| |
| |||||||
Log-Analyse und Auswertung: Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F sowie TR/Agent.385024.338Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.05.2013, 21:46
| #1 |
 |  Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F sowie TR/Agent.385024.338 Hallo liebe Trojaner-Boarder. Bei euch im Forum habe ich schon mehrfach Themen gesehen und gelesen, die Ähnlichkeiten mit meinem Problem haben, speziell die, wo es um Ausspähen von Sparkasse-Daten geht. Ich habe aber die Schritte, die dort empfohlen wurden, nicht durchgeführt, da oftmals geschrieben wurde, dass jeder Befall anders ist. Daher schildere ich mein Problem mal jetzt hier und hoffe auch eure Hilfe. Letzten Donnerstag (02.05.13) erhielt ich von meiner Sparkasse einen Anruf, in dem mir mitgeteilt wurde, dass auf einem Server im Ausland meine Zugangsdaten für meinen Onlinebanking-Zugang aufgetaucht seien und dass aus Sicherheitsgründen dieser Zugang jetzt gesperrt würde. Offensichtlich habe ein Trojaner meine Passwörter ausgespäht. Nachdem ich mein Avira Antivir per Update auf den neuesten Stand gebracht habe, wurden auch mehrere Malware-Programme gefunden: - ADWARE/Rogue.218624 - TR/Agent.385024.338 - EXP/CVE-2013-2423.F Diese 3 befinden sich immernoch im Quarantäne-Bereich von Avira Antivir. Vor der Aktualisierung von Avira Antivir waren noch 2 weitere Funde in Quarantäne, die danach jedoch nicht mehr da waren. Dies gilt auch für die zugehörigen Berichte. Wenn ich mich richtig erinnere, waren es ähnliche Bezeichnungen wie bei EXP/CVE... Ich befürchte, dass, wenn überhaupt, eine dieser beiden Dateien der besagte Trojaner war. Die oben explizit genannten Funde wurden erst am 04.05.13 (ADWARE,TR/)bzw. am 07.05.13 (EXP/CVE) gemacht. Meine Frage ist nun, wie ich den ganzen Müll wieder weg bekommen? Ich weiß auch nicht, was von dem Trojaner, der mein Onlinebanking ausgepäht hat, noch übrig ist in meinem System.  Ich hoffe, dass ihr mir helfen könnt und würde mich über eine Antwort sehr freuen! Ich habe auch schon OTL und GMER durchlaufen lassen, hier die logs: OTL.txt: Code:
ATTFilter OTL logfile created on: 07.05.2013 20:47:26 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christian\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19412) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 44,75% Memory free 6,19 Gb Paging File | 4,27 Gb Available in Paging File | 69,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 285,20 Gb Total Space | 129,22 Gb Free Space | 45,31% Space Free | Partition Type: NTFS Computer Name: CHRISTIAN-VAIO | User Name: Christian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Christian\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) PRC - C:\Program Files\sony\VAIO Update\VAIOUpdt.exe (Sony Corporation) PRC - C:\Program Files\sony\VAIO Update\VUAgent.exe (Sony Corporation) PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Program Files\sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) PRC - C:\Program Files\sony\Marketing Tools\MarketingTools.exe (Sony Corporation) PRC - C:\Program Files\Logitech\SetPoint\LBTWiz.exe (Logitech Inc.) PRC - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.) PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation) PRC - C:\Program Files\sony\VAIO Media plus\VMpTtray.exe (Sony Corporation) PRC - C:\Program Files\sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe (Realtek Semiconductor) PRC - C:\Program Files\sony\Network Utility\LANUtil.exe (Sony Corporation) PRC - C:\Program Files\sony\Network Utility\NSUService.exe (Sony Corporation) PRC - C:\Program Files\sony\VAIO Power Management\SPMgr.exe (Sony Corporation) PRC - C:\Program Files\sony\VAIO Power Management\SPMService.exe (Sony Corporation) PRC - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15e2d7f51f15830591727d6d6a1e4032\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\421cb77e6a4c21f94e3c5ddf766de23b\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll () MOD - C:\Windows\System32\CmdLineExt03.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\f300bbe8b18d4a04933422f241aa1428\System.IdentityModel.Selectors.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1c40efd2328e271920f4b4eda38c0125\System.ServiceModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9b2eef59d0cfc5aff182d0951de5f040\Accessibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\895899bb8c1772f2043de17305d7eb35\System.Runtime.Serialization.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\f9d4a89fc32b5a458c0a02c48dc8538e\System.IdentityModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\bb8af3cf69f1337efda4e810b6751b89\SMDiagnostics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3421.42239__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3421.42258__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3421.42253__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3421.42257__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3421.42313__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3421.42295__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3421.42282__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3421.42247__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3421.42331__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3421.42332__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3421.42247__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3421.42300__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3421.42300__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3421.42299__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3421.42284__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3421.42248__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3421.42259__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3421.42308__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3421.42259__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3421.42293__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3421.42284__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3421.42263__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3421.42292__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3421.42279__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3421.42283__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3421.42294__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3421.42263__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3421.42283__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3421.42284__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3421.42294__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3294.18728__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3294.18709__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3294.18751__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3294.18787__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3294.18795__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3294.18747__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3294.18794__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3294.18699__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3294.18701__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3294.18753__90ba9c70f846762e\DEM.OS.I0602.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3294.18745__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3294.18787__90ba9c70f846762e\DEM.OS.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3294.18708__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3294.18832__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3294.18755__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3294.18735__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3294.18771__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3294.18785__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3294.18737__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3294.18731__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3294.18717__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3294.18727__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3294.18758__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3294.18755__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3294.18772__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3294.18767__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3294.18766__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3294.18765__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3294.18771__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3294.18742__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3294.18760__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3294.18756__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3294.18748__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3294.18769__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3294.18757__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3421.42357__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3421.42340__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3294.18746__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3294.18728__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3421.42234__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3421.42326__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3294.18725__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3294.18720__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3294.18745__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll () MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3421.42321__90ba9c70f846762e\CLI.Component.Systemtray.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3421.42252__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3421.42325__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3421.42238__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3294.18714__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3294.18748__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3421.42236__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3294.18750__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3294.18744__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3421.42243__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3421.42237__90ba9c70f846762e\ATIDEMOS.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3421.42236__90ba9c70f846762e\APM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3421.42235__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3294.18740__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3421.42326__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3294.18774__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll () MOD - C:\Windows\System32\atitmmxx.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll () MOD - C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll () MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll () ========== Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (VUAgent) -- C:\Program Files\sony\VAIO Update\VUAgent.exe (Sony Corporation) SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (VcmIAlzMgr) -- C:\Program Files\sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation) SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (VCFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (SOHCImp) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation) SRV - (SOHPlMgr) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation) SRV - (SOHDs) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation) SRV - (SOHDms) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation) SRV - (SOHDBSvr) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation) SRV - (VAIO Event Service) -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (RtkAudioService) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe (Realtek Semiconductor) SRV - (NSUService) -- C:\Program Files\sony\Network Utility\NSUService.exe (Sony Corporation) SRV - (VAIO Power Management) -- C:\Program Files\sony\VAIO Power Management\SPMService.exe (Sony Corporation) SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (uCamMonitor) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (lxcg_device) -- C:\Windows\System32\lxcgcoms.exe ( ) ========== Driver Services (SafeList) ========== DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (hwusbdev) -- system32\DRIVERS\ewusbdev.sys File not found DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found DRV - (ewusbnet) -- system32\DRIVERS\ewusbnet.sys File not found DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation) DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation) DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation) DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.) DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYT IE - HKLM\..\SearchScopes\{73B60328-40E2-4CBC-AAFD-169B4DB776FB}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig IE - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYK_de IE - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7SNYK_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\..\SearchScopes\{73B60328-40E2-4CBC-AAFD-169B4DB776FB}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= IE - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\..\SearchScopes\{D4FD0727-ECC5-44F1-9964-C4BDFAE5148A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=6368203A-A94A-4EDF-9CC7-4543A302D4CE&apn_sauid=79300CDA-3E42-4CA4-8C85-B25C039EADE0& IE - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig" FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2013.01.03 22:39:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 15:18:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.12 15:18:11 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 15:18:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.12 15:18:11 | 000,000,000 | ---D | M] [2010.07.27 17:35:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions [2013.02.14 22:15:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\6bykvql9.default\extensions [2010.12.13 12:07:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\6bykvql9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.22 17:42:12 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\6bykvql9.default\extensions\firefox@tvunetworks.com [2012.12.12 01:31:30 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\6bykvql9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.02.14 22:15:46 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\6bykvql9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.04.12 15:18:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013.04.12 15:18:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.04.12 15:18:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013.04.12 15:18:21 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.04.12 15:18:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.04.12 15:18:16 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.04.12 15:18:16 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.04.12 15:18:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.04.12 15:18:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.04.12 15:18:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [AML] C:\Program Files\Sony\VAIO Launcher\AML.exe (Sony) O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [MarketingTools] C:\Program Files\sony\Marketing Tools\MarketingTools.exe (Sony Corporation) O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1033429082-2119218386-936885420-1000..\Run: [Dywoyreven] C:\Users\Christian\AppData\Roaming\Tagy\qoer.exe () O4 - HKU\S-1-5-21-1033429082-2119218386-936885420-1000..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKU\S-1-5-21-1033429082-2119218386-936885420-1000..\Run: [EPSON SX110 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-1033429082-2119218386-936885420-1000..\Run: [EPSON SX218 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGDE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-1033429082-2119218386-936885420-1000..\Run: [EPSON SX218 Series (Kopie 1)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGDE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-1033429082-2119218386-936885420-1000..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent File not found O4 - HKU\S-1-5-21-1033429082-2119218386-936885420-1000..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation) O4 - HKU\S-1-5-21-1033429082-2119218386-936885420-1000..\Run: [Spotify] C:\Users\Christian\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKU\S-1-5-21-1033429082-2119218386-936885420-1000..\Run: [Spotify Web Helper] C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKU\S-1-5-21-1033429082-2119218386-936885420-1000..\Run: [VMpTtray.exe] C:\Program Files\sony\VAIO Media plus\VMpTtray.exe (Sony Corporation) O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk = File not found O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A017C41E-C727-41AC-A634-FF0F56357C14}: DhcpNameServer = 192.168.34.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBE8C1D3-07B5-4507-B8CA-145AFDF06D11}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: C:\Users\Christian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Christian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{4cf095e2-1bbd-11df-b773-002433d141d5}\Shell - "" = AutoRun O33 - MountPoints2\{4cf095e2-1bbd-11df-b773-002433d141d5}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe O33 - MountPoints2\{b30b1ddc-95d6-11e0-8ff4-001e101f07df}\Shell - "" = AutoRun O33 - MountPoints2\{b30b1ddc-95d6-11e0-8ff4-001e101f07df}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{d18f1afd-8406-11de-b72d-001dbaf4b813}\Shell - "" = AutoRun O33 - MountPoints2\{d18f1afd-8406-11de-b72d-001dbaf4b813}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{f6d839dc-f149-11df-9bb7-002433d141d5}\Shell - "" = AutoRun O33 - MountPoints2\{f6d839dc-f149-11df-9bb7-002433d141d5}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{f6d839e7-f149-11df-9bb7-001e101f305e}\Shell - "" = AutoRun O33 - MountPoints2\{f6d839e7-f149-11df-9bb7-001e101f305e}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{f6d839f0-f149-11df-9bb7-001e101f9d8c}\Shell - "" = AutoRun O33 - MountPoints2\{f6d839f0-f149-11df-9bb7-001e101f9d8c}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{f6d839fa-f149-11df-9bb7-001e101f648e}\Shell - "" = AutoRun O33 - MountPoints2\{f6d839fa-f149-11df-9bb7-001e101f648e}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.07 19:50:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe [2013.05.07 13:31:10 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\Age of Empires II [2013.05.05 13:34:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.05.05 13:29:49 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.05.05 13:29:49 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.05.05 13:29:49 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.05.02 16:32:26 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Avira [2013.05.02 16:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.05.02 16:26:39 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2013.05.02 16:26:37 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.05.02 16:26:37 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.05.02 16:26:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.05.02 16:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2013.04.30 09:15:54 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Xoilq [2013.04.30 09:15:54 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Tagy [2013.04.30 09:15:54 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Rizur [2013.04.27 23:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013.04.26 13:51:36 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Spotify [2013.04.26 13:51:15 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Spotify [2013.04.21 11:30:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2013.04.12 15:18:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.04.10 20:46:45 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.04.10 20:46:44 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.04.10 20:46:44 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2013.04.10 20:46:02 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.04.10 20:46:01 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.04.10 20:46:01 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2013.04.10 20:46:01 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013.04.10 20:46:00 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013.04.10 20:46:00 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013.04.10 20:46:00 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.04.10 20:46:00 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.04.10 20:46:00 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.04.10 20:46:00 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.04.10 20:46:00 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.04.10 20:46:00 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.04.10 20:46:00 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.04.10 20:46:00 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013.04.10 20:46:00 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2013.04.10 20:46:00 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.04.10 20:46:00 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2013.04.10 20:45:59 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.04.10 20:44:57 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2013.04.10 20:44:55 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys ========== Files - Modified Within 30 Days ========== [2013.05.07 20:17:27 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.07 20:17:27 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.07 19:54:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.07 19:50:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe [2013.05.07 19:49:36 | 000,000,000 | ---- | M] () -- C:\Users\Christian\defogger_reenable [2013.05.07 19:48:36 | 000,050,477 | ---- | M] () -- C:\Users\Christian\Desktop\Defogger.exe [2013.05.07 13:33:59 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.07 13:33:59 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.07 13:33:59 | 000,126,704 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.07 13:33:59 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.07 11:16:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.06 22:30:47 | 000,110,592 | ---- | M] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.05.06 12:30:30 | 000,013,004 | ---- | M] () -- C:\Users\Christian\Desktop\Unbenannt 1.odg [2013.05.05 23:30:57 | 3218,104,320 | -HS- | M] () -- C:\hiberfil.sys [2013.05.05 16:35:35 | 000,004,268 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.05.02 16:16:19 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2013.05.02 16:16:18 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.05.02 16:16:18 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.05.02 16:16:18 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.05.02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2013.04.26 13:51:35 | 000,001,775 | ---- | M] () -- C:\Users\Christian\Desktop\Spotify.lnk [2013.04.21 11:42:57 | 000,000,000 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\sversion.ini [2013.04.21 11:29:29 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.04.21 11:29:29 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.04.20 19:54:22 | 000,000,680 | ---- | M] () -- C:\Users\Christian\AppData\Local\d3d9caps.dat [2013.04.11 03:27:56 | 000,452,160 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.05.07 19:49:36 | 000,000,000 | ---- | C] () -- C:\Users\Christian\defogger_reenable [2013.05.07 19:48:34 | 000,050,477 | ---- | C] () -- C:\Users\Christian\Desktop\Defogger.exe [2013.04.26 13:51:35 | 000,001,775 | ---- | C] () -- C:\Users\Christian\Desktop\Spotify.lnk [2013.04.26 13:51:35 | 000,001,761 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk [2013.04.12 12:44:37 | 000,013,004 | ---- | C] () -- C:\Users\Christian\Desktop\Unbenannt 1.odg [2011.09.17 22:13:48 | 000,011,264 | ---- | C] () -- C:\Windows\System32\atimuixx.dll [2011.09.11 12:41:54 | 000,000,282 | ---- | C] () -- C:\Windows\Config.ini [2011.09.11 12:41:54 | 000,000,225 | ---- | C] () -- C:\Windows\Config.ini.bak [2011.09.11 12:41:52 | 054,601,633 | ---- | C] () -- C:\Windows\BIOSROM.DAT [2010.06.11 22:57:29 | 000,000,680 | ---- | C] () -- C:\Users\Christian\AppData\Local\d3d9caps.dat [2010.04.10 08:28:41 | 000,000,760 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\setup_ldm.iss [2009.08.22 19:29:36 | 000,000,000 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\sversion.ini [2009.08.16 18:10:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.08.09 04:58:38 | 000,024,064 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\UserTile.png [2009.08.05 19:27:26 | 000,110,592 | ---- | C] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.02.10 16:34:24 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Atari [2013.01.03 22:39:33 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoft [2012.09.20 22:12:18 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers [2013.05.06 16:17:10 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Epson [2010.07.15 11:46:00 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\GetRightToGo [2012.06.08 19:05:56 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\go [2012.09.12 00:09:43 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ICQ [2011.07.02 21:06:20 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\InterVideo [2009.08.29 03:47:49 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Leadertech [2010.02.16 21:20:07 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\LG Electronics [2011.01.21 20:53:17 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenOffice.org [2013.04.03 11:36:17 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Origin [2009.08.09 04:58:37 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PeerNetworking [2013.04.30 09:15:54 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Rizur [2013.04.29 18:30:41 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Spotify [2013.04.30 09:15:54 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Tagy [2011.12.25 17:17:10 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Ubisoft [2013.05.07 16:36:49 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Xoilq ========== Purity Check ========== < End of report > Extras.txt Code:
ATTFilter OTL Extras logfile created on: 07.05.2013 20:47:26 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christian\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19412)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 44,75% Memory free
6,19 Gb Paging File | 4,27 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,20 Gb Total Space | 129,22 Gb Free Space | 45,31% Space Free | Partition Type: NTFS
Computer Name: CHRISTIAN-VAIO | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-1033429082-2119218386-936885420-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B5FBFDE-9A81-49AF-8B2D-4F2B4F7704E7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0E1276B1-0311-43C2-B812-F6DE4F3656A3}" = rport=137 | protocol=17 | dir=out | app=system |
"{1074E664-9F32-4CCA-AB0D-9B07ACDD869E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{122ECF6F-21AE-471B-B235-367597FBFF6A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{17139A5A-05AA-46FE-BB57-0A481BC7A557}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1BAAC31F-EA4C-4BF3-8BA8-86903FD896DA}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{1CBAB161-B794-40A3-9E96-B6C6882B74E7}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{23EACC63-AE5A-4687-8B39-B951694C5624}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2EEA3600-4F69-48F7-ADBF-4ED966F6D5CD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2F24B054-7378-4E0B-833E-6C8881C00134}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3120E0DD-F561-433F-9158-5BE7CF20C8A0}" = lport=137 | protocol=17 | dir=in | app=system |
"{319D9108-B986-4698-B94B-11C3EE57F26F}" = lport=138 | protocol=17 | dir=in | app=system |
"{36C2CCCD-D45D-4A92-9CB6-A14A149AE6E8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{4794FD15-DD6B-47B3-B10E-A90502245811}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{49A204E2-0AD2-496C-BE55-0A6528DC0E67}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{593CAB15-F0B3-456C-94DF-347E140DC6E6}" = rport=138 | protocol=17 | dir=out | app=system |
"{5A60E279-716A-4D12-AE4E-9E9A91BB68C4}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{6042E77A-198F-4796-BBB6-65CE6FD091B8}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{72D4E8EC-E3AA-4B8C-AFF9-37354B52F660}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8797EA83-7218-4935-BBF6-82A93A942188}" = lport=445 | protocol=6 | dir=in | app=system |
"{8E7EB605-ECBA-4A2F-A2E7-096C5FFD187D}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{9430473A-CA16-4261-8BFF-61931C5A6919}" = lport=139 | protocol=6 | dir=in | app=system |
"{991AA5F0-F354-43C8-AF0A-0BD168E85D21}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9A9B65F3-9055-4D4E-8D81-9067601B5D20}" = rport=445 | protocol=6 | dir=out | app=system |
"{B0056FEE-5173-4629-8063-8A7925482FB8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C1B0EBB1-F027-4015-91E3-2D1FA95C3F3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C2356B44-AC7C-4AE1-A515-9E8DA8F41D8C}" = rport=139 | protocol=6 | dir=out | app=system |
"{D4A02098-4A45-4153-90C2-E0F448D87BF1}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{D839420C-DF76-4B05-B6E4-E1A4FDFA9AF8}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{DC62D110-9105-4A53-AD9D-8C30A80A3BFD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EFD0E59E-3A0D-4DEB-A5C0-D48ABF161D9F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F0E7EE21-CDE2-48F4-8E8A-1F9A7D506AEE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FBEC581B-8C15-401D-A215-A7B0508D9AA3}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A58DB22-B32C-49E6-9B23-2CC1A790693D}" = protocol=6 | dir=in | app=c:\program files\common files\sony shared\sohlib\sohdms.exe |
"{0C765B7B-0EDB-4F23-9355-66A8FAF37720}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{21CB2DC0-8CD1-4823-A487-3294FF3D5DC6}" = protocol=6 | dir=in | app=c:\program files\common files\sony shared\sohlib\sohcimp.exe |
"{21D7054F-F3DE-4795-ADCB-CF2F54A38208}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{21D9BCB9-B7D5-4888-8780-75EF7CC3E829}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{24442338-2E05-4B8E-8245-17546574EDCC}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{264E55F1-A5EA-4174-BDC5-3170DF5D8D7D}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{4E5AC57A-B2A6-4304-804E-267B975C1BD1}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{4EC19C25-6A4A-4A24-BBFA-4BBB86AD9F0D}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{5551ACED-DAF7-409C-AED8-668C1FFAA6EE}" = protocol=17 | dir=in | app=c:\program files\sony\vaio media plus\vmp.exe |
"{56E4A717-17FE-4628-B974-F3A6EABFBF90}" = protocol=17 | dir=in | app=c:\program files\common files\sony shared\sohlib\sohdms.exe |
"{5EECCAAC-9EF7-4B32-8CB2-E597535B3AD8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5F974FEB-7894-42EA-92E2-E3EBB8ABCA91}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{67F6625C-18B8-4232-BBC6-BE2F1B8EBE7D}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\initengine.exe |
"{6CFB0022-FBD5-43B8-9613-A97FCC8F5B69}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{6FA321F1-4335-4178-8440-265E02E28ADC}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{6FBC28F1-7917-49A0-AAF2-4D71F7453130}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\autopatcher.exe |
"{7D4F814D-B9F2-4B3A-AA1D-9B366CBFFE4B}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\anno5.exe |
"{8044E6A0-FB64-4CCE-BEDB-9862E31139F5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{814BC493-9807-4225-BD13-3FE818683C43}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{89CBD9BF-9B44-4B17-BC3F-5935FC0CD826}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{8B2A9FFC-CB0A-4BFF-B98B-13E16D917150}" = protocol=6 | dir=in | app=c:\program files\sony\vaio media plus\vmp.exe |
"{93458ED9-784C-467C-9BCE-9AEBF85214E3}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{967DB318-6032-4A13-A78E-C7D54F09630D}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{A1742D28-E4B0-4ADA-94F7-9FEF73FC9266}" = protocol=17 | dir=in | app=c:\program files\common files\sony shared\sohlib\sohcimp.exe |
"{A69597A4-1F65-4B54-8B7F-170530B8D197}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A8429FEF-2BE7-433A-A9F2-927D565213E7}" = protocol=17 | dir=in | app=c:\program files\common files\sony shared\sohlib\sohds.exe |
"{ADC37CB2-8AD5-472F-BF84-A631D158E0B5}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\initengine.exe |
"{B5140B72-01E4-43B9-8378-E951A9ED14D3}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\autopatcher.exe |
"{B5EFA606-C888-4CBE-B8BC-77F7F835F3DF}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{C11BFB45-5695-417A-B5C1-75CDB5F84720}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{D0043BC0-70E4-484B-BCB3-DD2CF45EEED2}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{D17B0934-05B5-44B4-A263-57E473EA85DC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E35852A0-F31E-450D-A282-8897553401AD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E46CB965-4FE2-4959-A0D0-77235B34DED2}" = protocol=6 | dir=in | app=c:\program files\common files\sony shared\sohlib\sohds.exe |
"{E5385247-2B04-4A97-A6A7-13EDAA17693C}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{EBD2DEA3-1FD5-4AD3-88B1-91393B612B9A}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{EE90FBA4-5511-4718-84A9-6237127674E2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F27F0F48-82F1-44FE-8F73-9729F070102C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F82DE2A1-FE7C-4671-9ECF-D57470B03EB6}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{FDE5A5D3-A7A4-49B9-84EC-0C4AE8136F98}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\anno5.exe |
"{FF4769E5-83CF-4E4B-BE18-A024EF427A09}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"TCP Query User{10A31E8E-E4FA-4257-9DB8-A5664A607D29}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{13BD7203-6C18-467B-9C8B-04D965463E4C}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{19577B63-798D-4DC5-B214-6752E8859637}C:\users\christian\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\users\christian\anno 1701\anno1701.exe |
"TCP Query User{2C8306EC-6B51-4B82-90EC-9BBBB68B6F5D}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{3295802C-B4EC-4765-BBBA-5E026DBD2786}C:\users\christian\desktop\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\christian\desktop\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{3739C260-992C-45C0-959B-7F938D72B529}C:\users\christian\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\christian\appdata\roaming\spotify\spotify.exe |
"TCP Query User{4123F8C2-98D2-4337-A05E-C115A3578593}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{48DE48BF-CE13-4756-B1F8-FF935E027C74}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{543051C0-1C1E-4275-BEEE-164ACCB66553}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{7221B613-5089-4711-869F-5DB78C0E6917}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{84F2F03B-AD03-4021-8362-51162CACFDB3}C:\users\christian\desktop\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\users\christian\desktop\anno 1701\anno1701.exe |
"TCP Query User{8C9AADF0-1052-4425-96EB-12DC75B0F6B8}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{8E2D6474-F06A-4FF7-AC62-D01D87E59874}C:\users\christian\desktop\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\users\christian\desktop\age of empires ii\empires2.exe |
"TCP Query User{9791F87A-BDED-4219-BB30-5B37E07B4E45}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{99A7D3E6-B2CB-4CD0-BD41-765C98B1B0A8}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{9F900524-530A-4608-BA4C-45EF976E9957}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{ABF77450-8B0E-463F-AB9E-AC283601A1C0}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{BDB2A6E5-DEE9-4EA4-B67C-DFAFDA0E0677}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{C964FE4F-F53B-4B03-98BB-6E32BC6669A7}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{D005C666-D616-4E09-B9DB-1B3E56307ABB}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{D63D42D6-0E46-4DE8-8647-8AAB4C695BFE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{020D9395-8F12-4E63-9872-5822AFE4BF73}C:\users\christian\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\users\christian\anno 1701\anno1701.exe |
"UDP Query User{055D9C1B-00D0-40AA-9953-6203FE2C9859}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{318B0F47-291B-41FA-AD72-C3109ED0798F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{364F1FBA-704E-4E49-992D-3843636CCA4F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{3C71CD0A-3088-4973-891B-7B2758C6756F}C:\users\christian\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\christian\appdata\roaming\spotify\spotify.exe |
"UDP Query User{4CF9ED12-BF6B-4781-907B-3B73120FEDD7}C:\users\christian\desktop\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\users\christian\desktop\age of empires ii\empires2.exe |
"UDP Query User{569DFC57-F501-4709-AAAF-5CBE91AFDE16}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{56D20EFD-E3D0-41AA-84AF-A8C195ABF3E1}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{61334277-6D54-473B-81D5-34FCA5D4B7C2}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{61A1FE17-150E-4E7F-A2DB-DD117F530A54}C:\users\christian\desktop\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\christian\desktop\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{804FF513-71BD-4C45-A652-AC27C06DFC36}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{80FEE8A3-DB4E-4A25-89E3-900B7CFE7A48}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{85B37A68-908B-4CB3-9943-26308D4B8015}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{B7FC3B21-3B7C-47B4-B034-9D535B763CA4}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{BAB0407B-87B1-41D1-A117-886CC4C25B48}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{BFC07C14-6B83-4AF0-92DA-3AB83195903A}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{C0B2A5A5-413A-4257-9E27-6CF8595120C2}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{C64ABD8A-7E5A-46E2-9827-B7831B84616F}C:\users\christian\desktop\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\users\christian\desktop\anno 1701\anno1701.exe |
"UDP Query User{CE4BD4BE-81ED-4428-AED8-66876B6A79F1}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{DFDDFDF5-4AF2-4EDA-9AC1-6219DEDF4A55}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{FE4D295C-A56D-4B7F-9358-5065A560E181}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0B9B76C9-4967-59FC-C994-191AEA152F04}" = ATI Catalyst Install Manager
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6100_series" = Canon MG6100 series MP Drivers
"{12D0BE8D-538C-4AB1-86DE-C540308F50DA}" = VAIO Content Metadata Manager Settings
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{18510937-0146-417B-95D8-14706649C384}" = VAIO Content Metadata Manager Settings
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation
"{202F2838-156B-FC76-013F-9241B9673F39}" = CCC Help Thai
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2878C3C9-9D91-430F-8F50-885BB23DB001}" = VAIO Content Folder Watcher
"{291FB4BF-EEC7-4CF9-8469-F39ED1DBC4D8}" = VAIO Content Metadata XML Interface Library
"{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1" = Pokemon Online 2.0.1
"{2C3CE8F0-F4AD-4D54-A520-975309C617E2}" = LG PC Suite III
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{325ED81A-EC15-7CE8-729B-0392A1DD3854}" = CCC Help Czech
"{327B75F0-92AF-420A-988F-FA596A218E0B}" = VAIO Content Folder Watcher
"{36BDB1C2-CC66-41EB-B7DD-76339A7BB046}" = VAIO Edit Components
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCA23DD-CEDA-CC7F-C74C-4D1EDAE919AA}" = Catalyst Control Center Graphics Full New
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{42DD2173-B7CA-8AB3-8AC2-40DFE2CA6FBC}" = CCC Help German
"{430DD2C5-65FD-9781-F9F2-693CAF05CD10}" = Catalyst Control Center InstallProxy
"{4882EBF5-CA37-4EF4-BCB8-9B0E78B907D0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{49B8916D-1DEA-F18A-731F-BF0FE209C63B}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4EEAF8D8-CB79-06CA-A566-EAC1726DAABB}" = CCC Help Finnish
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{540DB82A-EE11-BBC1-8BD8-BB7D937A53A4}" = CCC Help Hungarian
"{547FD64B-98D9-1D8F-9001-BE027E3A7BD8}" = Catalyst Control Center InstallProxy
"{5511C07D-A83C-45AD-92B6-42DF99729A3C}" = Adobe Photoshop Elements 7.0
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5882396B-9FB3-37AC-1AE1-5EA344BD7705}" = Catalyst Control Center Graphics Previews Vista
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5BA149D9-D5FA-5AB3-400B-9F1BF424B7CE}" = CCC Help Chinese Traditional
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{642F96CC-1D3B-20DE-8673-44EE15B3DC2F}" = CCC Help Portuguese
"{64DBE9FE-A07D-41A0-B81A-8D416D9647FF}" = VAIO Content Folder Watcher
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69C8B1E3-2665-4A0F-B049-67746E5C4CE3}" = Software Info for Me&My VAIO
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D26ACF9-4919-0744-C509-28EAF53112D4}" = CCC Help Dutch
"{6EB6A82E-4918-481F-9AF8-3129E6D29B7E}" = Sony Home Network Library
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71256374-2053-CF0F-BD54-20082980B95C}" = Catalyst Control Center Graphics Full Existing
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{72EEB695-388B-4835-8EA6-0C04545B06B9}" = Intel(R) PROSet/Wireless WiFi-Software
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{737D8F4D-24D4-D626-DEC0-9E39A6166890}" = CCC Help Danish
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{74B705C2-173A-FFD1-98BC-AD5FB647AB38}" = CCC Help Polish
"{76D7CCD6-8369-405C-B494-5F34FAE67249}" = Me&My VAIO
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{784BDC03-2D22-BCAE-5CAC-84AFA799FBDE}" = CCC Help Turkish
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7B79CD75-F848-4B33-83E3-0EE1A1805A8C}" = VAIO Movie Story
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8572CE7D-46B0-70B3-96CD-534F07B35F5D}" = CCC Help Italian
"{85AF94EC-55DE-452A-8FD7-C34E598B3F1F}" = Adobe Premiere Elements 7.0 Templates
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87544F2E-CCA5-01BC-AEBC-D8C1D759EE61}" = CCC Help English
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PROR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_PROR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_PROR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90B38901-52C8-85A7-D6C8-9A5592C9FCAA}" = CCC Help Greek
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9648D00F-0589-619B-6114-BF2A0620168B}" = CCC Help Korean
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{9805E4EE-9B66-CABD-AF6B-4B84F2A8EF46}" = Skins
"{989ED050-E296-4FDC-9E4E-C48B4AF76E32}" = VAIO Content Metadata Intelligent Analyzing Manager
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AC34FA1-BCDE-1D09-5DB7-EB6A064FDEA9}" = CCC Help Spanish
"{9B973FC0-E71F-6F89-10D6-1BFD063D1707}" = CCC Help Swedish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9EAC0E21-510E-4259-A9C6-F5D5B8969036}" = Catalyst Control Center - Branding
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{A3563827-B0DB-44DC-B037-15CC4E5E692F}" = VAIO Content Metadata XML Interface Library
"{A3979A05-6834-D0A7-75CD-71B5A9E5F4C0}" = Catalyst Control Center Localization All
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A6F21795-E629-35B2-9487-00A8363B28AA}" = Catalyst Control Center Graphics Light
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{AEA6A4C2-7C4E-48F9-A770-879DE2EDEE1B}" = OpenMG Secure Module 5.4.00
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1991F22-4F93-4D11-9866-A7DFE551DF9E}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B3668C08-EBB1-40F4-B4F9-4F8E13501A7D}" = VAIO Entertainment Platform
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.5
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C0AD2831-3398-A078-CBEB-39A6B381BB56}" = CCC Help Japanese
"{C0E18DC4-C74A-4889-AE3A-933471023787}" = LG PC Suite III
"{C18A02EC-966B-E7A7-9AC9-082F770ABF9B}" = CCC Help Russian
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup aktivieren
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C9C390CC-F9B9-EFE8-27DF-6EB7FF8F8760}" = CCC Help Norwegian
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CD431A7B-88D8-0823-E66F-CCFAEA6DA7B4}" = ccc-core-static
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF0F8D1B-5FB9-468D-BD88-E6239906D2B7}" = Click to Disc
"{D035FBF6-FDEF-487D-89CA-6F9DD07B783F}" = Dolby Control Center
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D239B547-8B20-4BDE-888D-C9CCA823FFD8}" = WIDCOMM Bluetooth Software
"{D47E6B9C-F5A5-23B7-AB6A-3806AD4C9529}" = ccc-utility
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D564B5E2-CCB5-4A5C-B35E-2FC30BBC9336}" = Adobe Premiere Elements 7.0
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D613E659-6503-42A8-9617-4F599061EAD5}" = VAIO MusicBox
"{D6DA6836-77C2-5338-10E3-D7A6CD65681D}" = Catalyst Control Center Core Implementation
"{DA8F979E-43B9-3EEC-721C-F297D9509992}" = Catalyst Control Center Graphics Previews Common
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FE0782BC-7AB0-CF6A-6E38-D3040462C7EC}" = CCC Help French
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"7-Zip" = 7-Zip 9.20
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"dt icon module" =
"EPSON Scanner" = EPSON Scan
"EPSON SX110 Series" = Druckerdeinstallation für EPSON SX110 Series
"EPSON SX218 Series" = EPSON SX218 Series Printer Uninstall
"EPSON SX218 Series Manual" = EPSON SX218 Series Handbuch
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.21.1212
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Free YouTube Download_is1" = Free YouTube Download version 3.1.42.1212
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{AEA6A4C2-7C4E-48F9-A770-879DE2EDEE1B}" = OpenMG Secure Module 5.4.00
"InstallShield_{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"MarketingTools" = VAIO Marketing Tools
"MFU Module" =
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NimoCorp" = Nimo Codecs Pack v5.0 (Remove Only)
"PremElem70" = Adobe Premiere Elements 7.0
"PremElem70Templates" = Adobe Premiere Elements 7.0 Templates
"ProInst" = Intel PROSet Wireless
"PROR" = Microsoft Office Professional 2007-Testversion
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"SUPER ©" = SUPER © Version 2010.bld.42 (Nov 7, 2010)
"Uninstall_is1" = Uninstall 1.0.0.1
"VAIO Help and Support" =
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"YTdetect" = Yahoo! Detect
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1033429082-2119218386-936885420-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"Spotify" = Spotify
"STANLY Track" = STANLY Track
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.05.2013 11:06:52 | Computer Name = Christian-Vaio | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 04.05.2013 06:23:51 | Computer Name = Christian-Vaio | Source = Perflib | ID = 1010
Description =
Error - 04.05.2013 06:23:52 | Computer Name = Christian-Vaio | Source = Perflib | ID = 1008
Description =
Error - 05.05.2013 17:31:58 | Computer Name = Christian-Vaio | Source = WinMgmt | ID = 10
Description =
Error - 05.05.2013 17:32:15 | Computer Name = Christian-Vaio | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 06.05.2013 07:01:40 | Computer Name = Christian-Vaio | Source = Windows Search Service | ID = 3013
Description =
Error - 06.05.2013 07:01:55 | Computer Name = Christian-Vaio | Source = Windows Search Service | ID = 3013
Description =
Error - 06.05.2013 07:35:58 | Computer Name = Christian-Vaio | Source = Application Hang | ID = 1002
Description = Programm soffice.bin, Version 3.2.9498.500 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 121c Anfangszeit: 01ce4a4d88cf5770 Zeitpunkt
der Beendigung: 29
Error - 06.05.2013 07:37:22 | Computer Name = Christian-Vaio | Source = Application Hang | ID = 1002
Description = Programm soffice.bin, Version 3.2.9498.500 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 1168 Anfangszeit: 01ce4a4de3e7a770 Zeitpunkt
der Beendigung: 7
Error - 07.05.2013 06:14:27 | Computer Name = Christian-Vaio | Source = Windows Search Service | ID = 3013
Description =
[ OSession Events ]
Error - 15.07.2010 17:51:24 | Computer Name = Christian-Vaio | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
Error - 15.07.2010 17:52:00 | Computer Name = Christian-Vaio | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
Error - 15.07.2010 17:59:46 | Computer Name = Christian-Vaio | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
Error - 07.12.2010 14:41:31 | Computer Name = Christian-Vaio | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 8 seconds with 0 seconds of active time. This session ended with a crash.
