PDF Architect\ConversionService.exe[2932] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007599589a 7 bytes JMP 0000000100100ca6
.text C:\Program Files (x86)\PDF Architect\ConversionService.exe[2932] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075995a1d 7 bytes JMP 00000001002503d8
.text C:\Program Files (x86)\PDF Architect\ConversionService.exe[2932] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075995c9b 7 bytes JMP 000000010025012c
.text C:\Program Files (x86)\PDF Architect\ConversionService.exe[2932] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075995d87 7 bytes JMP 00000001002502f4
.text C:\Program Files (x86)\PDF Architect\ConversionService.exe[2932] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075997240 7 bytes JMP 0000000100100e6e
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d8fc90 5 bytes JMP 000000010010091c
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d8fdf4 5 bytes JMP 0000000100100048
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d8fe88 5 bytes JMP 00000001001002ee
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d8ffe4 5 bytes JMP 00000001001004b2
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d90018 5 bytes JMP 00000001001009fe
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d90048 5 bytes JMP 0000000100100ae0
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d90064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d9077c 5 bytes JMP 000000010010012a
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d9086c 5 bytes JMP 0000000100100758
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d90884 5 bytes JMP 0000000100100676
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d90dd4 5 bytes JMP 00000001001003d0
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d91900 5 bytes JMP 0000000100100594
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d91bc4 5 bytes JMP 000000010010083a
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d91d50 5 bytes JMP 000000010010020c
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3064] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007599524f 7 bytes JMP 0000000100100f52
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3064] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000759953d0 7 bytes JMP 0000000100220210
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3064] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075995677 1 byte JMP 0000000100220048
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3064] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075995679 5 bytes {JMP 0xffffffff8a88a9d1}
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3064] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007599589a 7 bytes JMP 0000000100100ca6
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3064] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075995a1d 7 bytes JMP 00000001002203d8
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3064] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075995c9b 7 bytes JMP 000000010022012c
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3064] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075995d87 7 bytes JMP 00000001002202f4
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3064] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075997240 7 bytes JMP 0000000100100e6e
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3064] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076d51492 7 bytes JMP 000000010022059e
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[3552] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d8fc90 5 bytes JMP 000000010014091c
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[3552] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d8fdf4 5 bytes JMP 0000000100140048
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[3552] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d8fe88 5 bytes JMP 00000001001402ee
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[3552] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d8ffe4 5 bytes JMP 00000001001404b2
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[3552] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d90018 5 bytes JMP 00000001001409fe
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[3552] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d90048 5 bytes JMP 0000000100140ae0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[3552] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d90064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[3552] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d9077c 5 bytes JMP 000000010014012a
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[3552] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d9086c 5 bytes JMP 0000000100140758
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[3552] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d90884 5 bytes JMP 0000000100140676
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[3552] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d90dd4 5 bytes JMP 00000001001403d0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[3552] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d91900 5 bytes JMP 0000000100140594
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[3552] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d91bc4 5 bytes JMP 000000010014083a
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[3552] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d91d50 5 bytes JMP 000000010014020c
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[3552] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076d51492 7 bytes JMP 000000010015059e
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[3552] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007599524f 7 bytes JMP 0000000100140f52
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[3552] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000759953d0 7 bytes JMP 0000000100150210
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[3552] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075995677 1 byte JMP 0000000100150048
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[3552] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075995679 5 bytes {JMP 0xffffffff8a7ba9d1}
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[3552] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007599589a 7 bytes JMP 0000000100140ca6
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[3552] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075995a1d 7 bytes JMP 00000001001503d8
