|
Log-Analyse und Auswertung: Sparkassen-TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
15.05.2013, 11:57 | #1 |
| Sparkassen-Trojaner Hallo, ich habe mir auch den Sparkassen-Trojaner eingefangen, wie er zB http://www.trojaner-board.de/134710-...sparkasse.html hier beschrieben wird. Die Meldung mit der Sicherheitsüberprüfung kommt auch. Der IE hängt sich daran auf, Firefox geht nach ein paar Sekunden zum "normalen" Online-Banking-Startbildschirm über. Die Sparkasse hat den Zugang jetzt gesperrt. Die Aufforderung zur Testüberweisung kam allerdings nicht. MSE hat zwar Malware beseitigt (habe bei MSE leider keinen Log gefunden!), das Problem besteht aber weiterhin. Die Diagnose-Programme aus eurer echt guten Hilfe habe ich problemlos laufen lassen, siehe logs. Auch den Adwcleaner habe ich schonmal laufen lassen. Vielen Dank für eure Hilfe. Sehr gute Seite! Code:
ATTFilter OTL logfile created on: 15.05.2013 12:05:17 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joe\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 61,31% Memory free 7,81 Gb Paging File | 6,34 Gb Available in Paging File | 81,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,24 Gb Total Space | 71,69 Gb Free Space | 60,12% Space Free | Partition Type: NTFS Drive D: | 153,85 Gb Total Space | 24,48 Gb Free Space | 15,91% Space Free | Partition Type: NTFS Drive E: | 465,88 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ASUS | User Name: Joe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.15 11:57:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe PRC - [2013.03.25 21:45:52 | 000,694,584 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe PRC - [2013.03.25 21:45:52 | 000,121,144 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe PRC - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe PRC - [2013.02.02 11:57:02 | 000,238,592 | ---- | M] () -- C:\Users\Joe\AppData\Roaming\Elaw\cyim.exe PRC - [2012.12.18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.06.09 15:36:58 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2012.02.21 23:49:04 | 000,102,568 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe PRC - [2012.02.21 23:49:00 | 000,162,456 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe PRC - [2012.02.17 03:04:20 | 000,289,408 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe PRC - [2012.02.17 03:04:18 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe PRC - [2012.02.17 01:01:36 | 000,473,728 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe PRC - [2011.12.24 01:39:38 | 000,174,720 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2011.12.23 04:58:42 | 000,318,080 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2011.11.21 23:22:08 | 000,080,512 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2011.11.21 23:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2011.10.25 02:20:38 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2011.10.19 03:38:26 | 002,319,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.09.02 16:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe PRC - [2011.02.25 20:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2010.12.21 03:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.12.21 03:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.08.20 18:57:06 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2010.07.10 07:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe PRC - [2009.06.19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009.06.19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2008.12.23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe PRC - [2008.08.14 06:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe ========== Modules (No Company Name) ========== MOD - [2013.02.13 04:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2013.02.02 11:57:02 | 000,238,592 | ---- | M] () -- C:\Users\Joe\AppData\Roaming\Elaw\cyim.exe MOD - [2012.02.21 23:49:00 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll MOD - [2010.08.20 18:57:06 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2010.08.20 18:57:00 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2007.07.12 20:11:54 | 001,163,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2011.03.04 01:57:58 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2009.09.14 07:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04) SRV:64bit: - [2009.09.14 07:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2013.05.12 00:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.04.20 09:50:21 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.25 21:45:52 | 000,121,144 | ---- | M] (Motorola Mobility LLC) [Auto | Running] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager) SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2012.12.18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.02.17 03:04:18 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe -- (ASUS InstantOn) SRV - [2011.11.21 23:22:08 | 000,080,512 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2011.11.21 23:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.09.02 16:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service) SRV - [2011.03.02 07:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.02.25 20:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010.12.21 03:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.12.21 03:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.03.18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.06.11 10:56:34 | 000,022,016 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp) DRV:64bit: - [2012.06.08 15:09:12 | 000,027,136 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet) DRV:64bit: - [2012.06.08 15:08:54 | 000,008,832 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService) DRV:64bit: - [2012.06.08 15:08:28 | 000,031,232 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem) DRV:64bit: - [2012.04.09 16:27:34 | 000,352,144 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cbfs3.sys -- (cbfs3) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.24 02:56:32 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012.02.24 02:56:32 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012.02.04 06:57:58 | 001,838,656 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2012.01.25 13:57:46 | 000,009,728 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl) DRV:64bit: - [2011.11.23 00:21:46 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.11.23 00:21:46 | 000,130,024 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011.11.08 12:59:12 | 000,011,776 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice) DRV:64bit: - [2011.11.03 12:09:48 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011.11.03 12:09:22 | 012,310,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.05.05 14:32:56 | 001,439,792 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.04.26 05:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.03.18 07:36:18 | 000,074,840 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2010.11.20 15:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.08.24 11:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009.07.20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.06.20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.01.29 17:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService) DRV:64bit: - [2008.05.24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2011.09.07 18:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.03 02:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes,DefaultScope = {53C6CB24-A906-4DF8-8C26-8AA9DA0B50F7} IE - HKCU\..\SearchScopes\{53C6CB24-A906-4DF8-8C26-8AA9DA0B50F7}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz= IE - HKCU\..\SearchScopes\{EB1CE354-81C0-4B82-9B58-BFC7713C6DB0}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=3292EDCB-DCBE-4D4C-BA31-0D37A60D3FF9&apn_sauid=FDC114D2-A382-441A-A994-3C2405EB89F2 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;192.168.*.* ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.02.16 22:25:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.14 21:28:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.23 12:10:49 | 000,000,000 | ---D | M] [2012.11.12 11:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joe\AppData\Roaming\mozilla\Extensions [2013.05.14 21:29:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.14 21:29:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS) O4 - HKCU..\Run: [EPSON SX218 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGDE.EXE /FU "C:\Windows\TEMP\E_SED2.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [EPSON SX218 Series (Kopie 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGDE.EXE /FU "C:\Windows\TEMP\E_S8D02.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [Ybkeavh] C:\Users\Joe\AppData\Roaming\Elaw\cyim.