Error - 07.12.2010 14:53:46 | Computer Name = Christian-Vaio | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.
Error - 27.01.2011 05:16:48 | Computer Name = Christian-Vaio | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 4 seconds with 0 seconds of active time. This session ended with a crash.
Error - 12.04.2011 09:46:07 | Computer Name = Christian-Vaio | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 7 seconds with 0 seconds of active time. This session ended with a crash.
Error - 03.05.2011 13:57:06 | Computer Name = Christian-Vaio | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 2861 seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 02.05.2013 11:03:34 | Computer Name = Christian-Vaio | Source = Service Control Manager | ID = 7009
Description =
Error - 02.05.2013 11:03:42 | Computer Name = Christian-Vaio | Source = Service Control Manager | ID = 7000
Description =
Error - 02.05.2013 11:05:31 | Computer Name = Christian-Vaio | Source = DCOM | ID = 10010
Description =
Error - 02.05.2013 11:05:32 | Computer Name = Christian-Vaio | Source = Service Control Manager | ID = 7009
Description =
Error - 04.05.2013 05:40:21 | Computer Name = Christian-Vaio | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.12 für die Netzwerkkarte mit der Netzwerkadresse
0022FB80BD4C wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 05.05.2013 17:31:59 | Computer Name = Christian-Vaio | Source = Service Control Manager | ID = 7000
Description =
Error - 05.05.2013 17:32:19 | Computer Name = Christian-Vaio | Source = DCOM | ID = 10016
Description =
Error - 05.05.2013 17:32:42 | Computer Name = Christian-Vaio | Source = DCOM | ID = 10016
Description =
Error - 05.05.2013 17:37:43 | Computer Name = Christian-Vaio | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.3 für die Netzwerkkarte mit der Netzwerkadresse
0022FB80BD4C wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 06.05.2013 14:02:28 | Computer Name = Christian-Vaio | Source = BROWSER | ID = 8032
Description =
< End of report >
Hoffe das ist alles so richtig. Bei Gmer.txt bin ich nicht sicher gewesen, ob ich die richtigen Haken weggelassen habe. Ich habe Haken bei IAT/EAT, Show all und bei File weggelassen. Bei C habe ich den Haken gelassen. Sollte das falsch sein, mache ich es schnell nochmal neu mit den richtigen Haken. Wie gesagt, wäre sehr dankbar für jede Hilfe!  In jedem Fall wünsche ich allen einen schönen Restabend! LG KlausKlaus |
|
07.05.2013, 21:50
| #2 |
| | Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F sowie TR/Agent.385024.338 ah sorry, ich komm nich zurecht hier...
__________________Geändert von KlausKlaus (07.05.2013 um 22:02 Uhr) |
|
07.05.2013, 21:52
| #3 |
| | Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F sowie TR/Agent.385024.338 hier noch Gmer.txt , leider zweigeteilt
__________________Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-07 21:57:48
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FB4O 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\fglyiuog.sys
---- System - GMER 2.1 ----
SSDT 8DB6F5F6 ZwCreateSection
SSDT 8DB6F600 ZwRequestWaitReplyPort
SSDT 8DB6F5FB ZwSetContextThread
SSDT 8DB6F605 ZwSetSecurityObject
SSDT 8DB6F60A ZwSystemDebugControl
SSDT 8DB6F597 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 215 836EF958 4 Bytes [F6, F5, B6, 8D] {DIV CH; MOV DH, 0x8d}
.text ntkrnlpa.exe!KeSetEvent + 539 836EFC7C 4 Bytes [00, F6, B6, 8D] {ADD DH, DH; MOV DH, 0x8d}
.text ntkrnlpa.exe!KeSetEvent + 56D 836EFCB0 4 Bytes [FB, F5, B6, 8D] {STI ; CMC ; MOV DH, 0x8d}
.text ntkrnlpa.exe!KeSetEvent + 5D1 836EFD14 4 Bytes [05, F6, B6, 8D]
.text ntkrnlpa.exe!KeSetEvent + 619 836EFD5C 4 Bytes [0A, F6, B6, 8D] {OR DH, DH; MOV DH, 0x8d}
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8F80A000, 0x24DFB2, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] ntdll.dll!LdrLoadDll + 1 77329379 3 Bytes [E1, 39, 3C]
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] ntdll.dll!LdrLoadDll + 5 7732937D 1 Byte [C3]
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] ntdll.dll!NtCreateUserProcess 77365674 4 Bytes [68, BC, 38, 3C]
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] ntdll.dll!NtCreateUserProcess + 5 77365679 1 Byte [C3]
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] kernel32.dll!GetFileAttributesExW 77189C45 6 Bytes PUSH 003C3C4A; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] kernel32.dll!ExitProcess 771B43B4 6 Bytes PUSH 003C3C09; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] ADVAPI32.dll!CreateProcessAsUserA 759ACEB9 6 Bytes PUSH 003C3CB0; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] ADVAPI32.dll!CreateProcessAsUserW 759C1EE9 6 Bytes PUSH 003C3CC7; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] WS2_32.dll!closesocket 75CC330C 6 Bytes PUSH 003BF57B; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] WS2_32.dll!getaddrinfo 75CC418A 6 Bytes PUSH 003BF18C; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] WS2_32.dll!WSASend 75CC4496 6 Bytes PUSH 003BF5D4; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] WS2_32.dll!send 75CC659B 6 Bytes PUSH 003BF5B3; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] WS2_32.dll!gethostbyname 75CD62D4 6 Bytes PUSH 003BF11C; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] CRYPT32.dll!PFXImportCertStore 7534989D 6 Bytes PUSH 003D1D51; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!RegisterClassExA 770D61E1 6 Bytes PUSH 003C6CF4; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!GetUpdateRgn 770D85E4 6 Bytes PUSH 003CFAD5; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!GetMessagePos 770D9071 6 Bytes PUSH 003BFE2F; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!GetCapture 770DA986 6 Bytes PUSH 003BFF8F; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!SwitchDesktop 770DB8D2 6 Bytes PUSH 003C68E6; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!OpenInputDesktop 770DBCE6 4 Bytes [68, 96, 68, 3C]
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!OpenInputDesktop + 5 770DBCEB 1 Byte [C3]
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!GetUpdateRect 770DD3E0 6 Bytes PUSH 003CFA42; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!RegisterClassExW 770DDA30 6 Bytes PUSH 003C6CA2; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!DefWindowProcA 770DDB88 6 Bytes PUSH 003C694A; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!RegisterClassA 770DDF42 6 Bytes PUSH 003C6C55; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!RegisterClassW 770DE1AB 6 Bytes PUSH 003C6C08; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!GetWindowDC 770E3BA7 4 Bytes [68, C3, F9, 3C]
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!GetWindowDC + 5 770E3BAC 1 Byte [C3]
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!DefDlgProcW 770E4A11 6 Bytes PUSH 003C6990; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!GetDCEx 770E4D22 4 Bytes [68, 29, F9, 3C]
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!GetDCEx + 5 770E4D27 1 Byte [C3]
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!PeekMessageA 770E8343 6 Bytes PUSH 003C00A9; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!GetMessageA 770E8AB3 6 Bytes PUSH 003C0056; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!GetDC 770E9C31 4 Bytes [68, 84, F9, 3C]
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!GetDC + 5 770E9C36 1 Byte [C3]
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!ReleaseDC 770E9CED 6 Bytes PUSH 003CFA02; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!EndPaint 770EA28F 4 Bytes JMP 3A0EDF8C
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!EndPaint + 5 770EA294 1 Byte [C3]
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!BeginPaint 770EA2A3 4 Bytes [68, 79, F8, 3C]
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!BeginPaint + 5 770EA2A8 1 Byte [C3]
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!GetMessageW 770EFEF7 6 Bytes PUSH 003C002E; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!TranslateMessage 770F01AD 6 Bytes PUSH 003CA41D; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!DefWindowProcW 770F03B4 6 Bytes PUSH 003C6904; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!PeekMessageW 770F045A 6 Bytes PUSH 003C007E; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!CallWindowProcW 770F095E 6 Bytes PUSH 003C6B3A; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!GetCursorPos 770F0B88 6 Bytes PUSH 003BFE61; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!DefDlgProcA 770F26B8 6 Bytes PUSH 003C69D6; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!DefMDIChildProcA 770FB031 6 Bytes PUSH 003C6AF4; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!DefFrameProcA 770FB24F 6 Bytes PUSH 003C6A65; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!CallWindowProcA 770FB73E 6 Bytes PUSH 003C6B83; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!DefFrameProcW 770FD1F9 6 Bytes PUSH 003C6A1C; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!DefMDIChildProcW 770FD4F6 6 Bytes PUSH 003C6AAE; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!ReleaseCapture 771030A2 6 Bytes PUSH 003BFF3F; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!SetCapture 771030AF 4 Bytes [68, E5, FE, 3B]
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!SetCapture + 5 771030B4 1 Byte [C3]
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!SetCursorPos 77116FB2 6 Bytes PUSH 003BFEA8; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!GetClipboardData 7711715A 6 Bytes PUSH 003CA5CC; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] WININET.dll!InternetReadFile 75A8655B 6 Bytes PUSH 003D19A3; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] WININET.dll!HttpQueryInfoA 75A8879D 6 Bytes PUSH 003D1AD6; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] WININET.dll!InternetCloseHandle 75A89098 6 Bytes PUSH 003D1936; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] WININET.dll!InternetQueryDataAvailable 75A8BF93 6 Bytes PUSH 003D1AAA; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] WININET.dll!HttpOpenRequestA 75A8D518 6 Bytes PUSH 003D1678; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] WININET.dll!HttpSendRequestW 75A8FACE 6 Bytes PUSH 003D16BC; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] WININET.dll!HttpOpenRequestW 75A8FC0B 6 Bytes PUSH 003D1634; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] WININET.dll!HttpSendRequestA 75A9EEA1 6 Bytes PUSH 003D1711; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] WININET.dll!InternetReadFileExA 75AA3271 6 Bytes PUSH 003D19D1; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] WININET.dll!InternetSetFilePointer 75AE5A11 6 Bytes PUSH 003D1A50; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] WININET.dll!HttpSendRequestExA 75AFA6DA 6 Bytes PUSH 003D1803; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] WININET.dll!HttpSendRequestExW 75AFA733 6 Bytes PUSH 003D1766; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] WININET.dll!HttpEndRequestA 75AFA7E2 6 Bytes PUSH 003D18A0; RET
.text C:\Program Files\sony\Network Utility\LANUtil.exe[1596] WININET.dll!HttpEndRequestW 75AFA814 6 Bytes PUSH 003D18EB; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] ntdll.dll!LdrLoadDll + 1 77329379 3 Bytes [E1, 39, 51] {LOOPZ 0x3b; PUSH ECX}
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] ntdll.dll!LdrLoadDll + 5 7732937D 1 Byte [C3]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] ntdll.dll!NtCreateUserProcess 77365674 4 Bytes [68, BC, 38, 51]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] ntdll.dll!NtCreateUserProcess + 5 77365679 1 Byte [C3]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] kernel32.dll!GetFileAttributesExW 77189C45 6 Bytes PUSH 00513C4A; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] kernel32.dll!ExitProcess 771B43B4 6 Bytes PUSH 00513C09; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] ADVAPI32.dll!CreateProcessAsUserA 759ACEB9 6 Bytes PUSH 00513CB0; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] ADVAPI32.dll!CreateProcessAsUserW 759C1EE9 6 Bytes PUSH 00513CC7; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!RegisterClassExA 770D61E1 6 Bytes PUSH 00516CF4; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!GetUpdateRgn 770D85E4 6 Bytes PUSH 0051FAD5; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!GetMessagePos 770D9071 6 Bytes PUSH 0050FE2F; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!GetCapture 770DA986 6 Bytes PUSH 0050FF8F; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!SwitchDesktop 770DB8D2 6 Bytes PUSH 005168E6; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!OpenInputDesktop 770DBCE6 4 Bytes [68, 96, 68, 51]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!OpenInputDesktop + 5 770DBCEB 1 Byte [C3]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!GetUpdateRect 770DD3E0 6 Bytes PUSH 0051FA42; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!RegisterClassExW 770DDA30 6 Bytes PUSH 00516CA2; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!DefWindowProcA 770DDB88 6 Bytes PUSH 0051694A; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!RegisterClassA 770DDF42 6 Bytes PUSH 00516C55; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!RegisterClassW 770DE1AB 6 Bytes PUSH 00516C08; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!GetWindowDC 770E3BA7 4 Bytes [68, C3, F9, 51]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!GetWindowDC + 5 770E3BAC 1 Byte [C3]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!DefDlgProcW 770E4A11 6 Bytes PUSH 00516990; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!GetDCEx 770E4D22 4 Bytes [68, 29, F9, 51]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!GetDCEx + 5 770E4D27 1 Byte [C3]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!PeekMessageA 770E8343 6 Bytes PUSH 005100A9; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!GetMessageA 770E8AB3 6 Bytes PUSH 00510056; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!GetDC 770E9C31 4 Bytes [68, 84, F9, 51]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!GetDC + 5 770E9C36 1 Byte [C3]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!ReleaseDC 770E9CED 6 Bytes PUSH 0051FA02; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!EndPaint 770EA28F 4 Bytes JMP 3A0EF48C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!EndPaint + 5 770EA294 1 Byte [C3]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!BeginPaint 770EA2A3 4 Bytes [68, 79, F8, 51]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!BeginPaint + 5 770EA2A8 1 Byte [C3]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!GetMessageW 770EFEF7 6 Bytes PUSH 0051002E; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!TranslateMessage 770F01AD 6 Bytes PUSH 0051A41D; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!DefWindowProcW 770F03B4 6 Bytes PUSH 00516904; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!PeekMessageW 770F045A 6 Bytes PUSH 0051007E; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!CallWindowProcW 770F095E 6 Bytes PUSH 00516B3A; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!GetCursorPos 770F0B88 6 Bytes PUSH 0050FE61; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!DefDlgProcA 770F26B8 6 Bytes PUSH 005169D6; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!DefMDIChildProcA 770FB031 6 Bytes PUSH 00516AF4; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!DefFrameProcA 770FB24F 6 Bytes PUSH 00516A65; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!CallWindowProcA 770FB73E 6 Bytes PUSH 00516B83; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!DefFrameProcW 770FD1F9 6 Bytes PUSH 00516A1C; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!DefMDIChildProcW 770FD4F6 6 Bytes PUSH 00516AAE; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!ReleaseCapture 771030A2 6 Bytes PUSH 0050FF3F; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!SetCapture 771030AF 4 Bytes [68, E5, FE, 50]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!SetCapture + 5 771030B4 1 Byte [C3]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!SetCursorPos 77116FB2 6 Bytes PUSH 0050FEA8; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!GetClipboardData 7711715A 6 Bytes PUSH 0051A5CC; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] WININET.dll!InternetReadFile 75A8655B 6 Bytes PUSH 005219A3; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] WININET.dll!HttpQueryInfoA 75A8879D 6 Bytes PUSH 00521AD6; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] WININET.dll!InternetCloseHandle 75A89098 6 Bytes PUSH 00521936; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] WININET.dll!InternetQueryDataAvailable 75A8BF93 6 Bytes PUSH 00521AAA; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] WININET.dll!HttpOpenRequestA 75A8D518 6 Bytes PUSH 00521678; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] WININET.dll!HttpSendRequestW 75A8FACE 6 Bytes PUSH 005216BC; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] WININET.dll!HttpOpenRequestW 75A8FC0B 6 Bytes PUSH 00521634; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] WININET.dll!HttpSendRequestA 75A9EEA1 6 Bytes PUSH 00521711; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] WININET.dll!InternetReadFileExA 75AA3271 6 Bytes PUSH 005219D1; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] WININET.dll!InternetSetFilePointer 75AE5A11 6 Bytes PUSH 00521A50; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] WININET.dll!HttpSendRequestExA 75AFA6DA 6 Bytes PUSH 00521803; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] WININET.dll!HttpSendRequestExW 75AFA733 6 Bytes PUSH 00521766; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] WININET.dll!HttpEndRequestA 75AFA7E2 6 Bytes PUSH 005218A0; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] WININET.dll!HttpEndRequestW 75AFA814 6 Bytes PUSH 005218EB; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] WS2_32.dll!closesocket 75CC330C 6 Bytes PUSH 0050F57B; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] WS2_32.dll!getaddrinfo 75CC418A 6 Bytes PUSH 0050F18C; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] WS2_32.dll!WSASend 75CC4496 6 Bytes PUSH 0050F5D4; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] WS2_32.dll!send 75CC659B 6 Bytes PUSH 0050F5B3; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] WS2_32.dll!gethostbyname 75CD62D4 6 Bytes PUSH 0050F11C; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] CRYPT32.dll!PFXImportCertStore 7534989D 6 Bytes PUSH 00521D51; RET
.text C:\Windows\ehome\ehtray.exe[2416] ntdll.dll!LdrLoadDll + 1 77329379 3 Bytes [E1, 39, 89]
.text C:\Windows\ehome\ehtray.exe[2416] ntdll.dll!LdrLoadDll + 5 7732937D 1 Byte [C3]
.text C:\Windows\ehome\ehtray.exe[2416] ntdll.dll!NtCreateUserProcess 77365674 4 Bytes [68, BC, 38, 89]
.text C:\Windows\ehome\ehtray.exe[2416] ntdll.dll!NtCreateUserProcess + 5 77365679 1 Byte [C3]
.text C:\Windows\ehome\ehtray.exe[2416] kernel32.dll!GetFileAttributesExW 77189C45 6 Bytes PUSH 00893C4A; RET
.text C:\Windows\ehome\ehtray.exe[2416] kernel32.dll!ExitProcess 771B43B4 6 Bytes PUSH 00893C09; RET
.text C:\Windows\ehome\ehtray.exe[2416] ADVAPI32.dll!CreateProcessAsUserA 759ACEB9 6 Bytes PUSH 00893CB0; RET
.text C:\Windows\ehome\ehtray.exe[2416] ADVAPI32.dll!CreateProcessAsUserW 759C1EE9 6 Bytes PUSH 00893CC7; RET
.text C:\Windows\ehome\ehtray.exe[2416] USER32.dll!RegisterClassExA 770D61E1 6 Bytes PUSH 00896CF4; RET
.text C:\Windows\ehome\ehtray.exe[2416] USER32.dll!GetUpdateRgn 770D85E4 6 Bytes PUSH 0089FAD5; RET
.text C:\Windows\ehome\ehtray.exe[2416] USER32.dll!GetMessagePos 770D9071 6 Bytes PUSH 0088FE2F; RET
.text C:\Windows\ehome\ehtray.exe[2416] USER32.dll!GetCapture 770DA986 6 Bytes PUSH 0088FF8F; RET
.text C:\Windows\ehome\ehtray.exe[2416] USER32.dll!SwitchDesktop 770DB8D2 6 Bytes PUSH 008968E6; RET
.text C:\Windows\ehome\ehtray.exe[2416] USER32.dll!OpenInputDesktop 770DBCE6 4 Bytes [68, 96, 68, 89]
.text C:\Windows\ehome\ehtray.exe[2416] USER32.dll!OpenInputDesktop + 5 770DBCEB 1 Byte [C3]
.text C:\Windows\ehome\ehtray.exe[2416] USER32.dll!GetUpdateRect 770DD3E0 6 Bytes PUSH 0089FA42; RET
.text C:\Windows\ehome\ehtray.exe[2416] USER32.dll!RegisterClassExW 770DDA30 6 Bytes PUSH 00896CA2; RET
.text C:\Windows\ehome\ehtray.exe[2416] USER32.dll!DefWindowProcA 770DDB88 6 Bytes PUSH 0089694A; RET
.text C:\Windows\ehome\ehtray.exe[2416] USER32.dll!RegisterClassA 770DDF42 6 Bytes PUSH 00896C55; RET
.text C:\Windows\ehome\ehtray.exe[2416] USER32.dll!RegisterClassW 770DE1AB 6 Bytes PUSH 00896C08; RET
.text C:\Windows\ehome\ehtray.exe[2416] USER32.dll!GetWindowDC 770E3BA7 4 Bytes [68, C3, F9, 89]
.text C:\Windows\ehome\ehtray.exe[2416] USER32.dll!GetWindowDC + 5 770E3BAC 1 Byte [C3]
.text C:\Windows\ehome\ehtray.exe[2416] USER32.dll!DefDlgProcW 770E4A11 6 Bytes PUSH 00896990; RET
.text C:\Windows\ehome\ehtray.exe[2416] USER32.dll!GetDCEx 770E4D22 4 Bytes [68, 29, F9, 89]
.text C:\Windows\ehome\ehtray.exe[2416] USER32.dll!GetDCEx + 5 770E4D27 1 Byte [C3]
.text C:\Windows\ehome\ehtray.exe[2416] USER32.dll!PeekMessageA 770E8343 6 Bytes PUSH 008900A9; RET
.text C:\Windows\ehome\ehtray.exe[2416] USER32.dll!GetMessageA 770E8AB3 6 Bytes PUSH 00890056; RET
.text C:\Windows\ehome\ehtray.exe[2416] USER32.dll!GetDC 770E9C31 4 Bytes [68, 84, F9, 89]
.text C:\Windows\ehome\ehtray.exe[2416] USER32.dll!GetDC + 5 770E9C36 1 Byte [C3]
.text C:\Windows\ehome\ehtray.exe[2416] USER32.dll!ReleaseDC 770E9CED 6 Bytes PUSH 0089FA02; RET
.text C:\Windows\ehome\ehtray.exe[2416] USER32.dll!EndPaint 770EA28F 4 Bytes JMP 3A0F2C8C
.text C:\Windows\ehome\ehtray.exe[2416] USER32.dll!EndPaint + 5 770EA294 1 Byte [C3]
.text C:\Windows\ehome\ehtray.exe[2416] USER32.dll!BeginPaint 770EA2A3 4 Bytes [68, 79, F8, 89]
.text C:\Windows\ehome\ehtray.exe[2416] USER32.dll!BeginPaint + 5 770EA2A8 1 Byte [C3]
.text C:\Windows\ehome\ehtray.exe[2416] USER32.dll!GetMessageW 770EFEF7 6 Bytes PUSH 0089002E; RET
.text C:\Windows\ehome\ehtray.exe[2416] USER32.dll!TranslateMessage 770F01AD 6 Bytes PUSH 0089A41D; RET
.text C:\Windows\ehome\ehtray.exe[2416] USER32.dll!DefWindowProcW 770F03B4 6 Bytes PUSH 00896904; RET
.text C:\Windows\ehome\ehtray.exe[2416] USER32.dll!PeekMessageW 770F045A 6 Bytes PUSH 0089007E; RET
.text C:\Windows\ehome\ehtray.exe[2416] USER32.dll!CallWindowProcW 770F095E 6 Bytes PUSH 00896B3A; RET
.text C:\Windows\ehome\ehtray.exe[2416] USER32.dll!GetCursorPos 770F0B88 6 Bytes PUSH 0088FE61; RET
.text C:\Windows\ehome\ehtray.exe[2416] USER32.dll!DefDlgProcA 770F26B8 6 Bytes PUSH 008969D6; RET
.text C:\Windows\ehome\ehtray.exe[2416] USER32.dll!DefMDIChildProcA 770FB031 6 Bytes PUSH 00896AF4; RET
.text C:\Windows\ehome\ehtray.exe[2416] USER32.dll!DefFrameProcA 770FB24F 6 Bytes PUSH 00896A65; RET
.text C:\Windows\ehome\ehtray.exe[2416] USER32.dll!CallWindowProcA 770FB73E 6 Bytes PUSH 00896B83; RET
.text C:\Windows\ehome\ehtray.exe[2416] USER32.dll!DefFrameProcW 770FD1F9 6 Bytes PUSH 00896A1C; RET
.text C:\Windows\ehome\ehtray.exe[2416] USER32.dll!DefMDIChildProcW 770FD4F6 6 Bytes PUSH 00896AAE; RET
.text C:\Windows\ehome\ehtray.exe[2416] USER32.dll!ReleaseCapture 771030A2 6 Bytes PUSH 0088FF3F; RET
.text C:\Windows\ehome\ehtray.exe[2416] USER32.dll!SetCapture 771030AF 4 Bytes [68, E5, FE, 88]
.text C:\Windows\ehome\ehtray.exe[2416] USER32.dll!SetCapture + 5 771030B4 1 Byte [C3]
.text C:\Windows\ehome\ehtray.exe[2416] USER32.dll!SetCursorPos 77116FB2 6 Bytes PUSH 0088FEA8; RET
.text C:\Windows\ehome\ehtray.exe[2416] USER32.dll!GetClipboardData 7711715A 6 Bytes PUSH 0089A5CC; RET
.text C:\Windows\ehome\ehtray.exe[2416] WS2_32.dll!closesocket 75CC330C 6 Bytes PUSH 0088F57B; RET
.text C:\Windows\ehome\ehtray.exe[2416] WS2_32.dll!getaddrinfo 75CC418A 6 Bytes PUSH 0088F18C; RET
.text C:\Windows\ehome\ehtray.exe[2416] WS2_32.dll!WSASend 75CC4496 6 Bytes PUSH 0088F5D4; RET
.text C:\Windows\ehome\ehtray.exe[2416] WS2_32.dll!send 75CC659B 6 Bytes PUSH 0088F5B3; RET
.text C:\Windows\ehome\ehtray.exe[2416] WS2_32.dll!gethostbyname 75CD62D4 6 Bytes PUSH 0088F11C; RET
.text C:\Windows\ehome\ehtray.exe[2416] CRYPT32.dll!PFXImportCertStore 7534989D 6 Bytes PUSH 008A1D51; RET
.text C:\Windows\ehome\ehtray.exe[2416] WININET.dll!InternetReadFile 75A8655B 6 Bytes PUSH 008A19A3; RET
.text C:\Windows\ehome\ehtray.exe[2416] WININET.dll!HttpQueryInfoA 75A8879D 6 Bytes PUSH 008A1AD6; RET
.text C:\Windows\ehome\ehtray.exe[2416] WININET.dll!InternetCloseHandle 75A89098 6 Bytes PUSH 008A1936; RET
.text C:\Windows\ehome\ehtray.exe[2416] WININET.dll!InternetQueryDataAvailable 75A8BF93 6 Bytes PUSH 008A1AAA; RET
.text C:\Windows\ehome\ehtray.exe[2416] WININET.dll!HttpOpenRequestA 75A8D518 6 Bytes PUSH 008A1678; RET
.text C:\Windows\ehome\ehtray.exe[2416] WININET.dll!HttpSendRequestW 75A8FACE 6 Bytes PUSH 008A16BC; RET
.text C:\Windows\ehome\ehtray.exe[2416] WININET.dll!HttpOpenRequestW 75A8FC0B 6 Bytes PUSH 008A1634; RET
.text C:\Windows\ehome\ehtray.exe[2416] WININET.dll!HttpSendRequestA 75A9EEA1 6 Bytes PUSH 008A1711; RET
.text C:\Windows\ehome\ehtray.exe[2416] WININET.dll!InternetReadFileExA 75AA3271 6 Bytes PUSH 008A19D1; RET
.text C:\Windows\ehome\ehtray.exe[2416] WININET.dll!InternetSetFilePointer 75AE5A11 6 Bytes PUSH 008A1A50; RET
.text C:\Windows\ehome\ehtray.exe[2416] WININET.dll!HttpSendRequestExA 75AFA6DA 6 Bytes PUSH 008A1803; RET
.text C:\Windows\ehome\ehtray.exe[2416] WININET.dll!HttpSendRequestExW 75AFA733 6 Bytes PUSH 008A1766; RET
.text C:\Windows\ehome\ehtray.exe[2416] WININET.dll!HttpEndRequestA 75AFA7E2 6 Bytes PUSH 008A18A0; RET
.text C:\Windows\ehome\ehtray.exe[2416] WININET.dll!HttpEndRequestW 75AFA814 6 Bytes PUSH 008A18EB; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] ntdll.dll!LdrLoadDll + 1 77329379 3 Bytes [E1, 39, 3D]
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] ntdll.dll!LdrLoadDll + 5 7732937D 1 Byte [C3]
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] ntdll.dll!NtCreateUserProcess 77365674 4 Bytes [68, BC, 38, 3D]
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] ntdll.dll!NtCreateUserProcess + 5 77365679 1 Byte [C3]
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] kernel32.dll!GetFileAttributesExW 77189C45 6 Bytes PUSH 003D3C4A; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] kernel32.dll!ExitProcess 771B43B4 6 Bytes PUSH 003D3C09; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!RegisterClassExA 770D61E1 6 Bytes PUSH 003D6CF4; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!GetUpdateRgn 770D85E4 6 Bytes PUSH 003DFAD5; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!GetMessagePos 770D9071 6 Bytes PUSH 003CFE2F; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!GetCapture 770DA986 6 Bytes PUSH 003CFF8F; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!SwitchDesktop 770DB8D2 6 Bytes PUSH 003D68E6; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!OpenInputDesktop 770DBCE6 4 Bytes [68, 96, 68, 3D]
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!OpenInputDesktop + 5 770DBCEB 1 Byte [C3]
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!GetUpdateRect 770DD3E0 6 Bytes PUSH 003DFA42; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!RegisterClassExW 770DDA30 6 Bytes PUSH 003D6CA2; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!DefWindowProcA 770DDB88 6 Bytes PUSH 003D694A; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!RegisterClassA 770DDF42 6 Bytes PUSH 003D6C55; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!RegisterClassW 770DE1AB 6 Bytes PUSH 003D6C08; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!GetWindowDC 770E3BA7 4 Bytes [68, C3, F9, 3D]
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!GetWindowDC + 5 770E3BAC 1 Byte [C3]
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!DefDlgProcW 770E4A11 6 Bytes PUSH 003D6990; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!GetDCEx 770E4D22 4 Bytes [68, 29, F9, 3D]
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!GetDCEx + 5 770E4D27 1 Byte [C3]
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!PeekMessageA 770E8343 6 Bytes PUSH 003D00A9; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!GetMessageA 770E8AB3 6 Bytes PUSH 003D0056; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!GetDC 770E9C31 4 Bytes [68, 84, F9, 3D]
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!GetDC + 5 770E9C36 1 Byte [C3]
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!ReleaseDC 770E9CED 6 Bytes PUSH 003DFA02; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!EndPaint 770EA28F 4 Bytes JMP 3A0EE08C
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!EndPaint + 5 770EA294 1 Byte [C3]
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!BeginPaint 770EA2A3 4 Bytes [68, 79, F8, 3D]
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!BeginPaint + 5 770EA2A8 1 Byte [C3]
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!GetMessageW 770EFEF7 6 Bytes PUSH 003D002E; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!TranslateMessage 770F01AD 6 Bytes PUSH 003DA41D; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!DefWindowProcW 770F03B4 6 Bytes PUSH 003D6904; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!PeekMessageW 770F045A 6 Bytes PUSH 003D007E; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!CallWindowProcW 770F095E 6 Bytes PUSH 003D6B3A; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!GetCursorPos 770F0B88 6 Bytes PUSH 003CFE61; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!DefDlgProcA 770F26B8 6 Bytes PUSH 003D69D6; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!DefMDIChildProcA 770FB031 6 Bytes PUSH 003D6AF4; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!DefFrameProcA 770FB24F 6 Bytes PUSH 003D6A65; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!CallWindowProcA 770FB73E 6 Bytes PUSH 003D6B83; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!DefFrameProcW 770FD1F9 6 Bytes PUSH 003D6A1C; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!DefMDIChildProcW 770FD4F6 6 Bytes PUSH 003D6AAE; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!ReleaseCapture 771030A2 6 Bytes PUSH 003CFF3F; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!SetCapture 771030AF 4 Bytes [68, E5, FE, 3C]
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!SetCapture + 5 771030B4 1 Byte [C3]
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!SetCursorPos 77116FB2 6 Bytes PUSH 003CFEA8; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!GetClipboardData 7711715A 6 Bytes PUSH 003DA5CC; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] ADVAPI32.dll!CreateProcessAsUserA 759ACEB9 6 Bytes PUSH 003D3CB0; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] ADVAPI32.dll!CreateProcessAsUserW 759C1EE9 6 Bytes PUSH 003D3CC7; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] WS2_32.dll!closesocket 75CC330C 6 Bytes PUSH 003CF57B; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] WS2_32.dll!getaddrinfo 75CC418A 6 Bytes PUSH 003CF18C; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] WS2_32.dll!WSASend 75CC4496 6 Bytes PUSH 003CF5D4; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] WS2_32.dll!send 75CC659B 6 Bytes PUSH 003CF5B3; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] WS2_32.dll!gethostbyname 75CD62D4 6 Bytes PUSH 003CF11C; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] CRYPT32.dll!PFXImportCertStore 7534989D 6 Bytes PUSH 003E1D51; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] WININET.dll!InternetReadFile 75A8655B 6 Bytes PUSH 003E19A3; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] WININET.dll!HttpQueryInfoA 75A8879D 6 Bytes PUSH 003E1AD6; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] WININET.dll!InternetCloseHandle 75A89098 6 Bytes PUSH 003E1936; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] WININET.dll!InternetQueryDataAvailable 75A8BF93 6 Bytes PUSH 003E1AAA; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] WININET.dll!HttpOpenRequestA 75A8D518 6 Bytes PUSH 003E1678; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] WININET.dll!HttpSendRequestW 75A8FACE 6 Bytes PUSH 003E16BC; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] WININET.dll!HttpOpenRequestW 75A8FC0B 6 Bytes PUSH 003E1634; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] WININET.dll!HttpSendRequestA 75A9EEA1 6 Bytes PUSH 003E1711; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] WININET.dll!InternetReadFileExA 75AA3271 6 Bytes PUSH 003E19D1; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] WININET.dll!InternetSetFilePointer 75AE5A11 6 Bytes PUSH 003E1A50; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] WININET.dll!HttpSendRequestExA 75AFA6DA 6 Bytes PUSH 003E1803; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] WININET.dll!HttpSendRequestExW 75AFA733 6 Bytes PUSH 003E1766; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] WININET.dll!HttpEndRequestA 75AFA7E2 6 Bytes PUSH 003E18A0; RET
.text C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] WININET.dll!HttpEndRequestW 75AFA814 6 Bytes PUSH 003E18EB; RET
.text C:\Windows\system32\Dwm.exe[2548] ntdll.dll!LdrLoadDll + 1 77329379 5 Bytes [E1, 39, F9, 01, C3] {LOOPZ 0x3b; STC ; ADD EBX, EAX}
.text C:\Windows\system32\Dwm.exe[2548] ntdll.dll!NtCreateUserProcess 77365674 6 Bytes PUSH 01F938BC; RET
.text C:\Windows\system32\Dwm.exe[2548] kernel32.dll!GetFileAttributesExW 77189C45 6 Bytes PUSH 01F93C4A; RET
.text C:\Windows\system32\Dwm.exe[2548] kernel32.dll!ExitProcess 771B43B4 6 Bytes PUSH 01F93C09; RET
.text C:\Windows\system32\Dwm.exe[2548] ADVAPI32.dll!CreateProcessAsUserA 759ACEB9 6 Bytes PUSH 01F93CB0; RET
.text C:\Windows\system32\Dwm.exe[2548] ADVAPI32.dll!CreateProcessAsUserW 759C1EE9 6 Bytes PUSH 01F93CC7; RET
.text C:\Windows\system32\Dwm.exe[2548] USER32.dll!RegisterClassExA 770D61E1 6 Bytes PUSH 01F96CF4; RET
.text C:\Windows\system32\Dwm.exe[2548] USER32.dll!GetUpdateRgn 770D85E4 6 Bytes PUSH 01F9FAD5; RET
.text C:\Windows\system32\Dwm.exe[2548] USER32.dll!GetMessagePos 770D9071 6 Bytes PUSH 01F8FE2F; RET
.text C:\Windows\system32\Dwm.exe[2548] USER32.dll!GetCapture 770DA986 6 Bytes PUSH 01F8FF8F; RET
.text C:\Windows\system32\Dwm.exe[2548] USER32.dll!SwitchDesktop 770DB8D2 6 Bytes PUSH 01F968E6; RET
.text C:\Windows\system32\Dwm.exe[2548] USER32.dll!OpenInputDesktop 770DBCE6 6 Bytes PUSH 01F96896; RET
.text C:\Windows\system32\Dwm.exe[2548] USER32.dll!GetUpdateRect 770DD3E0 6 Bytes PUSH 01F9FA42; RET
.text C:\Windows\system32\Dwm.exe[2548] USER32.dll!RegisterClassExW 770DDA30 6 Bytes PUSH 01F96CA2; RET
.text C:\Windows\system32\Dwm.exe[2548] USER32.dll!DefWindowProcA 770DDB88 6 Bytes PUSH 01F9694A; RET
.text C:\Windows\system32\Dwm.exe[2548] USER32.dll!RegisterClassA 770DDF42 6 Bytes PUSH 01F96C55; RET
.text C:\Windows\system32\Dwm.exe[2548] USER32.dll!RegisterClassW 770DE1AB 6 Bytes PUSH 01F96C08; RET
.text C:\Windows\system32\Dwm.exe[2548] USER32.dll!GetWindowDC 770E3BA7 6 Bytes PUSH 01F9F9C3; RET
.text C:\Windows\system32\Dwm.exe[2548] USER32.dll!DefDlgProcW 770E4A11 6 Bytes PUSH 01F96990; RET
.text C:\Windows\system32\Dwm.exe[2548] USER32.dll!GetDCEx 770E4D22 6 Bytes PUSH 01F9F929; RET
.text C:\Windows\system32\Dwm.exe[2548] USER32.dll!PeekMessageA 770E8343 6 Bytes PUSH 01F900A9; RET
.text C:\Windows\system32\Dwm.exe[2548] USER32.dll!GetMessageA 770E8AB3 6 Bytes PUSH 01F90056; RET
.text C:\Windows\system32\Dwm.exe[2548] USER32.dll!GetDC 770E9C31 6 Bytes PUSH 01F9F984; RET
.text C:\Windows\system32\Dwm.exe[2548] USER32.dll!ReleaseDC 770E9CED 6 Bytes PUSH 01F9FA02; RET
.text C:\Windows\system32\Dwm.exe[2548] USER32.dll!EndPaint 770EA28F 6 Bytes JMP 3A109C8C
.text C:\Windows\system32\Dwm.exe[2548] USER32.dll!BeginPaint 770EA2A3 6 Bytes PUSH 01F9F879; RET
.text C:\Windows\system32\Dwm.exe[2548] USER32.dll!GetMessageW 770EFEF7 6 Bytes PUSH 01F9002E; RET
.text C:\Windows\system32\Dwm.exe[2548] USER32.dll!TranslateMessage 770F01AD 6 Bytes PUSH 01F9A41D; RET
.text C:\Windows\system32\Dwm.exe[2548] USER32.dll!DefWindowProcW 770F03B4 6 Bytes PUSH 01F96904; RET
.text C:\Windows\system32\Dwm.exe[2548] USER32.dll!PeekMessageW 770F045A 6 Bytes PUSH 01F9007E; RET
.text C:\Windows\system32\Dwm.exe[2548] USER32.dll!CallWindowProcW 770F095E 6 Bytes PUSH 01F96B3A; RET
.text C:\Windows\system32\Dwm.exe[2548] USER32.dll!GetCursorPos 770F0B88 6 Bytes PUSH 01F8FE61; RET
.text C:\Windows\system32\Dwm.exe[2548] USER32.dll!DefDlgProcA 770F26B8 6 Bytes PUSH 01F969D6; RET
.text C:\Windows\system32\Dwm.exe[2548] USER32.dll!DefMDIChildProcA 770FB031 6 Bytes PUSH 01F96AF4; RET
.text C:\Windows\system32\Dwm.exe[2548] USER32.dll!DefFrameProcA 770FB24F 6 Bytes PUSH 01F96A65; RET
.text C:\Windows\system32\Dwm.exe[2548] USER32.dll!CallWindowProcA 770FB73E 6 Bytes PUSH 01F96B83; RET
.text C:\Windows\system32\Dwm.exe[2548] USER32.dll!DefFrameProcW 770FD1F9 6 Bytes PUSH 01F96A1C; RET
.text C:\Windows\system32\Dwm.exe[2548] USER32.dll!DefMDIChildProcW 770FD4F6 6 Bytes PUSH 01F96AAE; RET
.text C:\Windows\system32\Dwm.exe[2548] USER32.dll!ReleaseCapture 771030A2 6 Bytes PUSH 01F8FF3F; RET
.text C:\Windows\system32\Dwm.exe[2548] USER32.dll!SetCapture 771030AF 6 Bytes PUSH 01F8FEE5; RET
.text C:\Windows\system32\Dwm.exe[2548] USER32.dll!SetCursorPos 77116FB2 6 Bytes PUSH 01F8FEA8; RET
.text C:\Windows\system32\Dwm.exe[2548] USER32.dll!GetClipboardData 7711715A 6 Bytes PUSH 01F9A5CC; RET
.text C:\Windows\system32\Dwm.exe[2548] WS2_32.dll!closesocket 75CC330C 6 Bytes PUSH 01F8F57B; RET
.text C:\Windows\system32\Dwm.exe[2548] WS2_32.dll!getaddrinfo 75CC418A 6 Bytes PUSH 01F8F18C; RET
.text C:\Windows\system32\Dwm.exe[2548] WS2_32.dll!WSASend 75CC4496 6 Bytes PUSH 01F8F5D4; RET
.text C:\Windows\system32\Dwm.exe[2548] WS2_32.dll!send 75CC659B 6 Bytes PUSH 01F8F5B3; RET
.text C:\Windows\system32\Dwm.exe[2548] WS2_32.dll!gethostbyname 75CD62D4 6 Bytes PUSH 01F8F11C; RET