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[3552] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075995c9b 7 bytes JMP 000000010015012c
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[3552] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075995d87 7 bytes JMP 00000001001502f4
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[3552] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075997240 7 bytes JMP 0000000100140e6e
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d8fc90 5 bytes JMP 000000010028091c
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d8fdf4 5 bytes JMP 0000000100280048
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d8fe88 5 bytes JMP 00000001002802ee
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d8ffe4 5 bytes JMP 00000001002804b2
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d90018 5 bytes JMP 00000001002809fe
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d90048 5 bytes JMP 0000000100280ae0
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d90064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d9077c 5 bytes JMP 000000010028012a
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d9086c 5 bytes JMP 0000000100280758
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d90884 5 bytes JMP 0000000100280676
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d90dd4 5 bytes JMP 00000001002803d0
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d91900 5 bytes JMP 0000000100280594
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d91bc4 5 bytes JMP 000000010028083a
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d91d50 5 bytes JMP 000000010028020c
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3856] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076d51492 7 bytes JMP 000000010031059e
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3856] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007599524f 7 bytes JMP 0000000100280f52
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3856] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000759953d0 7 bytes JMP 0000000100310210
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3856] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075995677 1 byte JMP 0000000100310048
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3856] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075995679 5 bytes {JMP 0xffffffff8a97a9d1}
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3856] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007599589a 7 bytes JMP 0000000100280ca6
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3856] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075995a1d 7 bytes JMP 00000001003103d8
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3856] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075995c9b 7 bytes JMP 000000010031012c
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3856] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075995d87 7 bytes JMP 00000001003102f4
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3856] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075997240 7 bytes JMP 0000000100280e6e
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d8fc90 5 bytes JMP 000000010011091c
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d8fdf4 5 bytes JMP 0000000100110048
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d8fe88 5 bytes JMP 00000001001102ee
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d8ffe4 5 bytes JMP 00000001001104b2
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d90018 5 bytes JMP 00000001001109fe
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d90048 5 bytes JMP 0000000100110ae0
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d90064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d9077c 5 bytes JMP 000000010011012a
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d9086c 5 bytes JMP 0000000100110758
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d90884 5 bytes JMP 0000000100110676
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d90dd4 5 bytes JMP 00000001001103d0
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d91900 5 bytes JMP 0000000100110594
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d91bc4 5 bytes JMP 000000010011083a
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d91d50 5 bytes JMP 000000010011020c
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4008] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007599524f 7 bytes JMP 0000000100110f52
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4008] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000759953d0 7 bytes JMP 00000001001a0210
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4008] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075995677 1 byte JMP 00000001001a0048
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4008] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075995679 5 bytes {JMP 0xffffffff8a80a9d1}
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4008] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007599589a 7 bytes JMP 0000000100110ca6
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4008] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075995a1d 7 bytes JMP 00000001001a03d8
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4008] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075995c9b 7 bytes JMP 00000001001a012c
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4008] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075995d87 7 bytes JMP 00000001001a02f4
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4008] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075997240 7 bytes JMP 0000000100110e6e
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e01465 2 bytes [E0, 76]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e014bb 2 bytes [E0, 76]
.text ... * 2
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe[5024] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d8fc90 5 bytes JMP 000000010027091c
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe[5024] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d8fdf4 5 bytes JMP 0000000100270048
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe[5024] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d8fe88 5 bytes JMP 00000001002702ee
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe[5024] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d8ffe4 5 bytes JMP 00000001002704b2