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C0EF544-3440-4CD5-BDF2-17A3DBEABB62}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CC4673B-E3E1-4F3E-8F44-C1E26AF1DCB5}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation) O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.15 11:57:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe [2013.05.15 00:08:24 | 000,000,000 | ---D | C] -- C:\Users\Joe\Desktop\Alte Firefox-Daten [2013.05.14 21:30:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.05.14 21:11:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.05.08 13:35:50 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Upgoic [2013.05.08 13:35:50 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Pyumq [2013.05.08 13:35:50 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Elaw [2013.04.22 12:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2013.04.20 09:50:34 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2013.04.20 09:50:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan ========== Files - Modified Within 30 Days ========== [2013.05.15 12:00:44 | 001,614,036 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.15 12:00:44 | 000,697,322 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.15 12:00:44 | 000,652,600 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.15 12:00:44 | 000,148,328 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.15 12:00:44 | 000,121,274 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.15 12:00:36 | 000,377,856 | ---- | M] () -- C:\Users\Joe\Desktop\gmer_2.1.19163.exe [2013.05.15 11:58:56 | 000,718,787 | ---- | M] () -- C:\Users\Joe\Desktop\69886-alle-hilfesuchenden-eroeffnu.pdf [2013.05.15 11:57:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe [2013.05.15 11:57:15 | 000,000,000 | ---- | M] () -- C:\Users\Joe\defogger_reenable [2013.05.15 11:56:37 | 000,050,477 | ---- | M] () -- C:\Users\Joe\Desktop\Defogger.exe [2013.05.15 11:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.15 11:34:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.15 09:54:19 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.15 09:54:19 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.15 09:47:13 | 000,000,387 | ---- | M] () -- C:\Users\Joe\AppData\Roaming\sp_data.sys [2013.05.15 09:46:54 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.15 09:46:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.15 09:46:39 | 3145,826,304 | -HS- | M] () -- C:\hiberfil.sys [2013.05.15 00:18:09 | 000,039,929 | ---- | M] () -- C:\Users\Joe\Desktop\malware.jpg [2013.05.14 23:56:08 | 000,628,743 | ---- | M] () -- C:\Users\Joe\Desktop\adwcleaner.exe [2013.05.14 21:30:06 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.05.08 22:28:35 | 000,002,182 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2013.05.06 13:35:42 | 000,216,584 | ---- | M] () -- C:\Users\Joe\Desktop\32_externe_neue_aeappo_bewerbung_Aug13_VARIANTE2_1_Kopie_VER.pdf [2013.04.22 12:47:53 | 000,002,048 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.04.22 12:47:53 | 000,002,048 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.04.21 12:18:42 | 000,001,621 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini ========== Files Created - No Company Name ========== [2013.05.15 12:00:36 | 000,377,856 | ---- | C] () -- C:\Users\Joe\Desktop\gmer_2.1.19163.exe [2013.05.15 11:59:04 | 000,718,787 | ---- | C] () -- C:\Users\Joe\Desktop\69886-alle-hilfesuchenden-eroeffnu.pdf [2013.05.15 11:57:15 | 000,000,000 | ---- | C] () -- C:\Users\Joe\defogger_reenable [2013.05.15 11:56:32 | 000,050,477 | ---- | C] () -- C:\Users\Joe\Desktop\Defogger.exe [2013.05.15 00:18:09 | 000,039,929 | ---- | C] () -- C:\Users\Joe\Desktop\malware.jpg [2013.05.14 23:56:08 | 000,628,743 | ---- | C] () -- C:\Users\Joe\Desktop\adwcleaner.exe [2013.05.14 21:30:06 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.05.14 21:30:06 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.05.06 13:35:42 | 000,216,584 | ---- | C] () -- C:\Users\Joe\Desktop\32_externe_neue_aeappo_bewerbung_Aug13_VARIANTE2_1_Kopie_VER.pdf [2013.04.22 12:47:53 | 000,002,048 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.04.22 12:47:50 | 000,002,048 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012.07.29 14:18:19 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2012.07.28 14:04:14 | 000,000,387 | ---- | C] () -- C:\Users\Joe\AppData\Roaming\sp_data.sys [2012.06.09 15:35:49 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2012.03.05 03:24:03 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2012.03.05 03:23:54 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.03.05 03:23:53 | 000,217,536 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.03.05 03:23:53 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.03.05 03:23:52 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012.03.05 03:23:52 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012.02.24 04:42:37 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2012.02.24 04:28:11 | 001,591,930 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.12.03 21:13:17 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Amazon [2012.07.28 14:10:47 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\ASUS WebStorage [2013.01.15 16:18:31 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Cyob [2013.05.08 13:35:50 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Elaw [2013.01.14 12:49:26 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Enyga [2013.01.07 17:08:27 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\EPSON [2013.05.15 12:05:00 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\ICQ [2013.02.18 22:27:40 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\LibreOffice [2012.11.06 12:43:23 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Motorola [2012.11.06 12:45:38 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Motorola Mobility [2013.01.15 10:24:35 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Myox [2013.05.13 21:41:06 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Pyumq [2012.07.31 20:41:08 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\SoftGrid Client [2012.07.29 12:56:15 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\TP [2013.05.08 13:35:50 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Upgoic [2012.10.18 13:33:39 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Wuala ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 15.05.2013 12:05:17 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joe\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 61,31% Memory free 7,81 Gb Paging File | 6,34 Gb Available in Paging File | 81,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,24 Gb Total Space | 71,69 Gb Free Space | 60,12% Space Free | Partition Type: NTFS Drive D: | 153,85 Gb Total Space | 24,48 Gb Free Space | 15,91% Space Free | Partition Type: NTFS Drive E: | 465,88 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ASUS | User Name: Joe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0B5C0026-3D1F-41FE-BE44-8F3CC58D6C9C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{1C622B62-9812-473A-9694-43BE9880C938}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2E8BC44F-71ED-4DD5-953F-9EC3B66368BD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{52026CE6-7339-4932-AC84-0A5D6A8E9FCE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5361333C-1BB8-4453-9B46-67332BCC102E}" = lport=10243 | protocol=6 | dir=in | app=system | "{6B172638-80F6-4F70-9DA1-256890CA8A6B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6E160FBE-34C2-4E27-8B20-024917ECEFCD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7200A232-CB9A-4548-89E0-CF072E6C2E3E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{79EFC616-4D96-4ADF-9BFF-EEDDC798A18D}" = lport=137 | protocol=17 | dir=in | app=system | "{9C1A304E-E904-4163-8685-B057898DAB62}" = rport=137 | protocol=17 | dir=out | app=system | "{9D320615-9EFE-49C3-B424-2CA1174EF7FB}" = rport=10243 | protocol=6 | dir=out | app=system | "{A11B5B9D-D30E-4E6D-B613-FBF1612FE835}" = rport=138 | protocol=17 | dir=out | app=system | "{A3E42950-C2EF-4603-9EDD-B59C1F1E1EB1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A56F99CF-933B-4F79-9B77-D54139039647}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{A608DB4C-DF2F-441A-BD39-7C13F34F5787}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A7302ADA-0DA6-4AA9-81FF-858F4C6B3848}" = lport=139 | protocol=6 | dir=in | app=system | "{ABBED92B-30DF-4AAF-A9B4-EE77382EDDAB}" = rport=445 | protocol=6 | dir=out | app=system | "{AFCAF206-534A-41FF-914A-5233CED97C01}" = lport=138 | protocol=17 | dir=in | app=system | "{B8019F4B-F6D1-4BD9-AA4A-8D773E2E3C15}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BB84E384-0AC6-45E6-A3D7-457188CD9EFF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D43A4F56-2E2D-4B37-8F1A-E49D6FB921AC}" = lport=445 | protocol=6 | dir=in | app=system | "{DBAD66F7-9B9D-4550-8E0B-8334C9253738}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{E44DF357-C07A-4237-A73F-8DA86DC3FA96}" = rport=139 | protocol=6 | dir=out | app=system | "{F77FB93A-F906-42E4-808B-4093E80C690A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FE323625-4A37-4AF5-85F7-1220DB7E4512}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{085D8B8A-01C8-474C-9850-26BAF824941B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{111359A1-32CF-4845-8BF6-649A7497F908}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{13A83034-8528-4A7A-8A67-C59CF4E31E09}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{19E284DE-FE65-45E9-8827-69D5454439A1}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{1B00A9A6-75DD-45C4-BE89-AB1B5A648222}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{21D81408-E5AE-494A-9F19-0985B781280D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2E6C793B-42D4-4EA7-99BC-9044656C7502}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{37CFE252-1D5D-411D-85A5-FB83D97C65DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{40970073-D479-476A-A69A-0CEFB6FABBE7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{56048913-2EE4-4FB6-9B10-B11FD9535645}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{571576D3-FB44-4106-895E-49C2B0766AD3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{59946201-37DF-458C-9238-2E37B660B48D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{657A2AC7-2FEF-4EA7-AD91-846D51CB621A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{6B453DB7-F2FA-4AF8-8796-0A73B34D19A6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{7C361E44-B538-4418-9BAA-799169D45374}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8241FB29-D9F2-4CDB-8829-62152A40AC80}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{9A27F507-C651-4851-8B34-05489C22346C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{9A6B5B6E-9701-4D3E-A857-BDEFFAAC6CC7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9F88D56F-9FE0-4A0E-911E-B80F155C8F1A}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{AD46D245-DF6B-4D41-AF5A-EAF74E9967C9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{B47194E0-0074-4543-B500-C795480F44A4}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{B895C586-3D59-4702-9349-FBB0630F617B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{BA2CEAF1-C66A-4C11-A788-DBD7D26C3DC8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{C1A280E9-7438-4759-84CE-63669528EEA8}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{CE15CB09-D002-4115-92F7-2D1504B41AC3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{DB37BB20-8703-4A10-85B0-1B585BB88CAB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{EDA33C67-02FC-4CBB-B8DE-B369AC2BA16B}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{F11EFF30-F169-45A5-8DB7-BBFDAA041230}" = protocol=6 | dir=out | app=system | "{F5826050-CE87-4DB0-BE47-5BE553A29588}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FF140651-CB2F-4364-8561-C0011F4439D8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "TCP Query User{4E2CBE00-D67A-42DB-963A-4BCCF5D04CE6}C:\program files (x86)\icq7m\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "TCP Query User{8C47AFEE-0DAF-48F7-BC95-10152D925307}C:\users\joe\appdata\roaming\wuala\wuala.exe" = protocol=6 | dir=in | app=c:\users\joe\appdata\roaming\wuala\wuala.exe | "TCP Query User{9E19B1C1-6941-4367-88FB-D635E971FC93}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{B6FB69C4-6222-4E85-A125-C71B6848127E}C:\users\joe\appdata\roaming\cyob\memi.exe" = protocol=6 | dir=in | app=c:\users\joe\appdata\roaming\cyob\memi.exe | "TCP Query User{E42833B9-C528-4181-9735-61257B60E965}C:\users\joe\appdata\roaming\cyob\memi.exe" = protocol=6 | dir=in | app=c:\users\joe\appdata\roaming\cyob\memi.exe | "UDP Query User{04804AE3-06AA-4D1C-8F7C-974C0E3E023F}C:\users\joe\appdata\roaming\cyob\memi.exe" = protocol=17 | dir=in | app=c:\users\joe\appdata\roaming\cyob\memi.exe | "UDP Query User{169E7D01-583D-45F8-BE69-F36F3C5D7C03}C:\users\joe\appdata\roaming\wuala\wuala.exe" = protocol=17 | dir=in | app=c:\users\joe\appdata\roaming\wuala\wuala.exe | "UDP Query User{6F1E306C-E3B7-4EA7-8805-0E4AB3A21AED}C:\program files (x86)\icq7m\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "UDP Query User{A52467EF-DEFF-4F0F-8DA4-AB091AD0BEBB}C:\users\joe\appdata\roaming\cyob\memi.exe" = protocol=17 | dir=in | app=c:\users\joe\appdata\roaming\cyob\memi.exe | "UDP Query User{B72745A7-F7D8-4240-887D-8EF8441C9513}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid "{C5A22A98-AC82-4404-BFB0-1E9F654EB176}" = Motorola Mobile Drivers Installation 6.0.0 "{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CutePDF Writer Installation" = CutePDF Writer 2.8 "EPSON SX218 Series" = EPSON SX218 Series Printer Uninstall "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Security Client" = Microsoft Security Essentials "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{1231D46E-3174-4F1F-859E-41DCB0D070D2}" = mediscript Hammerexamen "{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources "{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer "{19EA33FB-B34E-40EA-8B8A-61743AEB795A}" = Wireless Console 3 "{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21 "{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials "{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3FA377B8-23F4-470B-A567-5EED6B90C70E}" = cdrLabel 7.1 "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack "{4555BB9E-E715-4260-A178-E8EFD2B653E3}" = Alcor Micro USB Card Reader "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項 "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS FaceLogon "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn for NB "{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack "{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer "{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources "{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111249233}" = Dream Vacation Solitaire "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115065740}" = Bubbletown "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115290153}" = Go Go Gourmet Chef of the Year "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115320460}" = Turbo Fiesta "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116672750}" = World of Goo "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117080787}" = Plants vs Zombies "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117948443}" = Mahjong Memoirs "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118716773}" = Deadtime Stories "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119205603}" = Farm Frenzy 3 - Madagascar "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8EA569F1-97AF-4C3E-A0CB-4846C2D35A81}" = LibreOffice 4.0.0.3 "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package "{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.6) MUI "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials "{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений "{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources "{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections "{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}" = ASUS FancyStart "{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack "{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources "{DEAD13D3-BC70-4AAE-AEF9-BE6297E106D1}" = Motorola Device Software Update "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver "{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas "{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources "{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support "{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources "{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17 "AmUStor" = Alcor Micro USB Card Reader "Asus Vibe2.0" = AsusVibe2.0 "ASUS WebStorage" = ASUS WebStorage "ASUS_Screensaver" = ASUS_Screensaver "DivX Setup" = DivX-Setup "EPSON Scanner" = EPSON Scan "EPSON SX218 Series Manual" = EPSON SX218 Series Handbuch "Game Park Console" = Game Park Console "Google Chrome" = Google Chrome "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "McAfee Security Scan" = McAfee Security Scan Plus "Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "Office14.SingleImage" = Microsoft Office Home and Student 2010 "ST6UNST #1" = FMS32-PRO Version 3.1.5 "VLC media player" = VLC media player 2.0.3 "Winamp" = Winamp "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.20 (32-Bit) "Wuala CBFS" = Wuala CBFS "Wuala OverlayIcons" = Wuala OverlayIcons ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Winamp Detect" = Winamp Erkennungs-Plug-in "Wuala" = Wuala ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 21.04.2013 14:26:45 | Computer Name = asus | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 21.04.2013 15:08:24 | Computer Name = asus | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 21.04.2013 19:08:03 | Computer Name = asus | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.8112.16476 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1658 Startzeit: 01ce3e7a7c81f604 Endzeit: 87 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID: Error - 22.04.2013 09:27:09 | Computer Name = asus | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 22.04.2013 10:13:11 | Computer Name = asus | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 23.04.2013 08:56:53 | Computer Name = asus | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 24.04.2013 07:33:35 | Computer Name = asus | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 24.04.2013 18:13:04 | Computer Name = asus | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 25.04.2013 13:18:11 | Computer Name = asus | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 25.04.2013 14:53:26 | Computer Name = asus | Source = Customer Experience Improvement Program | ID = 1008 Description = [ System Events ] Error - 17.11.2012 08:14:56 | Computer Name = asus | Source = Microsoft Antimalware | ID = 2001 Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.139.2153.0 Aktualisierungsquelle: %%859 Aktualisierungsphase: %%853 Quellpfad: hxxp://www.microsoft.com Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.8904.0 Fehlercode: 0x80240016 Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support". Error - 18.11.2012 08:47:53 | Computer Name = asus | Source = Microsoft Antimalware | ID = 2001 Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.139.2168.0 Aktualisierungsquelle: %%859 Aktualisierungsphase: %%854 Quellpfad: hxxp://www.microsoft.com Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.8904.0 Fehlercode: 0x80070643 Fehlerbeschreibung: Schwerwiegender Fehler bei der Installation. Error - 18.11.2012 08:48:07 | Computer Name = asus | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Definitionsupdate für Microsoft Security Essentials – KB2310138 (Definition 1.139.2333.0) Error - 23.11.2012 05:22:06 | Computer Name = asus | Source = DCOM | ID = 10010 Description = Error - 06.12.2012 07:57:25 | Computer Name = asus | Source = Service Control Manager | ID = 7030 Description = Der Dienst "PST Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error - 05.01.2013 14:05:46 | Computer Name = asus | Source = Server | ID = 2505 Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{9B1148F8-306D-454C-89FC-67A459AC14CE} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden. Error - 06.01.2013 17:55:14 | Computer Name = asus | Source = DCOM | ID = 10016 Description = Error - 10.01.2013 08:12:57 | Computer Name = asus | Source = Microsoft Antimalware | ID = 2001 Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.141.3393.0 Aktualisierungsquelle: %%859 Aktualisierungsphase: %%854 Quellpfad: hxxp://www.microsoft.com Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.9002.0 Fehlercode: 0x80240016 Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support". Error - 10.01.2013 08:12:57 | Computer Name = asus | Source = Microsoft Antimalware | ID = 2001 Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.141.3393.0 Aktualisierungsquelle: %%859 Aktualisierungsphase: %%854 Quellpfad: hxxp://www.microsoft.com Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.9002.0 Fehlercode: 0x80240016 Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support". Error - 10.01.2013 08:12:57 | Computer Name = asus | Source = Microsoft Antimalware | ID = 2001 Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.141.3393.0 Aktualisierungsquelle: %%859 Aktualisierungsphase: %%853 Quellpfad: hxxp://www.microsoft.com Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.9002.0 Fehlercode: 0x80240016 Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support". < End of report > Code:
ATTFilter # AdwCleaner v2.300 - Datei am 14/05/2013 um 23:56:56 erstellt # Aktualisiert am 28/04/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Joe - ASUS # Bootmodus : Normal # Ausgeführt unter : C:\Users\Joe\Desktop\adwcleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gefunden : C:\Program Files (x86)\Ask.com Ordner Gefunden : C:\ProgramData\Ask Ordner Gefunden : C:\Users\Joe\AppData\Local\APN Ordner Gefunden : C:\Users\Joe\AppData\Local\Temp\AskSearch Ordner Gefunden : C:\Users\Joe\AppData\LocalLow\AskToolbar Ordner Gefunden : C:\Users\Joe\AppData\LocalLow\boost_interprocess Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\APN Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar Schlüssel Gefunden : HKCU\Software\Ask.com Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Schlüssel Gefunden : HKLM\Software\APN Schlüssel Gefunden : HKLM\Software\AskToolbar Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Schlüssel Gefunden : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gefunden : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16476 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v21.0 (de) Datei : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\te0730jl.default-1368559837620\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [4237 octets] - [14/05/2013 23:56:56] ########## EOF - C:\AdwCleaner[R1].txt - [4297 octets] ########## Code:
ATTFilter # AdwCleaner v2.300 - Datei am 14/05/2013 um 23:57:48 erstellt # Aktualisiert am 28/04/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Joe - ASUS # Bootmodus : Normal # Ausgeführt unter : C:\Users\Joe\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gelöscht : C:\Program Files (x86)\Ask.com Ordner Gelöscht : C:\ProgramData\Ask Ordner Gelöscht : C:\Users\Joe\AppData\Local\APN Ordner Gelöscht : C:\Users\Joe\AppData\Local\Temp\AskSearch Ordner Gelöscht : C:\Users\Joe\AppData\LocalLow\AskToolbar Ordner Gelöscht : C:\Users\Joe\AppData\LocalLow\boost_interprocess Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\APN Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar Schlüssel Gelöscht : HKCU\Software\Ask.com Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Schlüssel Gelöscht : HKLM\Software\APN Schlüssel Gelöscht : HKLM\Software\AskToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16476 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v21.0 (de) Datei : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\te0730jl.default-1368559837620\prefs.js C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\te0730jl.default-1368559837620\user.js ... Gelöscht ! [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [4358 octets] - [14/05/2013 23:56:56] AdwCleaner[S1].txt - [4410 octets] - [14/05/2013 23:57:48] ########## EOF - C:\AdwCleaner[S1].txt - [4470 octets] ########## Geändert von flyingnoodls (15.05.2013 um 12:08 Uhr) |
15.05.2013, 12:05 | #2 |
| Sparkassen-Trojaner Gmer log Teil 1
__________________Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-05-15 12:41:48 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.AX00 298,09GB Running: gmer_2.1.19163.exe; Driver: C:\Users\Joe\AppData\Local\Temp\fxldrpoc.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800037fc000 65 bytes [00, 00, 15, 02, 46, 69, 6C, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 626 fffff800037fc042 4 bytes [00, 00, 00, 00] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752e1465 2 bytes [2E, 75] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752e14bb 2 bytes [2E, 75] .text ... * 2 .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000778208fc 6 bytes [68, A0, CF, 99, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000778325fd 6 bytes [68, BD, 57, 9A, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007783c45a 6 bytes [68, CB, D0, 99, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077842a63 6 bytes [68, 03, 58, 9A, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077864128 6 bytes [68, 49, 58, 9A, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007786e659 6 bytes [68, 8F, 58, 9A, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 000000007605455c 6 bytes [68, 34, D3, 99, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000760579f8 6 bytes [68, F3, D2, 99, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075d23918 6 bytes [68, 27, E3, 99, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000075d24296 6 bytes [68, 38, DF, 99, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075d24406 6 bytes [68, 80, E3, 99, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\WS2_32.dll!send 0000000075d26f01 6 bytes [68, 5F, E3, 99, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075d37673 6 bytes [68, C8, DE, 99, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000075b1c664 6 bytes [68, DC, 08, 9A, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000075b1e13a 6 bytes [68, 7C, 0A, 9A, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000075b1f8d8 6 bytes [68, 49, 09, 9A, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000075b23184 6 bytes [68, 50, 0A, 9A, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000075b45761 6 bytes [68, 1E, 06, 9A, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000075b45fef 6 bytes [68, DA, 05, 9A, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000075b4632d 6 bytes [68, 62, 06, 9A, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000075b4fa49 6 bytes [68, 77, 09, 9A, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000075b5f564 6 bytes [68, 0C, 07, 9A, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000075b5f639 6 bytes [68, 46, 08, 9A, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000075b74f2f 6 bytes [68, F6, 09, 9A, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000075b7525a 6 bytes [68, B7, 06, 9A, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000075bbece5 6 bytes [68, A9, 07, 9A, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000075bbedb7 6 bytes [68, 91, 08, 9A, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!GetDC 00000000751f72c4 6 bytes [68, 92, 18, 99, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!ReleaseDC 00000000751f7446 6 bytes [68, 10, 19, 99, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!TranslateMessage 00000000751f7809 6 bytes [68, A5, 5D, 9A, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000751f78e2 6 bytes [68, 22, DE, 99, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000751f7bd3 6 bytes [68, 4A, DE, 99, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000751f8048 6 bytes [68, D1, 18, 99, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!RegisterClassW 00000000751f8a65 6 bytes [68, C1, 5A, 9A, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!RegisterClassExW 00000000751fb17d 6 bytes [68, 5B, 5B, 9A, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!RegisterClassExA 00000000751fdb98 6 bytes [68, AD, 5B, 9A, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000752005ba 6 bytes [68, 72, DE, 99, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000075200d32 6 bytes [68, F3, 59, 9A, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000075201218 6 bytes [68, 55, DC, 99, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!EndPaint 0000000075201341 6 bytes [68, F7, 17, 99, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000075201361 6 bytes [68, 87, 17, 99, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000075202a8d 6 bytes [68, 23, DC, 99, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!GetCapture 0000000075202aac 6 bytes [68, 83, DD, 99, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000075203391 6 bytes [68, 37, 18, 99, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!RegisterClassA 000000007520434b 6 bytes [68, 0E, 5B, 9A, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075205f74 6 bytes [68, 9D, DE, 99, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000075206222 6 bytes [68, E3, 19, 99, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!CallWindowProcA 000000007520792f 6 bytes [68, 3C, 5A, 9A, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000075207fbb 6 bytes [68, 1E, 59, 9A, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 000000007520810c 6 bytes [68, AD, 59, 9A, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!DefFrameProcW 00000000752085c1 6 bytes [68, D5, 58, 9A, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 00000000752086b4 6 bytes [68, 67, 59, 9A, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007521d41f 6 bytes [68, 50, 19, 99, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!ReleaseCapture 000000007521ed49 6 bytes [68, 33, DD, 99, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!SetCapture 000000007521ed56 6 bytes [68, D9, DC, 99, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075239854 6 bytes [68, 9F, 57, 9A, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075239cfd 6 bytes [68, 9C, DC, 99, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075239f1d 6 bytes [68, 54, 5F, 9A, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000752587cb 6 bytes [68, 4F, 57, 9A, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007570c592 6 bytes [68, B1, D3, 99, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075742538 6 bytes [68, 9A, D3, 99, 02, C3] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752e1465 2 bytes [2E, 75] .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752e14bb 2 bytes [2E, 75] .text ... * 2 .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2936] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000075841224 6 bytes [68, 89, 7E, 99, 02, C3] .text C:\Users\Joe\AppData\Roaming\Elaw\cyim.exe[2988] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000075d24296 6 bytes [68, 38, DF, 41, 00, C3] .text C:\Users\Joe\AppData\Roaming\Elaw\cyim.exe[2988] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075d37673 6 bytes [68, C8, DE, 41, 00, C3] .text C:\Users\Joe\AppData\Roaming\Elaw\cyim.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752e1465 2 bytes [2E, 75] .text C:\Users\Joe\AppData\Roaming\Elaw\cyim.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752e14bb 2 bytes [2E, 75] .text ... * 2 .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000778208fc 6 bytes [68, A0, CF, 06, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000778325fd 6 bytes [68, BD, 57, 07, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007783c45a 6 bytes [68, CB, D0, 06, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077842a63 6 bytes [68, 03, 58, 07, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077864128 6 bytes [68, 49, 58, 07, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007786e659 6 bytes [68, 8F, 58, 07, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 000000007605455c 6 bytes [68, 34, D3, 06, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000760579f8 6 bytes [68, F3, D2, 06, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!GetDC 00000000751f72c4 6 bytes [68, 92, 18, 06, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!ReleaseDC 00000000751f7446 6 bytes [68, 10, 19, 06, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!TranslateMessage 00000000751f7809 6 bytes [68, A5, 5D, 07, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000751f78e2 6 bytes [68, 22, DE, 06, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000751f7bd3 6 bytes [68, 4A, DE, 06, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000751f8048 6 bytes [68, D1, 18, 06, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!RegisterClassW 00000000751f8a65 6 bytes [68, C1, 5A, 07, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!RegisterClassExW 00000000751fb17d 6 bytes [68, 5B, 5B, 07, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!RegisterClassExA 00000000751fdb98 6 bytes [68, AD, 5B, 07, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000752005ba 6 bytes [68, 72, DE, 06, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000075200d32 6 bytes [68, F3, 59, 07, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000075201218 6 bytes [68, 55, DC, 06, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!EndPaint 0000000075201341 6 bytes [68, F7, 17, 06, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000075201361 6 bytes [68, 87, 17, 06, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000075202a8d 6 bytes [68, 23, DC, 06, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!GetCapture 0000000075202aac 6 bytes [68, 83, DD, 06, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000075203391 6 bytes [68, 37, 18, 06, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!RegisterClassA 000000007520434b 6 bytes [68, 0E, 5B, 07, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075205f74 6 bytes [68, 9D, DE, 06, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000075206222 6 bytes [68, E3, 19, 06, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!CallWindowProcA 000000007520792f 6 bytes [68, 3C, 5A, 07, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000075207fbb 6 bytes [68, 1E, 59, 07, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 000000007520810c 6 bytes [68, AD, 59, 07, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!DefFrameProcW 00000000752085c1 6 bytes [68, D5, 58, 07, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 00000000752086b4 6 bytes [68, 67, 59, 07, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007521d41f 6 bytes [68, 50, 19, 06, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!ReleaseCapture 000000007521ed49 6 bytes [68, 33, DD, 06, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!SetCapture 000000007521ed56 6 bytes [68, D9, DC, 06, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075239854 6 bytes [68, 9F, 57, 07, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075239cfd 6 bytes [68, 9C, DC, 06, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075239f1d 6 bytes [68, 54, 5F, 07, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000752587cb 6 bytes [68, 4F, 57, 07, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007570c592 6 bytes [68, B1, D3, 06, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075742538 6 bytes [68, 9A, D3, 06, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075d23918 6 bytes [68, 27, E3, 06, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000075d24296 6 bytes [68, 38, DF, 06, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075d24406 6 bytes [68, 80, E3, 06, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\WS2_32.dll!send 0000000075d26f01 6 bytes [68, 5F, E3, 06, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075d37673 6 bytes [68, C8, DE, 06, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000075841224 6 bytes [68, 89, 7E, 06, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000075b1c664 6 bytes [68, DC, 08, 07, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000075b1e13a 6 bytes [68, 7C, 0A, 07, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000075b1f8d8 6 bytes [68, 49, 09, 07, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000075b23184 6 bytes [68, 50, 0A, 07, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000075b45761 6 bytes [68, 1E, 06, 07, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000075b45fef 6 bytes [68, DA, 05, 07, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000075b4632d 6 bytes [68, 62, 06, 07, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000075b4fa49 6 bytes [68, 77, 09, 07, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000075b5f564 6 bytes [68, 0C, 07, 07, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000075b5f639 6 bytes [68, 46, 08, 07, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000075b74f2f 6 bytes [68, F6, 09, 07, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000075b7525a 6 bytes [68, B7, 06, 07, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000075bbece5 6 bytes [68, A9, 07, 07, 02, C3] .