.text C:\Windows\system32\Dwm.exe[2548] CRYPT32.dll!PFXImportCertStore 7534989D 6 Bytes PUSH 01FA1D51; RET
.text C:\Windows\system32\Dwm.exe[2548] WININET.dll!InternetReadFile 75A8655B 6 Bytes PUSH 01FA19A3; RET
.text C:\Windows\system32\Dwm.exe[2548] WININET.dll!HttpQueryInfoA 75A8879D 6 Bytes PUSH 01FA1AD6; RET
.text C:\Windows\system32\Dwm.exe[2548] WININET.dll!InternetCloseHandle 75A89098 6 Bytes PUSH 01FA1936; RET
.text C:\Windows\system32\Dwm.exe[2548] WININET.dll!InternetQueryDataAvailable 75A8BF93 6 Bytes PUSH 01FA1AAA; RET
.text C:\Windows\system32\Dwm.exe[2548] WININET.dll!HttpOpenRequestA 75A8D518 6 Bytes PUSH 01FA1678; RET
.text C:\Windows\system32\Dwm.exe[2548] WININET.dll!HttpSendRequestW 75A8FACE 6 Bytes PUSH 01FA16BC; RET
.text C:\Windows\system32\Dwm.exe[2548] WININET.dll!HttpOpenRequestW 75A8FC0B 6 Bytes PUSH 01FA1634; RET
.text C:\Windows\system32\Dwm.exe[2548] WININET.dll!HttpSendRequestA 75A9EEA1 6 Bytes PUSH 01FA1711; RET
.text C:\Windows\system32\Dwm.exe[2548] WININET.dll!InternetReadFileExA 75AA3271 6 Bytes PUSH 01FA19D1; RET
.text C:\Windows\system32\Dwm.exe[2548] WININET.dll!InternetSetFilePointer 75AE5A11 6 Bytes PUSH 01FA1A50; RET
.text C:\Windows\system32\Dwm.exe[2548] WININET.dll!HttpSendRequestExA 75AFA6DA 6 Bytes PUSH 01FA1803; RET
.text C:\Windows\system32\Dwm.exe[2548] WININET.dll!HttpSendRequestExW 75AFA733 6 Bytes PUSH 01FA1766; RET
.text C:\Windows\system32\Dwm.exe[2548] WININET.dll!HttpEndRequestA 75AFA7E2 6 Bytes PUSH 01FA18A0; RET
.text C:\Windows\system32\Dwm.exe[2548] WININET.dll!HttpEndRequestW 75AFA814 6 Bytes PUSH 01FA18EB; RET
.text C:\Windows\system32\taskeng.exe[2596] ntdll.dll!LdrLoadDll + 1 77329379 5 Bytes [E1, 39, 77, 02, C3] {LOOPZ 0x3b; JA 0x6; RET }
.text C:\Windows\system32\taskeng.exe[2596] ntdll.dll!NtCreateUserProcess 77365674 6 Bytes PUSH 027738BC; RET
.text C:\Windows\system32\taskeng.exe[2596] kernel32.dll!GetFileAttributesExW 77189C45 6 Bytes PUSH 02773C4A; RET
.text C:\Windows\system32\taskeng.exe[2596] kernel32.dll!ExitProcess 771B43B4 6 Bytes PUSH 02773C09; RET
.text C:\Windows\system32\taskeng.exe[2596] ADVAPI32.dll!CreateProcessAsUserA 759ACEB9 6 Bytes PUSH 02773CB0; RET
.text C:\Windows\system32\taskeng.exe[2596] ADVAPI32.dll!CreateProcessAsUserW 759C1EE9 6 Bytes PUSH 02773CC7; RET
.text C:\Windows\system32\taskeng.exe[2596] USER32.dll!RegisterClassExA 770D61E1 6 Bytes PUSH 02776CF4; RET
.text C:\Windows\system32\taskeng.exe[2596] USER32.dll!GetUpdateRgn 770D85E4 6 Bytes PUSH 0277FAD5; RET
.text C:\Windows\system32\taskeng.exe[2596] USER32.dll!GetMessagePos 770D9071 6 Bytes PUSH 0276FE2F; RET
.text C:\Windows\system32\taskeng.exe[2596] USER32.dll!GetCapture 770DA986 6 Bytes PUSH 0276FF8F; RET
.text C:\Windows\system32\taskeng.exe[2596] USER32.dll!SwitchDesktop 770DB8D2 6 Bytes PUSH 027768E6; RET
.text C:\Windows\system32\taskeng.exe[2596] USER32.dll!OpenInputDesktop 770DBCE6 6 Bytes PUSH 02776896; RET
.text C:\Windows\system32\taskeng.exe[2596] USER32.dll!GetUpdateRect 770DD3E0 6 Bytes PUSH 0277FA42; RET
.text C:\Windows\system32\taskeng.exe[2596] USER32.dll!RegisterClassExW 770DDA30 6 Bytes PUSH 02776CA2; RET
.text C:\Windows\system32\taskeng.exe[2596] USER32.dll!DefWindowProcA 770DDB88 6 Bytes PUSH 0277694A; RET
.text C:\Windows\system32\taskeng.exe[2596] USER32.dll!RegisterClassA 770DDF42 6 Bytes PUSH 02776C55; RET
.text C:\Windows\system32\taskeng.exe[2596] USER32.dll!RegisterClassW 770DE1AB 6 Bytes PUSH 02776C08; RET
.text C:\Windows\system32\taskeng.exe[2596] USER32.dll!GetWindowDC 770E3BA7 6 Bytes PUSH 0277F9C3; RET
.text C:\Windows\system32\taskeng.exe[2596] USER32.dll!DefDlgProcW 770E4A11 6 Bytes PUSH 02776990; RET
.text C:\Windows\system32\taskeng.exe[2596] USER32.dll!GetDCEx 770E4D22 6 Bytes PUSH 0277F929; RET
.text C:\Windows\system32\taskeng.exe[2596] USER32.dll!PeekMessageA 770E8343 6 Bytes PUSH 027700A9; RET
.text C:\Windows\system32\taskeng.exe[2596] USER32.dll!GetMessageA 770E8AB3 6 Bytes PUSH 02770056; RET
.text C:\Windows\system32\taskeng.exe[2596] USER32.dll!GetDC 770E9C31 6 Bytes PUSH 0277F984; RET
.text C:\Windows\system32\taskeng.exe[2596] USER32.dll!ReleaseDC 770E9CED 6 Bytes PUSH 0277FA02; RET
.text C:\Windows\system32\taskeng.exe[2596] USER32.dll!EndPaint 770EA28F 6 Bytes JMP 3A111A8C
.text C:\Windows\system32\taskeng.exe[2596] USER32.dll!BeginPaint 770EA2A3 6 Bytes PUSH 0277F879; RET
.text C:\Windows\system32\taskeng.exe[2596] USER32.dll!GetMessageW 770EFEF7 6 Bytes PUSH 0277002E; RET
.text C:\Windows\system32\taskeng.exe[2596] USER32.dll!TranslateMessage 770F01AD 6 Bytes PUSH 0277A41D; RET
.text C:\Windows\system32\taskeng.exe[2596] USER32.dll!DefWindowProcW 770F03B4 6 Bytes PUSH 02776904; RET
.text C:\Windows\system32\taskeng.exe[2596] USER32.dll!PeekMessageW 770F045A 6 Bytes PUSH 0277007E; RET
.text C:\Windows\system32\taskeng.exe[2596] USER32.dll!CallWindowProcW 770F095E 6 Bytes PUSH 02776B3A; RET
.text C:\Windows\system32\taskeng.exe[2596] USER32.dll!GetCursorPos 770F0B88 6 Bytes PUSH 0276FE61; RET
.text C:\Windows\system32\taskeng.exe[2596] USER32.dll!DefDlgProcA 770F26B8 6 Bytes PUSH 027769D6; RET
.text C:\Windows\system32\taskeng.exe[2596] USER32.dll!DefMDIChildProcA 770FB031 6 Bytes PUSH 02776AF4; RET
.text C:\Windows\system32\taskeng.exe[2596] USER32.dll!DefFrameProcA 770FB24F 6 Bytes PUSH 02776A65; RET
.text C:\Windows\system32\taskeng.exe[2596] USER32.dll!CallWindowProcA 770FB73E 6 Bytes PUSH 02776B83; RET
.text C:\Windows\system32\taskeng.exe[2596] USER32.dll!DefFrameProcW 770FD1F9 6 Bytes PUSH 02776A1C; RET
.text C:\Windows\system32\taskeng.exe[2596] USER32.dll!DefMDIChildProcW 770FD4F6 6 Bytes PUSH 02776AAE; RET
.text C:\Windows\system32\taskeng.exe[2596] USER32.dll!ReleaseCapture 771030A2 6 Bytes PUSH 0276FF3F; RET
.text C:\Windows\system32\taskeng.exe[2596] USER32.dll!SetCapture 771030AF 6 Bytes PUSH 0276FEE5; RET
.text C:\Windows\system32\taskeng.exe[2596] USER32.dll!SetCursorPos 77116FB2 6 Bytes PUSH 0276FEA8; RET
.text C:\Windows\system32\taskeng.exe[2596] USER32.dll!GetClipboardData 7711715A 6 Bytes PUSH 0277A5CC; RET
.text C:\Windows\system32\taskeng.exe[2596] CRYPT32.dll!PFXImportCertStore 7534989D 6 Bytes PUSH 02781D51; RET
.text C:\Windows\system32\taskeng.exe[2596] WS2_32.dll!closesocket 75CC330C 6 Bytes PUSH 0276F57B; RET
.text C:\Windows\system32\taskeng.exe[2596] WS2_32.dll!getaddrinfo 75CC418A 6 Bytes PUSH 0276F18C; RET
.text C:\Windows\system32\taskeng.exe[2596] WS2_32.dll!WSASend 75CC4496 6 Bytes PUSH 0276F5D4; RET
.text C:\Windows\system32\taskeng.exe[2596] WS2_32.dll!send 75CC659B 6 Bytes PUSH 0276F5B3; RET
.text C:\Windows\system32\taskeng.exe[2596] WS2_32.dll!gethostbyname 75CD62D4 6 Bytes PUSH 0276F11C; RET
.text C:\Windows\system32\taskeng.exe[2596] WININET.dll!InternetReadFile 75A8655B 6 Bytes PUSH 027819A3; RET
.text C:\Windows\system32\taskeng.exe[2596] WININET.dll!HttpQueryInfoA 75A8879D 6 Bytes PUSH 02781AD6; RET
.text C:\Windows\system32\taskeng.exe[2596] WININET.dll!InternetCloseHandle 75A89098 6 Bytes PUSH 02781936; RET
.text C:\Windows\system32\taskeng.exe[2596] WININET.dll!InternetQueryDataAvailable 75A8BF93 6 Bytes PUSH 02781AAA; RET
.text C:\Windows\system32\taskeng.exe[2596] WININET.dll!HttpOpenRequestA 75A8D518 6 Bytes PUSH 02781678; RET
.text C:\Windows\system32\taskeng.exe[2596] WININET.dll!HttpSendRequestW 75A8FACE 6 Bytes PUSH 027816BC; RET
.text C:\Windows\system32\taskeng.exe[2596] WININET.dll!HttpOpenRequestW 75A8FC0B 6 Bytes PUSH 02781634; RET
.text C:\Windows\system32\taskeng.exe[2596] WININET.dll!HttpSendRequestA 75A9EEA1 6 Bytes PUSH 02781711; RET
.text C:\Windows\system32\taskeng.exe[2596] WININET.dll!InternetReadFileExA 75AA3271 6 Bytes PUSH 027819D1; RET
.text C:\Windows\system32\taskeng.exe[2596] WININET.dll!InternetSetFilePointer 75AE5A11 6 Bytes PUSH 02781A50; RET
.text C:\Windows\system32\taskeng.exe[2596] WININET.dll!HttpSendRequestExA 75AFA6DA 6 Bytes PUSH 02781803; RET
.text C:\Windows\system32\taskeng.exe[2596] WININET.dll!HttpSendRequestExW 75AFA733 6 Bytes PUSH 02781766; RET
.text C:\Windows\system32\taskeng.exe[2596] WININET.dll!HttpEndRequestA 75AFA7E2 6 Bytes PUSH 027818A0; RET
.text C:\Windows\system32\taskeng.exe[2596] WININET.dll!HttpEndRequestW 75AFA814 6 Bytes PUSH 027818EB; RET
.text C:\Windows\Explorer.EXE[2700] ntdll.dll!LdrLoadDll + 1 77329379 5 Bytes [E1, 39, B0, 03, C3] {LOOPZ 0x3b; MOV AL, 0x3; RET }
.text C:\Windows\Explorer.EXE[2700] ntdll.dll!NtCreateUserProcess 77365674 6 Bytes PUSH 03B038BC; RET
.text C:\Windows\Explorer.EXE[2700] kernel32.dll!GetFileAttributesExW 77189C45 6 Bytes PUSH 03B03C4A; RET
.text C:\Windows\Explorer.EXE[2700] kernel32.dll!ExitProcess 771B43B4 6 Bytes PUSH 03B03C09; RET
.text C:\Windows\Explorer.EXE[2700] ADVAPI32.dll!CreateProcessAsUserA 759ACEB9 6 Bytes PUSH 03B03CB0; RET
.text C:\Windows\Explorer.EXE[2700] ADVAPI32.dll!CreateProcessAsUserW 759C1EE9 6 Bytes PUSH 03B03CC7; RET
.text C:\Windows\Explorer.EXE[2700] USER32.dll!RegisterClassExA 770D61E1 6 Bytes PUSH 03B06CF4; RET
.text C:\Windows\Explorer.EXE[2700] USER32.dll!GetUpdateRgn 770D85E4 6 Bytes PUSH 03B0FAD5; RET
.text C:\Windows\Explorer.EXE[2700] USER32.dll!GetMessagePos 770D9071 6 Bytes PUSH 03AFFE2F; RET
.text C:\Windows\Explorer.EXE[2700] USER32.dll!GetCapture 770DA986 6 Bytes PUSH 03AFFF8F; RET
.text C:\Windows\Explorer.EXE[2700] USER32.dll!SwitchDesktop 770DB8D2 6 Bytes PUSH 03B068E6; RET
.text C:\Windows\Explorer.EXE[2700] USER32.dll!OpenInputDesktop 770DBCE6 6 Bytes PUSH 03B06896; RET
.text C:\Windows\Explorer.EXE[2700] USER32.dll!GetUpdateRect 770DD3E0 6 Bytes PUSH 03B0FA42; RET
.text C:\Windows\Explorer.EXE[2700] USER32.dll!RegisterClassExW 770DDA30 6 Bytes PUSH 03B06CA2; RET
.text C:\Windows\Explorer.EXE[2700] USER32.dll!DefWindowProcA 770DDB88 6 Bytes PUSH 03B0694A; RET
.text C:\Windows\Explorer.EXE[2700] USER32.dll!RegisterClassA 770DDF42 6 Bytes PUSH 03B06C55; RET
.text C:\Windows\Explorer.EXE[2700] USER32.dll!RegisterClassW 770DE1AB 6 Bytes PUSH 03B06C08; RET
.text C:\Windows\Explorer.EXE[2700] USER32.dll!GetWindowDC 770E3BA7 6 Bytes PUSH 03B0F9C3; RET
.text C:\Windows\Explorer.EXE[2700] USER32.dll!DefDlgProcW 770E4A11 6 Bytes PUSH 03B06990; RET
.text C:\Windows\Explorer.EXE[2700] USER32.dll!GetDCEx 770E4D22 6 Bytes PUSH 03B0F929; RET
.text C:\Windows\Explorer.EXE[2700] USER32.dll!PeekMessageA 770E8343 6 Bytes PUSH 03B000A9; RET
.text C:\Windows\Explorer.EXE[2700] USER32.dll!GetMessageA 770E8AB3 6 Bytes PUSH 03B00056; RET
.text C:\Windows\Explorer.EXE[2700] USER32.dll!GetDC 770E9C31 6 Bytes PUSH 03B0F984; RET
.text C:\Windows\Explorer.EXE[2700] USER32.dll!ReleaseDC 770E9CED 6 Bytes PUSH 03B0FA02; RET
.text C:\Windows\Explorer.EXE[2700] USER32.dll!EndPaint 770EA28F 6 Bytes JMP 3A12538C
.text C:\Windows\Explorer.EXE[2700] USER32.dll!BeginPaint 770EA2A3 6 Bytes PUSH 03B0F879; RET
.text C:\Windows\Explorer.EXE[2700] USER32.dll!GetMessageW 770EFEF7 6 Bytes PUSH 03B0002E; RET
.text C:\Windows\Explorer.EXE[2700] USER32.dll!TranslateMessage 770F01AD 6 Bytes PUSH 03B0A41D; RET
.text C:\Windows\Explorer.EXE[2700] USER32.dll!DefWindowProcW 770F03B4 6 Bytes PUSH 03B06904; RET
.text C:\Windows\Explorer.EXE[2700] USER32.dll!PeekMessageW 770F045A 6 Bytes PUSH 03B0007E; RET
.text C:\Windows\Explorer.EXE[2700] USER32.dll!CallWindowProcW 770F095E 6 Bytes PUSH 03B06B3A; RET
.text C:\Windows\Explorer.EXE[2700] USER32.dll!GetCursorPos 770F0B88 6 Bytes PUSH 03AFFE61; RET
.text C:\Windows\Explorer.EXE[2700] USER32.dll!DefDlgProcA 770F26B8 6 Bytes PUSH 03B069D6; RET
.text C:\Windows\Explorer.EXE[2700] USER32.dll!DefMDIChildProcA 770FB031 6 Bytes PUSH 03B06AF4; RET
.text C:\Windows\Explorer.EXE[2700] USER32.dll!DefFrameProcA 770FB24F 6 Bytes PUSH 03B06A65; RET
.text C:\Windows\Explorer.EXE[2700] USER32.dll!CallWindowProcA 770FB73E 6 Bytes PUSH 03B06B83; RET
.text C:\Windows\Explorer.EXE[2700] USER32.dll!DefFrameProcW 770FD1F9 6 Bytes PUSH 03B06A1C; RET
.text C:\Windows\Explorer.EXE[2700] USER32.dll!DefMDIChildProcW 770FD4F6 6 Bytes PUSH 03B06AAE; RET
.text C:\Windows\Explorer.EXE[2700] USER32.dll!ReleaseCapture 771030A2 6 Bytes PUSH 03AFFF3F; RET
.text C:\Windows\Explorer.EXE[2700] USER32.dll!SetCapture 771030AF 6 Bytes PUSH 03AFFEE5; RET
.text C:\Windows\Explorer.EXE[2700] USER32.dll!SetCursorPos 77116FB2 6 Bytes PUSH 03AFFEA8; RET
.text C:\Windows\Explorer.EXE[2700] USER32.dll!GetClipboardData 7711715A 6 Bytes PUSH 03B0A5CC; RET
.text C:\Windows\Explorer.EXE[2700] CRYPT32.dll!PFXImportCertStore 7534989D 6 Bytes PUSH 03B11D51; RET
.text C:\Windows\Explorer.EXE[2700] WS2_32.dll!closesocket 75CC330C 6 Bytes PUSH 03AFF57B; RET
.text C:\Windows\Explorer.EXE[2700] WS2_32.dll!getaddrinfo 75CC418A 6 Bytes PUSH 03AFF18C; RET
.text C:\Windows\Explorer.EXE[2700] WS2_32.dll!WSASend 75CC4496 6 Bytes PUSH 03AFF5D4; RET
.text C:\Windows\Explorer.EXE[2700] WS2_32.dll!send 75CC659B 6 Bytes PUSH 03AFF5B3; RET
.text C:\Windows\Explorer.EXE[2700] WS2_32.dll!gethostbyname 75CD62D4 6 Bytes PUSH 03AFF11C; RET
.text C:\Windows\Explorer.EXE[2700] WININET.dll!InternetReadFile 75A8655B 6 Bytes PUSH 03B119A3; RET
.text C:\Windows\Explorer.EXE[2700] WININET.dll!HttpQueryInfoA 75A8879D 6 Bytes PUSH 03B11AD6; RET
.text C:\Windows\Explorer.EXE[2700] WININET.dll!InternetCloseHandle 75A89098 6 Bytes PUSH 03B11936; RET
.text C:\Windows\Explorer.EXE[2700] WININET.dll!InternetQueryDataAvailable 75A8BF93 6 Bytes PUSH 03B11AAA; RET
.text C:\Windows\Explorer.EXE[2700] WININET.dll!HttpOpenRequestA 75A8D518 6 Bytes PUSH 03B11678; RET
.text C:\Windows\Explorer.EXE[2700] WININET.dll!HttpSendRequestW 75A8FACE 6 Bytes PUSH 03B116BC; RET
.text C:\Windows\Explorer.EXE[2700] WININET.dll!HttpOpenRequestW 75A8FC0B 6 Bytes PUSH 03B11634; RET
.text C:\Windows\Explorer.EXE[2700] WININET.dll!HttpSendRequestA 75A9EEA1 6 Bytes PUSH 03B11711; RET
.text C:\Windows\Explorer.EXE[2700] WININET.dll!InternetReadFileExA 75AA3271 6 Bytes PUSH 03B119D1; RET
.text C:\Windows\Explorer.EXE[2700] WININET.dll!InternetSetFilePointer 75AE5A11 6 Bytes PUSH 03B11A50; RET
.text C:\Windows\Explorer.EXE[2700] WININET.dll!HttpSendRequestExA 75AFA6DA 6 Bytes PUSH 03B11803; RET
.text C:\Windows\Explorer.EXE[2700] WININET.dll!HttpSendRequestExW 75AFA733 6 Bytes PUSH 03B11766; RET
.text C:\Windows\Explorer.EXE[2700] WININET.dll!HttpEndRequestA 75AFA7E2 6 Bytes PUSH 03B118A0; RET
.text C:\Windows\Explorer.EXE[2700] WININET.dll!HttpEndRequestW 75AFA814 6 Bytes PUSH 03B118EB; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] ntdll.dll!LdrLoadDll + 1 77329379 3 Bytes [E1, 39, 0D]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] ntdll.dll!LdrLoadDll + 5 7732937D 1 Byte [C3]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] ntdll.dll!NtCreateUserProcess 77365674 4 Bytes [68, BC, 38, 0D]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] ntdll.dll!NtCreateUserProcess + 5 77365679 1 Byte [C3]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] kernel32.dll!GetFileAttributesExW 77189C45 6 Bytes PUSH 000D3C4A; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] kernel32.dll!ExitProcess 771B43B4 6 Bytes PUSH 000D3C09; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] ADVAPI32.dll!CreateProcessAsUserA 759ACEB9 6 Bytes PUSH 000D3CB0; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] ADVAPI32.dll!CreateProcessAsUserW 759C1EE9 6 Bytes PUSH 000D3CC7; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!RegisterClassExA 770D61E1 6 Bytes PUSH 000D6CF4; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!GetUpdateRgn 770D85E4 6 Bytes PUSH 000DFAD5; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!GetMessagePos 770D9071 6 Bytes PUSH 000CFE2F; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!GetCapture 770DA986 6 Bytes PUSH 000CFF8F; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!SwitchDesktop 770DB8D2 6 Bytes PUSH 000D68E6; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!OpenInputDesktop 770DBCE6 4 Bytes [68, 96, 68, 0D]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!OpenInputDesktop + 5 770DBCEB 1 Byte [C3]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!GetUpdateRect 770DD3E0 6 Bytes PUSH 000DFA42; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!RegisterClassExW 770DDA30 6 Bytes PUSH 000D6CA2; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!DefWindowProcA 770DDB88 6 Bytes PUSH 000D694A; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!RegisterClassA 770DDF42 6 Bytes PUSH 000D6C55; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!RegisterClassW 770DE1AB 6 Bytes PUSH 000D6C08; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!GetWindowDC 770E3BA7 4 Bytes [68, C3, F9, 0D]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!GetWindowDC + 5 770E3BAC 1 Byte [C3]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!DefDlgProcW 770E4A11 6 Bytes PUSH 000D6990; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!GetDCEx 770E4D22 4 Bytes [68, 29, F9, 0D]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!GetDCEx + 5 770E4D27 1 Byte [C3]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!PeekMessageA 770E8343 6 Bytes PUSH 000D00A9; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!GetMessageA 770E8AB3 6 Bytes PUSH 000D0056; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!GetDC 770E9C31 4 Bytes [68, 84, F9, 0D]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!GetDC + 5 770E9C36 1 Byte [C3]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!ReleaseDC 770E9CED 6 Bytes PUSH 000DFA02; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!EndPaint 770EA28F 4 Bytes JMP 3A0EB08C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!EndPaint + 5 770EA294 1 Byte [C3]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!BeginPaint 770EA2A3 4 Bytes [68, 79, F8, 0D]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!BeginPaint + 5 770EA2A8 1 Byte [C3]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!GetMessageW 770EFEF7 6 Bytes PUSH 000D002E; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!TranslateMessage 770F01AD 6 Bytes PUSH 000DA41D; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!DefWindowProcW 770F03B4 6 Bytes PUSH 000D6904; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!PeekMessageW 770F045A 6 Bytes PUSH 000D007E; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!CallWindowProcW 770F095E 6 Bytes PUSH 000D6B3A; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!GetCursorPos 770F0B88 6 Bytes PUSH 000CFE61; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!DefDlgProcA 770F26B8 6 Bytes PUSH 000D69D6; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!DefMDIChildProcA 770FB031 6 Bytes PUSH 000D6AF4; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!DefFrameProcA 770FB24F 6 Bytes PUSH 000D6A65; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!CallWindowProcA 770FB73E 6 Bytes PUSH 000D6B83; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!DefFrameProcW 770FD1F9 6 Bytes PUSH 000D6A1C; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!DefMDIChildProcW 770FD4F6 6 Bytes PUSH 000D6AAE; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!ReleaseCapture 771030A2 6 Bytes PUSH 000CFF3F; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!SetCapture 771030AF 4 Bytes [68, E5, FE, 0C]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!SetCapture + 5 771030B4 1 Byte [C3]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!SetCursorPos 77116FB2 6 Bytes PUSH 000CFEA8; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!GetClipboardData 7711715A 6 Bytes PUSH 000DA5CC; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] WS2_32.dll!closesocket 75CC330C 6 Bytes PUSH 000CF57B; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] WS2_32.dll!getaddrinfo 75CC418A 6 Bytes PUSH 000CF18C; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] WS2_32.dll!WSASend 75CC4496 6 Bytes PUSH 000CF5D4; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] WS2_32.dll!send 75CC659B 6 Bytes PUSH 000CF5B3; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] WS2_32.dll!gethostbyname 75CD62D4 6 Bytes PUSH 000CF11C; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] CRYPT32.dll!PFXImportCertStore 7534989D 6 Bytes PUSH 000E1D51; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] WININET.dll!InternetReadFile 75A8655B 6 Bytes PUSH 000E19A3; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] WININET.dll!HttpQueryInfoA 75A8879D 6 Bytes PUSH 000E1AD6; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] WININET.dll!InternetCloseHandle 75A89098 6 Bytes PUSH 000E1936; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] WININET.dll!InternetQueryDataAvailable 75A8BF93 6 Bytes PUSH 000E1AAA; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] WININET.dll!HttpOpenRequestA 75A8D518 6 Bytes PUSH 000E1678; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] WININET.dll!HttpSendRequestW 75A8FACE 6 Bytes PUSH 000E16BC; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] WININET.dll!HttpOpenRequestW 75A8FC0B 6 Bytes PUSH 000E1634; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] WININET.dll!HttpSendRequestA 75A9EEA1 6 Bytes PUSH 000E1711; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] WININET.dll!InternetReadFileExA 75AA3271 6 Bytes PUSH 000E19D1; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] WININET.dll!InternetSetFilePointer 75AE5A11 6 Bytes PUSH 000E1A50; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] WININET.dll!HttpSendRequestExA 75AFA6DA 6 Bytes PUSH 000E1803; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] WININET.dll!HttpSendRequestExW 75AFA733 6 Bytes PUSH 000E1766; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] WININET.dll!HttpEndRequestA 75AFA7E2 6 Bytes PUSH 000E18A0; RET
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] WININET.dll!HttpEndRequestW 75AFA814 6 Bytes PUSH 000E18EB; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] ntdll.dll!LdrLoadDll + 1 77329379 3 Bytes [E1, 39, 1C]
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] ntdll.dll!LdrLoadDll + 5 7732937D 1 Byte [C3]
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] ntdll.dll!NtCreateUserProcess 77365674 4 Bytes [68, BC, 38, 1C]
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] ntdll.dll!NtCreateUserProcess + 5 77365679 1 Byte [C3]
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] kernel32.dll!GetFileAttributesExW 77189C45 6 Bytes PUSH 001C3C4A; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] kernel32.dll!ExitProcess 771B43B4 6 Bytes PUSH 001C3C09; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!RegisterClassExA 770D61E1 6 Bytes PUSH 001C6CF4; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!GetUpdateRgn 770D85E4 6 Bytes PUSH 001CFAD5; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!GetMessagePos 770D9071 6 Bytes PUSH 001BFE2F; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!GetCapture 770DA986 6 Bytes PUSH 001BFF8F; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!SwitchDesktop 770DB8D2 6 Bytes PUSH 001C68E6; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!OpenInputDesktop 770DBCE6 4 Bytes [68, 96, 68, 1C]
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!OpenInputDesktop + 5 770DBCEB 1 Byte [C3]
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!GetUpdateRect 770DD3E0 6 Bytes PUSH 001CFA42; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!RegisterClassExW 770DDA30 6 Bytes PUSH 001C6CA2; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!DefWindowProcA 770DDB88 6 Bytes PUSH 001C694A; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!RegisterClassA 770DDF42 6 Bytes PUSH 001C6C55; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!RegisterClassW 770DE1AB 6 Bytes PUSH 001C6C08; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!GetWindowDC 770E3BA7 4 Bytes [68, C3, F9, 1C]
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!GetWindowDC + 5 770E3BAC 1 Byte [C3]
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!DefDlgProcW 770E4A11 6 Bytes PUSH 001C6990; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!GetDCEx 770E4D22 4 Bytes [68, 29, F9, 1C]
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!GetDCEx + 5 770E4D27 1 Byte [C3]
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!PeekMessageA 770E8343 6 Bytes PUSH 001C00A9; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!GetMessageA 770E8AB3 6 Bytes PUSH 001C0056; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!GetDC 770E9C31 4 Bytes [68, 84, F9, 1C]
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!GetDC + 5 770E9C36 1 Byte [C3]
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!ReleaseDC 770E9CED 6 Bytes PUSH 001CFA02; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!EndPaint 770EA28F 4 Bytes JMP 3A0EBF8C
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!EndPaint + 5 770EA294 1 Byte [C3]
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!BeginPaint 770EA2A3 4 Bytes [68, 79, F8, 1C]
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!BeginPaint + 5 770EA2A8 1 Byte [C3]
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!GetMessageW 770EFEF7 6 Bytes PUSH 001C002E; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!TranslateMessage 770F01AD 6 Bytes PUSH 001CA41D; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!DefWindowProcW 770F03B4 6 Bytes PUSH 001C6904; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!PeekMessageW 770F045A 6 Bytes PUSH 001C007E; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!CallWindowProcW 770F095E 6 Bytes PUSH 001C6B3A; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!GetCursorPos 770F0B88 6 Bytes PUSH 001BFE61; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!DefDlgProcA 770F26B8 6 Bytes PUSH 001C69D6; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!DefMDIChildProcA 770FB031 6 Bytes PUSH 001C6AF4; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!DefFrameProcA 770FB24F 6 Bytes PUSH 001C6A65; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!CallWindowProcA 770FB73E 6 Bytes PUSH 001C6B83; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!DefFrameProcW 770FD1F9 6 Bytes PUSH 001C6A1C; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!DefMDIChildProcW 770FD4F6 6 Bytes PUSH 001C6AAE; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!ReleaseCapture 771030A2 6 Bytes PUSH 001BFF3F; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!SetCapture 771030AF 4 Bytes [68, E5, FE, 1B]
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!SetCapture + 5 771030B4 1 Byte [C3]
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!SetCursorPos 77116FB2 6 Bytes PUSH 001BFEA8; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!GetClipboardData 7711715A 6 Bytes PUSH 001CA5CC; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] ADVAPI32.dll!CreateProcessAsUserA 759ACEB9 6 Bytes PUSH 001C3CB0; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] ADVAPI32.dll!CreateProcessAsUserW 759C1EE9 6 Bytes PUSH 001C3CC7; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] CRYPT32.dll!PFXImportCertStore 7534989D 6 Bytes PUSH 001D1D51; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] WININET.dll!InternetReadFile 75A8655B 6 Bytes PUSH 001D19A3; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] WININET.dll!HttpQueryInfoA 75A8879D 6 Bytes PUSH 001D1AD6; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] WININET.dll!InternetCloseHandle 75A89098 6 Bytes PUSH 001D1936; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] WININET.dll!InternetQueryDataAvailable 75A8BF93 6 Bytes PUSH 001D1AAA; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] WININET.dll!HttpOpenRequestA 75A8D518 6 Bytes PUSH 001D1678; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] WININET.dll!HttpSendRequestW 75A8FACE 6 Bytes PUSH 001D16BC; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] WININET.dll!HttpOpenRequestW 75A8FC0B 6 Bytes PUSH 001D1634; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] WININET.dll!HttpSendRequestA 75A9EEA1 6 Bytes PUSH 001D1711; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] WININET.dll!InternetReadFileExA 75AA3271 6 Bytes PUSH 001D19D1; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] WININET.dll!InternetSetFilePointer 75AE5A11 6 Bytes PUSH 001D1A50; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] WININET.dll!HttpSendRequestExA 75AFA6DA 6 Bytes PUSH 001D1803; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] WININET.dll!HttpSendRequestExW 75AFA733 6 Bytes PUSH 001D1766; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] WININET.dll!HttpEndRequestA 75AFA7E2 6 Bytes PUSH 001D18A0; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] WININET.dll!HttpEndRequestW 75AFA814 6 Bytes PUSH 001D18EB; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] WS2_32.dll!closesocket 75CC330C 6 Bytes PUSH 001BF57B; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] WS2_32.dll!getaddrinfo 75CC418A 6 Bytes PUSH 001BF18C; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] WS2_32.dll!WSASend 75CC4496 6 Bytes PUSH 001BF5D4; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] WS2_32.dll!send 75CC659B 6 Bytes PUSH 001BF5B3; RET
.text C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] WS2_32.dll!gethostbyname 75CD62D4 6 Bytes PUSH 001BF11C; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] ntdll.dll!LdrLoadDll + 1 77329379 5 Bytes [E1, 39, 21, 02, C3] {LOOPZ 0x3b; AND [EDX], EAX; RET }
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] ntdll.dll!NtCreateUserProcess 77365674 6 Bytes PUSH 022138BC; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] kernel32.dll!GetFileAttributesExW 77189C45 6 Bytes PUSH 02213C4A; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] kernel32.dll!ExitProcess 771B43B4 6 Bytes PUSH 02213C09; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] ADVAPI32.dll!CreateProcessAsUserA 759ACEB9 6 Bytes PUSH 02213CB0; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] ADVAPI32.dll!CreateProcessAsUserW 759C1EE9 6 Bytes PUSH 02213CC7; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!RegisterClassExA 770D61E1 6 Bytes PUSH 02216CF4; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!GetUpdateRgn 770D85E4 6 Bytes PUSH 0221FAD5; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!GetMessagePos 770D9071 6 Bytes PUSH 0220FE2F; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!GetCapture 770DA986 6 Bytes PUSH 0220FF8F; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!SwitchDesktop 770DB8D2 6 Bytes PUSH 022168E6; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!OpenInputDesktop 770DBCE6 6 Bytes PUSH 02216896; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!GetUpdateRect 770DD3E0 6 Bytes PUSH 0221FA42; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!RegisterClassExW 770DDA30 6 Bytes PUSH 02216CA2; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!DefWindowProcA 770DDB88 6 Bytes PUSH 0221694A; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!RegisterClassA 770DDF42 6 Bytes PUSH 02216C55; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!RegisterClassW 770DE1AB 6 Bytes PUSH 02216C08; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!GetWindowDC 770E3BA7 6 Bytes PUSH 0221F9C3; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!DefDlgProcW 770E4A11 6 Bytes PUSH 02216990; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!GetDCEx 770E4D22 6 Bytes PUSH 0221F929; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!PeekMessageA 770E8343 6 Bytes PUSH 022100A9; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!GetMessageA 770E8AB3 6 Bytes PUSH 02210056; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!GetDC 770E9C31 6 Bytes PUSH 0221F984; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!ReleaseDC 770E9CED 6 Bytes PUSH 0221FA02; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!EndPaint 770EA28F 6 Bytes JMP 3A10C48C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!BeginPaint 770EA2A3 6 Bytes PUSH 0221F879; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!GetMessageW 770EFEF7 6 Bytes PUSH 0221002E; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!TranslateMessage 770F01AD 6 Bytes PUSH 0221A41D; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!DefWindowProcW 770F03B4 6 Bytes PUSH 02216904; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!PeekMessageW 770F045A 6 Bytes PUSH 0221007E; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!CallWindowProcW 770F095E 6 Bytes PUSH 02216B3A; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!GetCursorPos 770F0B88 6 Bytes PUSH 0220FE61; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!DefDlgProcA 770F26B8 6 Bytes PUSH 022169D6; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!DefMDIChildProcA 770FB031 6 Bytes PUSH 02216AF4; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!DefFrameProcA 770FB24F 6 Bytes PUSH 02216A65; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!CallWindowProcA 770FB73E 6 Bytes PUSH 02216B83; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!DefFrameProcW 770FD1F9 6 Bytes PUSH 02216A1C; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!DefMDIChildProcW 770FD4F6 6 Bytes PUSH 02216AAE; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!ReleaseCapture 771030A2 6 Bytes PUSH 0220FF3F; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!SetCapture 771030AF 6 Bytes PUSH 0220FEE5; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!SetCursorPos 77116FB2 6 Bytes PUSH 0220FEA8; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!GetClipboardData 7711715A 6 Bytes PUSH 0221A5CC; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] WS2_32.dll!closesocket 75CC330C 6 Bytes PUSH 0220F57B; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] WS2_32.dll!getaddrinfo 75CC418A 6 Bytes PUSH 0220F18C; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] WS2_32.dll!WSASend 75CC4496 6 Bytes PUSH 0220F5D4; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] WS2_32.dll!send 75CC659B 6 Bytes PUSH 0220F5B3; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] WS2_32.dll!gethostbyname 75CD62D4 6 Bytes PUSH 0220F11C; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] CRYPT32.dll!PFXImportCertStore 7534989D 6 Bytes PUSH 02221D51; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] WININET.dll!InternetReadFile 75A8655B 6 Bytes PUSH 022219A3; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] WININET.dll!HttpQueryInfoA 75A8879D 6 Bytes PUSH 02221AD6; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] WININET.dll!InternetCloseHandle 75A89098 6 Bytes PUSH 02221936; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] WININET.dll!InternetQueryDataAvailable 75A8BF93 6 Bytes PUSH 02221AAA; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] WININET.dll!HttpOpenRequestA 75A8D518 6 Bytes PUSH 02221678; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] WININET.dll!HttpSendRequestW 75A8FACE 6 Bytes PUSH 022216BC; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] WININET.dll!HttpOpenRequestW 75A8FC0B 6 Bytes PUSH 02221634; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] WININET.dll!HttpSendRequestA 75A9EEA1 6 Bytes PUSH 02221711; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] WININET.dll!InternetReadFileExA 75AA3271 6 Bytes PUSH 022219D1; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] WININET.dll!InternetSetFilePointer 75AE5A11 6 Bytes PUSH 02221A50; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] WININET.dll!HttpSendRequestExA 75AFA6DA 6 Bytes PUSH 02221803; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] WININET.dll!HttpSendRequestExW 75AFA733 6 Bytes PUSH 02221766; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] WININET.dll!HttpEndRequestA 75AFA7E2 6 Bytes PUSH 022218A0; RET
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] WININET.dll!HttpEndRequestW 75AFA814 6 Bytes PUSH 022218EB; RET
|
|
07.05.2013, 22:03
| #4 |
| | Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F sowie TR/Agent.385024.338Code:
ATTFilter TEM.EXE[3000] ntdll.dll!LdrLoadDll + 1 77329379 5 Bytes [E1, 39, 42, 01, C3] {LOOPZ 0x3b; INC EDX; ADD EBX, EAX}
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] ntdll.dll!NtCreateUserProcess 77365674 6 Bytes PUSH 014238BC; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] kernel32.dll!GetFileAttributesExW 77189C45 6 Bytes PUSH 01423C4A; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] kernel32.dll!ExitProcess 771B43B4 6 Bytes PUSH 01423C09; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!RegisterClassExA 770D61E1 6 Bytes PUSH 01426CF4; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!GetUpdateRgn 770D85E4 6 Bytes PUSH 0142FAD5; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!GetMessagePos 770D9071 6 Bytes PUSH 0141FE2F; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!GetCapture 770DA986 6 Bytes PUSH 0141FF8F; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!SwitchDesktop 770DB8D2 6 Bytes PUSH 014268E6; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!OpenInputDesktop 770DBCE6 6 Bytes PUSH 01426896; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!GetUpdateRect 770DD3E0 6 Bytes PUSH 0142FA42; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!RegisterClassExW 770DDA30 6 Bytes PUSH 01426CA2; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!DefWindowProcA 770DDB88 6 Bytes PUSH 0142694A; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!RegisterClassA 770DDF42 6 Bytes PUSH 01426C55; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!RegisterClassW 770DE1AB 6 Bytes PUSH 01426C08; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!GetWindowDC 770E3BA7 6 Bytes PUSH 0142F9C3; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!DefDlgProcW 770E4A11 6 Bytes PUSH 01426990; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!GetDCEx 770E4D22 6 Bytes PUSH 0142F929; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!PeekMessageA 770E8343 6 Bytes PUSH 014200A9; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!GetMessageA 770E8AB3 6 Bytes PUSH 01420056; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!GetDC 770E9C31 6 Bytes PUSH 0142F984; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!ReleaseDC 770E9CED 6 Bytes PUSH 0142FA02; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!EndPaint 770EA28F 6 Bytes JMP 3A0FE58C