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe[5024] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d90018 5 bytes JMP 00000001002709fe
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe[5024] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d90048 5 bytes JMP 0000000100270ae0
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe[5024] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d90064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe[5024] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d9077c 5 bytes JMP 000000010027012a
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe[5024] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d9086c 5 bytes JMP 0000000100270758
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe[5024] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d90884 5 bytes JMP 0000000100270676
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe[5024] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d90dd4 5 bytes JMP 00000001002703d0
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe[5024] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d91900 5 bytes JMP 0000000100270594
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe[5024] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d91bc4 5 bytes JMP 000000010027083a
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe[5024] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d91d50 5 bytes JMP 000000010027020c
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe[5024] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007599524f 7 bytes JMP 0000000100270f52
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe[5024] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000759953d0 7 bytes JMP 0000000100280210
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe[5024] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075995677 1 byte JMP 0000000100280048
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe[5024] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075995679 5 bytes {JMP 0xffffffff8a8ea9d1}
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe[5024] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007599589a 7 bytes JMP 0000000100270ca6
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe[5024] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075995a1d 7 bytes JMP 00000001002803d8
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe[5024] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075995c9b 7 bytes JMP 000000010028012c
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe[5024] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075995d87 7 bytes JMP 00000001002802f4
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe[5024] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075997240 7 bytes JMP 0000000100270e6e
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe[5024] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076d51492 7 bytes JMP 00000001002804bc
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[5100] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 0000000077d8000c 1 byte [C3]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[5100] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d8fc90 5 bytes JMP 000000010023091c
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[5100] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d8fdf4 5 bytes JMP 0000000100230048
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[5100] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d8fe88 5 bytes JMP 00000001002302ee
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[5100] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d8ffe4 5 bytes JMP 00000001002304b2
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[5100] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d90018 5 bytes JMP 00000001002309fe
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[5100] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d90048 5 bytes JMP 0000000100230ae0
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[5100] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d90064 5 bytes JMP 000000010019004c
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[5100] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d9077c 5 bytes JMP 000000010023012a
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[5100] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d9086c 5 bytes JMP 0000000100230758
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[5100] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d90884 5 bytes JMP 0000000100230676
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[5100] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d90dd4 5 bytes JMP 00000001002303d0
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[5100] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d91900 5 bytes JMP 0000000100230594
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[5100] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d91bc4 5 bytes JMP 000000010023083a
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[5100] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d91d50 5 bytes JMP 000000010023020c
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[5100] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 0000000077e0f85a 5 bytes JMP 0000000177dbd571
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[5100] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007599524f 7 bytes JMP 0000000100230f52
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[5100] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000759953d0 7 bytes JMP 0000000100240210
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[5100] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075995677 1 byte JMP 0000000100240048
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[5100] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075995679 5 bytes {JMP 0xffffffff8a8aa9d1}
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[5100] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007599589a 7 bytes JMP 0000000100230ca6
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[5100] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075995a1d 7 bytes JMP 00000001002403d8
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[5100] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075995c9b 7 bytes JMP 000000010024012c
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[5100] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075995d87 7 bytes JMP 00000001002402f4