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[3548] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000075bbedb7 6 bytes [68, 91, 08, 07, 02, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000778208fc 4 bytes [68, A0, CF, 26] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 0000000077820901 1 byte [C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000778325fd 6 bytes [68, BD, 57, 27, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007783c45a 6 bytes [68, CB, D0, 26, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077842a63 6 bytes [68, 03, 58, 27, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077864128 6 bytes [68, 49, 58, 27, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007786e659 6 bytes [68, 8F, 58, 27, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 000000007605455c 6 bytes [68, 34, D3, 26, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000760579f8 6 bytes [68, F3, D2, 26, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!GetDC 00000000751f72c4 4 bytes [68, 92, 18, 26] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!GetDC + 5 00000000751f72c9 1 byte [C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!ReleaseDC 00000000751f7446 6 bytes [68, 10, 19, 26, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!TranslateMessage 00000000751f7809 6 bytes [68, A5, 5D, 27, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000751f78e2 6 bytes [68, 22, DE, 26, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000751f7bd3 6 bytes [68, 4A, DE, 26, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000751f8048 4 bytes [68, D1, 18, 26] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000751f804d 1 byte [C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!RegisterClassW 00000000751f8a65 6 bytes [68, C1, 5A, 27, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!RegisterClassExW 00000000751fb17d 6 bytes [68, 5B, 5B, 27, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!RegisterClassExA 00000000751fdb98 6 bytes [68, AD, 5B, 27, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000752005ba 6 bytes [68, 72, DE, 26, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000075200d32 6 bytes [68, F3, 59, 27, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000075201218 6 bytes [68, 55, DC, 26, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!EndPaint 0000000075201341 4 bytes [68, F7, 17, 26] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000075201346 1 byte [C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000075201361 4 bytes [68, 87, 17, 26] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000075201366 1 byte [C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000075202a8d 6 bytes [68, 23, DC, 26, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!GetCapture 0000000075202aac 3 bytes [68, 83, DD] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!GetCapture + 4 0000000075202ab0 2 bytes [00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000075203391 4 bytes [68, 37, 18, 26] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000075203396 1 byte [C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!RegisterClassA 000000007520434b 6 bytes [68, 0E, 5B, 27, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075205f74 6 bytes [68, 9D, DE, 26, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000075206222 6 bytes [68, E3, 19, 26, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!CallWindowProcA 000000007520792f 6 bytes [68, 3C, 5A, 27, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000075207fbb 6 bytes [68, 1E, 59, 27, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 000000007520810c 6 bytes [68, AD, 59, 27, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!DefFrameProcW 00000000752085c1 6 bytes [68, D5, 58, 27, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 00000000752086b4 6 bytes [68, 67, 59, 27, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007521d41f 6 bytes [68, 50, 19, 26, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!ReleaseCapture 000000007521ed49 6 bytes [68, 33, DD, 26, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!SetCapture 000000007521ed56 4 bytes [68, D9, DC, 26] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!SetCapture + 5 000000007521ed5b 1 byte [C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075239854 6 bytes [68, 9F, 57, 27, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075239cfd 6 bytes [68, 9C, DC, 26, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075239f1d 6 bytes [68, 54, 5F, 27, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000752587cb 4 bytes [68, 4F, 57, 27] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 00000000752587d0 1 byte [C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007570c592 6 bytes [68, B1, D3, 26, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075742538 6 bytes [68, 9A, D3, 26, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000075841224 6 bytes [68, 89, 7E, 26, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075d23918 6 bytes [68, 27, E3, 26, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000075d24296 6 bytes [68, 38, DF, 26, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075d24406 6 bytes [68, 80, E3, 26, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\WS2_32.dll!send 0000000075d26f01 6 bytes [68, 5F, E3, 26, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075d37673 6 bytes [68, C8, DE, 26, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000075b1c664 6 bytes [68, DC, 08, 27, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000075b1e13a 6 bytes [68, 7C, 0A, 27, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000075b1f8d8 6 bytes [68, 49, 09, 27, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000075b23184 6 bytes [68, 50, 0A, 27, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000075b45761 6 bytes [68, 1E, 06, 27, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000075b45fef 6 bytes [68, DA, 05, 27, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000075b4632d 6 bytes [68, 62, 06, 27, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000075b4fa49 6 bytes [68, 77, 09, 27, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000075b5f564 6 bytes [68, 0C, 07, 27, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000075b5f639 6 bytes [68, 46, 08, 27, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000075b74f2f 6 bytes [68, F6, 09, 27, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000075b7525a 6 bytes [68, B7, 06, 27, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000075bbece5 6 bytes [68, A9, 07, 27, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3568] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000075bbedb7 6 bytes [68, 91, 08, 27, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000778208fc 4 bytes [68, A0, CF, 24] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 0000000077820901 1 byte [C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000778325fd 6 bytes [68, BD, 57, 25, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007783c45a 6 bytes [68, CB, D0, 24, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077842a63 6 bytes [68, 03, 58, 25, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077864128 6 bytes [68, 49, 58, 25, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007786e659 6 bytes [68, 8F, 58, 25, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 000000007605455c 6 bytes [68, 34, D3, 24, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000760579f8 6 bytes [68, F3, D2, 24, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!GetDC 00000000751f72c4 4 bytes [68, 92, 18, 24] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!GetDC + 5 00000000751f72c9 1 byte [C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!ReleaseDC 00000000751f7446 6 bytes [68, 10, 19, 24, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!TranslateMessage 00000000751f7809 6 bytes [68, A5, 5D, 25, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000751f78e2 6 bytes [68, 22, DE, 24, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000751f7bd3 6 bytes [68, 4A, DE, 24, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000751f8048 4 bytes [68, D1, 18, 24] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000751f804d 1 byte [C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!RegisterClassW 00000000751f8a65 6 bytes [68, C1, 5A, 25, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!RegisterClassExW 00000000751fb17d 6 bytes [68, 5B, 5B, 25, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!RegisterClassExA 00000000751fdb98 6 bytes [68, AD, 5B, 25, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000752005ba 6 bytes [68, 72, DE, 24, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000075200d32 6 bytes [68, F3, 59, 25, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000075201218 6 bytes [68, 55, DC, 24, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!EndPaint 0000000075201341 4 bytes [68, F7, 17, 24] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000075201346 1 byte [C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000075201361 4 bytes [68, 87, 17, 24] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000075201366 1 byte [C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000075202a8d 6 bytes [68, 23, DC, 24, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!GetCapture 0000000075202aac 6 bytes [68, 83, DD, 24, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000075203391 4 bytes [68, 37, 18, 24] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000075203396 1 byte [C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!RegisterClassA 000000007520434b 6 bytes [68, 0E, 5B, 25, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075205f74 6 bytes [68, 9D, DE, 24, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000075206222 6 bytes [68, E3, 19, 24, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!CallWindowProcA 000000007520792f 6 bytes [68, 3C, 5A, 25, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000075207fbb 6 bytes [68, 1E, 59, 25, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 000000007520810c 6 bytes [68, AD, 59, 25, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!DefFrameProcW 00000000752085c1 6 bytes [68, D5, 58, 25, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 00000000752086b4 6 bytes [68, 67, 59, 25, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007521d41f 6 bytes [68, 50, 19, 24, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!ReleaseCapture 000000007521ed49 6 bytes [68, 33, DD, 24, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!SetCapture 000000007521ed56 4 bytes [68, D9, DC, 24] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!SetCapture + 5 000000007521ed5b 1 byte [C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075239854 6 bytes [68, 9F, 57, 25, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075239cfd 6 bytes [68, 9C, DC, 24, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075239f1d 6 bytes [68, 54, 5F, 25, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000752587cb 4 bytes [68, 4F, 57, 25] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 00000000752587d0 1 byte [C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007570c592 6 bytes [68, B1, D3, 24, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075742538 6 bytes [68, 9A, D3, 24, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075d23918 6 bytes [68, 27, E3, 24, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000075d24296 6 bytes [68, 38, DF, 24, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075d24406 6 bytes [68, 80, E3, 24, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\WS2_32.dll!send 0000000075d26f01 6 bytes [68, 5F, E3, 24, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075d37673 6 bytes [68, C8, DE, 24, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000075841224 6 bytes [68, 89, 7E, 24, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000075b1c664 6 bytes [68, DC, 08, 25, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000075b1e13a 6 bytes [68, 7C, 0A, 25, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000075b1f8d8 6 bytes [68, 49, 09, 25, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000075b23184 6 bytes [68, 50, 0A, 25, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000075b45761 6 bytes [68, 1E, 06, 25, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000075b45fef 6 bytes [68, DA, 05, 25, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000075b4632d 6 bytes [68, 62, 06, 25, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000075b4fa49 6 bytes [68, 77, 09, 25, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000075b5f564 6 bytes [68, 0C, 07, 25, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000075b5f639 6 bytes [68, 46, 08, 25, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000075b74f2f 6 bytes [68, F6, 09, 25, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000075b7525a 6 bytes [68, B7, 06, 25, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000075bbece5 6 bytes [68, A9, 07, 25, 00, C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3580] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000075bbedb7 6 bytes [68, 91, 08, 25, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000778208fc 4 bytes [68, A0, CF, 6C] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 0000000077820901 1 byte [C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000778325fd 6 bytes [68, BD, 57, 6D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007783c45a 6 bytes [68, CB, D0, 6C, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077842a63 6 bytes [68, 03, 58, 6D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077864128 6 bytes [68, 49, 58, 6D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007786e659 6 bytes [68, 8F, 58, 6D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 000000007605455c 6 bytes [68, 34, D3, 6C, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000760579f8 6 bytes [68, F3, D2, 6C, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075d23918 6 bytes [68, 27, E3, 6C, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000075d24296 6 bytes [68, 38, DF, 6C, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075d24406 6 bytes [68, 80, E3, 6C, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\WS2_32.dll!send 0000000075d26f01 6 bytes [68, 5F, E3, 6C, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075d37673 6 bytes [68, C8, DE, 6C, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!GetDC 00000000751f72c4 4 bytes [68, 92, 18, 6C] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!GetDC + 5 00000000751f72c9 1 byte [C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!ReleaseDC 00000000751f7446 6 bytes [68, 10, 19, 6C, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!TranslateMessage 00000000751f7809 6 bytes [68, A5, 5D, 6D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000751f78e2 6 bytes [68, 22, DE, 6C, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000751f7bd3 6 bytes [68, 4A, DE, 6C, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000751f8048 4 bytes [68, D1, 18, 6C] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000751f804d 1 byte [C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!RegisterClassW 00000000751f8a65 6 bytes [68, C1, 5A, 6D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!RegisterClassExW 00000000751fb17d 6 bytes [68, 5B, 5B, 6D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!RegisterClassExA 00000000751fdb98 6 bytes [68, AD, 5B, 6D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000752005ba 6 bytes [68, 72, DE, 6C, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000075200d32 6 bytes [68, F3, 59, 6D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000075201218 6 bytes [68, 55, DC, 6C, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!EndPaint 0000000075201341 4 bytes [68, F7, 17, 6C] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000075201346 1 byte [C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000075201361 4 bytes [68, 87, 17, 6C] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000075201366 1 byte [C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000075202a8d 6 bytes [68, 23, DC, 6C, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!GetCapture 0000000075202aac 6 bytes [68, 83, DD, 6C, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000075203391 4 bytes [68, 37, 18, 6C] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000075203396 1 byte [C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!RegisterClassA 000000007520434b 6 bytes [68, 0E, 5B, 6D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075205f74 6 bytes [68, 9D, DE, 6C, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000075206222 6 bytes [68, E3, 19, 6C, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!CallWindowProcA 000000007520792f 6 bytes [68, 3C, 5A, 6D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000075207fbb 6 bytes [68, 1E, 59, 6D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 000000007520810c 6 bytes [68, AD, 59, 6D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!DefFrameProcW 00000000752085c1 6 bytes [68, D5, 58, 6D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 00000000752086b4 6 bytes [68, 67, 59, 6D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007521d41f 6 bytes [68, 50, 19, 6C, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!ReleaseCapture 000000007521ed49 6 bytes [68, 33, DD, 6C, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!SetCapture 000000007521ed56 4 bytes [68, D9, DC, 6C] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!SetCapture + 5 000000007521ed5b 1 byte [C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075239854 6 bytes [68, 9F, 57, 6D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075239cfd 6 bytes [68, 9C, DC, 6C, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075239f1d 