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!BeginPaint 770EA2A3 6 Bytes PUSH 0142F879; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!GetMessageW 770EFEF7 6 Bytes PUSH 0142002E; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!TranslateMessage 770F01AD 6 Bytes PUSH 0142A41D; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!DefWindowProcW 770F03B4 6 Bytes PUSH 01426904; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!PeekMessageW 770F045A 6 Bytes PUSH 0142007E; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!CallWindowProcW 770F095E 6 Bytes PUSH 01426B3A; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!GetCursorPos 770F0B88 6 Bytes PUSH 0141FE61; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!DefDlgProcA 770F26B8 6 Bytes PUSH 014269D6; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!DefMDIChildProcA 770FB031 6 Bytes PUSH 01426AF4; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!DefFrameProcA 770FB24F 6 Bytes PUSH 01426A65; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!CallWindowProcA 770FB73E 6 Bytes PUSH 01426B83; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!DefFrameProcW 770FD1F9 6 Bytes PUSH 01426A1C; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!DefMDIChildProcW 770FD4F6 6 Bytes PUSH 01426AAE; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!ReleaseCapture 771030A2 6 Bytes PUSH 0141FF3F; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!SetCapture 771030AF 6 Bytes PUSH 0141FEE5; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!SetCursorPos 77116FB2 6 Bytes PUSH 0141FEA8; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!GetClipboardData 7711715A 6 Bytes PUSH 0142A5CC; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] ADVAPI32.dll!CreateProcessAsUserA 759ACEB9 6 Bytes PUSH 01423CB0; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] ADVAPI32.dll!CreateProcessAsUserW 759C1EE9 6 Bytes PUSH 01423CC7; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] WS2_32.dll!closesocket 75CC330C 6 Bytes PUSH 0141F57B; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] WS2_32.dll!getaddrinfo 75CC418A 6 Bytes PUSH 0141F18C; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] WS2_32.dll!WSASend 75CC4496 6 Bytes PUSH 0141F5D4; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] WS2_32.dll!send 75CC659B 6 Bytes PUSH 0141F5B3; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] WS2_32.dll!gethostbyname 75CD62D4 6 Bytes PUSH 0141F11C; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] CRYPT32.dll!PFXImportCertStore 7534989D 6 Bytes PUSH 01431D51; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] WININET.dll!InternetReadFile 75A8655B 6 Bytes PUSH 014319A3; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] WININET.dll!HttpQueryInfoA 75A8879D 6 Bytes PUSH 01431AD6; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] WININET.dll!InternetCloseHandle 75A89098 6 Bytes PUSH 01431936; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] WININET.dll!InternetQueryDataAvailable 75A8BF93 6 Bytes PUSH 01431AAA; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] WININET.dll!HttpOpenRequestA 75A8D518 6 Bytes PUSH 01431678; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] WININET.dll!HttpSendRequestW 75A8FACE 6 Bytes PUSH 014316BC; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] WININET.dll!HttpOpenRequestW 75A8FC0B 6 Bytes PUSH 01431634; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] WININET.dll!HttpSendRequestA 75A9EEA1 6 Bytes PUSH 01431711; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] WININET.dll!InternetReadFileExA 75AA3271 6 Bytes PUSH 014319D1; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] WININET.dll!InternetSetFilePointer 75AE5A11 6 Bytes PUSH 01431A50; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] WININET.dll!HttpSendRequestExA 75AFA6DA 6 Bytes PUSH 01431803; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] WININET.dll!HttpSendRequestExW 75AFA733 6 Bytes PUSH 01431766; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] WININET.dll!HttpEndRequestA 75AFA7E2 6 Bytes PUSH 014318A0; RET
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] WININET.dll!HttpEndRequestW 75AFA814 6 Bytes PUSH 014318EB; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] ntdll.dll!LdrLoadDll + 1 77329379 5 Bytes [E1, 39, EF, 03, C3] {LOOPZ 0x3b; OUT DX, EAX; ADD EAX, EBX}
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] ntdll.dll!NtCreateUserProcess 77365674 6 Bytes PUSH 03EF38BC; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] KERNEL32.dll!GetFileAttributesExW 77189C45 6 Bytes PUSH 03EF3C4A; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] KERNEL32.dll!ExitProcess 771B43B4 6 Bytes PUSH 03EF3C09; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] ADVAPI32.dll!CreateProcessAsUserA 759ACEB9 6 Bytes PUSH 03EF3CB0; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] ADVAPI32.dll!CreateProcessAsUserW 759C1EE9 6 Bytes PUSH 03EF3CC7; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!RegisterClassExA 770D61E1 6 Bytes PUSH 03EF6CF4; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!GetUpdateRgn 770D85E4 6 Bytes PUSH 03EFFAD5; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!GetMessagePos 770D9071 6 Bytes PUSH 03EEFE2F; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!GetCapture 770DA986 6 Bytes PUSH 03EEFF8F; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!SwitchDesktop 770DB8D2 6 Bytes PUSH 03EF68E6; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!OpenInputDesktop 770DBCE6 6 Bytes PUSH 03EF6896; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!GetUpdateRect 770DD3E0 6 Bytes PUSH 03EFFA42; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!RegisterClassExW 770DDA30 6 Bytes PUSH 03EF6CA2; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!DefWindowProcA 770DDB88 6 Bytes PUSH 03EF694A; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!RegisterClassA 770DDF42 6 Bytes PUSH 03EF6C55; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!RegisterClassW 770DE1AB 6 Bytes PUSH 03EF6C08; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!GetWindowDC 770E3BA7 6 Bytes PUSH 03EFF9C3; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!DefDlgProcW 770E4A11 6 Bytes PUSH 03EF6990; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!GetDCEx 770E4D22 6 Bytes PUSH 03EFF929; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!PeekMessageA 770E8343 6 Bytes PUSH 03EF00A9; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!GetMessageA 770E8AB3 6 Bytes PUSH 03EF0056; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!GetDC 770E9C31 6 Bytes PUSH 03EFF984; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!ReleaseDC 770E9CED 6 Bytes PUSH 03EFFA02; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!EndPaint 770EA28F 6 Bytes JMP 3A12928C
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!BeginPaint 770EA2A3 6 Bytes PUSH 03EFF879; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!GetMessageW 770EFEF7 6 Bytes PUSH 03EF002E; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!TranslateMessage 770F01AD 6 Bytes PUSH 03EFA41D; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!DefWindowProcW 770F03B4 6 Bytes PUSH 03EF6904; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!PeekMessageW 770F045A 6 Bytes PUSH 03EF007E; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!CallWindowProcW 770F095E 6 Bytes PUSH 03EF6B3A; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!GetCursorPos 770F0B88 6 Bytes PUSH 03EEFE61; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!DefDlgProcA 770F26B8 6 Bytes PUSH 03EF69D6; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!DefMDIChildProcA 770FB031 6 Bytes PUSH 03EF6AF4; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!DefFrameProcA 770FB24F 6 Bytes PUSH 03EF6A65; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!CallWindowProcA 770FB73E 6 Bytes PUSH 03EF6B83; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!DefFrameProcW 770FD1F9 6 Bytes PUSH 03EF6A1C; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!DefMDIChildProcW 770FD4F6 6 Bytes PUSH 03EF6AAE; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!ReleaseCapture 771030A2 6 Bytes PUSH 03EEFF3F; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!SetCapture 771030AF 6 Bytes PUSH 03EEFEE5; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!SetCursorPos 77116FB2 6 Bytes PUSH 03EEFEA8; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!GetClipboardData 7711715A 6 Bytes PUSH 03EFA5CC; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] WS2_32.dll!closesocket 75CC330C 6 Bytes PUSH 03EEF57B; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] WS2_32.dll!getaddrinfo 75CC418A 6 Bytes PUSH 03EEF18C; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] WS2_32.dll!WSASend 75CC4496 6 Bytes PUSH 03EEF5D4; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] WS2_32.dll!send 75CC659B 6 Bytes PUSH 03EEF5B3; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] WS2_32.dll!gethostbyname 75CD62D4 6 Bytes PUSH 03EEF11C; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] CRYPT32.dll!PFXImportCertStore 7534989D 6 Bytes PUSH 03F01D51; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] WININET.dll!InternetReadFile 75A8655B 6 Bytes PUSH 03F019A3; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] WININET.dll!HttpQueryInfoA 75A8879D 6 Bytes PUSH 03F01AD6; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] WININET.dll!InternetCloseHandle 75A89098 6 Bytes PUSH 03F01936; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] WININET.dll!InternetQueryDataAvailable 75A8BF93 6 Bytes PUSH 03F01AAA; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] WININET.dll!HttpOpenRequestA 75A8D518 6 Bytes PUSH 03F01678; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] WININET.dll!HttpSendRequestW 75A8FACE 6 Bytes PUSH 03F016BC; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] WININET.dll!HttpOpenRequestW 75A8FC0B 6 Bytes PUSH 03F01634; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] WININET.dll!HttpSendRequestA 75A9EEA1 6 Bytes PUSH 03F01711; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] WININET.dll!InternetReadFileExA 75AA3271 6 Bytes PUSH 03F019D1; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] WININET.dll!InternetSetFilePointer 75AE5A11 6 Bytes PUSH 03F01A50; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] WININET.dll!HttpSendRequestExA 75AFA6DA 6 Bytes PUSH 03F01803; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] WININET.dll!HttpSendRequestExW 75AFA733 6 Bytes PUSH 03F01766; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] WININET.dll!HttpEndRequestA 75AFA7E2 6 Bytes PUSH 03F018A0; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] WININET.dll!HttpEndRequestW 75AFA814 6 Bytes PUSH 03F018EB; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] ntdll.dll!LdrLoadDll + 1 77329379 3 Bytes [E1, 39, 7A]
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] ntdll.dll!LdrLoadDll + 5 7732937D 1 Byte [C3]
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] ntdll.dll!NtCreateUserProcess 77365674 4 Bytes [68, BC, 38, 7A]
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] ntdll.dll!NtCreateUserProcess + 5 77365679 1 Byte [C3]
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] kernel32.dll!GetFileAttributesExW 77189C45 6 Bytes PUSH 007A3C4A; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] kernel32.dll!ExitProcess 771B43B4 6 Bytes PUSH 007A3C09; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] ADVAPI32.dll!CreateProcessAsUserA 759ACEB9 6 Bytes PUSH 007A3CB0; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] ADVAPI32.dll!CreateProcessAsUserW 759C1EE9 6 Bytes PUSH 007A3CC7; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!RegisterClassExA 770D61E1 6 Bytes PUSH 007A6CF4; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!GetUpdateRgn 770D85E4 6 Bytes PUSH 007AFAD5; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!GetMessagePos 770D9071 6 Bytes PUSH 0079FE2F; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!GetCapture 770DA986 6 Bytes PUSH 0079FF8F; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!SwitchDesktop 770DB8D2 6 Bytes PUSH 007A68E6; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!OpenInputDesktop 770DBCE6 4 Bytes [68, 96, 68, 7A]
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!OpenInputDesktop + 5 770DBCEB 1 Byte [C3]
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!GetUpdateRect 770DD3E0 6 Bytes PUSH 007AFA42; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!RegisterClassExW 770DDA30 6 Bytes PUSH 007A6CA2; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!DefWindowProcA 770DDB88 6 Bytes PUSH 007A694A; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!RegisterClassA 770DDF42 6 Bytes PUSH 007A6C55; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!RegisterClassW 770DE1AB 6 Bytes PUSH 007A6C08; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!GetWindowDC 770E3BA7 4 Bytes [68, C3, F9, 7A]
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!GetWindowDC + 5 770E3BAC 1 Byte [C3]
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!DefDlgProcW 770E4A11 6 Bytes PUSH 007A6990; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!GetDCEx 770E4D22 4 Bytes [68, 29, F9, 7A]
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!GetDCEx + 5 770E4D27 1 Byte [C3]
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!PeekMessageA 770E8343 6 Bytes PUSH 007A00A9; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!GetMessageA 770E8AB3 6 Bytes PUSH 007A0056; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!GetDC 770E9C31 4 Bytes [68, 84, F9, 7A]
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!GetDC + 5 770E9C36 1 Byte [C3]
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!ReleaseDC 770E9CED 6 Bytes PUSH 007AFA02; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!EndPaint 770EA28F 4 Bytes JMP 3A0F1D8C
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!EndPaint + 5 770EA294 1 Byte [C3]
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!BeginPaint 770EA2A3 4 Bytes [68, 79, F8, 7A]
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!BeginPaint + 5 770EA2A8 1 Byte [C3]
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!GetMessageW 770EFEF7 6 Bytes PUSH 007A002E; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!TranslateMessage 770F01AD 6 Bytes PUSH 007AA41D; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!DefWindowProcW 770F03B4 6 Bytes PUSH 007A6904; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!PeekMessageW 770F045A 6 Bytes PUSH 007A007E; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!CallWindowProcW 770F095E 6 Bytes PUSH 007A6B3A; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!GetCursorPos 770F0B88 6 Bytes PUSH 0079FE61; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!DefDlgProcA 770F26B8 6 Bytes PUSH 007A69D6; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!DefMDIChildProcA 770FB031 6 Bytes PUSH 007A6AF4; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!DefFrameProcA 770FB24F 6 Bytes PUSH 007A6A65; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!CallWindowProcA 770FB73E 6 Bytes PUSH 007A6B83; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!DefFrameProcW 770FD1F9 6 Bytes PUSH 007A6A1C; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!DefMDIChildProcW 770FD4F6 6 Bytes PUSH 007A6AAE; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!ReleaseCapture 771030A2 6 Bytes PUSH 0079FF3F; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!SetCapture 771030AF 4 Bytes [68, E5, FE, 79]
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!SetCapture + 5 771030B4 1 Byte [C3]
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!SetCursorPos 77116FB2 6 Bytes PUSH 0079FEA8; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!GetClipboardData 7711715A 6 Bytes PUSH 007AA5CC; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] WS2_32.dll!closesocket 75CC330C 6 Bytes PUSH 0079F57B; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] WS2_32.dll!getaddrinfo 75CC418A 6 Bytes PUSH 0079F18C; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] WS2_32.dll!WSASend 75CC4496 6 Bytes PUSH 0079F5D4; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] WS2_32.dll!send 75CC659B 6 Bytes PUSH 0079F5B3; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] WS2_32.dll!gethostbyname 75CD62D4 6 Bytes PUSH 0079F11C; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] CRYPT32.dll!PFXImportCertStore 7534989D 6 Bytes PUSH 007B1D51; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] WININET.dll!InternetReadFile 75A8655B 6 Bytes PUSH 007B19A3; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] WININET.dll!HttpQueryInfoA 75A8879D 6 Bytes PUSH 007B1AD6; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] WININET.dll!InternetCloseHandle 75A89098 6 Bytes PUSH 007B1936; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] WININET.dll!InternetQueryDataAvailable 75A8BF93 6 Bytes PUSH 007B1AAA; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] WININET.dll!HttpOpenRequestA 75A8D518 6 Bytes PUSH 007B1678; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] WININET.dll!HttpSendRequestW 75A8FACE 6 Bytes PUSH 007B16BC; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] WININET.dll!HttpOpenRequestW 75A8FC0B 6 Bytes PUSH 007B1634; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] WININET.dll!HttpSendRequestA 75A9EEA1 6 Bytes PUSH 007B1711; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] WININET.dll!InternetReadFileExA 75AA3271 6 Bytes PUSH 007B19D1; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] WININET.dll!InternetSetFilePointer 75AE5A11 6 Bytes PUSH 007B1A50; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] WININET.dll!HttpSendRequestExA 75AFA6DA 6 Bytes PUSH 007B1803; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] WININET.dll!HttpSendRequestExW 75AFA733 6 Bytes PUSH 007B1766; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] WININET.dll!HttpEndRequestA 75AFA7E2 6 Bytes PUSH 007B18A0; RET
.text C:\Program Files\Windows Defender\MSASCui.exe[3844] WININET.dll!HttpEndRequestW 75AFA814 6 Bytes PUSH 007B18EB; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] ntdll.dll!LdrLoadDll + 1 77329379 5 Bytes [E1, 39, 58, 01, C3] {LOOPZ 0x3b; POP EAX; ADD EBX, EAX}
.text C:\Program Files\Apoint\Apoint.exe[3864] ntdll.dll!NtCreateUserProcess 77365674 6 Bytes PUSH 015838BC; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] kernel32.dll!GetFileAttributesExW 77189C45 6 Bytes PUSH 01583C4A; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] kernel32.dll!ExitProcess 771B43B4 6 Bytes PUSH 01583C09; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!RegisterClassExA 770D61E1 6 Bytes PUSH 01586CF4; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!GetUpdateRgn 770D85E4 6 Bytes PUSH 0158FAD5; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!GetMessagePos 770D9071 6 Bytes PUSH 0157FE2F; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!GetCapture 770DA986 6 Bytes PUSH 0157FF8F; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!SwitchDesktop 770DB8D2 6 Bytes PUSH 015868E6; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!OpenInputDesktop 770DBCE6 6 Bytes PUSH 01586896; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!GetUpdateRect 770DD3E0 6 Bytes PUSH 0158FA42; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!RegisterClassExW 770DDA30 6 Bytes PUSH 01586CA2; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!DefWindowProcA 770DDB88 6 Bytes PUSH 0158694A; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!RegisterClassA 770DDF42 6 Bytes PUSH 01586C55; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!RegisterClassW 770DE1AB 6 Bytes PUSH 01586C08; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!GetWindowDC 770E3BA7 6 Bytes PUSH 0158F9C3; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!DefDlgProcW 770E4A11 6 Bytes PUSH 01586990; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!GetDCEx 770E4D22 6 Bytes PUSH 0158F929; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!PeekMessageA 770E8343 6 Bytes PUSH 015800A9; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!GetMessageA 770E8AB3 6 Bytes PUSH 01580056; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!GetDC 770E9C31 6 Bytes PUSH 0158F984; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!ReleaseDC 770E9CED 6 Bytes PUSH 0158FA02; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!EndPaint 770EA28F 6 Bytes JMP 3A0FFB8C
.text C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!BeginPaint 770EA2A3 6 Bytes PUSH 0158F879; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!GetMessageW 770EFEF7 6 Bytes PUSH 0158002E; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!TranslateMessage 770F01AD 6 Bytes PUSH 0158A41D; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!DefWindowProcW 770F03B4 6 Bytes PUSH 01586904; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!PeekMessageW 770F045A 6 Bytes PUSH 0158007E; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!CallWindowProcW 770F095E 6 Bytes PUSH 01586B3A; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!GetCursorPos 770F0B88 6 Bytes PUSH 0157FE61; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!DefDlgProcA 770F26B8 6 Bytes PUSH 015869D6; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!DefMDIChildProcA 770FB031 6 Bytes PUSH 01586AF4; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!DefFrameProcA 770FB24F 6 Bytes PUSH 01586A65; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!CallWindowProcA 770FB73E 6 Bytes PUSH 01586B83; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!DefFrameProcW 770FD1F9 6 Bytes PUSH 01586A1C; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!DefMDIChildProcW 770FD4F6 6 Bytes PUSH 01586AAE; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!ReleaseCapture 771030A2 6 Bytes PUSH 0157FF3F; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!SetCapture 771030AF 6 Bytes PUSH 0157FEE5; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!SetCursorPos 77116FB2 6 Bytes PUSH 0157FEA8; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!GetClipboardData 7711715A 6 Bytes PUSH 0158A5CC; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] ADVAPI32.dll!CreateProcessAsUserA 759ACEB9 6 Bytes PUSH 01583CB0; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] ADVAPI32.dll!CreateProcessAsUserW 759C1EE9 6 Bytes PUSH 01583CC7; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] WS2_32.dll!closesocket 75CC330C 6 Bytes PUSH 0157F57B; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] WS2_32.dll!getaddrinfo 75CC418A 6 Bytes PUSH 0157F18C; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] WS2_32.dll!WSASend 75CC4496 6 Bytes PUSH 0157F5D4; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] WS2_32.dll!send 75CC659B 6 Bytes PUSH 0157F5B3; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] WS2_32.dll!gethostbyname 75CD62D4 6 Bytes PUSH 0157F11C; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] CRYPT32.dll!PFXImportCertStore 7534989D 6 Bytes PUSH 01591D51; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] WININET.dll!InternetReadFile 75A8655B 6 Bytes PUSH 015919A3; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] WININET.dll!HttpQueryInfoA 75A8879D 6 Bytes PUSH 01591AD6; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] WININET.dll!InternetCloseHandle 75A89098 6 Bytes PUSH 01591936; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] WININET.dll!InternetQueryDataAvailable 75A8BF93 6 Bytes PUSH 01591AAA; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] WININET.dll!HttpOpenRequestA 75A8D518 6 Bytes PUSH 01591678; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] WININET.dll!HttpSendRequestW 75A8FACE 6 Bytes PUSH 015916BC; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] WININET.dll!HttpOpenRequestW 75A8FC0B 6 Bytes PUSH 01591634; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] WININET.dll!HttpSendRequestA 75A9EEA1 6 Bytes PUSH 01591711; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] WININET.dll!InternetReadFileExA 75AA3271 6 Bytes PUSH 015919D1; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] WININET.dll!InternetSetFilePointer 75AE5A11 6 Bytes PUSH 01591A50; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] WININET.dll!HttpSendRequestExA 75AFA6DA 6 Bytes PUSH 01591803; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] WININET.dll!HttpSendRequestExW 75AFA733 6 Bytes PUSH 01591766; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] WININET.dll!HttpEndRequestA 75AFA7E2 6 Bytes PUSH 015918A0; RET
.text C:\Program Files\Apoint\Apoint.exe[3864] WININET.dll!HttpEndRequestW 75AFA814 6 Bytes PUSH 015918EB; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] ntdll.dll!LdrLoadDll + 1 77329379 3 Bytes [E1, 39, B8]
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] ntdll.dll!LdrLoadDll + 5 7732937D 1 Byte [C3]
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] ntdll.dll!NtCreateUserProcess 77365674 4 Bytes [68, BC, 38, B8]
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] ntdll.dll!NtCreateUserProcess + 5 77365679 1 Byte [C3]
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] KERNEL32.dll!GetFileAttributesExW 77189C45 6 Bytes PUSH 00B83C4A; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] KERNEL32.dll!ExitProcess 771B43B4 6 Bytes PUSH 00B83C09; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] ADVAPI32.dll!CreateProcessAsUserA 759ACEB9 6 Bytes PUSH 00B83CB0; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] ADVAPI32.dll!CreateProcessAsUserW 759C1EE9 6 Bytes PUSH 00B83CC7; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!RegisterClassExA 770D61E1 6 Bytes PUSH 00B86CF4; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!GetUpdateRgn 770D85E4 6 Bytes PUSH 00B8FAD5; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!GetMessagePos 770D9071 6 Bytes PUSH 00B7FE2F; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!GetCapture 770DA986 6 Bytes PUSH 00B7FF8F; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!SwitchDesktop 770DB8D2 6 Bytes PUSH 00B868E6; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!OpenInputDesktop 770DBCE6 4 Bytes [68, 96, 68, B8]
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!OpenInputDesktop + 5 770DBCEB 1 Byte [C3]
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!GetUpdateRect 770DD3E0 6 Bytes PUSH 00B8FA42; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!RegisterClassExW 770DDA30 6 Bytes PUSH 00B86CA2; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!DefWindowProcA 770DDB88 6 Bytes PUSH 00B8694A; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!RegisterClassA 770DDF42 6 Bytes PUSH 00B86C55; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!RegisterClassW 770DE1AB 6 Bytes PUSH 00B86C08; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!GetWindowDC 770E3BA7 4 Bytes [68, C3, F9, B8]
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!GetWindowDC + 5 770E3BAC 1 Byte [C3]
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!DefDlgProcW 770E4A11 6 Bytes PUSH 00B86990; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!GetDCEx 770E4D22 4 Bytes [68, 29, F9, B8]
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!GetDCEx + 5 770E4D27 1 Byte [C3]
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!PeekMessageA 770E8343 6 Bytes PUSH 00B800A9; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!GetMessageA 770E8AB3 6 Bytes PUSH 00B80056; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!GetDC 770E9C31 4 Bytes [68, 84, F9, B8]
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!GetDC + 5 770E9C36 1 Byte [C3]
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!ReleaseDC 770E9CED 6 Bytes PUSH 00B8FA02; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!EndPaint 770EA28F 4 Bytes JMP 3A0F5B8C
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!EndPaint + 5 770EA294 1 Byte [C3]
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!BeginPaint 770EA2A3 4 Bytes [68, 79, F8, B8]
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!BeginPaint + 5 770EA2A8 1 Byte [C3]
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!GetMessageW 770EFEF7 6 Bytes PUSH 00B8002E; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!TranslateMessage 770F01AD 6 Bytes PUSH 00B8A41D; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!DefWindowProcW 770F03B4 6 Bytes PUSH 00B86904; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!PeekMessageW 770F045A 6 Bytes PUSH 00B8007E; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!CallWindowProcW 770F095E 6 Bytes PUSH 00B86B3A; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!GetCursorPos 770F0B88 6 Bytes PUSH 00B7FE61; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!DefDlgProcA 770F26B8 6 Bytes PUSH 00B869D6; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!DefMDIChildProcA 770FB031 6 Bytes PUSH 00B86AF4; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!DefFrameProcA 770FB24F 6 Bytes PUSH 00B86A65; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!CallWindowProcA 770FB73E 6 Bytes PUSH 00B86B83; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!DefFrameProcW 770FD1F9 6 Bytes PUSH 00B86A1C; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!DefMDIChildProcW 770FD4F6 6 Bytes PUSH 00B86AAE; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!ReleaseCapture 771030A2 6 Bytes PUSH 00B7FF3F; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!SetCapture 771030AF 4 Bytes [68, E5, FE, B7]
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!SetCapture + 5 771030B4 1 Byte [C3]
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!SetCursorPos 77116FB2 6 Bytes PUSH 00B7FEA8; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!GetClipboardData 7711715A 6 Bytes PUSH 00B8A5CC; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] WS2_32.dll!closesocket 75CC330C 6 Bytes PUSH 00B7F57B; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] WS2_32.dll!getaddrinfo 75CC418A 6 Bytes PUSH 00B7F18C; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] WS2_32.dll!WSASend 75CC4496 6 Bytes PUSH 00B7F5D4; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] WS2_32.dll!send 75CC659B 6 Bytes PUSH 00B7F5B3; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] WS2_32.dll!gethostbyname 75CD62D4 6 Bytes PUSH 00B7F11C; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] CRYPT32.dll!PFXImportCertStore 7534989D 6 Bytes PUSH 00B91D51; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] WININET.dll!InternetReadFile 75A8655B 6 Bytes PUSH 00B919A3; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] WININET.dll!HttpQueryInfoA 75A8879D 6 Bytes PUSH 00B91AD6; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] WININET.dll!InternetCloseHandle 75A89098 6 Bytes PUSH 00B91936; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] WININET.dll!InternetQueryDataAvailable 75A8BF93 6 Bytes PUSH 00B91AAA; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] WININET.dll!HttpOpenRequestA 75A8D518 6 Bytes PUSH 00B91678; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] WININET.dll!HttpSendRequestW 75A8FACE 6 Bytes PUSH 00B916BC; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] WININET.dll!HttpOpenRequestW 75A8FC0B 6 Bytes PUSH 00B91634; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] WININET.dll!HttpSendRequestA 75A9EEA1 6 Bytes PUSH 00B91711; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] WININET.dll!InternetReadFileExA 75AA3271 6 Bytes PUSH 00B919D1; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] WININET.dll!InternetSetFilePointer 75AE5A11 6 Bytes PUSH 00B91A50; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] WININET.dll!HttpSendRequestExA 75AFA6DA 6 Bytes PUSH 00B91803; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] WININET.dll!HttpSendRequestExW 75AFA733 6 Bytes PUSH 00B91766; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] WININET.dll!HttpEndRequestA 75AFA7E2 6 Bytes PUSH 00B918A0; RET
.text C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] WININET.dll!HttpEndRequestW 75AFA814 6 Bytes PUSH 00B918EB; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] ntdll.dll!LdrLoadDll + 1 77329379 3 Bytes [E1, 39, 31]
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] ntdll.dll!LdrLoadDll + 5 7732937D 1 Byte [C3]
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] ntdll.dll!NtCreateUserProcess 77365674 4 Bytes [68, BC, 38, 31]
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] ntdll.dll!NtCreateUserProcess + 5 77365679 1 Byte [C3]
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] kernel32.dll!GetFileAttributesExW 77189C45 6 Bytes PUSH 00313C4A; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] kernel32.dll!ExitProcess 771B43B4 6 Bytes PUSH 00313C09; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] ADVAPI32.dll!CreateProcessAsUserA 759ACEB9 6 Bytes PUSH 00313CB0; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] ADVAPI32.dll!CreateProcessAsUserW 759C1EE9 6 Bytes PUSH 00313CC7; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!RegisterClassExA 770D61E1 6 Bytes PUSH 00316CF4; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!GetUpdateRgn 770D85E4 6 Bytes PUSH 0031FAD5; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!GetMessagePos 770D9071 6 Bytes PUSH 0030FE2F; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!GetCapture 770DA986 6 Bytes PUSH 0030FF8F; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!SwitchDesktop 770DB8D2 6 Bytes PUSH 003168E6; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!OpenInputDesktop 770DBCE6 4 Bytes [68, 96, 68, 31]
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!OpenInputDesktop + 5 770DBCEB 1 Byte [C3]
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!GetUpdateRect 770DD3E0 6 Bytes PUSH 0031FA42; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!RegisterClassExW 770DDA30 6 Bytes PUSH 00316CA2; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!DefWindowProcA 770DDB88 6 Bytes PUSH 0031694A; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!RegisterClassA 770DDF42 6 Bytes PUSH 00316C55; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!RegisterClassW 770DE1AB 6 Bytes PUSH 00316C08; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!GetWindowDC 770E3BA7 4 Bytes [68, C3, F9, 31]
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!GetWindowDC + 5 770E3BAC 1 Byte [C3]
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!DefDlgProcW 770E4A11 6 Bytes PUSH 00316990; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!GetDCEx 770E4D22 4 Bytes [68, 29, F9, 31]
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!GetDCEx + 5 770E4D27 1 Byte [C3]
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!PeekMessageA 770E8343 6 Bytes PUSH 003100A9; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!GetMessageA 770E8AB3 6 Bytes PUSH 00310056; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!GetDC 770E9C31 4 Bytes [68, 84, F9, 31]
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!GetDC + 5 770E9C36 1 Byte [C3]
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!ReleaseDC 770E9CED 6 Bytes PUSH 0031FA02; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!EndPaint 770EA28F 4 Bytes JMP 3A0ED48C
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!EndPaint + 5 770EA294 1 Byte [C3]
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!BeginPaint 770EA2A3 4 Bytes [68, 79, F8, 31]
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!BeginPaint + 5 770EA2A8 1 Byte [C3]
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!GetMessageW 770EFEF7 6 Bytes PUSH 0031002E; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!TranslateMessage 770F01AD 6 Bytes PUSH 0031A41D; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!DefWindowProcW 770F03B4 6 Bytes PUSH 00316904; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!PeekMessageW 770F045A 6 Bytes PUSH 0031007E; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!CallWindowProcW 770F095E 6 Bytes PUSH 00316B3A; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!GetCursorPos 770F0B88 6 Bytes PUSH 0030FE61; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!DefDlgProcA 770F26B8 6 Bytes PUSH 003169D6; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!DefMDIChildProcA 770FB031 6 Bytes PUSH 00316AF4; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!DefFrameProcA 770FB24F 6 Bytes PUSH 00316A65; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!CallWindowProcA 770FB73E 6 Bytes PUSH 00316B83; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!DefFrameProcW 770FD1F9 6 Bytes PUSH 00316A1C; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!DefMDIChildProcW 770FD4F6 6 Bytes PUSH 00316AAE; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!ReleaseCapture 771030A2 6 Bytes PUSH 0030FF3F; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!SetCapture 771030AF 4 Bytes [68, E5, FE, 30]
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!SetCapture + 5 771030B4 1 Byte [C3]