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[5100] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075997240 7 bytes JMP 0000000100230e6e
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[5100] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076d51492 7 bytes JMP 000000010024059e
.text C:\Users\Bla\AppData\Roaming\Dropbox\bin\Dropbox.exe[4868] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d8fc90 5 bytes JMP 000000010038091c
.text C:\Users\Bla\AppData\Roaming\Dropbox\bin\Dropbox.exe[4868] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d8fdf4 5 bytes JMP 0000000100380048
.text C:\Users\Bla\AppData\Roaming\Dropbox\bin\Dropbox.exe[4868] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d8fe88 5 bytes JMP 00000001003802ee
.text C:\Users\Bla\AppData\Roaming\Dropbox\bin\Dropbox.exe[4868] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d8ffe4 5 bytes JMP 00000001003804b2
.text C:\Users\Bla\AppData\Roaming\Dropbox\bin\Dropbox.exe[4868] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d90018 5 bytes JMP 00000001003809fe
.text C:\Users\Bla\AppData\Roaming\Dropbox\bin\Dropbox.exe[4868] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d90048 5 bytes JMP 0000000100380ae0
.text C:\Users\Bla\AppData\Roaming\Dropbox\bin\Dropbox.exe[4868] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d90064 5 bytes JMP 000000010002004c
.text C:\Users\Bla\AppData\Roaming\Dropbox\bin\Dropbox.exe[4868] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d9077c 5 bytes JMP 000000010038012a
.text C:\Users\Bla\AppData\Roaming\Dropbox\bin\Dropbox.exe[4868] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d9086c 5 bytes JMP 0000000100380758
.text C:\Users\Bla\AppData\Roaming\Dropbox\bin\Dropbox.exe[4868] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d90884 5 bytes JMP 0000000100380676
.text C:\Users\Bla\AppData\Roaming\Dropbox\bin\Dropbox.exe[4868] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d90dd4 5 bytes JMP 00000001003803d0
.text C:\Users\Bla\AppData\Roaming\Dropbox\bin\Dropbox.exe[4868] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d91900 5 bytes JMP 0000000100380594
.text C:\Users\Bla\AppData\Roaming\Dropbox\bin\Dropbox.exe[4868] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d91bc4 5 bytes JMP 000000010038083a
.text C:\Users\Bla\AppData\Roaming\Dropbox\bin\Dropbox.exe[4868] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d91d50 5 bytes JMP 000000010038020c
.text C:\Users\Bla\AppData\Roaming\Dropbox\bin\Dropbox.exe[4868] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076d51492 7 bytes JMP 00000001003904bc
.text C:\Users\Bla\AppData\Roaming\Dropbox\bin\Dropbox.exe[4868] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007599524f 7 bytes JMP 0000000100380f52
.text C:\Users\Bla\AppData\Roaming\Dropbox\bin\Dropbox.exe[4868] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000759953d0 7 bytes JMP 0000000100390210
.text C:\Users\Bla\AppData\Roaming\Dropbox\bin\Dropbox.exe[4868] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075995677 1 byte JMP 0000000100390048
.text C:\Users\Bla\AppData\Roaming\Dropbox\bin\Dropbox.exe[4868] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075995679 5 bytes {JMP 0xffffffff8a9fa9d1}
.text C:\Users\Bla\AppData\Roaming\Dropbox\bin\Dropbox.exe[4868] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007599589a 7 bytes JMP 0000000100380ca6
.text C:\Users\Bla\AppData\Roaming\Dropbox\bin\Dropbox.exe[4868] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075995a1d 7 bytes JMP 00000001003903d8
.text C:\Users\Bla\AppData\Roaming\Dropbox\bin\Dropbox.exe[4868] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075995c9b 7 bytes JMP 000000010039012c
.text C:\Users\Bla\AppData\Roaming\Dropbox\bin\Dropbox.exe[4868] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075995d87 7 bytes JMP 00000001003902f4
.text C:\Users\Bla\AppData\Roaming\Dropbox\bin\Dropbox.exe[4868] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075997240 7 bytes JMP 0000000100380e6e
.text C:\Users\Bla\AppData\Roaming\Dropbox\bin\Dropbox.exe[4868] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076e01465 2 bytes [E0, 76]
.text C:\Users\Bla\AppData\Roaming\Dropbox\bin\Dropbox.exe[4868] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000076e014bb 2 bytes [E0, 76]
.text ... * 2
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4268] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d8fc90 5 bytes JMP 000000010028091c
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4268] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d8fdf4 5 bytes JMP 0000000100280048
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4268] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d8fe88 5 bytes JMP 00000001002802ee
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4268] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d8ffe4 5 bytes JMP 00000001002804b2
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4268] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d90018 5 bytes JMP 00000001002809fe
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4268] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d90048 5 bytes JMP 0000000100280ae0
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4268] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d90064 5 bytes JMP 000000010026004c
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4268] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d9077c 5 bytes JMP 000000010028012a
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4268] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d9086c 5 bytes JMP 0000000100280758
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4268] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d90884 5 bytes JMP 0000000100280676
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4268] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d90dd4 5 bytes JMP 00000001002803d0
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4268] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d91900 5 bytes JMP 0000000100280594
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4268] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d91bc4 5 bytes JMP 000000010028083a
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4268] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d91d50 5 bytes JMP 000000010028020c
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4268] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076d51492 7 bytes JMP 000000010029059e