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!SetCursorPos 77116FB2 6 Bytes PUSH 0030FEA8; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!GetClipboardData 7711715A 6 Bytes PUSH 0031A5CC; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] WS2_32.dll!closesocket 75CC330C 6 Bytes PUSH 0030F57B; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] WS2_32.dll!getaddrinfo 75CC418A 6 Bytes PUSH 0030F18C; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] WS2_32.dll!WSASend 75CC4496 6 Bytes PUSH 0030F5D4; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] WS2_32.dll!send 75CC659B 6 Bytes PUSH 0030F5B3; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] WS2_32.dll!gethostbyname 75CD62D4 6 Bytes PUSH 0030F11C; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] CRYPT32.dll!PFXImportCertStore 7534989D 6 Bytes PUSH 00321D51; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] WININET.dll!InternetReadFile 75A8655B 6 Bytes PUSH 003219A3; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] WININET.dll!HttpQueryInfoA 75A8879D 6 Bytes PUSH 00321AD6; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] WININET.dll!InternetCloseHandle 75A89098 6 Bytes PUSH 00321936; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] WININET.dll!InternetQueryDataAvailable 75A8BF93 6 Bytes PUSH 00321AAA; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] WININET.dll!HttpOpenRequestA 75A8D518 6 Bytes PUSH 00321678; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] WININET.dll!HttpSendRequestW 75A8FACE 6 Bytes PUSH 003216BC; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] WININET.dll!HttpOpenRequestW 75A8FC0B 6 Bytes PUSH 00321634; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] WININET.dll!HttpSendRequestA 75A9EEA1 6 Bytes PUSH 00321711; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] WININET.dll!InternetReadFileExA 75AA3271 6 Bytes PUSH 003219D1; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] WININET.dll!InternetSetFilePointer 75AE5A11 6 Bytes PUSH 00321A50; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] WININET.dll!HttpSendRequestExA 75AFA6DA 6 Bytes PUSH 00321803; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] WININET.dll!HttpSendRequestExW 75AFA733 6 Bytes PUSH 00321766; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] WININET.dll!HttpEndRequestA 75AFA7E2 6 Bytes PUSH 003218A0; RET
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] WININET.dll!HttpEndRequestW 75AFA814 6 Bytes PUSH 003218EB; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] ntdll.dll!LdrLoadDll + 1 77329379 3 Bytes [E1, 39, 22]
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] ntdll.dll!LdrLoadDll + 5 7732937D 1 Byte [C3]
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] ntdll.dll!NtCreateUserProcess 77365674 4 Bytes [68, BC, 38, 22]
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] ntdll.dll!NtCreateUserProcess + 5 77365679 1 Byte [C3]
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] kernel32.dll!GetFileAttributesExW 77189C45 6 Bytes PUSH 00223C4A; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] kernel32.dll!ExitProcess 771B43B4 6 Bytes PUSH 00223C09; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!RegisterClassExA 770D61E1 6 Bytes PUSH 00226CF4; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!GetUpdateRgn 770D85E4 6 Bytes PUSH 0022FAD5; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!GetMessagePos 770D9071 6 Bytes PUSH 0021FE2F; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!GetCapture 770DA986 6 Bytes PUSH 0021FF8F; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!SwitchDesktop 770DB8D2 6 Bytes PUSH 002268E6; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!OpenInputDesktop 770DBCE6 4 Bytes [68, 96, 68, 22]
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!OpenInputDesktop + 5 770DBCEB 1 Byte [C3]
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!GetUpdateRect 770DD3E0 6 Bytes PUSH 0022FA42; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!RegisterClassExW 770DDA30 6 Bytes PUSH 00226CA2; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!DefWindowProcA 770DDB88 6 Bytes PUSH 0022694A; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!RegisterClassA 770DDF42 6 Bytes PUSH 00226C55; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!RegisterClassW 770DE1AB 6 Bytes PUSH 00226C08; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!GetWindowDC 770E3BA7 4 Bytes [68, C3, F9, 22]
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!GetWindowDC + 5 770E3BAC 1 Byte [C3]
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!DefDlgProcW 770E4A11 6 Bytes PUSH 00226990; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!GetDCEx 770E4D22 4 Bytes [68, 29, F9, 22]
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!GetDCEx + 5 770E4D27 1 Byte [C3]
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!PeekMessageA 770E8343 6 Bytes PUSH 002200A9; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!GetMessageA 770E8AB3 6 Bytes PUSH 00220056; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!GetDC 770E9C31 4 Bytes [68, 84, F9, 22]
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!GetDC + 5 770E9C36 1 Byte [C3]
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!ReleaseDC 770E9CED 6 Bytes PUSH 0022FA02; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!EndPaint 770EA28F 4 Bytes JMP 3A0EC58C
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!EndPaint + 5 770EA294 1 Byte [C3]
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!BeginPaint 770EA2A3 4 Bytes [68, 79, F8, 22]
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!BeginPaint + 5 770EA2A8 1 Byte [C3]
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!GetMessageW 770EFEF7 6 Bytes PUSH 0022002E; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!TranslateMessage 770F01AD 6 Bytes PUSH 0022A41D; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!DefWindowProcW 770F03B4 6 Bytes PUSH 00226904; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!PeekMessageW 770F045A 6 Bytes PUSH 0022007E; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!CallWindowProcW 770F095E 6 Bytes PUSH 00226B3A; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!GetCursorPos 770F0B88 6 Bytes PUSH 0021FE61; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!DefDlgProcA 770F26B8 6 Bytes PUSH 002269D6; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!DefMDIChildProcA 770FB031 6 Bytes PUSH 00226AF4; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!DefFrameProcA 770FB24F 6 Bytes PUSH 00226A65; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!CallWindowProcA 770FB73E 6 Bytes PUSH 00226B83; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!DefFrameProcW 770FD1F9 6 Bytes PUSH 00226A1C; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!DefMDIChildProcW 770FD4F6 6 Bytes PUSH 00226AAE; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!ReleaseCapture 771030A2 6 Bytes PUSH 0021FF3F; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!SetCapture 771030AF 4 Bytes [68, E5, FE, 21]
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!SetCapture + 5 771030B4 1 Byte [C3]
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!SetCursorPos 77116FB2 6 Bytes PUSH 0021FEA8; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!GetClipboardData 7711715A 6 Bytes PUSH 0022A5CC; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] ADVAPI32.dll!CreateProcessAsUserA 759ACEB9 6 Bytes PUSH 00223CB0; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] ADVAPI32.dll!CreateProcessAsUserW 759C1EE9 6 Bytes PUSH 00223CC7; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] WS2_32.dll!closesocket 75CC330C 6 Bytes PUSH 0021F57B; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] WS2_32.dll!getaddrinfo 75CC418A 6 Bytes PUSH 0021F18C; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] WS2_32.dll!WSASend 75CC4496 6 Bytes PUSH 0021F5D4; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] WS2_32.dll!send 75CC659B 6 Bytes PUSH 0021F5B3; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] WS2_32.dll!gethostbyname 75CD62D4 6 Bytes PUSH 0021F11C; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] CRYPT32.dll!PFXImportCertStore 7534989D 6 Bytes PUSH 00231D51; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] WININET.dll!InternetReadFile 75A8655B 6 Bytes PUSH 002319A3; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] WININET.dll!HttpQueryInfoA 75A8879D 6 Bytes PUSH 00231AD6; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] WININET.dll!InternetCloseHandle 75A89098 6 Bytes PUSH 00231936; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] WININET.dll!InternetQueryDataAvailable 75A8BF93 6 Bytes PUSH 00231AAA; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] WININET.dll!HttpOpenRequestA 75A8D518 6 Bytes PUSH 00231678; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] WININET.dll!HttpSendRequestW 75A8FACE 6 Bytes PUSH 002316BC; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] WININET.dll!HttpOpenRequestW 75A8FC0B 6 Bytes PUSH 00231634; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] WININET.dll!HttpSendRequestA 75A9EEA1 6 Bytes PUSH 00231711; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] WININET.dll!InternetReadFileExA 75AA3271 6 Bytes PUSH 002319D1; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] WININET.dll!InternetSetFilePointer 75AE5A11 6 Bytes PUSH 00231A50; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] WININET.dll!HttpSendRequestExA 75AFA6DA 6 Bytes PUSH 00231803; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] WININET.dll!HttpSendRequestExW 75AFA733 6 Bytes PUSH 00231766; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] WININET.dll!HttpEndRequestA 75AFA7E2 6 Bytes PUSH 002318A0; RET
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] WININET.dll!HttpEndRequestW 75AFA814 6 Bytes PUSH 002318EB; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] ntdll.dll!LdrLoadDll + 1 77329379 3 Bytes [E1, 39, 14]
.text C:\Program Files\Apoint\Apntex.exe[4008] ntdll.dll!LdrLoadDll + 5 7732937D 1 Byte [C3]
.text C:\Program Files\Apoint\Apntex.exe[4008] ntdll.dll!NtCreateUserProcess 77365674 4 Bytes [68, BC, 38, 14]
.text C:\Program Files\Apoint\Apntex.exe[4008] ntdll.dll!NtCreateUserProcess + 5 77365679 1 Byte [C3]
.text C:\Program Files\Apoint\Apntex.exe[4008] kernel32.dll!GetFileAttributesExW 77189C45 6 Bytes PUSH 00143C4A; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] kernel32.dll!ExitProcess 771B43B4 6 Bytes PUSH 00143C09; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!RegisterClassExA 770D61E1 6 Bytes PUSH 00146CF4; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!GetUpdateRgn 770D85E4 6 Bytes PUSH 0014FAD5; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!GetMessagePos 770D9071 6 Bytes PUSH 0013FE2F; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!GetCapture 770DA986 3 Bytes [68, 8F, FF]
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!GetCapture + 4 770DA98A 2 Bytes [00, C3] {ADD BL, AL}
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!SwitchDesktop 770DB8D2 6 Bytes PUSH 001468E6; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!OpenInputDesktop 770DBCE6 4 Bytes [68, 96, 68, 14]
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!OpenInputDesktop + 5 770DBCEB 1 Byte [C3]
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!GetUpdateRect 770DD3E0 6 Bytes PUSH 0014FA42; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!RegisterClassExW 770DDA30 6 Bytes PUSH 00146CA2; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!DefWindowProcA 770DDB88 6 Bytes PUSH 0014694A; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!RegisterClassA 770DDF42 6 Bytes PUSH 00146C55; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!RegisterClassW 770DE1AB 6 Bytes PUSH 00146C08; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!GetWindowDC 770E3BA7 4 Bytes [68, C3, F9, 14]
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!GetWindowDC + 5 770E3BAC 1 Byte [C3]
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!DefDlgProcW 770E4A11 6 Bytes PUSH 00146990; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!GetDCEx 770E4D22 4 Bytes [68, 29, F9, 14]
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!GetDCEx + 5 770E4D27 1 Byte [C3]
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!PeekMessageA 770E8343 6 Bytes PUSH 001400A9; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!GetMessageA 770E8AB3 6 Bytes PUSH 00140056; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!GetDC 770E9C31 4 Bytes [68, 84, F9, 14]
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!GetDC + 5 770E9C36 1 Byte [C3]
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!ReleaseDC 770E9CED 6 Bytes PUSH 0014FA02; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!EndPaint 770EA28F 4 Bytes JMP 3A0EB78C
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!EndPaint + 5 770EA294 1 Byte [C3]
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!BeginPaint 770EA2A3 4 Bytes [68, 79, F8, 14]
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!BeginPaint + 5 770EA2A8 1 Byte [C3]
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!GetMessageW 770EFEF7 6 Bytes PUSH 0014002E; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!TranslateMessage 770F01AD 6 Bytes PUSH 0014A41D; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!DefWindowProcW 770F03B4 6 Bytes PUSH 00146904; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!PeekMessageW 770F045A 6 Bytes PUSH 0014007E; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!CallWindowProcW 770F095E 6 Bytes PUSH 00146B3A; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!GetCursorPos 770F0B88 6 Bytes PUSH 0013FE61; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!DefDlgProcA 770F26B8 6 Bytes PUSH 001469D6; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!DefMDIChildProcA 770FB031 6 Bytes PUSH 00146AF4; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!DefFrameProcA 770FB24F 6 Bytes PUSH 00146A65; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!CallWindowProcA 770FB73E 6 Bytes PUSH 00146B83; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!DefFrameProcW 770FD1F9 6 Bytes PUSH 00146A1C; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!DefMDIChildProcW 770FD4F6 6 Bytes PUSH 00146AAE; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!ReleaseCapture 771030A2 6 Bytes PUSH 0013FF3F; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!SetCapture 771030AF 4 Bytes [68, E5, FE, 13]
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!SetCapture + 5 771030B4 1 Byte [C3]
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!SetCursorPos 77116FB2 6 Bytes PUSH 0013FEA8; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!GetClipboardData 7711715A 6 Bytes PUSH 0014A5CC; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] ADVAPI32.dll!CreateProcessAsUserA 759ACEB9 6 Bytes PUSH 00143CB0; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] ADVAPI32.dll!CreateProcessAsUserW 759C1EE9 6 Bytes PUSH 00143CC7; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] WS2_32.dll!closesocket 75CC330C 6 Bytes PUSH 0013F57B; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] WS2_32.dll!getaddrinfo 75CC418A 6 Bytes PUSH 0013F18C; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] WS2_32.dll!WSASend 75CC4496 6 Bytes PUSH 0013F5D4; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] WS2_32.dll!send 75CC659B 6 Bytes PUSH 0013F5B3; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] WS2_32.dll!gethostbyname 75CD62D4 6 Bytes PUSH 0013F11C; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] CRYPT32.dll!PFXImportCertStore 7534989D 6 Bytes PUSH 00151D51; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] WININET.dll!InternetReadFile 75A8655B 6 Bytes PUSH 001519A3; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] WININET.dll!HttpQueryInfoA 75A8879D 6 Bytes PUSH 00151AD6; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] WININET.dll!InternetCloseHandle 75A89098 6 Bytes PUSH 00151936; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] WININET.dll!InternetQueryDataAvailable 75A8BF93 6 Bytes PUSH 00151AAA; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] WININET.dll!HttpOpenRequestA 75A8D518 6 Bytes PUSH 00151678; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] WININET.dll!HttpSendRequestW 75A8FACE 6 Bytes PUSH 001516BC; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] WININET.dll!HttpOpenRequestW 75A8FC0B 6 Bytes PUSH 00151634; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] WININET.dll!HttpSendRequestA 75A9EEA1 6 Bytes PUSH 00151711; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] WININET.dll!InternetReadFileExA 75AA3271 6 Bytes PUSH 001519D1; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] WININET.dll!InternetSetFilePointer 75AE5A11 6 Bytes PUSH 00151A50; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] WININET.dll!HttpSendRequestExA 75AFA6DA 6 Bytes PUSH 00151803; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] WININET.dll!HttpSendRequestExW 75AFA733 6 Bytes PUSH 00151766; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] WININET.dll!HttpEndRequestA 75AFA7E2 6 Bytes PUSH 001518A0; RET
.text C:\Program Files\Apoint\Apntex.exe[4008] WININET.dll!HttpEndRequestW 75AFA814 6 Bytes PUSH 001518EB; RET
.text C:\Windows\ehome\ehmsas.exe[4240] ntdll.dll!LdrLoadDll + 1 77329379 3 Bytes [E1, 39, 7F]
.text C:\Windows\ehome\ehmsas.exe[4240] ntdll.dll!LdrLoadDll + 5 7732937D 1 Byte [C3]
.text C:\Windows\ehome\ehmsas.exe[4240] ntdll.dll!NtCreateUserProcess 77365674 4 Bytes [68, BC, 38, 7F]
.text C:\Windows\ehome\ehmsas.exe[4240] ntdll.dll!NtCreateUserProcess + 5 77365679 1 Byte [C3]
.text C:\Windows\ehome\ehmsas.exe[4240] kernel32.dll!GetFileAttributesExW 77189C45 6 Bytes PUSH 007F3C4A; RET
.text C:\Windows\ehome\ehmsas.exe[4240] kernel32.dll!ExitProcess 771B43B4 6 Bytes PUSH 007F3C09; RET
.text C:\Windows\ehome\ehmsas.exe[4240] ADVAPI32.dll!CreateProcessAsUserA 759ACEB9 6 Bytes PUSH 007F3CB0; RET
.text C:\Windows\ehome\ehmsas.exe[4240] ADVAPI32.dll!CreateProcessAsUserW 759C1EE9 6 Bytes PUSH 007F3CC7; RET
.text C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!RegisterClassExA 770D61E1 6 Bytes PUSH 007F6CF4; RET
.text C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!GetUpdateRgn 770D85E4 6 Bytes PUSH 007FFAD5; RET
.text C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!GetMessagePos 770D9071 6 Bytes PUSH 007EFE2F; RET
.text C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!GetCapture 770DA986 6 Bytes PUSH 007EFF8F; RET
.text C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!SwitchDesktop 770DB8D2 6 Bytes PUSH 007F68E6; RET
.text C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!OpenInputDesktop 770DBCE6 4 Bytes [68, 96, 68, 7F]
.text C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!OpenInputDesktop + 5 770DBCEB 1 Byte [C3]
.text C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!GetUpdateRect 770DD3E0 6 Bytes PUSH 007FFA42; RET
.text C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!RegisterClassExW 770DDA30 6 Bytes PUSH 007F6CA2; RET
.text C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!DefWindowProcA 770DDB88 6 Bytes PUSH 007F694A; RET
.text C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!RegisterClassA 770DDF42 6 Bytes PUSH 007F6C55; RET
.text C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!RegisterClassW 770DE1AB 6 Bytes PUSH 007F6C08; RET
.text C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!GetWindowDC 770E3BA7 4 Bytes [68, C3, F9, 7F]
.text C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!GetWindowDC + 5 770E3BAC 1 Byte [C3]
.text C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!DefDlgProcW 770E4A11 6 Bytes PUSH 007F6990; RET
.text C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!GetDCEx 770E4D22 4 Bytes [68, 29, F9, 7F]
.text C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!GetDCEx + 5 770E4D27 1 Byte [C3]
.text C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!PeekMessageA 770E8343 6 Bytes PUSH 007F00A9; RET
.text C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!GetMessageA 770E8AB3 6 Bytes PUSH 007F0056; RET
.text C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!GetDC 770E9C31 4 Bytes [68, 84, F9, 7F]
.text C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!GetDC + 5 770E9C36 1 Byte [C3]
.text C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!ReleaseDC 770E9CED 6 Bytes PUSH 007FFA02; RET
.text C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!EndPaint 770EA28F 4 Bytes JMP 3A0F228C
.text C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!EndPaint + 5 770EA294 1 Byte [C3]
.text C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!BeginPaint 770EA2A3 4 Bytes [68, 79, F8, 7F]
.text C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!BeginPaint + 5 770EA2A8 1 Byte [C3]
.text C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!GetMessageW 770EFEF7 6 Bytes PUSH 007F002E; RET
.text C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!TranslateMessage 770F01AD 6 Bytes PUSH 007FA41D; RET
.text C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!DefWindowProcW 770F03B4 6 Bytes PUSH 007F6904; RET
.text C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!PeekMessageW 770F045A 6 Bytes PUSH 007F007E; RET
.text C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!CallWindowProcW 770F095E 6 Bytes PUSH 007F6B3A; RET
.text C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!GetCursorPos 770F0B88 6 Bytes PUSH 007EFE61; RET
.text C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!DefDlgProcA 770F26B8 6 Bytes PUSH 007F69D6; RET
.text C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!DefMDIChildProcA 770FB031 6 Bytes PUSH 007F6AF4; RET
.text C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!DefFrameProcA 770FB24F 6 Bytes PUSH 007F6A65; RET
.text C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!CallWindowProcA 770FB73E 6 Bytes PUSH 007F6B83; RET
.text C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!DefFrameProcW 770FD1F9 6 Bytes PUSH 007F6A1C; RET
.text C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!DefMDIChildProcW 770FD4F6 6 Bytes PUSH 007F6AAE; RET
.text C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!ReleaseCapture 771030A2 6 Bytes PUSH 007EFF3F; RET
.text C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!SetCapture 771030AF 4 Bytes [68, E5, FE, 7E]
.text C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!SetCapture + 5 771030B4 1 Byte [C3]
.text C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!SetCursorPos 77116FB2 6 Bytes PUSH 007EFEA8; RET
.text C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!GetClipboardData 7711715A 6 Bytes PUSH 007FA5CC; RET
.text C:\Windows\ehome\ehmsas.exe[4240] WS2_32.dll!closesocket 75CC330C 6 Bytes PUSH 007EF57B; RET
.text C:\Windows\ehome\ehmsas.exe[4240] WS2_32.dll!getaddrinfo 75CC418A 6 Bytes PUSH 007EF18C; RET
.text C:\Windows\ehome\ehmsas.exe[4240] WS2_32.dll!WSASend 75CC4496 6 Bytes PUSH 007EF5D4; RET
.text C:\Windows\ehome\ehmsas.exe[4240] WS2_32.dll!send 75CC659B 6 Bytes PUSH 007EF5B3; RET
.text C:\Windows\ehome\ehmsas.exe[4240] WS2_32.dll!gethostbyname 75CD62D4 6 Bytes PUSH 007EF11C; RET
.text C:\Windows\ehome\ehmsas.exe[4240] CRYPT32.dll!PFXImportCertStore 7534989D 6 Bytes PUSH 00801D51; RET
.text C:\Windows\ehome\ehmsas.exe[4240] WININET.dll!InternetReadFile 75A8655B 6 Bytes PUSH 008019A3; RET
.text C:\Windows\ehome\ehmsas.exe[4240] WININET.dll!HttpQueryInfoA 75A8879D 6 Bytes PUSH 00801AD6; RET
.text C:\Windows\ehome\ehmsas.exe[4240] WININET.dll!InternetCloseHandle 75A89098 6 Bytes PUSH 00801936; RET
.text C:\Windows\ehome\ehmsas.exe[4240] WININET.dll!InternetQueryDataAvailable 75A8BF93 6 Bytes PUSH 00801AAA; RET
.text C:\Windows\ehome\ehmsas.exe[4240] WININET.dll!HttpOpenRequestA 75A8D518 6 Bytes PUSH 00801678; RET
.text C:\Windows\ehome\ehmsas.exe[4240] WININET.dll!HttpSendRequestW 75A8FACE 6 Bytes PUSH 008016BC; RET
.text C:\Windows\ehome\ehmsas.exe[4240] WININET.dll!HttpOpenRequestW 75A8FC0B 6 Bytes PUSH 00801634; RET
.text C:\Windows\ehome\ehmsas.exe[4240] WININET.dll!HttpSendRequestA 75A9EEA1 6 Bytes PUSH 00801711; RET
.text C:\Windows\ehome\ehmsas.exe[4240] WININET.dll!InternetReadFileExA 75AA3271 6 Bytes PUSH 008019D1; RET
.text C:\Windows\ehome\ehmsas.exe[4240] WININET.dll!InternetSetFilePointer 75AE5A11 6 Bytes PUSH 00801A50; RET
.text C:\Windows\ehome\ehmsas.exe[4240] WININET.dll!HttpSendRequestExA 75AFA6DA 6 Bytes PUSH 00801803; RET
.text C:\Windows\ehome\ehmsas.exe[4240] WININET.dll!HttpSendRequestExW 75AFA733 6 Bytes PUSH 00801766; RET
.text C:\Windows\ehome\ehmsas.exe[4240] WININET.dll!HttpEndRequestA 75AFA7E2 6 Bytes PUSH 008018A0; RET
.text C:\Windows\ehome\ehmsas.exe[4240] WININET.dll!HttpEndRequestW 75AFA814 6 Bytes PUSH 008018EB; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] ntdll.dll!LdrLoadDll + 1 77329379 5 Bytes [E1, 39, B3, 01, C3] {LOOPZ 0x3b; MOV BL, 0x1; RET }
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] ntdll.dll!NtCreateUserProcess 77365674 6 Bytes PUSH 01B338BC; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] KERNEL32.dll!GetFileAttributesExW 77189C45 6 Bytes PUSH 01B33C4A; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] KERNEL32.dll!ExitProcess 771B43B4 6 Bytes PUSH 01B33C09; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] ADVAPI32.dll!CreateProcessAsUserA 759ACEB9 6 Bytes PUSH 01B33CB0; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] ADVAPI32.dll!CreateProcessAsUserW 759C1EE9 6 Bytes PUSH 01B33CC7; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!RegisterClassExA 770D61E1 6 Bytes PUSH 01B36CF4; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!GetUpdateRgn 770D85E4 6 Bytes PUSH 01B3FAD5; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!GetMessagePos 770D9071 6 Bytes PUSH 01B2FE2F; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!GetCapture 770DA986 6 Bytes PUSH 01B2FF8F; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!SwitchDesktop 770DB8D2 6 Bytes PUSH 01B368E6; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!OpenInputDesktop 770DBCE6 6 Bytes PUSH 01B36896; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!GetUpdateRect 770DD3E0 6 Bytes PUSH 01B3FA42; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!RegisterClassExW 770DDA30 6 Bytes PUSH 01B36CA2; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!DefWindowProcA 770DDB88 6 Bytes PUSH 01B3694A; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!RegisterClassA 770DDF42 6 Bytes PUSH 01B36C55; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!RegisterClassW 770DE1AB 6 Bytes PUSH 01B36C08; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!GetWindowDC 770E3BA7 6 Bytes PUSH 01B3F9C3; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!DefDlgProcW 770E4A11 6 Bytes PUSH 01B36990; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!GetDCEx 770E4D22 6 Bytes PUSH 01B3F929; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!PeekMessageA 770E8343 6 Bytes PUSH 01B300A9; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!GetMessageA 770E8AB3 6 Bytes PUSH 01B30056; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!GetDC 770E9C31 6 Bytes PUSH 01B3F984; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!ReleaseDC 770E9CED 6 Bytes PUSH 01B3FA02; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!EndPaint 770EA28F 6 Bytes JMP 3A10568C
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!BeginPaint 770EA2A3 6 Bytes PUSH 01B3F879; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!GetMessageW 770EFEF7 6 Bytes PUSH 01B3002E; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!TranslateMessage 770F01AD 6 Bytes PUSH 01B3A41D; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!DefWindowProcW 770F03B4 6 Bytes PUSH 01B36904; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!PeekMessageW 770F045A 6 Bytes PUSH 01B3007E; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!CallWindowProcW 770F095E 6 Bytes PUSH 01B36B3A; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!GetCursorPos 770F0B88 6 Bytes PUSH 01B2FE61; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!DefDlgProcA 770F26B8 6 Bytes PUSH 01B369D6; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!DefMDIChildProcA 770FB031 6 Bytes PUSH 01B36AF4; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!DefFrameProcA 770FB24F 6 Bytes PUSH 01B36A65; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!CallWindowProcA 770FB73E 6 Bytes PUSH 01B36B83; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!DefFrameProcW 770FD1F9 6 Bytes PUSH 01B36A1C; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!DefMDIChildProcW 770FD4F6 6 Bytes PUSH 01B36AAE; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!ReleaseCapture 771030A2 6 Bytes PUSH 01B2FF3F; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!SetCapture 771030AF 6 Bytes PUSH 01B2FEE5; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!SetCursorPos 77116FB2 6 Bytes PUSH 01B2FEA8; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!GetClipboardData 7711715A 6 Bytes PUSH 01B3A5CC; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] CRYPT32.dll!PFXImportCertStore 7534989D 6 Bytes PUSH 01B41D51; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] WS2_32.dll!closesocket 75CC330C 6 Bytes PUSH 01B2F57B; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] WS2_32.dll!getaddrinfo 75CC418A 6 Bytes PUSH 01B2F18C; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] WS2_32.dll!WSASend 75CC4496 6 Bytes PUSH 01B2F5D4; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] WS2_32.dll!send 75CC659B 6 Bytes PUSH 01B2F5B3; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] WS2_32.dll!gethostbyname 75CD62D4 6 Bytes PUSH 01B2F11C; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] WININET.dll!InternetReadFile 75A8655B 6 Bytes PUSH 01B419A3; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] WININET.dll!HttpQueryInfoA 75A8879D 6 Bytes PUSH 01B41AD6; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] WININET.dll!InternetCloseHandle 75A89098 6 Bytes PUSH 01B41936; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] WININET.dll!InternetQueryDataAvailable 75A8BF93 6 Bytes PUSH 01B41AAA; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] WININET.dll!HttpOpenRequestA 75A8D518 6 Bytes PUSH 01B41678; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] WININET.dll!HttpSendRequestW 75A8FACE 6 Bytes PUSH 01B416BC; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] WININET.dll!HttpOpenRequestW 75A8FC0B 6 Bytes PUSH 01B41634; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] WININET.dll!HttpSendRequestA 75A9EEA1 6 Bytes PUSH 01B41711; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] WININET.dll!InternetReadFileExA 75AA3271 6 Bytes PUSH 01B419D1; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] WININET.dll!InternetSetFilePointer 75AE5A11 6 Bytes PUSH 01B41A50; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] WININET.dll!HttpSendRequestExA 75AFA6DA 6 Bytes PUSH 01B41803; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] WININET.dll!HttpSendRequestExW 75AFA733 6 Bytes PUSH 01B41766; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] WININET.dll!HttpEndRequestA 75AFA7E2 6 Bytes PUSH 01B418A0; RET
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] WININET.dll!HttpEndRequestW 75AFA814 6 Bytes PUSH 01B418EB; RET
.text C:\Windows\system32\conime.exe[5592] ntdll.dll!LdrLoadDll + 1 77329379 3 Bytes [E1, 39, 04]
.text C:\Windows\system32\conime.exe[5592] ntdll.dll!LdrLoadDll + 5 7732937D 1 Byte [C3]
.text C:\Windows\system32\conime.exe[5592] ntdll.dll!NtCreateUserProcess 77365674 4 Bytes [68, BC, 38, 04]
.text C:\Windows\system32\conime.exe[5592] ntdll.dll!NtCreateUserProcess + 5 77365679 1 Byte [C3]
.text C:\Windows\system32\conime.exe[5592] kernel32.dll!GetFileAttributesExW 77189C45 6 Bytes PUSH 00043C4A; RET
.text C:\Windows\system32\conime.exe[5592] kernel32.dll!ExitProcess 771B43B4 6 Bytes PUSH 00043C09; RET
.text C:\Windows\system32\conime.exe[5592] ADVAPI32.dll!CreateProcessAsUserA 759ACEB9 6 Bytes PUSH 00043CB0; RET
.text C:\Windows\system32\conime.exe[5592] ADVAPI32.dll!CreateProcessAsUserW 759C1EE9 6 Bytes PUSH 00043CC7; RET
.text C:\Windows\system32\conime.exe[5592] USER32.dll!RegisterClassExA 770D61E1 6 Bytes PUSH 00046CF4; RET
.text C:\Windows\system32\conime.exe[5592] USER32.dll!GetUpdateRgn 770D85E4 6 Bytes PUSH 0004FAD5; RET
.text C:\Windows\system32\conime.exe[5592] USER32.dll!GetMessagePos 770D9071 6 Bytes PUSH 0003FE2F; RET
.text C:\Windows\system32\conime.exe[5592] USER32.dll!GetCapture 770DA986 6 Bytes PUSH 0003FF8F; RET
.text C:\Windows\system32\conime.exe[5592] USER32.dll!SwitchDesktop 770DB8D2 6 Bytes PUSH 000468E6; RET
.text C:\Windows\system32\conime.exe[5592] USER32.dll!OpenInputDesktop 770DBCE6 4 Bytes [68, 96, 68, 04]
.text C:\Windows\system32\conime.exe[5592] USER32.dll!OpenInputDesktop + 5 770DBCEB 1 Byte [C3]
.text C:\Windows\system32\conime.exe[5592] USER32.dll!GetUpdateRect 770DD3E0 6 Bytes PUSH 0004FA42; RET
.text C:\Windows\system32\conime.exe[5592] USER32.dll!RegisterClassExW 770DDA30 6 Bytes PUSH 00046CA2; RET
.text C:\Windows\system32\conime.exe[5592] USER32.dll!DefWindowProcA 770DDB88 6 Bytes PUSH 0004694A; RET
.text C:\Windows\system32\conime.exe[5592] USER32.dll!RegisterClassA 770DDF42 6 Bytes PUSH 00046C55; RET
.text C:\Windows\system32\conime.exe[5592] USER32.dll!RegisterClassW 770DE1AB 6 Bytes PUSH 00046C08; RET
.text C:\Windows\system32\conime.exe[5592] USER32.dll!GetWindowDC 770E3BA7 4 Bytes [68, C3, F9, 04]
.text C:\Windows\system32\conime.exe[5592] USER32.dll!GetWindowDC + 5 770E3BAC 1 Byte [C3]
.text C:\Windows\system32\conime.exe[5592] USER32.dll!DefDlgProcW 770E4A11 6 Bytes PUSH 00046990; RET
.text C:\Windows\system32\conime.exe[5592] USER32.dll!GetDCEx 770E4D22 4 Bytes [68, 29, F9, 04]
.text C:\Windows\system32\conime.exe[5592] USER32.dll!GetDCEx + 5 770E4D27 1 Byte [C3]
.text C:\Windows\system32\conime.exe[5592] USER32.dll!PeekMessageA 770E8343 6 Bytes PUSH 000400A9; RET
.text C:\Windows\system32\conime.exe[5592] USER32.dll!GetMessageA 770E8AB3 6 Bytes PUSH 00040056; RET
.text C:\Windows\system32\conime.exe[5592] USER32.dll!GetDC 770E9C31 4 Bytes [68, 84, F9, 04]
.text C:\Windows\system32\conime.exe[5592] USER32.dll!GetDC + 5 770E9C36 1 Byte [C3]
.text C:\Windows\system32\conime.exe[5592] USER32.dll!ReleaseDC 770E9CED 6 Bytes PUSH 0004FA02; RET
.text C:\Windows\system32\conime.exe[5592] USER32.dll!EndPaint 770EA28F 4 Bytes JMP 3A0EA78C
.text C:\Windows\system32\conime.exe[5592] USER32.dll!EndPaint + 5 770EA294 1 Byte [C3]
.text C:\Windows\system32\conime.exe[5592] USER32.dll!BeginPaint 770EA2A3 4 Bytes [68, 79, F8, 04]
.text C:\Windows\system32\conime.exe[5592] USER32.dll!BeginPaint + 5 770EA2A8 1 Byte [C3]
.text C:\Windows\system32\conime.exe[5592] USER32.dll!GetMessageW 770EFEF7 6 Bytes PUSH 0004002E; RET
.text C:\Windows\system32\conime.exe[5592] USER32.dll!TranslateMessage 770F01AD 6 Bytes PUSH 0004A41D; RET
.text C:\Windows\system32\conime.exe[5592] USER32.dll!DefWindowProcW 770F03B4 6 Bytes PUSH 00046904; RET
.text C:\Windows\system32\conime.exe[5592] USER32.dll!PeekMessageW 770F045A 6 Bytes PUSH 0004007E; RET
.text C:\Windows\system32\conime.exe[5592] USER32.dll!CallWindowProcW 770F095E 6 Bytes PUSH 00046B3A; RET
.text C:\Windows\system32\conime.exe[5592] USER32.dll!GetCursorPos 770F0B88 6 Bytes PUSH 0003FE61; RET
.text C:\Windows\system32\conime.exe[5592] USER32.dll!DefDlgProcA 770F26B8 6 Bytes PUSH 000469D6; RET
.text C:\Windows\system32\conime.exe[5592] USER32.dll!DefMDIChildProcA 770FB031 6 Bytes PUSH 00046AF4; RET
.text C:\Windows\system32\conime.exe[5592] USER32.dll!DefFrameProcA 770FB24F 6 Bytes PUSH 00046A65; RET
.text C:\Windows\system32\conime.exe[5592] USER32.dll!CallWindowProcA 770FB73E 6 Bytes PUSH 00046B83; RET
.text C:\Windows\system32\conime.exe[5592] USER32.dll!DefFrameProcW 770FD1F9 6 Bytes PUSH 00046A1C; RET
.text C:\Windows\system32\conime.exe[5592] USER32.dll!DefMDIChildProcW 770FD4F6 6 Bytes PUSH 00046AAE; RET
.text C:\Windows\system32\conime.exe[5592] USER32.dll!ReleaseCapture 771030A2 6 Bytes PUSH 0003FF3F; RET
.text C:\Windows\system32\conime.exe[5592] USER32.dll!SetCapture 771030AF 4 Bytes [68, E5, FE, 03]
.text C:\Windows\system32\conime.exe[5592] USER32.dll!SetCapture + 5 771030B4 1 Byte [C3]
.text C:\Windows\system32\conime.exe[5592] USER32.dll!SetCursorPos 77116FB2 6 Bytes PUSH 0003FEA8; RET
.text C:\Windows\system32\conime.exe[5592] USER32.dll!GetClipboardData 7711715A 6 Bytes PUSH 0004A5CC; RET
.text C:\Windows\system32\conime.exe[5592] WS2_32.dll!closesocket 75CC330C 6 Bytes PUSH 0003F57B; RET
.text C:\Windows\system32\conime.exe[5592] WS2_32.dll!getaddrinfo 75CC418A 6 Bytes PUSH 0003F18C; RET
.text C:\Windows\system32\conime.exe[5592] WS2_32.dll!WSASend 75CC4496 6 Bytes PUSH 0003F5D4; RET
.text C:\Windows\system32\conime.exe[5592] WS2_32.dll!send 75CC659B 6 Bytes PUSH 0003F5B3; RET
.text C:\Windows\system32\conime.exe[5592] WS2_32.dll!gethostbyname 75CD62D4 6 Bytes PUSH 0003F11C; RET
.text C:\Windows\system32\conime.exe[5592] CRYPT32.dll!PFXImportCertStore 7534989D 6 Bytes PUSH 00051D51; RET
.text C:\Windows\system32\conime.exe[5592] WININET.dll!InternetReadFile 75A8655B 6 Bytes PUSH 000519A3; RET
.text C:\Windows\system32\conime.exe[5592] WININET.dll!HttpQueryInfoA 75A8879D 6 Bytes PUSH 00051AD6; RET
.text C:\Windows\system32\conime.exe[5592] WININET.dll!InternetCloseHandle 75A89098 6 Bytes PUSH 00051936; RET
.text C:\Windows\system32\conime.exe[5592] WININET.dll!InternetQueryDataAvailable 75A8BF93 6 Bytes PUSH 00051AAA; RET
.text C:\Windows\system32\conime.exe[5592] WININET.dll!HttpOpenRequestA 75A8D518 6 Bytes PUSH 00051678; RET
.text C:\Windows\system32\conime.exe[5592] WININET.dll!HttpSendRequestW 75A8FACE 6 Bytes PUSH 000516BC; RET
.text C:\Windows\system32\conime.exe[5592] WININET.dll!HttpOpenRequestW 75A8FC0B 6 Bytes PUSH 00051634; RET
.text C:\Windows\system32\conime.exe[5592] WININET.dll!HttpSendRequestA 75A9EEA1 6 Bytes PUSH 00051711; RET
.text C:\Windows\system32\conime.exe[5592] WININET.dll!InternetReadFileExA 75AA3271 6 Bytes PUSH 000519D1; RET
.text C:\Windows\system32\conime.exe[5592] WININET.dll!InternetSetFilePointer 75AE5A11 6 Bytes PUSH 00051A50; RET
.text C:\Windows\system32\conime.exe[5592] WININET.dll!HttpSendRequestExA 75AFA6DA 6 Bytes PUSH 00051803; RET
.text C:\Windows\system32\conime.exe[5592] WININET.dll!HttpSendRequestExW 75AFA733 6 Bytes PUSH 00051766; RET
.text C:\Windows\system32\conime.exe[5592] WININET.dll!HttpEndRequestA 75AFA7E2 6 Bytes PUSH 000518A0; RET
.text C:\Windows\system32\conime.exe[5592] WININET.dll!HttpEndRequestW 75AFA814 6 Bytes PUSH 000518EB; RET
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00214fb4849e
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002433d141d5
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002433d141d5@00236ca08731 0x70 0x6B 0xD5 0xF3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002433d141d5@2021a5623e0f 0xB9 0xD2 0x81 0x92 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002433d141d5@28cfdae9871d 0xDA 0x85 0xF7 0x66 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00214fb4849e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002433d141d5 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002433d141d5@00236ca08731 0x70 0x6B 0xD5 0xF3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002433d141d5@2021a5623e0f 0xB9 0xD2 0x81 0x92 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002433d141d5@28cfdae9871d 0xDA 0x85 0xF7 0x66 ...
---- EOF - GMER 2.1 ----
|
|
07.05.2013, 22:04
| #5 |
| | Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F sowie TR/Agent.385024.338 Tut mir leid, ich komm nich mit diesem #code zeug nicht zurecht... deswegen die ganzen antworten, bitte sehts mir nach Geändert von KlausKlaus (07.05.2013 um 22:11 Uhr) |
|
10.05.2013, 23:07
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F sowie TR/Agent.385024.338 Zitat:
 Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520 Bitte alles nach Möglichkeit hier in CODE-Tags posten.  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ --> Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F sowie TR/Agent.385024.338 |
|
11.05.2013, 13:31
| #7 |
| | Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F sowie TR/Agent.385024.338 Hallo cosinus! Erstmal vielen Dank für deine Antwort. Hier die logs von avira Code:
ATTFilter Exportierte Ereignisse:
07.05.2013 14:48 [System-Scanner] Malware gefunden
Die Datei
'C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\17c4880c-5
a445448'
enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2013-2423.F'
[exploit].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5611566f.qua'
verschoben!
04.05.2013 13:10 [System-Scanner] Malware gefunden
Die Datei
'C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\17c4880c-5
a9a99c7'
enthielt einen Virus oder unerwünschtes Programm 'TR/Agent.385024.338' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '542c4141.qua'
verschoben!
04.05.2013 13:08 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\17c4880c-5
a9a99c7'
wurde ein Virus oder unerwünschtes Programm 'TR/Agent.385024.338' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
04.05.2013 13:08 [System-Scanner] Malware gefunden
Die Datei
'C:\Users\Christian\AppData\Local\Temp\d2e87d90a31dc6c0e963d2438e1d292f\preinsta
ller.exe'
enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Rogue.218624' [adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54187ecd.qua'
verschoben!
04.05.2013 13:05 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Christian\AppData\Local\Temp\d2e87d90a31dc6c0e963d2438e1d292f\preinsta
ller.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Rogue.218624' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
|
|
12.05.2013, 20:36
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F sowie TR/Agent.385024.338 Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.05.2013, 22:47
| #9 |
| | Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F sowie TR/Agent.385024.338 Hey cosinus! Hier der combofix-log: Code:
ATTFilter ComboFix 13-05-12.01 - Christian 12.05.2013 23:25:50.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3068.1578 [GMT 2:00]
ausgeführt von:: c:\users\Christian\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Christian\AppData\Roaming\Tagy
c:\users\Christian\AppData\Roaming\Tagy\qoer.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-12 bis 2013-05-12 ))))))))))))))))))))))))))))))
.
.
2013-05-12 21:35 . 2013-05-12 21:35 -------- d-----w- c:\users\Christian\AppData\Local\temp
2013-05-12 21:35 . 2013-05-12 21:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-12 10:26 . 2013-05-12 10:26 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84F3982D-550C-445B-A2F1-19E7F13A7470}\offreg.dll
2013-05-10 15:58 . 2013-04-10 03:08 6906960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84F3982D-550C-445B-A2F1-19E7F13A7470}\mpengine.dll
2013-05-05 11:34 . 2013-05-05 11:34 -------- d-----w- c:\program files\Common Files\Java
2013-05-05 11:29 . 2013-04-04 03:35 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-02 14:32 . 2013-05-02 14:32 -------- d-----w- c:\users\Christian\AppData\Roaming\Avira
2013-05-02 14:26 . 2013-05-02 14:16 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-05-02 14:26 . 2013-05-02 14:16 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-05-02 14:26 . 2013-05-02 14:26 -------- d-----w- c:\programdata\Avira
2013-05-02 14:26 . 2013-05-02 14:26 -------- d-----w- c:\program files\Avira
2013-04-30 07:15 . 2013-05-12 18:45 -------- d-----w- c:\users\Christian\AppData\Roaming\Xoilq
2013-04-30 07:15 . 2013-04-30 07:15 -------- d-----w- c:\users\Christian\AppData\Roaming\Rizur
2013-04-27 21:45 . 2013-04-27 21:45 -------- d-----w- c:\program files\Common Files\Skype
2013-04-26 11:51 . 2013-05-12 10:07 -------- d-----w- c:\users\Christian\AppData\Local\Spotify
2013-04-26 11:51 . 2013-05-12 13:11 -------- d-----w- c:\users\Christian\AppData\Roaming\Spotify
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 14:16 . 2009-10-11 15:42 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-05-02 00:06 . 2009-10-11 16:34 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-21 09:29 . 2012-06-26 09:00 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-21 09:29 . 2011-09-17 18:02 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-11 13:25 . 2013-04-10 18:46 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-11 13:25 . 2013-04-10 18:46 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-09 03:45 . 2013-04-10 18:46 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-09 01:28 . 2013-04-10 18:46 64000 ----a-w- c:\windows\system32\smss.exe
2013-03-08 11:07 . 2012-06-26 09:07 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-08 11:07 . 2010-05-26 10:26 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-08 03:53 . 2013-04-10 18:44 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-03-08 03:52 . 2013-04-10 18:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-03-05 01:40 . 2013-04-10 18:44 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-03-03 19:07 . 2013-04-10 18:47 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-03-01 12:23 . 2013-04-10 18:46 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-01 12:18 . 2013-04-10 18:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-01 12:17 . 2013-04-10 18:46 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-01 12:17 . 2013-04-10 18:46 71680 ----a-w- c:\windows\system32\iesetup.dll
2013-03-01 12:17 . 2013-04-10 18:46 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-03-01 10:37 . 2013-04-10 18:46 385024 ----a-w- c:\windows\system32\html.iec
2013-03-01 08:52 . 2013-04-10 18:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-01 08:50 . 2013-04-10 18:45 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-12 01:57 . 2013-03-20 19:17 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-04-12 13:18 . 2013-04-12 13:18 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\System32\nbDX.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-12-21 274432]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"VMpTtray.exe"="c:\program files\sony\VAIO Media plus\VMpTtray.exe" [2009-01-20 99624]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
"Spotify Web Helper"="c:\users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-05-10 1105408]
"Spotify"="c:\users\Christian\AppData\Roaming\Spotify\Spotify.exe" [2013-05-10 4573184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-06 6703648]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-09-30 122880]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-07-24 30192]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2009-07-24 26112]
"AML"="c:\program files\Sony\VAIO Launcher\AML.exe" [2009-03-09 1101824]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-06 1833504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-14 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 345312]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
Product Registration.lnk - c:\users\Christian\AppData\Local\Temp\is-9PIJN.tmp\ATR1.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-1-24 780840]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-9-2 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-01-19 10:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-26 09:29]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/ig
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\6bykvql9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2009-09-02 13:08; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2013-01-03 21:39; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files\Common Files\DVDVideoSoft\plugins\ff
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-ICQ - c:\program files\ICQ6.5\ICQ.exe
HKCU-Run-Dywoyreven - c:\users\Christian\AppData\Roaming\Tagy\qoer.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Free Audio CD Burner_is1 - c:\program files\DVDVideoSoft\Free Audio CD Burner\unins000.exe
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-STANLY Track - c:\windows\system32\javaws.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-05-12 23:35
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
c:\users\CHRIST~1\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000042
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-05-12 23:38:04
ComboFix-quarantined-files.txt 2013-05-12 21:37
.
Vor Suchlauf: 15 Verzeichnis(se), 132.387.643.392 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 144.372.764.672 Bytes frei
.
- - End Of File - - 333C1073985825D4F727AE8B21D75695
LG KlausKlaus |
|
12.05.2013, 22:54
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F sowie TR/Agent.385024.338 Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.05.2013, 09:16
| #11 |
| | Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F sowie TR/Agent.385024.338 hey cosinus, hier sind die logs MBAR: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.05.12.06
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19412
Christian :: CHRISTIAN-VAIO [administrator]
13.05.2013 00:44:09
mbar-log-2013-05-13 (00-44-09).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27860
Time elapsed: 35 minute(s), 23 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
aswMBR Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-13 01:29:10
-----------------------------
01:29:10.729 OS Version: Windows 6.0.6002 Service Pack 2
01:29:10.729 Number of processors: 2 586 0x170A
01:29:10.729 ComputerName: CHRISTIAN-VAIO UserName: Christian
01:29:12.835 Initialize success
01:33:00.914 AVAST engine defs: 13051201
01:33:18.199 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
01:33:18.215 Disk 0 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 3
01:33:18.215 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000065
01:33:18.215 Disk 1 Vendor: RICOH 01 Size: 305245MB BusType: 0
01:33:18.215 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000066
01:33:18.230 Disk 2 Vendor: RICOH 02 Size: 305245MB BusType: 0
01:33:18.371 Disk 0 MBR read successfully
01:33:18.371 Disk 0 MBR scan
01:33:18.449 Disk 0 Windows XP default MBR code
01:33:18.449 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13201 MB offset 63
01:33:18.480 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 292042 MB offset 27037395
01:33:18.527 Disk 0 scanning sectors +625140400
01:33:18.808 Disk 0 scanning C:\Windows\system32\drivers
01:33:35.125 Service scanning
01:34:15.451 Modules scanning
01:34:40.505 Disk 0 trace - called modules:
01:34:40.536 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
01:34:40.536 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87884728]
01:34:40.552 3 CLASSPNP.SYS[8bda98b3] -> nt!IofCallDriver -> [0x872da148]
01:34:40.552 5 acpi.sys[806a06bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x872dd028]
01:34:42.658 AVAST engine scan C:\Windows
01:34:53.890 AVAST engine scan C:\Windows\system32
01:41:52.235 AVAST engine scan C:\Windows\system32\drivers
01:42:36.055 AVAST engine scan C:\Users\Christian
03:08:40.451 AVAST engine scan C:\ProgramData
03:25:02.908 Scan finished successfully
09:49:02.952 Disk 0 MBR has been saved successfully to "C:\Users\Christian\Desktop\MBR.dat"
09:49:02.968 The log file has been saved successfully to "C:\Users\Christian\Desktop\aswMBR.txt"
TDSS-Killer: Code:
ATTFilter 09:58:18.0906 7936 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:58:19.0514 7936 ============================================================
09:58:19.0514 7936 Current date / time: 2013/05/13 09:58:19.0514
09:58:19.0514 7936 SystemInfo:
09:58:19.0514 7936
09:58:19.0514 7936 OS Version: 6.0.6002 ServicePack: 2.0
09:58:19.0514 7936 Product type: Workstation
09:58:19.0514 7936 ComputerName: CHRISTIAN-VAIO
09:58:19.0514 7936 UserName: Christian
09:58:19.0514 7936 Windows directory: C:\Windows
09:58:19.0514 7936 System windows directory: C:\Windows
09:58:19.0514 7936 Processor architecture: Intel x86
09:58:19.0514 7936 Number of processors: 2
09:58:19.0530 7936 Page size: 0x1000
09:58:19.0530 7936 Boot type: Normal boot
09:58:19.0530 7936 ============================================================
09:58:20.0684 7936 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:58:20.0684 7936 ============================================================
09:58:20.0684 7936 \Device\Harddisk0\DR0:
09:58:20.0684 7936 MBR partitions:
09:58:20.0684 7936 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x19C8ED3, BlocksNum 0x23A653DD
09:58:20.0684 7936 ============================================================
09:58:20.0731 7936 C: <-> \Device\Harddisk0\DR0\Partition1
09:58:20.0731 7936 ============================================================
09:58:20.0731 7936 Initialize success
09:58:20.0731 7936 ============================================================
09:58:33.0102 3888 ============================================================
09:58:33.0102 3888 Scan started
09:58:33.0102 3888 Mode: Manual; SigCheck; TDLFS;
09:58:33.0102 3888 ============================================================
09:58:33.0757 3888 ================ Scan system memory ========================
09:58:33.0773 3888 System memory - ok
09:58:33.0773 3888 ================ Scan services =============================
09:58:34.0163 3888 [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
09:58:38.0890 3888 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
09:58:39.0046 3888 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
09:58:39.0576 3888 ACDaemon - ok
09:58:39.0872 3888 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
09:58:39.0919 3888 ACPI - ok
09:58:40.0013 3888 [ 6D9FC1E7EA3C548F4D3455F0C3FEEF8C ] AdobeActiveFileMonitor7.0 C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
09:58:40.0060 3888 AdobeActiveFileMonitor7.0 - ok
09:58:40.0184 3888 [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:58:40.0231 3888 AdobeFlashPlayerUpdateSvc - ok
09:58:40.0309 3888 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
09:58:40.0356 3888 adp94xx - ok
09:58:40.0387 3888 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
09:58:40.0434 3888 adpahci - ok
09:58:40.0450 3888 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
09:58:40.0496 3888 adpu160m - ok
09:58:40.0512 3888 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
09:58:40.0543 3888 adpu320 - ok
09:58:40.0606 3888 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:58:40.0808 3888 AeLookupSvc - ok
09:58:40.0902 3888 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
09:58:41.0011 3888 AFD - ok
09:58:41.0074 3888 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:58:41.0105 3888 agp440 - ok
09:58:41.0120 3888 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
09:58:41.0152 3888 aic78xx - ok
09:58:41.0198 3888 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
09:58:41.0339 3888 ALG - ok
09:58:41.0370 3888 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
09:58:41.0401 3888 aliide - ok
09:58:41.0448 3888 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
09:58:41.0479 3888 amdagp - ok
09:58:41.0495 3888 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
09:58:41.0526 3888 amdide - ok
09:58:41.0542 3888 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
09:58:41.0588 3888 AmdK7 - ok
09:58:41.0620 3888 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
09:58:41.0682 3888 AmdK8 - ok
09:58:41.0776 3888 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
09:58:41.0807 3888 AntiVirSchedulerService - ok
09:58:41.0900 3888 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
09:58:41.0932 3888 AntiVirService - ok
09:58:41.0994 3888 [ 9325E49D555D8F12CE1735227DBB3D80 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
09:58:42.0072 3888 ApfiltrService - ok
09:58:42.0150 3888 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
09:58:42.0228 3888 Appinfo - ok
09:58:42.0306 3888 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
09:58:42.0353 3888 arc - ok
09:58:42.0415 3888 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
09:58:42.0446 3888 arcsas - ok
09:58:42.0524 3888 [ 857B48965A0503B7AB795D4BFE7CBD8B ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
09:58:42.0540 3888 ArcSoftKsUFilter - ok
09:58:42.0618 3888 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:58:42.0774 3888 AsyncMac - ok
09:58:42.0790 3888 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
09:58:42.0821 3888 atapi - ok
09:58:42.0899 3888 [ 23344711BF51590B9322CC3AD9681671 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
09:58:43.0039 3888 Ati External Event Utility - ok
09:58:43.0304 3888 [ 71C98AFEF4BF7A5BB54CBAADDB5D7972 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
09:58:43.0616 3888 atikmdag - ok
09:58:43.0694 3888 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:58:43.0804 3888 AudioEndpointBuilder - ok
09:58:43.0819 3888 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
09:58:43.0850 3888 Audiosrv - ok
09:58:43.0913 3888 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
09:58:43.0944 3888 avgntflt - ok
09:58:43.0960 3888 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
09:58:44.0006 3888 avipbb - ok
09:58:44.0038 3888 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
09:58:44.0069 3888 avkmgr - ok
09:58:44.0147 3888 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
09:58:44.0272 3888 Beep - ok
09:58:44.0381 3888 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
09:58:44.0880 3888 BFE - ok
09:58:45.0005 3888 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
09:58:45.0192 3888 BITS - ok
09:58:45.0239 3888 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
09:58:45.0364 3888 blbdrive - ok
09:58:45.0410 3888 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:58:45.0551 3888 bowser - ok
09:58:45.0613 3888 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
09:58:45.0722 3888 BrFiltLo - ok
09:58:45.0738 3888 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
09:58:45.0785 3888 BrFiltUp - ok
09:58:45.0816 3888 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
09:58:45.0925 3888 Browser - ok
09:58:46.0003 3888 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
09:58:46.0222 3888 Brserid - ok
09:58:46.0253 3888 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
09:58:46.0378 3888 BrSerWdm - ok
09:58:46.0440 3888 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
09:58:46.0580 3888 BrUsbMdm - ok
09:58:46.0690 3888 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
09:58:46.0799 3888 BrUsbSer - ok
09:58:46.0861 3888 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
09:58:46.0939 3888 BthEnum - ok
09:58:47.0017 3888 [ 9A966A8E86D1771911AE34A20D11BFF3 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:58:47.0111 3888 BTHMODEM - ok
09:58:47.0126 3888 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
09:58:47.0267 3888 BthPan - ok
09:58:47.0360 3888 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
09:58:47.0563 3888 BTHPORT - ok
09:58:47.0626 3888 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
09:58:47.0750 3888 BthServ - ok
09:58:47.0797 3888 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
09:58:47.0844 3888 BTHUSB - ok
09:58:47.0906 3888 [ 6E41621E03D91167CEAE555CE2B468B8 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
09:58:47.0953 3888 btwaudio - ok
09:58:48.0000 3888 [ 7E67B295081B33EA22C0FB04798B306C ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
09:58:48.0031 3888 btwavdt - ok
09:58:48.0140 3888 [ 2C50A18375EF2571F09D9DAF83192762 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
09:58:48.0265 3888 btwdins - ok
09:58:48.0296 3888 [ 54C2EE0A3CEC586629035D771AACAE67 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
09:58:48.0328 3888 btwl2cap - ok
09:58:48.0343 3888 [ 4B4F992EE709C40EFD33BA4D2BAFA402 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
09:58:48.0374 3888 btwrchid - ok
09:58:48.0499 3888 catchme - ok
09:58:48.0577 3888 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:58:48.0702 3888 cdfs - ok
09:58:48.0764 3888 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:58:48.0842 3888 cdrom - ok
09:58:48.0905 3888 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
09:58:48.0983 3888 CertPropSvc - ok
09:58:49.0014 3888 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
09:58:49.0123 3888 circlass - ok
09:58:49.0201 3888 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
09:58:49.0232 3888 CLFS - ok
09:58:49.0388 3888 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:58:49.0420 3888 clr_optimization_v2.0.50727_32 - ok
09:58:49.0576 3888 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:58:49.0747 3888 clr_optimization_v4.0.30319_32 - ok
09:58:49.0810 3888 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:58:49.0950 3888 CmBatt - ok
09:58:50.0028 3888 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:58:50.0059 3888 cmdide - ok
09:58:50.0075 3888 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:58:50.0106 3888 Compbatt - ok
09:58:50.0137 3888 COMSysApp - ok
09:58:50.0153 3888 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
09:58:50.0184 3888 crcdisk - ok
09:58:50.0215 3888 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
09:58:50.0278 3888 Crusoe - ok
09:58:50.0356 3888 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:58:50.0418 3888 CryptSvc - ok
09:58:50.0558 3888 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:58:50.0730 3888 DcomLaunch - ok
09:58:50.0839 3888 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:58:50.0933 3888 DfsC - ok
09:58:51.0214 3888 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
09:58:51.0432 3888 DFSR - ok
09:58:51.0526 3888 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
09:58:51.0666 3888 Dhcp - ok
09:58:51.0728 3888 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
09:58:51.0760 3888 disk - ok
09:58:51.0822 3888 [ F206E28ED74C491FD5D7C0A1119CE37F ] DMICall C:\Windows\system32\DRIVERS\DMICall.sys
09:58:51.0853 3888 DMICall - ok
09:58:51.0947 3888 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:58:52.0087 3888 Dnscache - ok
09:58:52.0150 3888 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
09:58:52.0274 3888 dot3svc - ok
09:58:52.0352 3888 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
09:58:52.0493 3888 DPS - ok
09:58:52.0586 3888 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:58:52.0696 3888 drmkaud - ok
09:58:52.0836 3888 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:58:53.0086 3888 DXGKrnl - ok
09:58:53.0242 3888 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
09:58:53.0382 3888 E1G60 - ok
09:58:53.0444 3888 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
09:58:53.0554 3888 EapHost - ok
09:58:53.0632 3888 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
09:58:53.0678 3888 Ecache - ok
09:58:53.0725 3888 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:58:53.0912 3888 ehRecvr - ok
09:58:53.0944 3888 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
09:58:53.0990 3888 ehSched - ok
09:58:54.0068 3888 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
09:58:54.0131 3888 ehstart - ok
09:58:54.0256 3888 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
09:58:54.0380 3888 elxstor - ok
09:58:54.0490 3888 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
09:58:54.0630 3888 EMDMgmt - ok
09:58:54.0677 3888 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:58:54.0802 3888 ErrDev - ok
09:58:54.0895 3888 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
09:58:54.0989 3888 EventSystem - ok
09:58:55.0114 3888 [ 791464A9E9ADE063327A29F1B3F1A86C ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
09:58:55.0207 3888 EvtEng - ok
09:58:55.0238 3888 ewusbnet - ok
09:58:55.0316 3888 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
09:58:55.0441 3888 exfat - ok
09:58:55.0519 3888 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:58:55.0613 3888 fastfat - ok
09:58:55.0691 3888 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:58:55.0816 3888 fdc - ok
09:58:55.0878 3888 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
09:58:55.0940 3888 fdPHost - ok
09:58:55.0956 3888 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
09:58:56.0159 3888 FDResPub - ok
09:58:56.0237 3888 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:58:56.0268 3888 FileInfo - ok
09:58:56.0315 3888 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:58:56.0455 3888 Filetrace - ok
09:58:56.0533 3888 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:58:56.0674 3888 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
09:58:56.0674 3888 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
09:58:56.0736 3888 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:58:56.0861 3888 flpydisk - ok
09:58:56.0939 3888 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:58:56.0970 3888 FltMgr - ok
09:58:57.0095 3888 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
09:58:57.0251 3888 FontCache - ok
09:58:57.0344 3888 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:58:57.0438 3888 FontCache3.0.0.0 - ok
09:58:57.0500 3888 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:58:57.0563 3888 Fs_Rec - ok
09:58:57.0641 3888 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
09:58:57.0672 3888 gagp30kx - ok
09:58:57.0766 3888 [ 9E37E0C528E1E3A79E215B6A4EEA2143 ] GoogleDesktopManager-092308-165331 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
09:58:57.0922 3888 GoogleDesktopManager-092308-165331 - ok
09:58:58.0015 3888 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
09:58:58.0171 3888 gpsvc - ok
09:58:58.0234 3888 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:58:58.0483 3888 HdAudAddService - ok
09:58:58.0561 3888 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
09:58:58.0655 3888 HDAudBus - ok
09:58:58.0717 3888 [ FCB3F4BE408F72C1BD81BCABA87FC22F ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:58:58.0780 3888 HidBth - ok
09:58:58.0811 3888 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
09:58:58.0982 3888 HidIr - ok
09:58:59.0060 3888 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
09:58:59.0107 3888 hidserv - ok
09:58:59.0138 3888 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:58:59.0185 3888 HidUsb - ok
09:58:59.0263 3888 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:58:59.0404 3888 hkmsvc - ok
09:58:59.0466 3888 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
09:58:59.0497 3888 HpCISSs - ok
09:58:59.0560 3888 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
09:58:59.0638 3888 HSFHWAZL - ok
09:58:59.0716 3888 [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
09:58:59.0903 3888 HSF_DPV - ok
09:58:59.0996 3888 [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
09:59:00.0028 3888 HSXHWAZL - ok
09:59:00.0152 3888 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:59:00.0262 3888 HTTP - ok
09:59:00.0308 3888 hwdatacard - ok
09:59:00.0324 3888 hwusbdev - ok
09:59:00.0371 3888 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
09:59:00.0402 3888 i2omp - ok
09:59:00.0464 3888 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
09:59:00.0542 3888 i8042prt - ok
09:59:00.0620 3888 [ DB0CC620B27A928D968C1A1E9CD9CB87 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
09:59:00.0761 3888 iaStor - ok
09:59:00.0854 3888 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
09:59:00.0886 3888 iaStorV - ok
09:59:01.0073 3888 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:59:01.0166 3888 idsvc - ok
09:59:01.0198 3888 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
09:59:01.0276 3888 iirsp - ok
09:59:01.0385 3888 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
09:59:01.0541 3888 IKEEXT - ok
09:59:01.0712 3888 [ 3AA1F82EFA2B0454AF163124C9920D16 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
09:59:01.0946 3888 IntcAzAudAddService - ok
09:59:02.0040 3888 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
09:59:02.0071 3888 intelide - ok
09:59:02.0087 3888 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:59:02.0227 3888 intelppm - ok
09:59:02.0305 3888 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:59:02.0461 3888 IPBusEnum - ok
09:59:02.0524 3888 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:59:02.0602 3888 IpFilterDriver - ok
09:59:02.0664 3888 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:59:02.0758 3888 iphlpsvc - ok
09:59:02.0820 3888 IpInIp - ok
09:59:02.0867 3888 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
09:59:03.0007 3888 IPMIDRV - ok
09:59:03.0054 3888 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
09:59:03.0101 3888 IPNAT - ok
09:59:03.0179 3888 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:59:03.0226 3888 IRENUM - ok
09:59:03.0288 3888 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:59:03.0335 3888 isapnp - ok
09:59:03.0366 3888 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
09:59:03.0397 3888 iScsiPrt - ok
09:59:03.0444 3888 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
09:59:03.0475 3888 iteatapi - ok
09:59:03.0491 3888 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
09:59:03.0522 3888 iteraid - ok
09:59:03.0584 3888 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
09:59:03.0616 3888 IviRegMgr - ok
09:59:03.0662 3888 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:59:03.0678 3888 kbdclass - ok
09:59:03.0740 3888 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
09:59:03.0850 3888 kbdhid - ok
09:59:03.0928 3888 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
09:59:04.0006 3888 KeyIso - ok
09:59:04.0115 3888 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:59:04.0224 3888 KSecDD - ok
09:59:04.0318 3888 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
09:59:04.0458 3888 KtmRm - ok
09:59:04.0536 3888 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
09:59:04.0630 3888 LanmanServer - ok
09:59:04.0723 3888 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:59:04.0817 3888 LanmanWorkstation - ok
09:59:04.0910 3888 [ 3AF6B73A3AD1FC37C5933441F66CEB91 ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
09:59:05.0035 3888 LBTServ - ok
09:59:05.0098 3888 [ 7F9C7B28CF1C859E1C42619EEA946DC8 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
09:59:05.0113 3888 LHidFilt - ok
09:59:05.0176 3888 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:59:05.0300 3888 lltdio - ok
09:59:05.0363 3888 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:59:05.0534 3888 lltdsvc - ok
09:59:05.0597 3888 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:59:05.0800 3888 lmhosts - ok
09:59:05.0862 3888 [ AB33792A87285344F43B5CE23421BAB0 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
09:59:05.0956 3888 LMouFilt - ok
09:59:06.0018 3888 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
09:59:06.0065 3888 LSI_FC - ok
09:59:06.0127 3888 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
09:59:06.0158 3888 LSI_SAS - ok
09:59:06.0221 3888 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
09:59:06.0252 3888 LSI_SCSI - ok
09:59:06.0268 3888 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
09:59:06.0392 3888 luafv - ok
09:59:06.0455 3888 lxcg_device - ok
09:59:06.0502 3888 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:59:06.0611 3888 Mcx2Svc - ok
09:59:06.0673 3888 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
09:59:06.0720 3888 mdmxsdk - ok
09:59:06.0782 3888 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
09:59:06.0814 3888 megasas - ok
09:59:06.0845 3888 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
09:59:06.0923 3888 MegaSR - ok
09:59:06.0985 3888 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
09:59:07.0141 3888 MMCSS - ok
09:59:07.0204 3888 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
09:59:07.0250 3888 Modem - ok
09:59:07.0313 3888 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:59:07.0375 3888 monitor - ok
09:59:07.0422 3888 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:59:07.0500 3888 mouclass - ok
09:59:07.0516 3888 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:59:07.0640 3888 mouhid - ok
09:59:07.0718 3888 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
09:59:07.0750 3888 MountMgr - ok
09:59:07.0843 3888 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:59:07.0937 3888 MozillaMaintenance - ok
09:59:08.0030 3888 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
09:59:08.0124 3888 mpio - ok
09:59:08.0140 3888 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:59:08.0342 3888 mpsdrv - ok
09:59:08.0498 3888 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
09:59:08.0795 3888 MpsSvc - ok
09:59:08.0935 3888 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
09:59:08.0982 3888 Mraid35x - ok
09:59:09.0076 3888 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:59:09.0185 3888 MRxDAV - ok
09:59:09.0310 3888 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:59:09.0403 3888 mrxsmb - ok
09:59:09.0466 3888 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:59:09.0528 3888 mrxsmb10 - ok
09:59:09.0606 3888 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:59:09.0653 3888 mrxsmb20 - ok
09:59:09.0715 3888 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
09:59:09.0762 3888 msahci - ok
09:59:09.0856 3888 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:59:09.0902 3888 msdsm - ok
09:59:09.0965 3888 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
09:59:10.0152 3888 MSDTC - ok
09:59:10.0246 3888 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:59:10.0308 3888 Msfs - ok
09:59:10.0370 3888 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:59:10.0402 3888 msisadrv - ok
09:59:10.0433 3888 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:59:10.0511 3888 MSiSCSI - ok
09:59:10.0526 3888 msiserver - ok
09:59:10.0573 3888 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:59:10.0636 3888 MSKSSRV - ok
09:59:10.0682 3888 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:59:10.0729 3888 MSPCLOCK - ok
09:59:10.0760 3888 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:59:10.0807 3888 MSPQM - ok
09:59:10.0854 3888 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:59:10.0885 3888 MsRPC - ok
09:59:10.0901 3888 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
09:59:10.0916 3888 mssmbios - ok
09:59:10.0963 3888 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:59:10.0994 3888 MSTEE - ok
09:59:11.0041 3888 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
09:59:11.0072 3888 Mup - ok
09:59:11.0150 3888 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
09:59:11.0275 3888 napagent - ok
09:59:11.0369 3888 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:59:11.0447 3888 NativeWifiP - ok
09:59:11.0509 3888 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:59:11.0634 3888 NDIS - ok
09:59:11.0681 3888 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:59:11.0759 3888 NdisTapi - ok
09:59:11.0774 3888 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:59:11.0884 3888 Ndisuio - ok
09:59:11.0915 3888 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:59:11.0977 3888 NdisWan - ok
09:59:12.0024 3888 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:59:12.0211 3888 NDProxy - ok
09:59:12.0227 3888 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:59:12.0461 3888 NetBIOS - ok
09:59:12.0508 3888 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
09:59:12.0632 3888 netbt - ok
09:59:12.0648 3888 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
09:59:12.0695 3888 Netlogon - ok
09:59:12.0757 3888 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
09:59:12.0882 3888 Netman - ok
09:59:12.0929 3888 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
09:59:13.0007 3888 netprofm - ok
09:59:13.0069 3888 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:59:13.0147 3888 NetTcpPortSharing - ok
09:59:13.0475 3888 [ F0C42E0CDCE558D658FA53A222B4CCB1 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
09:59:13.0865 3888 NETw5v32 - ok
09:59:13.0927 3888 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
09:59:13.0958 3888 nfrd960 - ok