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4268] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007599524f 7 bytes JMP 0000000100280f52
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4268] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000759953d0 7 bytes JMP 0000000100290210
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4268] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075995677 1 byte JMP 0000000100290048
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4268] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075995679 5 bytes {JMP 0xffffffff8a8fa9d1}
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4268] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007599589a 7 bytes JMP 0000000100280ca6
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4268] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075995a1d 7 bytes JMP 00000001002903d8
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4268] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075995c9b 7 bytes JMP 000000010029012c
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4268] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075995d87 7 bytes JMP 00000001002902f4
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4268] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075997240 7 bytes JMP 0000000100280e6e
.text C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4356] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d8fc90 5 bytes JMP 000000010044091c
.text C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4356] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d8fdf4 5 bytes JMP 0000000100440048
.text C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4356] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d8fe88 5 bytes JMP 00000001004402ee
.text C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4356] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d8ffe4 5 bytes JMP 00000001004404b2
.text C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4356] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d90018 5 bytes JMP 00000001004409fe
.text C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4356] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d90048 5 bytes JMP 0000000100440ae0
.text C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4356] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d90064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4356] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d9077c 5 bytes JMP 000000010044012a
.text C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4356] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d9086c 5 bytes JMP 0000000100440758
.text C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4356] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d90884 5 bytes JMP 0000000100440676
.text C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4356] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d90dd4 5 bytes JMP 00000001004403d0
.text C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4356] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d91900 5 bytes JMP 0000000100440594
.text C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4356] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d91bc4 5 bytes JMP 000000010044083a
.text C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4356] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d91d50 5 bytes JMP 000000010044020c
.text C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4356] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076d51492 7 bytes JMP 000000010045059e
.text C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4356] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007599524f 7 bytes JMP 0000000100440f52
.text C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4356] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000759953d0 7 bytes JMP 0000000100450210
.text C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4356] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075995677 1 byte JMP 0000000100450048
.text C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4356] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075995679 5 bytes {JMP 0xffffffff8aaba9d1}
.text C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4356] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007599589a 7 bytes JMP 0000000100440ca6
.text C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4356] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075995a1d 7 bytes JMP 00000001004503d8
.text C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4356] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075995c9b 7 bytes JMP 000000010045012c
.text C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4356] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075995d87 7 bytes JMP 00000001004502f4
.text C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe[4356] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075997240 7 bytes JMP 0000000100440e6e
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d8fc90 5 bytes JMP 000000010029091c
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d8fdf4 5 bytes JMP 0000000100290048
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d8fe88 5 bytes JMP 00000001002902ee
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d8ffe4 5 bytes JMP 00000001002904b2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d90018 5 bytes JMP 00000001002909fe
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d90048 5 bytes JMP 0000000100290ae0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d90064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d9077c 5 bytes JMP 000000010029012a
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d9086c 5 bytes JMP 0000000100290758
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d90884 5 bytes JMP 0000000100290676
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d90dd4 5 bytes JMP 00000001002903d0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d91900 5 bytes JMP 0000000100290594
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d91bc4 5 bytes JMP 000000010029083a
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d91d50 5 bytes JMP 000000010029020c
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007599524f 7 bytes JMP 0000000100290f52
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000759953d0 7 bytes JMP 00000001002a0210