09:59:13.0990 3888 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:59:14.0130 3888 NlaSvc - ok
09:59:14.0208 3888 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:59:14.0317 3888 Npfs - ok
09:59:14.0380 3888 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
09:59:14.0442 3888 nsi - ok
09:59:14.0489 3888 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:59:14.0551 3888 nsiproxy - ok
09:59:14.0660 3888 [ 276BFF84AD77DD23E1085E191F5A591F ] NSUService C:\Program Files\sony\Network Utility\NSUService.exe
09:59:14.0723 3888 NSUService ( UnsignedFile.Multi.Generic ) - warning
09:59:14.0723 3888 NSUService - detected UnsignedFile.Multi.Generic (1)
09:59:14.0910 3888 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:59:15.0004 3888 Ntfs - ok
09:59:15.0050 3888 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
09:59:15.0284 3888 ntrigdigi - ok
09:59:15.0331 3888 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
09:59:15.0440 3888 Null - ok
09:59:15.0518 3888 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:59:15.0550 3888 nvraid - ok
09:59:15.0565 3888 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:59:15.0596 3888 nvstor - ok
09:59:15.0659 3888 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:59:15.0706 3888 nv_agp - ok
09:59:15.0768 3888 NwlnkFlt - ok
09:59:15.0768 3888 NwlnkFwd - ok
09:59:15.0924 3888 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:59:15.0986 3888 odserv - ok
09:59:16.0033 3888 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
09:59:16.0158 3888 ohci1394 - ok
09:59:16.0236 3888 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:59:16.0298 3888 ose - ok
09:59:16.0423 3888 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
09:59:16.0564 3888 p2pimsvc - ok
09:59:16.0610 3888 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
09:59:16.0657 3888 p2psvc - ok
09:59:16.0751 3888 [ 5D43D0BA9E0C2F8782077F660DFE916F ] PACSPTISVR C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
09:59:16.0813 3888 PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning
09:59:16.0813 3888 PACSPTISVR - detected UnsignedFile.Multi.Generic (1)
09:59:16.0891 3888 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
09:59:17.0078 3888 Parport - ok
09:59:17.0156 3888 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:59:17.0219 3888 partmgr - ok
09:59:17.0266 3888 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
09:59:17.0515 3888 Parvdm - ok
09:59:17.0593 3888 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
09:59:17.0656 3888 PcaSvc - ok
09:59:17.0718 3888 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
09:59:17.0780 3888 pci - ok
09:59:17.0843 3888 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
09:59:17.0874 3888 pciide - ok
09:59:17.0921 3888 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
09:59:17.0983 3888 pcmcia - ok
09:59:18.0061 3888 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:59:18.0342 3888 PEAUTH - ok
09:59:18.0576 3888 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
09:59:18.0779 3888 pla - ok
09:59:18.0888 3888 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:59:18.0950 3888 PlugPlay - ok
09:59:19.0013 3888 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
09:59:19.0091 3888 PNRPAutoReg - ok
09:59:19.0169 3888 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
09:59:19.0200 3888 PNRPsvc - ok
09:59:19.0278 3888 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:59:19.0450 3888 PolicyAgent - ok
09:59:19.0543 3888 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:59:19.0715 3888 PptpMiniport - ok
09:59:19.0777 3888 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
09:59:19.0886 3888 Processor - ok
09:59:19.0980 3888 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
09:59:20.0089 3888 ProfSvc - ok
09:59:20.0136 3888 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
09:59:20.0167 3888 ProtectedStorage - ok
09:59:20.0198 3888 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
09:59:20.0245 3888 PSched - ok
09:59:20.0323 3888 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
09:59:20.0417 3888 PxHelp20 - ok
09:59:20.0620 3888 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
09:59:20.0698 3888 ql2300 - ok
09:59:20.0729 3888 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
09:59:20.0760 3888 ql40xx - ok
09:59:20.0838 3888 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
09:59:20.0916 3888 QWAVE - ok
09:59:20.0947 3888 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:59:20.0978 3888 QWAVEdrv - ok
09:59:20.0994 3888 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:59:21.0119 3888 RasAcd - ok
09:59:21.0181 3888 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
09:59:21.0259 3888 RasAuto - ok
09:59:21.0275 3888 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:59:21.0446 3888 Rasl2tp - ok
09:59:21.0556 3888 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
09:59:21.0665 3888 RasMan - ok
09:59:21.0696 3888 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:59:21.0743 3888 RasPppoe - ok
09:59:21.0821 3888 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:59:21.0946 3888 RasSstp - ok
09:59:22.0008 3888 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:59:22.0102 3888 rdbss - ok
09:59:22.0133 3888 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:59:22.0258 3888 RDPCDD - ok
09:59:22.0351 3888 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
09:59:22.0570 3888 rdpdr - ok
09:59:22.0632 3888 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:59:22.0710 3888 RDPENCDD - ok
09:59:22.0819 3888 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:59:22.0944 3888 RDPWD - ok
09:59:22.0991 3888 [ 001B4278407F4303EFC902A2B16F2453 ] regi C:\Windows\system32\drivers\regi.sys
09:59:23.0022 3888 regi - ok
09:59:23.0116 3888 [ 636AAFAD77BEABE192D01E7E74F4A45B ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
09:59:23.0178 3888 RegSrvc - ok
09:59:23.0240 3888 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:59:23.0365 3888 RemoteAccess - ok
09:59:23.0428 3888 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:59:23.0584 3888 RemoteRegistry - ok
09:59:23.0646 3888 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
09:59:23.0708 3888 RFCOMM - ok
09:59:23.0771 3888 [ F7D9ECF41EBD3CF6C65944368150F66B ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
09:59:23.0833 3888 rimsptsk - ok
09:59:23.0849 3888 [ 1BE6C42767A7C67BA31AE32B293B37A3 ] risdptsk C:\Windows\system32\DRIVERS\risdptsk.sys
09:59:23.0942 3888 risdptsk - ok
09:59:24.0020 3888 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
09:59:24.0083 3888 RpcLocator - ok
09:59:24.0161 3888 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
09:59:24.0254 3888 RpcSs - ok
09:59:24.0317 3888 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:59:24.0457 3888 rspndr - ok
09:59:24.0535 3888 [ 4A8393F03CB2F40E08126D83916C5633 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys
09:59:24.0582 3888 RTHDMIAzAudService - ok
09:59:24.0660 3888 [ 4B3795EBECAE570DEF38BA7924C2A3DC ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
09:59:24.0691 3888 RtkAudioService - ok
09:59:24.0707 3888 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
09:59:24.0832 3888 SamSs - ok
09:59:24.0894 3888 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:59:24.0941 3888 sbp2port - ok
09:59:25.0003 3888 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:59:25.0081 3888 SCardSvr - ok
09:59:25.0206 3888 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
09:59:25.0346 3888 Schedule - ok
09:59:25.0362 3888 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
09:59:25.0393 3888 SCPolicySvc - ok
09:59:25.0487 3888 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
09:59:25.0627 3888 sdbus - ok
09:59:25.0705 3888 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:59:25.0783 3888 SDRSVC - ok
09:59:25.0846 3888 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:59:26.0048 3888 secdrv - ok
09:59:26.0158 3888 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
09:59:26.0360 3888 seclogon - ok
09:59:26.0423 3888 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
09:59:26.0641 3888 SENS - ok
09:59:26.0719 3888 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
09:59:26.0906 3888 Serenum - ok
09:59:26.0984 3888 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
09:59:27.0140 3888 Serial - ok
09:59:27.0187 3888 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
09:59:27.0296 3888 sermouse - ok
09:59:27.0390 3888 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
09:59:27.0452 3888 SessionEnv - ok
09:59:27.0546 3888 [ 8B7C1768D2CDE2E02E09A66563DDFD16 ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
09:59:27.0640 3888 SFEP - ok
09:59:27.0686 3888 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:59:27.0764 3888 sffdisk - ok
09:59:27.0796 3888 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:59:27.0842 3888 sffp_mmc - ok
09:59:27.0874 3888 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:59:27.0920 3888 sffp_sd - ok
09:59:27.0967 3888 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
09:59:28.0170 3888 sfloppy - ok
09:59:28.0264 3888 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:59:28.0404 3888 SharedAccess - ok
09:59:28.0498 3888 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:59:28.0591 3888 ShellHWDetection - ok
09:59:28.0669 3888 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
09:59:28.0700 3888 sisagp - ok
09:59:28.0747 3888 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
09:59:28.0778 3888 SiSRaid2 - ok
09:59:28.0810 3888 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
09:59:28.0841 3888 SiSRaid4 - ok
09:59:28.0966 3888 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
09:59:29.0075 3888 SkypeUpdate - ok
09:59:29.0496 3888 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
09:59:29.0839 3888 slsvc - ok
09:59:29.0933 3888 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
09:59:29.0980 3888 SLUINotify - ok
09:59:30.0026 3888 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:59:30.0120 3888 Smb - ok
09:59:30.0198 3888 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:59:30.0307 3888 SNMPTRAP - ok
09:59:30.0338 3888 [ 7B24EFA2A60BA7388FECDA63AB24560A ] SOHCImp C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe
09:59:30.0370 3888 SOHCImp - ok
09:59:30.0385 3888 [ 140FCF5FFAE4EFBA9740A9FD8B49E0BF ] SOHDBSvr C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
09:59:30.0401 3888 SOHDBSvr - ok
09:59:30.0432 3888 [ D8C244121A06B581B097D9617D94CFF1 ] SOHDms C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe
09:59:30.0463 3888 SOHDms - ok
09:59:30.0494 3888 [ 2DB561887EA122B946BBE2821473EDD8 ] SOHDs C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe
09:59:30.0526 3888 SOHDs - ok
09:59:30.0557 3888 [ AB9EE246A1EB2C3C7C6CB16E0B9462F7 ] SOHPlMgr C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
09:59:30.0588 3888 SOHPlMgr - ok
09:59:30.0666 3888 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
09:59:30.0697 3888 spldr - ok
09:59:30.0744 3888 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
09:59:30.0822 3888 Spooler - ok
09:59:30.0869 3888 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
09:59:30.0931 3888 srv - ok
09:59:31.0009 3888 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:59:31.0087 3888 srv2 - ok
09:59:31.0103 3888 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:59:31.0150 3888 srvnet - ok
09:59:31.0228 3888 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:59:31.0352 3888 SSDPSRV - ok
09:59:31.0399 3888 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
09:59:31.0430 3888 ssmdrv - ok
09:59:31.0540 3888 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:59:31.0618 3888 SstpSvc - ok
09:59:31.0696 3888 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
09:59:31.0836 3888 stisvc - ok
09:59:31.0898 3888 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
09:59:31.0930 3888 swenum - ok
09:59:32.0008 3888 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
09:59:32.0101 3888 swprv - ok
09:59:32.0164 3888 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
09:59:32.0195 3888 Symc8xx - ok
09:59:32.0210 3888 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
09:59:32.0242 3888 Sym_hi - ok
09:59:32.0257 3888 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
09:59:32.0288 3888 Sym_u3 - ok
09:59:32.0382 3888 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
09:59:32.0491 3888 SysMain - ok
09:59:32.0522 3888 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:59:32.0600 3888 TabletInputService - ok
09:59:32.0663 3888 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:59:32.0772 3888 TapiSrv - ok
09:59:32.0803 3888 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
09:59:32.0912 3888 TBS - ok
09:59:33.0053 3888 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:59:33.0162 3888 Tcpip - ok
09:59:33.0178 3888 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
09:59:33.0240 3888 Tcpip6 - ok
09:59:33.0302 3888 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:59:33.0443 3888 tcpipreg - ok
09:59:33.0505 3888 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:59:33.0630 3888 TDPIPE - ok
09:59:33.0661 3888 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:59:33.0724 3888 TDTCP - ok
09:59:33.0802 3888 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:59:33.0880 3888 tdx - ok
09:59:33.0911 3888 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
09:59:33.0942 3888 TermDD - ok
09:59:34.0020 3888 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
09:59:34.0098 3888 TermService - ok
09:59:34.0145 3888 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
09:59:34.0192 3888 Themes - ok
09:59:34.0223 3888 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
09:59:34.0348 3888 THREADORDER - ok
09:59:34.0410 3888 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
09:59:34.0488 3888 TrkWks - ok
09:59:34.0566 3888 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:59:34.0675 3888 TrustedInstaller - ok
09:59:34.0753 3888 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:59:34.0909 3888 tssecsrv - ok
09:59:34.0972 3888 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
09:59:35.0034 3888 tunmp - ok
09:59:35.0081 3888 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:59:35.0128 3888 tunnel - ok
09:59:35.0190 3888 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
09:59:35.0221 3888 uagp35 - ok
09:59:35.0284 3888 [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
09:59:35.0330 3888 uCamMonitor - ok
09:59:35.0408 3888 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:59:35.0502 3888 udfs - ok
09:59:35.0580 3888 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:59:35.0705 3888 UI0Detect - ok
09:59:35.0736 3888 UIUSys - ok
09:59:35.0783 3888 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:59:35.0830 3888 uliagpkx - ok
09:59:35.0892 3888 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
09:59:35.0923 3888 uliahci - ok
09:59:35.0954 3888 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
09:59:35.0986 3888 UlSata - ok
09:59:36.0001 3888 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
09:59:36.0032 3888 ulsata2 - ok
09:59:36.0079 3888 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:59:36.0142 3888 umbus - ok
09:59:36.0235 3888 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
09:59:36.0438 3888 upnphost - ok
09:59:36.0500 3888 [ 9419FAAC6552A51542DBBA02971C841C ] usbbus C:\Windows\system32\DRIVERS\lgusbbus.sys
09:59:36.0563 3888 usbbus - ok
09:59:36.0625 3888 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:59:36.0734 3888 usbccgp - ok
09:59:36.0781 3888 [ 32C068EAF37C92D7194EEE1FAA1E7853 ] USBCCID C:\Windows\system32\DRIVERS\usbccid.sys
09:59:36.0844 3888 USBCCID - ok
09:59:36.0906 3888 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:59:37.0109 3888 usbcir - ok
09:59:37.0156 3888 [ C0A466FA4FFEC464320E159BC1BBDC0C ] UsbDiag C:\Windows\system32\DRIVERS\lgusbdiag.sys
09:59:37.0202 3888 UsbDiag - ok
09:59:37.0234 3888 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:59:37.0327 3888 usbehci - ok
09:59:37.0358 3888 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:59:37.0421 3888 usbhub - ok
09:59:37.0483 3888 [ F74A54774A9B0AFEB3C40ADEC68AA600 ] USBModem C:\Windows\system32\DRIVERS\lgusbmodem.sys
09:59:37.0530 3888 USBModem - ok
09:59:37.0577 3888 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:59:37.0780 3888 usbohci - ok
09:59:37.0811 3888 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:59:37.0920 3888 usbprint - ok
09:59:37.0998 3888 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:59:38.0076 3888 usbscan - ok
09:59:38.0123 3888 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:59:38.0185 3888 USBSTOR - ok
09:59:38.0201 3888 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
09:59:38.0263 3888 usbuhci - ok
09:59:38.0341 3888 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
09:59:38.0482 3888 usbvideo - ok
09:59:38.0513 3888 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
09:59:38.0575 3888 UxSms - ok
09:59:38.0716 3888 [ 4E7135D6D0127067E4CFEE12259F895D ] VAIO Entertainment TV Device Arbitration Service C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
09:59:38.0747 3888 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning
09:59:38.0747 3888 VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)
09:59:38.0825 3888 [ 73328C784ECFE7072BD102F370076B50 ] VAIO Event Service C:\Program Files\sony\VAIO Event Service\VESMgr.exe
09:59:38.0856 3888 VAIO Event Service - ok
09:59:38.0950 3888 [ 45A9AE4768840830D0239B52DFDC806A ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
09:59:38.0996 3888 VAIO Power Management - ok
09:59:39.0355 3888 [ 721A1677FD204AB065238504D9268D92 ] VCFw C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
09:59:39.0667 3888 VCFw - ok
09:59:39.0776 3888 [ FD03AC6CD1571AA8B2FF56D3C600E26E ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
09:59:39.0839 3888 VcmIAlzMgr - ok
09:59:39.0886 3888 [ B56CD01F36EEF2967EF18D8DF0E5C285 ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
09:59:39.0917 3888 VcmXmlIfHelper - ok
09:59:39.0932 3888 Vcsw - ok
09:59:40.0026 3888 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
09:59:40.0166 3888 vds - ok
09:59:40.0244 3888 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:59:40.0369 3888 vga - ok
09:59:40.0416 3888 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
09:59:40.0494 3888 VgaSave - ok
09:59:40.0510 3888 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
09:59:40.0556 3888 viaagp - ok
09:59:40.0619 3888 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
09:59:40.0666 3888 ViaC7 - ok
09:59:40.0712 3888 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
09:59:40.0744 3888 viaide - ok
09:59:40.0759 3888 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:59:40.0806 3888 volmgr - ok
09:59:40.0884 3888 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:59:40.0931 3888 volmgrx - ok
09:59:40.0993 3888 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:59:41.0040 3888 volsnap - ok
09:59:41.0071 3888 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
09:59:41.0102 3888 vsmraid - ok
09:59:41.0196 3888 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
09:59:41.0399 3888 VSS - ok
09:59:41.0555 3888 [ 416F115DC1003BB624D03E019C3D563D ] VUAgent C:\Program Files\sony\VAIO Update\VUAgent.exe
09:59:41.0648 3888 VUAgent - ok
09:59:41.0711 3888 [ 79EB419F4A694B4514249E0D3DB16ECF ] VzCdbSvc C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
09:59:41.0773 3888 VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning
09:59:41.0773 3888 VzCdbSvc - detected UnsignedFile.Multi.Generic (1)
09:59:41.0836 3888 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
09:59:41.0960 3888 W32Time - ok
09:59:42.0163 3888 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
09:59:42.0616 3888 WacomPen - ok
09:59:42.0678 3888 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
09:59:42.0756 3888 Wanarp - ok
09:59:42.0787 3888 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:59:42.0818 3888 Wanarpv6 - ok
09:59:42.0928 3888 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:59:42.0990 3888 wcncsvc - ok
09:59:43.0052 3888 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:59:43.0130 3888 WcsPlugInService - ok
09:59:43.0208 3888 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
09:59:43.0224 3888 Wd - ok
09:59:43.0333 3888 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:59:43.0427 3888 Wdf01000 - ok
09:59:43.0489 3888 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:59:43.0614 3888 WdiServiceHost - ok
09:59:43.0676 3888 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:59:43.0708 3888 WdiSystemHost - ok
09:59:43.0786 3888 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
09:59:43.0848 3888 WebClient - ok
09:59:43.0926 3888 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:59:44.0020 3888 Wecsvc - ok
09:59:44.0051 3888 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:59:44.0144 3888 wercplsupport - ok
09:59:44.0207 3888 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
09:59:44.0269 3888 WerSvc - ok
09:59:44.0332 3888 [ 090A2B8F055343815556A01F725F6C35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
09:59:44.0363 3888 WimFltr - ok
09:59:44.0410 3888 [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
09:59:44.0503 3888 winachsf - ok
09:59:44.0566 3888 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
09:59:44.0628 3888 WinDefend - ok
09:59:44.0659 3888 WinHttpAutoProxySvc - ok
09:59:44.0753 3888 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:59:44.0831 3888 Winmgmt - ok
09:59:44.0940 3888 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
09:59:45.0268 3888 WinRM - ok
09:59:45.0361 3888 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
09:59:45.0533 3888 Wlansvc - ok
09:59:45.0814 3888 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:59:45.0938 3888 wlidsvc - ok
09:59:46.0001 3888 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:59:46.0110 3888 WmiAcpi - ok
09:59:46.0188 3888 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:59:46.0250 3888 wmiApSrv - ok
09:59:46.0406 3888 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
09:59:46.0594 3888 WMPNetworkSvc - ok
09:59:46.0703 3888 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:59:46.0765 3888 WPCSvc - ok
09:59:46.0843 3888 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:59:46.0937 3888 WPDBusEnum - ok
09:59:47.0015 3888 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
09:59:47.0093 3888 WpdUsb - ok
09:59:47.0264 3888 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:59:47.0342 3888 WPFFontCache_v0400 - ok
09:59:47.0405 3888 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:59:47.0514 3888 ws2ifsl - ok
09:59:47.0686 3888 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
09:59:47.0810 3888 wscsvc - ok
09:59:47.0873 3888 [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
09:59:47.0951 3888 WSDPrintDevice - ok
09:59:48.0013 3888 [ 65D1FF8AAFF4A7D8F787A290E5087816 ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
09:59:48.0091 3888 WSDScan - ok
09:59:48.0107 3888 WSearch - ok
09:59:48.0434 3888 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
09:59:48.0653 3888 wuauserv - ok
09:59:48.0746 3888 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:59:48.0902 3888 WudfPf - ok
09:59:48.0949 3888 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:59:49.0058 3888 WUDFRd - ok
09:59:49.0168 3888 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:59:49.0230 3888 wudfsvc - ok
09:59:49.0277 3888 [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
09:59:49.0324 3888 XAudio - ok
09:59:49.0339 3888 [ 15A317674A08DF26BE65164D959E9203 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
09:59:49.0386 3888 XAudioService - ok
09:59:49.0495 3888 [ 67E3D2AF24C3873E6A0CAC89DE78D63B ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
09:59:49.0620 3888 yukonwlh - ok
09:59:49.0667 3888 ================ Scan global ===============================
09:59:49.0745 3888 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
09:59:49.0854 3888 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
09:59:49.0901 3888 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
09:59:49.0948 3888 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
09:59:49.0963 3888 [Global] - ok
09:59:49.0963 3888 ================ Scan MBR ==================================
09:59:49.0979 3888 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
09:59:52.0319 3888 \Device\Harddisk0\DR0 - ok
09:59:52.0319 3888 ================ Scan VBR ==================================
09:59:52.0350 3888 [ 7CAD3DDFFE95055748F849C62B000DE5 ] \Device\Harddisk0\DR0\Partition1
09:59:52.0350 3888 \Device\Harddisk0\DR0\Partition1 - ok
09:59:52.0350 3888 ============================================================
09:59:52.0350 3888 Scan finished
09:59:52.0350 3888 ============================================================
09:59:52.0366 7772 Detected object count: 5
09:59:52.0366 7772 Actual detected object count: 5
10:00:21.0865 7772 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:00:21.0896 7772 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:00:21.0896 7772 NSUService ( UnsignedFile.Multi.Generic ) - skipped by user
10:00:21.0896 7772 NSUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:00:21.0896 7772 PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user
10:00:21.0896 7772 PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:00:21.0912 7772 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:00:21.0912 7772 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:00:21.0912 7772 VzCdbSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:00:21.0912 7772 VzCdbSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:01:20.0530 8052 Deinitialize success
Hoffe das passt so. Vielen Dank schonmal bis hierher, ich fühle mich sehr gut aufgehoben bei dir, cosinus!  LG KlausKlaus |
|
13.05.2013, 10:51
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F sowie TR/Agent.385024.338 JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.05.2013, 12:05
| #13 |
| | Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F sowie TR/Agent.385024.338 hier die logfiles: JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Christian on 13.05.2013 at 12:08:44,55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D4FD0727-ECC5-44F1-9964-C4BDFAE5148A}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Christian\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Program Files\icq6toolbar"
~~~ FireFox
Successfully deleted: [File] C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\6bykvql9.default\user.js
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Emptied folder: C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\6bykvql9.default\minidumps [150 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.05.2013 at 12:11:21,36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
adwCleaner: Code:
ATTFilter # AdwCleaner v2.300 - Datei am 13/05/2013 um 12:25:35 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Christian - CHRISTIAN-VAIO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Christian\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.19412
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\6bykvql9.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [2297 octets] - [13/05/2013 12:25:35]
########## EOF - C:\AdwCleaner[S1].txt - [2357 octets] ##########
OTL.txt: Code:
ATTFilter OTL logfile created on: 13.05.2013 12:39:07 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christian\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19412) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 60,27% Memory free 6,19 Gb Paging File | 4,77 Gb Available in Paging File | 77,08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 285,20 Gb Total Space | 134,31 Gb Free Space | 47,09% Space Free | Partition Type: NTFS Computer Name: CHRISTIAN-VAIO | User Name: Christian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\Christian\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\sony\VAIO Update\VAIOUpdt.exe (Sony Corporation) PRC - C:\Program Files\sony\VAIO Update\VUAgent.exe (Sony Corporation) PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Program Files\sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) PRC - C:\Program Files\sony\Marketing Tools\MarketingTools.exe (Sony Corporation) PRC - C:\Program Files\Logitech\SetPoint\LBTWiz.exe (Logitech Inc.) PRC - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.) PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation) PRC - C:\Program Files\sony\VAIO Media plus\VMpTtray.exe (Sony Corporation) PRC - C:\Program Files\sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe (Realtek Semiconductor) PRC - C:\Program Files\sony\Network Utility\LANUtil.exe (Sony Corporation) PRC - C:\Program Files\sony\Network Utility\NSUService.exe (Sony Corporation) PRC - C:\Program Files\sony\VAIO Power Management\SPMgr.exe (Sony Corporation) PRC - C:\Program Files\sony\VAIO Power Management\SPMService.exe (Sony Corporation) PRC - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15e2d7f51f15830591727d6d6a1e4032\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\421cb77e6a4c21f94e3c5ddf766de23b\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll () MOD - C:\Windows\System32\CmdLineExt03.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\f300bbe8b18d4a04933422f241aa1428\System.IdentityModel.Selectors.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1c40efd2328e271920f4b4eda38c0125\System.ServiceModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9b2eef59d0cfc5aff182d0951de5f040\Accessibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\895899bb8c1772f2043de17305d7eb35\System.Runtime.Serialization.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\f9d4a89fc32b5a458c0a02c48dc8538e\System.IdentityModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\bb8af3cf69f1337efda4e810b6751b89\SMDiagnostics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3421.42239__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3421.42258__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3421.42253__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3421.42257__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3421.42313__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3421.42295__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3421.42282__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3421.42247__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3421.42331__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3421.42332__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3421.42247__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3421.42300__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3421.42300__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3421.42299__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3421.42284__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3421.42248__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3421.42259__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3421.42308__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3421.42259__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3421.42293__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3421.42284__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3421.42263__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3421.42292__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3421.42279__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3421.42283__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3421.42294__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3421.42263__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3421.42283__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3421.42284__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3421.42294__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3294.18728__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3294.18709__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3294.18751__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3294.18787__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3294.18795__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3294.18747__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3294.18794__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3294.18699__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3294.18701__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3294.18753__90ba9c70f846762e\DEM.OS.I0602.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3294.18745__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3294.18787__90ba9c70f846762e\DEM.OS.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3294.18708__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3294.18832__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3294.18755__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3294.18735__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3294.18771__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3294.18785__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3294.18737__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3294.18731__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3294.18717__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3294.18727__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3294.18758__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3294.18755__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3294.18772__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3294.18767__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3294.18766__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3294.18765__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3294.18771__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3294.18742__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3294.18760__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3294.18756__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3294.18748__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3294.18769__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3294.18757__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3421.42357__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3421.42340__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3294.18746__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3294.18728__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3421.42234__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3421.42326__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3294.18725__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3294.18720__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3294.18745__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll () MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3421.42321__90ba9c70f846762e\CLI.Component.Systemtray.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3421.42252__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3421.42325__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3421.42238__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3294.18714__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3294.18748__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3421.42236__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3294.18750__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3294.18744__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3421.42243__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3421.42237__90ba9c70f846762e\ATIDEMOS.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3421.42236__90ba9c70f846762e\APM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3421.42235__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3294.18740__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3421.42326__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3294.18774__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll () MOD - C:\Windows\System32\atitmmxx.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll () MOD - C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll () MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll () ========== Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (VUAgent) -- C:\Program Files\sony\VAIO Update\VUAgent.exe (Sony Corporation) SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (VcmIAlzMgr) -- C:\Program Files\sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation) SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (VCFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (SOHCImp) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation) SRV - (SOHPlMgr) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation) SRV - (SOHDs) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation) SRV - (SOHDms) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation) SRV - (SOHDBSvr) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation) SRV - (VAIO Event Service) -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (RtkAudioService) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe (Realtek Semiconductor) SRV - (NSUService) -- C:\Program Files\sony\Network Utility\NSUService.exe (Sony Corporation) SRV - (VAIO Power Management) -- C:\Program Files\sony\VAIO Power Management\SPMService.exe (Sony Corporation) SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (uCamMonitor) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (lxcg_device) -- C:\Windows\System32\lxcgcoms.exe ( ) ========== Driver Services (SafeList) ========== DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (hwusbdev) -- system32\DRIVERS\ewusbdev.sys File not found DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found DRV - (ewusbnet) -- system32\DRIVERS\ewusbnet.sys File not found DRV - (catchme) -- C:\Users\CHRIST~1\AppData\Local\Temp\catchme.sys File not found DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation) DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation) DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation) DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.) DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYT IE - HKLM\..