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075995677 1 byte JMP 00000001002a0048
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075995679 5 bytes {JMP 0xffffffff8a90a9d1}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007599589a 7 bytes JMP 0000000100290ca6
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075995a1d 7 bytes JMP 00000001002a03d8
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075995c9b 7 bytes JMP 00000001002a012c
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075995d87 7 bytes JMP 00000001002a02f4
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075997240 7 bytes JMP 0000000100290e6e
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4944] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076d51492 7 bytes JMP 00000001002a059e
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[2628] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d8fc90 5 bytes JMP 00000001001d091c
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[2628] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d8fdf4 5 bytes JMP 00000001001d0048
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[2628] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d8fe88 5 bytes JMP 00000001001d02ee
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[2628] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d8ffe4 5 bytes JMP 00000001001d04b2
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[2628] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d90018 5 bytes JMP 00000001001d09fe
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[2628] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d90048 5 bytes JMP 00000001001d0ae0
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[2628] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d90064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[2628] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d9077c 5 bytes JMP 00000001001d012a
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[2628] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d9086c 5 bytes JMP 00000001001d0758
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[2628] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d90884 5 bytes JMP 00000001001d0676
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[2628] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d90dd4 5 bytes JMP 00000001001d03d0
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[2628] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d91900 5 bytes JMP 00000001001d0594
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[2628] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d91bc4 5 bytes JMP 00000001001d083a
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[2628] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d91d50 5 bytes JMP 00000001001d020c
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[2628] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076d51492 7 bytes JMP 00000001001e059e
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[2628] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007599524f 7 bytes JMP 00000001001d0f52
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[2628] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000759953d0 7 bytes JMP 00000001001e0210
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[2628] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075995677 1 byte JMP 00000001001e0048
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[2628] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075995679 5 bytes {JMP 0xffffffff8a84a9d1}
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[2628] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007599589a 7 bytes JMP 00000001001d0ca6
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[2628] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075995a1d 7 bytes JMP 00000001001e03d8
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[2628] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075995c9b 7 bytes JMP 00000001001e012c
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[2628] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075995d87 7 bytes JMP 00000001001e02f4
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[2628] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075997240 7 bytes JMP 00000001001d0e6e
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6488] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d8fc90 5 bytes JMP 000000010029091c
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6488] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d8fdf4 5 bytes JMP 0000000100290048
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6488] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d8fe88 5 bytes JMP 00000001002902ee
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6488] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d8ffe4 5 bytes JMP 00000001002904b2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6488] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d90018 5 bytes JMP 00000001002909fe
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6488] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d90048 5 bytes JMP 0000000100290ae0
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6488] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d90064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6488] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d9077c 5 bytes JMP 000000010029012a
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6488] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d9086c 5 bytes JMP 0000000100290758
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6488] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d90884 5 bytes JMP 0000000100290676
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6488] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d90dd4 5 bytes JMP 00000001002903d0
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6488] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d91900 5 bytes JMP 0000000100290594
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6488] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d91bc4 5 bytes JMP 000000010029083a
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6488] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d91d50 5 bytes JMP 000000010029020c
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6488] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e01465 2 bytes [E0, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6488] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e014bb 2 bytes [E0, 76]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6488] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076d51492 7 bytes JMP 00000001002b04bc
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6488] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007599524f 7 bytes JMP 0000000100290f52
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6488] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000759953d0 7 bytes JMP 00000001002b0210
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6488] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075995677 1 byte JMP 00000001002b0048
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6488] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075995679 5 bytes {JMP 0xffffffff8a91a9d1}
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6488] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007599589a 7 bytes JMP 0000000100290ca6
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6488] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075995a1d 7 bytes JMP 00000001002b03d8
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6488] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075995c9b 7 bytes JMP 00000001002b012c
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6488] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075995d87 7 bytes JMP 00000001002b02f4
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6488] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075997240 7 bytes JMP 0000000100290e6e
.text C:\Users\Bla\Desktop\TrojanerBoard\gmer_2.1.19163.exe[8076] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d8fc90 5 bytes JMP 000000010028091c
.text C:\Users\Bla\Desktop\TrojanerBoard\gmer_2.1.19163.exe[8076] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d8fdf4 5 bytes JMP 0000000100280048
.text C:\Users\Bla\Desktop\TrojanerBoard\gmer_2.1.19163.exe[8076] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d8fe88 5 bytes JMP 00000001002802ee
.text C:\Users\Bla\Desktop\TrojanerBoard\gmer_2.1.19163.exe[8076] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d8ffe4 5 bytes JMP 00000001002804b2
.text C:\Users\Bla\Desktop\TrojanerBoard\gmer_2.1.19163.exe[8076] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d90018 5 bytes JMP 00000001002809fe
.text C:\Users\Bla\Desktop\TrojanerBoard\gmer_2.1.19163.exe[8076] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d90048 5 bytes JMP 0000000100280ae0
.text C:\Users\Bla\Desktop\TrojanerBoard\gmer_2.1.19163.exe[8076] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d90064 5 bytes JMP 000000010002004c
.text C:\Users\Bla\Desktop\TrojanerBoard\gmer_2.1.19163.exe[8076] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d9077c 5 bytes JMP 000000010028012a
.text C:\Users\Bla\Desktop\TrojanerBoard\gmer_2.1.19163.exe[8076] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d9086c 5 bytes JMP 0000000100280758
.text C:\Users\Bla\Desktop\TrojanerBoard\gmer_2.1.19163.exe[8076] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d90884 5 bytes JMP 0000000100280676
.text C:\Users\Bla\Desktop\TrojanerBoard\gmer_2.1.19163.exe[8076] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d90dd4 5 bytes JMP 00000001002803d0
.text C:\Users\Bla\Desktop\TrojanerBoard\gmer_2.1.19163.exe[8076] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d91900 5 bytes JMP 0000000100280594
.text C:\Users\Bla\Desktop\TrojanerBoard\gmer_2.1.19163.exe[8076] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d91bc4 5 bytes JMP 000000010028083a
.text C:\Users\Bla\Desktop\TrojanerBoard\gmer_2.1.19163.exe[8076] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d91d50 5 bytes JMP 000000010028020c
.text C:\Users\Bla\Desktop\TrojanerBoard\gmer_2.1.19163.exe[8076] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007599524f 7 bytes JMP 0000000100280f52
.text C:\Users\Bla\Desktop\TrojanerBoard\gmer_2.1.19163.exe[8076] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000759953d0 7 bytes JMP 0000000100290210
.text C:\Users\Bla\Desktop\TrojanerBoard\gmer_2.1.19163.exe[8076] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075995677 1 byte JMP 0000000100290048
.text C:\Users\Bla\Desktop\TrojanerBoard\gmer_2.1.19163.exe[8076] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075995679 5 bytes {JMP 0xffffffff8a8fa9d1}
.text C:\Users\Bla\Desktop\TrojanerBoard\gmer_2.1.19163.exe[8076] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007599589a 7 bytes JMP 0000000100280ca6
.text C:\Users\Bla\Desktop\TrojanerBoard\gmer_2.1.19163.exe[8076] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075995a1d 7 bytes JMP 00000001002903d8
.text C:\Users\Bla\Desktop\TrojanerBoard\gmer_2.1.19163.exe[8076] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075995c9b 7 bytes JMP 000000010029012c
.text C:\Users\Bla\Desktop\TrojanerBoard\gmer_2.1.19163.exe[8076] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075995d87 7 bytes JMP 00000001002902f4
.text C:\Users\Bla\Desktop\TrojanerBoard\gmer_2.1.19163.exe[8076] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075997240 7 bytes JMP 0000000100280e6e
.text C:\Users\Bla\Desktop\TrojanerBoard\gmer_2.1.19163.exe[8076] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076d51492 7 bytes JMP 00000001002904bc
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4416:4788] 000007fef86f2a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4416:4128] 000007fee234d618
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4416:5196] 000007fee234d618
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x41 0x1C 0x49 0xB5 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x86 0x55 0x28 0xE6 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x01 0xD8 0xDE 0xAD ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x90 0xF8 0x2B 0x7C ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x41 0x1C 0x49 0xB5 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x86 0x55 0x28 0xE6 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x01 0xD8 0xDE 0xAD ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x90 0xF8 0x2B 0x7C ...
---- EOF - GMER 2.1 ----
Zitat:
Software wurde mittlerweile legal erworben. |
|
| Themen zu Auf meinem Notebook PUP.FCTPlugin entdeckt --> FaceTheme |
| .dll, administrator, adware.adlyrics, appdata, bho, browser, code, detected, explorer, file, google, helper, install, install.exe, laptop, log, microsoft, notebook, preferences, registry, scan, service, software, system, temp, uninstall.exe, version |
Linear-Darstellung