\SearchScopes\{73B60328-40E2-4CBC-AAFD-169B4DB776FB}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig IE - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYK_de IE - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\..\SearchScopes\{73B60328-40E2-4CBC-AAFD-169B4DB776FB}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= IE - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig" FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 15:18:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.12 15:18:11 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 15:18:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.12 15:18:11 | 000,000,000 | ---D | M] [2010.07.27 17:35:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions [2013.05.09 11:45:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\6bykvql9.default\extensions [2010.12.13 12:07:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\6bykvql9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.22 17:42:12 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\6bykvql9.default\extensions\firefox@tvunetworks.com [2012.12.12 01:31:30 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\6bykvql9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.05.09 11:45:09 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\6bykvql9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.04.12 15:18:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013.04.12 15:18:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.04.12 15:18:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013.04.12 15:18:21 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.04.12 15:18:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.04.12 15:18:16 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.04.12 15:18:16 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.04.12 15:18:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.04.12 15:18:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.04.12 15:18:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2013.05.12 23:35:24 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [AML] C:\Program Files\Sony\VAIO Launcher\AML.exe (Sony) O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [MarketingTools] C:\Program Files\sony\Marketing Tools\MarketingTools.exe (Sony Corporation) O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-1033429082-2119218386-936885420-1000..\Run: [Dywoyreven] C:\Users\Christian\AppData\Roaming\Tagy\qoer.exe File not found O4 - HKU\S-1-5-21-1033429082-2119218386-936885420-1000..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation) O4 - HKU\S-1-5-21-1033429082-2119218386-936885420-1000..\Run: [Spotify] C:\Users\Christian\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKU\S-1-5-21-1033429082-2119218386-936885420-1000..\Run: [Spotify Web Helper] C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKU\S-1-5-21-1033429082-2119218386-936885420-1000..\Run: [VMpTtray.exe] C:\Program Files\sony\VAIO Media plus\VMpTtray.exe (Sony Corporation) O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A017C41E-C727-41AC-A634-FF0F56357C14}: DhcpNameServer = 192.168.34.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBE8C1D3-07B5-4507-B8CA-145AFDF06D11}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: C:\Users\Christian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Christian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.13 12:08:39 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.05.13 12:08:02 | 000,000,000 | ---D | C] -- C:\JRT [2013.05.13 12:06:22 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Christian\Desktop\JRT.exe [2013.05.13 09:53:26 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Christian\Desktop\tdsskiller.exe [2013.05.13 01:17:56 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Christian\Desktop\aswMBR.exe [2013.05.13 00:07:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.12 23:38:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.05.12 23:38:07 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.05.12 23:38:07 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\temp [2013.05.12 23:23:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.05.12 23:23:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.05.12 23:23:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.05.12 23:23:29 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.05.12 23:23:24 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.12 23:22:47 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.05.12 23:17:02 | 005,069,265 | R--- | C] (Swearware) -- C:\Users\Christian\Desktop\ComboFix.exe [2013.05.09 13:54:05 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\call of duty 4 modern warefare [2013.05.07 19:50:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe [2013.05.07 13:31:10 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\Age of Empires II [2013.05.05 13:34:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.05.05 13:29:49 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.05.05 13:29:49 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.05.05 13:29:49 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.05.02 16:32:26 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Avira [2013.05.02 16:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.05.02 16:26:39 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2013.05.02 16:26:37 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.05.02 16:26:37 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.05.02 16:26:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.05.02 16:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2013.04.30 09:15:54 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Xoilq [2013.04.30 09:15:54 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Rizur [2013.04.27 23:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013.04.26 13:51:36 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Spotify [2013.04.26 13:51:15 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Spotify [2013.04.21 11:30:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Google ========== Files - Modified Within 30 Days ========== [2013.05.13 12:27:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.13 12:27:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.13 12:27:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.13 12:27:46 | 3218,104,320 | -HS- | M] () -- C:\hiberfil.sys [2013.05.13 12:26:42 | 000,004,833 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.05.13 12:24:36 | 000,628,743 | ---- | M] () -- C:\Users\Christian\Desktop\adwcleaner.exe [2013.05.13 12:06:32 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Christian\Desktop\JRT.exe [2013.05.13 10:54:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.13 09:53:25 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Christian\Desktop\tdsskiller.exe [2013.05.13 09:49:02 | 000,000,512 | ---- | M] () -- C:\Users\Christian\Desktop\MBR.dat [2013.05.13 01:19:46 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Christian\Desktop\aswMBR.exe [2013.05.13 00:00:57 | 012,917,756 | ---- | M] () -- C:\Users\Christian\Desktop\mbar-1.05.0.1001.zip [2013.05.12 23:35:24 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.05.12 23:17:37 | 005,069,265 | R--- | M] (Swearware) -- C:\Users\Christian\Desktop\ComboFix.exe [2013.05.11 20:09:04 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.11 20:09:04 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.11 20:09:04 | 000,126,704 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.11 20:09:04 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.07 21:16:39 | 000,020,027 | ---- | M] () -- C:\Users\Christian\Desktop\Unbenannt 1.odt [2013.05.07 21:10:12 | 000,377,856 | ---- | M] () -- C:\Users\Christian\Desktop\gmer_2.1.19163.exe [2013.05.07 19:50:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe [2013.05.07 19:49:36 | 000,000,000 | ---- | M] () -- C:\Users\Christian\defogger_reenable [2013.05.07 19:48:36 | 000,050,477 | ---- | M] () -- C:\Users\Christian\Desktop\Defogger.exe [2013.05.06 22:30:47 | 000,110,592 | ---- | M] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.05.06 12:30:30 | 000,013,004 | ---- | M] () -- C:\Users\Christian\Desktop\Unbenannt 1.odg [2013.05.02 16:16:19 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2013.05.02 16:16:18 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.05.02 16:16:18 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.05.02 16:16:18 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.05.02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2013.04.26 13:51:35 | 000,001,775 | ---- | M] () -- C:\Users\Christian\Desktop\Spotify.lnk [2013.04.21 11:42:57 | 000,000,000 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\sversion.ini [2013.04.21 11:29:29 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.04.21 11:29:29 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.04.20 19:54:22 | 000,000,680 | ---- | M] () -- C:\Users\Christian\AppData\Local\d3d9caps.dat ========== Files Created - No Company Name ========== [2013.05.13 12:24:35 | 000,628,743 | ---- | C] () -- C:\Users\Christian\Desktop\adwcleaner.exe [2013.05.13 09:49:02 | 000,000,512 | ---- | C] () -- C:\Users\Christian\Desktop\MBR.dat [2013.05.12 23:59:37 | 012,917,756 | ---- | C] () -- C:\Users\Christian\Desktop\mbar-1.05.0.1001.zip [2013.05.12 23:23:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.05.12 23:23:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.05.12 23:23:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.05.12 23:23:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.05.12 23:23:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.05.07 21:16:37 | 000,020,027 | ---- | C] () -- C:\Users\Christian\Desktop\Unbenannt 1.odt [2013.05.07 21:10:10 | 000,377,856 | ---- | C] () -- C:\Users\Christian\Desktop\gmer_2.1.19163.exe [2013.05.07 19:49:36 | 000,000,000 | ---- | C] () -- C:\Users\Christian\defogger_reenable [2013.05.07 19:48:34 | 000,050,477 | ---- | C] () -- C:\Users\Christian\Desktop\Defogger.exe [2013.04.26 13:51:35 | 000,001,775 | ---- | C] () -- C:\Users\Christian\Desktop\Spotify.lnk [2013.04.26 13:51:35 | 000,001,761 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk [2011.09.17 22:13:48 | 000,011,264 | ---- | C] () -- C:\Windows\System32\atimuixx.dll [2011.09.11 12:41:54 | 000,000,282 | ---- | C] () -- C:\Windows\Config.ini [2011.09.11 12:41:54 | 000,000,225 | ---- | C] () -- C:\Windows\Config.ini.bak [2011.09.11 12:41:52 | 054,601,633 | ---- | C] () -- C:\Windows\BIOSROM.DAT [2010.06.11 22:57:29 | 000,000,680 | ---- | C] () -- C:\Users\Christian\AppData\Local\d3d9caps.dat [2010.04.10 08:28:41 | 000,000,760 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\setup_ldm.iss [2009.08.22 19:29:36 | 000,000,000 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\sversion.ini [2009.08.16 18:10:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.08.09 04:58:38 | 000,024,064 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\UserTile.png [2009.08.05 19:27:26 | 000,110,592 | ---- | C] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > und Extras: Code:
ATTFilter OTL Extras logfile created on: 13.05.2013 12:39:07 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christian\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19412)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 60,27% Memory free
6,19 Gb Paging File | 4,77 Gb Available in Paging File | 77,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,20 Gb Total Space | 134,31 Gb Free Space | 47,09% Space Free | Partition Type: NTFS
Computer Name: CHRISTIAN-VAIO | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-1033429082-2119218386-936885420-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B5FBFDE-9A81-49AF-8B2D-4F2B4F7704E7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0E1276B1-0311-43C2-B812-F6DE4F3656A3}" = rport=137 | protocol=17 | dir=out | app=system |
"{1074E664-9F32-4CCA-AB0D-9B07ACDD869E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{122ECF6F-21AE-471B-B235-367597FBFF6A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{17139A5A-05AA-46FE-BB57-0A481BC7A557}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1BAAC31F-EA4C-4BF3-8BA8-86903FD896DA}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{1CBAB161-B794-40A3-9E96-B6C6882B74E7}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{23EACC63-AE5A-4687-8B39-B951694C5624}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2EEA3600-4F69-48F7-ADBF-4ED966F6D5CD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2F24B054-7378-4E0B-833E-6C8881C00134}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3120E0DD-F561-433F-9158-5BE7CF20C8A0}" = lport=137 | protocol=17 | dir=in | app=system |
"{319D9108-B986-4698-B94B-11C3EE57F26F}" = lport=138 | protocol=17 | dir=in | app=system |
"{36C2CCCD-D45D-4A92-9CB6-A14A149AE6E8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{4794FD15-DD6B-47B3-B10E-A90502245811}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{49A204E2-0AD2-496C-BE55-0A6528DC0E67}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{593CAB15-F0B3-456C-94DF-347E140DC6E6}" = rport=138 | protocol=17 | dir=out | app=system |
"{5A60E279-716A-4D12-AE4E-9E9A91BB68C4}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{6042E77A-198F-4796-BBB6-65CE6FD091B8}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{72D4E8EC-E3AA-4B8C-AFF9-37354B52F660}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8797EA83-7218-4935-BBF6-82A93A942188}" = lport=445 | protocol=6 | dir=in | app=system |
"{8E7EB605-ECBA-4A2F-A2E7-096C5FFD187D}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{9430473A-CA16-4261-8BFF-61931C5A6919}" = lport=139 | protocol=6 | dir=in | app=system |
"{991AA5F0-F354-43C8-AF0A-0BD168E85D21}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9A9B65F3-9055-4D4E-8D81-9067601B5D20}" = rport=445 | protocol=6 | dir=out | app=system |
"{B0056FEE-5173-4629-8063-8A7925482FB8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C1B0EBB1-F027-4015-91E3-2D1FA95C3F3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C2356B44-AC7C-4AE1-A515-9E8DA8F41D8C}" = rport=139 | protocol=6 | dir=out | app=system |
"{D4A02098-4A45-4153-90C2-E0F448D87BF1}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{D839420C-DF76-4B05-B6E4-E1A4FDFA9AF8}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{DC62D110-9105-4A53-AD9D-8C30A80A3BFD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EFD0E59E-3A0D-4DEB-A5C0-D48ABF161D9F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F0E7EE21-CDE2-48F4-8E8A-1F9A7D506AEE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FBEC581B-8C15-401D-A215-A7B0508D9AA3}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A58DB22-B32C-49E6-9B23-2CC1A790693D}" = protocol=6 | dir=in | app=c:\program files\common files\sony shared\sohlib\sohdms.exe |
"{0C765B7B-0EDB-4F23-9355-66A8FAF37720}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{21CB2DC0-8CD1-4823-A487-3294FF3D5DC6}" = protocol=6 | dir=in | app=c:\program files\common files\sony shared\sohlib\sohcimp.exe |
"{21D7054F-F3DE-4795-ADCB-CF2F54A38208}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{21D9BCB9-B7D5-4888-8780-75EF7CC3E829}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{24442338-2E05-4B8E-8245-17546574EDCC}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{264E55F1-A5EA-4174-BDC5-3170DF5D8D7D}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{4E5AC57A-B2A6-4304-804E-267B975C1BD1}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{4EC19C25-6A4A-4A24-BBFA-4BBB86AD9F0D}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{5551ACED-DAF7-409C-AED8-668C1FFAA6EE}" = protocol=17 | dir=in | app=c:\program files\sony\vaio media plus\vmp.exe |
"{56E4A717-17FE-4628-B974-F3A6EABFBF90}" = protocol=17 | dir=in | app=c:\program files\common files\sony shared\sohlib\sohdms.exe |
"{5EECCAAC-9EF7-4B32-8CB2-E597535B3AD8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5F974FEB-7894-42EA-92E2-E3EBB8ABCA91}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{67F6625C-18B8-4232-BBC6-BE2F1B8EBE7D}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\initengine.exe |
"{6CFB0022-FBD5-43B8-9613-A97FCC8F5B69}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{6FA321F1-4335-4178-8440-265E02E28ADC}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{6FBC28F1-7917-49A0-AAF2-4D71F7453130}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\autopatcher.exe |
"{7D4F814D-B9F2-4B3A-AA1D-9B366CBFFE4B}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\anno5.exe |
"{8044E6A0-FB64-4CCE-BEDB-9862E31139F5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{814BC493-9807-4225-BD13-3FE818683C43}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{89CBD9BF-9B44-4B17-BC3F-5935FC0CD826}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{8B2A9FFC-CB0A-4BFF-B98B-13E16D917150}" = protocol=6 | dir=in | app=c:\program files\sony\vaio media plus\vmp.exe |
"{93458ED9-784C-467C-9BCE-9AEBF85214E3}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{967DB318-6032-4A13-A78E-C7D54F09630D}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{A1742D28-E4B0-4ADA-94F7-9FEF73FC9266}" = protocol=17 | dir=in | app=c:\program files\common files\sony shared\sohlib\sohcimp.exe |
"{A69597A4-1F65-4B54-8B7F-170530B8D197}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A8429FEF-2BE7-433A-A9F2-927D565213E7}" = protocol=17 | dir=in | app=c:\program files\common files\sony shared\sohlib\sohds.exe |
"{ADC37CB2-8AD5-472F-BF84-A631D158E0B5}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\initengine.exe |
"{B5140B72-01E4-43B9-8378-E951A9ED14D3}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\autopatcher.exe |
"{B5EFA606-C888-4CBE-B8BC-77F7F835F3DF}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{C11BFB45-5695-417A-B5C1-75CDB5F84720}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{D0043BC0-70E4-484B-BCB3-DD2CF45EEED2}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{D17B0934-05B5-44B4-A263-57E473EA85DC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E35852A0-F31E-450D-A282-8897553401AD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E46CB965-4FE2-4959-A0D0-77235B34DED2}" = protocol=6 | dir=in | app=c:\program files\common files\sony shared\sohlib\sohds.exe |
"{E5385247-2B04-4A97-A6A7-13EDAA17693C}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{EBD2DEA3-1FD5-4AD3-88B1-91393B612B9A}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{EE90FBA4-5511-4718-84A9-6237127674E2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F27F0F48-82F1-44FE-8F73-9729F070102C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F82DE2A1-FE7C-4671-9ECF-D57470B03EB6}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{FDE5A5D3-A7A4-49B9-84EC-0C4AE8136F98}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\anno5.exe |
"{FF4769E5-83CF-4E4B-BE18-A024EF427A09}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"TCP Query User{10A31E8E-E4FA-4257-9DB8-A5664A607D29}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{13BD7203-6C18-467B-9C8B-04D965463E4C}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{19577B63-798D-4DC5-B214-6752E8859637}C:\users\christian\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\users\christian\anno 1701\anno1701.exe |
"TCP Query User{2C8306EC-6B51-4B82-90EC-9BBBB68B6F5D}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{3295802C-B4EC-4765-BBBA-5E026DBD2786}C:\users\christian\desktop\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\christian\desktop\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{3739C260-992C-45C0-959B-7F938D72B529}C:\users\christian\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\christian\appdata\roaming\spotify\spotify.exe |
"TCP Query User{4123F8C2-98D2-4337-A05E-C115A3578593}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{48DE48BF-CE13-4756-B1F8-FF935E027C74}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{48FF6931-73C9-4D98-9E58-7044EABA44EF}C:\users\christian\desktop\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\christian\desktop\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{543051C0-1C1E-4275-BEEE-164ACCB66553}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{5F96C40F-4E79-4088-8F20-EB43A2DEBED3}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{7221B613-5089-4711-869F-5DB78C0E6917}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{84F2F03B-AD03-4021-8362-51162CACFDB3}C:\users\christian\desktop\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\users\christian\desktop\anno 1701\anno1701.exe |
"TCP Query User{8C9AADF0-1052-4425-96EB-12DC75B0F6B8}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{8E2D6474-F06A-4FF7-AC62-D01D87E59874}C:\users\christian\desktop\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\users\christian\desktop\age of empires ii\empires2.exe |
"TCP Query User{9791F87A-BDED-4219-BB30-5B37E07B4E45}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{99A7D3E6-B2CB-4CD0-BD41-765C98B1B0A8}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{9F900524-530A-4608-BA4C-45EF976E9957}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{ABF77450-8B0E-463F-AB9E-AC283601A1C0}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{B4C63CEA-1090-445B-9E69-854F905BBEF0}C:\users\christian\desktop\call of duty 4 modern warefare\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\christian\desktop\call of duty 4 modern warefare\iw3mp.exe |
"TCP Query User{BDB2A6E5-DEE9-4EA4-B67C-DFAFDA0E0677}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{C964FE4F-F53B-4B03-98BB-6E32BC6669A7}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{D005C666-D616-4E09-B9DB-1B3E56307ABB}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{D63D42D6-0E46-4DE8-8647-8AAB4C695BFE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{020D9395-8F12-4E63-9872-5822AFE4BF73}C:\users\christian\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\users\christian\anno 1701\anno1701.exe |
"UDP Query User{055D9C1B-00D0-40AA-9953-6203FE2C9859}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{318B0F47-291B-41FA-AD72-C3109ED0798F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{364F1FBA-704E-4E49-992D-3843636CCA4F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{3C71CD0A-3088-4973-891B-7B2758C6756F}C:\users\christian\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\christian\appdata\roaming\spotify\spotify.exe |
"UDP Query User{3F8629A4-46C1-4252-9664-1925A359BC80}C:\users\christian\desktop\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\christian\desktop\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{4CF9ED12-BF6B-4781-907B-3B73120FEDD7}C:\users\christian\desktop\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\users\christian\desktop\age of empires ii\empires2.exe |
"UDP Query User{569DFC57-F501-4709-AAAF-5CBE91AFDE16}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{56D20EFD-E3D0-41AA-84AF-A8C195ABF3E1}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{61334277-6D54-473B-81D5-34FCA5D4B7C2}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{61A1FE17-150E-4E7F-A2DB-DD117F530A54}C:\users\christian\desktop\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\christian\desktop\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{7960A02D-D312-45E8-953F-866F12D666B7}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{804FF513-71BD-4C45-A652-AC27C06DFC36}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{80FEE8A3-DB4E-4A25-89E3-900B7CFE7A48}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{85B37A68-908B-4CB3-9943-26308D4B8015}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{B00D44E6-7C95-484C-B4E2-54196BE3D858}C:\users\christian\desktop\call of duty 4 modern warefare\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\christian\desktop\call of duty 4 modern warefare\iw3mp.exe |
"UDP Query User{B7FC3B21-3B7C-47B4-B034-9D535B763CA4}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{BAB0407B-87B1-41D1-A117-886CC4C25B48}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{BFC07C14-6B83-4AF0-92DA-3AB83195903A}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{C0B2A5A5-413A-4257-9E27-6CF8595120C2}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{C64ABD8A-7E5A-46E2-9827-B7831B84616F}C:\users\christian\desktop\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\users\christian\desktop\anno 1701\anno1701.exe |
"UDP Query User{CE4BD4BE-81ED-4428-AED8-66876B6A79F1}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{DFDDFDF5-4AF2-4EDA-9AC1-6219DEDF4A55}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{FE4D295C-A56D-4B7F-9358-5065A560E181}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0B9B76C9-4967-59FC-C994-191AEA152F04}" = ATI Catalyst Install Manager
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6100_series" = Canon MG6100 series MP Drivers
"{12D0BE8D-538C-4AB1-86DE-C540308F50DA}" = VAIO Content Metadata Manager Settings
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{18510937-0146-417B-95D8-14706649C384}" = VAIO Content Metadata Manager Settings
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation
"{202F2838-156B-FC76-013F-9241B9673F39}" = CCC Help Thai
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2878C3C9-9D91-430F-8F50-885BB23DB001}" = VAIO Content Folder Watcher
"{291FB4BF-EEC7-4CF9-8469-F39ED1DBC4D8}" = VAIO Content Metadata XML Interface Library
"{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1" = Pokemon Online 2.0.1
"{2C3CE8F0-F4AD-4D54-A520-975309C617E2}" = LG PC Suite III
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{325ED81A-EC15-7CE8-729B-0392A1DD3854}" = CCC Help Czech
"{327B75F0-92AF-420A-988F-FA596A218E0B}" = VAIO Content Folder Watcher
"{36BDB1C2-CC66-41EB-B7DD-76339A7BB046}" = VAIO Edit Components
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCA23DD-CEDA-CC7F-C74C-4D1EDAE919AA}" = Catalyst Control Center Graphics Full New
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{42DD2173-B7CA-8AB3-8AC2-40DFE2CA6FBC}" = CCC Help German
"{430DD2C5-65FD-9781-F9F2-693CAF05CD10}" = Catalyst Control Center InstallProxy
"{4882EBF5-CA37-4EF4-BCB8-9B0E78B907D0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{49B8916D-1DEA-F18A-731F-BF0FE209C63B}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4EEAF8D8-CB79-06CA-A566-EAC1726DAABB}" = CCC Help Finnish
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{540DB82A-EE11-BBC1-8BD8-BB7D937A53A4}" = CCC Help Hungarian
"{547FD64B-98D9-1D8F-9001-BE027E3A7BD8}" = Catalyst Control Center InstallProxy
"{5511C07D-A83C-45AD-92B6-42DF99729A3C}" = Adobe Photoshop Elements 7.0
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5882396B-9FB3-37AC-1AE1-5EA344BD7705}" = Catalyst Control Center Graphics Previews Vista
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5BA149D9-D5FA-5AB3-400B-9F1BF424B7CE}" = CCC Help Chinese Traditional
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{642F96CC-1D3B-20DE-8673-44EE15B3DC2F}" = CCC Help Portuguese
"{64DBE9FE-A07D-41A0-B81A-8D416D9647FF}" = VAIO Content Folder Watcher
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69C8B1E3-2665-4A0F-B049-67746E5C4CE3}" = Software Info for Me&My VAIO
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D26ACF9-4919-0744-C509-28EAF53112D4}" = CCC Help Dutch
"{6EB6A82E-4918-481F-9AF8-3129E6D29B7E}" = Sony Home Network Library
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71256374-2053-CF0F-BD54-20082980B95C}" = Catalyst Control Center Graphics Full Existing
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{72EEB695-388B-4835-8EA6-0C04545B06B9}" = Intel(R) PROSet/Wireless WiFi-Software
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{737D8F4D-24D4-D626-DEC0-9E39A6166890}" = CCC Help Danish
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{74B705C2-173A-FFD1-98BC-AD5FB647AB38}" = CCC Help Polish
"{76D7CCD6-8369-405C-B494-5F34FAE67249}" = Me&My VAIO
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{784BDC03-2D22-BCAE-5CAC-84AFA799FBDE}" = CCC Help Turkish
"{7B79CD75-F848-4B33-83E3-0EE1A1805A8C}" = VAIO Movie Story
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8572CE7D-46B0-70B3-96CD-534F07B35F5D}" = CCC Help Italian
"{85AF94EC-55DE-452A-8FD7-C34E598B3F1F}" = Adobe Premiere Elements 7.0 Templates
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87544F2E-CCA5-01BC-AEBC-D8C1D759EE61}" = CCC Help English
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PROR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_PROR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_PROR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90B38901-52C8-85A7-D6C8-9A5592C9FCAA}" = CCC Help Greek
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9648D00F-0589-619B-6114-BF2A0620168B}" = CCC Help Korean
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{9805E4EE-9B66-CABD-AF6B-4B84F2A8EF46}" = Skins
"{989ED050-E296-4FDC-9E4E-C48B4AF76E32}" = VAIO Content Metadata Intelligent Analyzing Manager
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AC34FA1-BCDE-1D09-5DB7-EB6A064FDEA9}" = CCC Help Spanish
"{9B973FC0-E71F-6F89-10D6-1BFD063D1707}" = CCC Help Swedish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9EAC0E21-510E-4259-A9C6-F5D5B8969036}" = Catalyst Control Center - Branding
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{A3563827-B0DB-44DC-B037-15CC4E5E692F}" = VAIO Content Metadata XML Interface Library
"{A3979A05-6834-D0A7-75CD-71B5A9E5F4C0}" = Catalyst Control Center Localization All
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A6F21795-E629-35B2-9487-00A8363B28AA}" = Catalyst Control Center Graphics Light
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{AEA6A4C2-7C4E-48F9-A770-879DE2EDEE1B}" = OpenMG Secure Module 5.4.00
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1991F22-4F93-4D11-9866-A7DFE551DF9E}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B3668C08-EBB1-40F4-B4F9-4F8E13501A7D}" = VAIO Entertainment Platform
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.5
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C0AD2831-3398-A078-CBEB-39A6B381BB56}" = CCC Help Japanese
"{C0E18DC4-C74A-4889-AE3A-933471023787}" = LG PC Suite III
"{C18A02EC-966B-E7A7-9AC9-082F770ABF9B}" = CCC Help Russian
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup aktivieren
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C9C390CC-F9B9-EFE8-27DF-6EB7FF8F8760}" = CCC Help Norwegian
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CD431A7B-88D8-0823-E66F-CCFAEA6DA7B4}" = ccc-core-static
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF0F8D1B-5FB9-468D-BD88-E6239906D2B7}" = Click to Disc
"{D035FBF6-FDEF-487D-89CA-6F9DD07B783F}" = Dolby Control Center
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D239B547-8B20-4BDE-888D-C9CCA823FFD8}" = WIDCOMM Bluetooth Software
"{D47E6B9C-F5A5-23B7-AB6A-3806AD4C9529}" = ccc-utility
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D564B5E2-CCB5-4A5C-B35E-2FC30BBC9336}" = Adobe Premiere Elements 7.0
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D613E659-6503-42A8-9617-4F599061EAD5}" = VAIO MusicBox
"{D6DA6836-77C2-5338-10E3-D7A6CD65681D}" = Catalyst Control Center Core Implementation
"{DA8F979E-43B9-3EEC-721C-F297D9509992}" = Catalyst Control Center Graphics Previews Common
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FE0782BC-7AB0-CF6A-6E38-D3040462C7EC}" = CCC Help French
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"7-Zip" = 7-Zip 9.20
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"dt icon module" =
"EPSON Scanner" = EPSON Scan
"EPSON SX110 Series" = Druckerdeinstallation für EPSON SX110 Series
"EPSON SX218 Series" = EPSON SX218 Series Printer Uninstall
"EPSON SX218 Series Manual" = EPSON SX218 Series Handbuch
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.21.1212
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Free YouTube Download_is1" = Free YouTube Download version 3.1.42.1212
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{AEA6A4C2-7C4E-48F9-A770-879DE2EDEE1B}" = OpenMG Secure Module 5.4.00
"InstallShield_{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"MarketingTools" = VAIO Marketing Tools
"MFU Module" =
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NimoCorp" = Nimo Codecs Pack v5.0 (Remove Only)
"PremElem70" = Adobe Premiere Elements 7.0
"PremElem70Templates" = Adobe Premiere Elements 7.0 Templates
"ProInst" = Intel PROSet Wireless
"PROR" = Microsoft Office Professional 2007-Testversion
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"SUPER ©" = SUPER © Version 2010.bld.42 (Nov 7, 2010)
"VAIO Help and Support" =
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"YTdetect" = Yahoo! Detect
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1033429082-2119218386-936885420-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.05.2013 06:18:41 | Computer Name = Christian-Vaio | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 13.05.2013 06:28:42 | Computer Name = Christian-Vaio | Source = WinMgmt | ID = 10
Description =
Error - 13.05.2013 06:28:57 | Computer Name = Christian-Vaio | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 13.05.2013 06:33:22 | Computer Name = Christian-Vaio | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 13.05.2013 06:33:22 | Computer Name = Christian-Vaio | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 13.05.2013 06:33:22 | Computer Name = Christian-Vaio | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 13.05.2013 06:33:22 | Computer Name = Christian-Vaio | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 13.05.2013 06:33:22 | Computer Name = Christian-Vaio | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 13.05.2013 06:33:22 | Computer Name = Christian-Vaio | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 13.05.2013 06:33:22 | Computer Name = Christian-Vaio | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ OSession Events ]
Error - 15.07.2010 17:51:24 | Computer Name = Christian-Vaio | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
Error - 15.07.2010 17:52:00 | Computer Name = Christian-Vaio | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
Error - 15.07.2010 17:59:46 | Computer Name = Christian-Vaio | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
Error - 07.12.2010 14:41:31 | Computer Name = Christian-Vaio | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 8 seconds with 0 seconds of active time. This session ended with a crash.
Error - 07.12.2010 14:53:46 | Computer Name = Christian-Vaio | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.
Error - 27.01.2011 05:16:48 | Computer Name = Christian-Vaio | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 4 seconds with 0 seconds of active time. This session ended with a crash.
Error - 12.04.2011 09:46:07 | Computer Name = Christian-Vaio | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 7 seconds with 0 seconds of active time. This session ended with a crash.
Error - 03.05.2011 13:57:06 | Computer Name = Christian-Vaio | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 2861 seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 13.05.2013 06:17:27 | Computer Name = Christian-Vaio | Source = DCOM | ID = 10016
Description =
Error - 13.05.2013 06:17:54 | Computer Name = Christian-Vaio | Source = Service Control Manager | ID = 7000
Description =
Error - 13.05.2013 06:18:17 | Computer Name = Christian-Vaio | Source = DCOM | ID = 10016
Description =
Error - 13.05.2013 06:28:42 | Computer Name = Christian-Vaio | Source = Service Control Manager | ID = 7000
Description =
Error - 13.05.2013 06:29:07 | Computer Name = Christian-Vaio | Source = DCOM | ID = 10016
Description =
Error - 13.05.2013 06:29:14 | Computer Name = Christian-Vaio | Source = DCOM | ID = 10016
Description =
< End of report >
LG KlausKlaus |
|
13.05.2013, 13:09
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F sowie TR/Agent.385024.338Fixen mit OTL
Code:
ATTFilter :Files
C:\Users\Christian\AppData\Roaming\Xoilq
C:\Users\Christian\AppData\Roaming\Rizur
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.05.2013, 13:37
| #15 |
| | Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F sowie TR/Agent.385024.338 Habe den letzten Schritt wie beschrieben ausgeführt. Nach ein paar Minuten (während das Programm arbeitete) kam dann ein Fenster, in dem Stand, dass OTL nicht mehr funktioniert und deshalb geschlossen werden muss. Jetzt habe ich meinen Desktop mit Hintergrundbild aber ohne Icons und Start-/Taskleiste. Die Maus kann ich auch noch bewegen, aber sonst passiert leider gar nichts mehr. Soll ich den Computer ausschalten ("killen") und dann einfach nochmal mit OTL den letzten Schritt durchführen? Oder gibts einen anderen Weg? LG KlausKlaus |
|
| Themen zu Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F sowie TR/Agent.385024.338 |
| 7-zip, antivir, autorun, avira, bho, branding, canon, ebanking, error, excel, fehler, firefox, flash player, frage, home, iexplore.exe, install.exe, logfile, mp3, plug-in, problem, realtek, registry, rundll, scan, security, server, software, spotify web helper, super, svchost.exe, vista, wma |
Textbox. 
Linear-Darstellung