6 bytes [68, 54, 5F, 6D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000752587cb 4 bytes [68, 4F, 57, 6D] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 00000000752587d0 1 byte [C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007570c592 6 bytes [68, B1, D3, 6C, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075742538 6 bytes [68, 9A, D3, 6C, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000075841224 6 bytes [68, 89, 7E, 6C, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000075b1c664 6 bytes [68, DC, 08, 6D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000075b1e13a 6 bytes [68, 7C, 0A, 6D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000075b1f8d8 6 bytes [68, 49, 09, 6D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000075b23184 6 bytes [68, 50, 0A, 6D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000075b45761 6 bytes [68, 1E, 06, 6D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000075b45fef 6 bytes [68, DA, 05, 6D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000075b4632d 6 bytes [68, 62, 06, 6D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000075b4fa49 6 bytes [68, 77, 09, 6D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000075b5f564 6 bytes [68, 0C, 07, 6D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000075b5f639 6 bytes [68, 46, 08, 6D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000075b74f2f 6 bytes [68, F6, 09, 6D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000075b7525a 6 bytes [68, B7, 06, 6D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000075bbece5 6 bytes [68, A9, 07, 6D, 00, C3] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3588] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000075bbedb7 6 bytes [68, 91, 08, 6D, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000778208fc 4 bytes [68, A0, CF, 1A] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 0000000077820901 1 byte [C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000778325fd 6 bytes [68, BD, 57, 1B, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007783c45a 6 bytes [68, CB, D0, 1A, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077842a63 6 bytes [68, 03, 58, 1B, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077864128 6 bytes [68, 49, 58, 1B, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007786e659 6 bytes [68, 8F, 58, 1B, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 000000007605455c 6 bytes [68, 34, D3, 1A, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000760579f8 6 bytes [68, F3, D2, 1A, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!GetDC 00000000751f72c4 4 bytes [68, 92, 18, 1A] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!GetDC + 5 00000000751f72c9 1 byte [C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!ReleaseDC 00000000751f7446 6 bytes [68, 10, 19, 1A, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!TranslateMessage 00000000751f7809 6 bytes [68, A5, 5D, 1B, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000751f78e2 6 bytes [68, 22, DE, 1A, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000751f7bd3 6 bytes [68, 4A, DE, 1A, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000751f8048 4 bytes [68, D1, 18, 1A] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000751f804d 1 byte [C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!RegisterClassW 00000000751f8a65 6 bytes [68, C1, 5A, 1B, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!RegisterClassExW 00000000751fb17d 6 bytes [68, 5B, 5B, 1B, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!RegisterClassExA 00000000751fdb98 6 bytes [68, AD, 5B, 1B, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000752005ba 6 bytes [68, 72, DE, 1A, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000075200d32 6 bytes [68, F3, 59, 1B, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000075201218 6 bytes [68, 55, DC, 1A, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!EndPaint 0000000075201341 4 bytes [68, F7, 17, 1A] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000075201346 1 byte [C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000075201361 4 bytes [68, 87, 17, 1A] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000075201366 1 byte [C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000075202a8d 6 bytes [68, 23, DC, 1A, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!GetCapture 0000000075202aac 6 bytes [68, 83, DD, 1A, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000075203391 4 bytes [68, 37, 18, 1A] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000075203396 1 byte [C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!RegisterClassA 000000007520434b 6 bytes [68, 0E, 5B, 1B, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075205f74 6 bytes [68, 9D, DE, 1A, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000075206222 6 bytes [68, E3, 19, 1A, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!CallWindowProcA 000000007520792f 6 bytes [68, 3C, 5A, 1B, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000075207fbb 6 bytes [68, 1E, 59, 1B, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 000000007520810c 6 bytes [68, AD, 59, 1B, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!DefFrameProcW 00000000752085c1 6 bytes [68, D5, 58, 1B, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 00000000752086b4 6 bytes [68, 67, 59, 1B, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007521d41f 6 bytes [68, 50, 19, 1A, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!ReleaseCapture 000000007521ed49 6 bytes [68, 33, DD, 1A, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!SetCapture 000000007521ed56 4 bytes [68, D9, DC, 1A] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!SetCapture + 5 000000007521ed5b 1 byte [C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075239854 6 bytes [68, 9F, 57, 1B, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075239cfd 6 bytes [68, 9C, DC, 1A, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075239f1d 6 bytes [68, 54, 5F, 1B, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000752587cb 4 bytes [68, 4F, 57, 1B] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 00000000752587d0 1 byte [C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007570c592 6 bytes [68, B1, D3, 1A, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075742538 6 bytes [68, 9A, D3, 1A, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000075b1c664 6 bytes [68, DC, 08, 1B, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000075b1e13a 6 bytes [68, 7C, 0A, 1B, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000075b1f8d8 6 bytes [68, 49, 09, 1B, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000075b23184 6 bytes [68, 50, 0A, 1B, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000075b45761 6 bytes [68, 1E, 06, 1B, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000075b45fef 6 bytes [68, DA, 05, 1B, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000075b4632d 6 bytes [68, 62, 06, 1B, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000075b4fa49 6 bytes [68, 77, 09, 1B, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000075b5f564 6 bytes [68, 0C, 07, 1B, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000075b5f639 6 bytes [68, 46, 08, 1B, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000075b74f2f 6 bytes [68, F6, 09, 1B, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000075b7525a 6 bytes [68, B7, 06, 1B, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000075bbece5 6 bytes [68, A9, 07, 1B, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000075bbedb7 6 bytes [68, 91, 08, 1B, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000075841224 6 bytes [68, 89, 7E, 1A, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075d23918 6 bytes [68, 27, E3, 1A, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000075d24296 6 bytes [68, 38, DF, 1A, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075d24406 6 bytes [68, 80, E3, 1A, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\WS2_32.dll!send 0000000075d26f01 6 bytes [68, 5F, E3, 1A, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075d37673 6 bytes [68, C8, DE, 1A, 00, C3] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752e1465 2 bytes [2E, 75] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752e14bb 2 bytes [2E, 75] .text ... * 2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000778208fc 4 bytes [68, A0, CF, 1A] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 0000000077820901 1 byte [C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000778325fd 6 bytes [68, BD, 57, 1B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007783c45a 6 bytes [68, CB, D0, 1A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077842a63 6 bytes [68, 03, 58, 1B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077864128 6 bytes [68, 49, 58, 1B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007786e659 6 bytes [68, 8F, 58, 1B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 000000007605455c 6 bytes [68, 34, D3, 1A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000760579f8 6 bytes [68, F3, D2, 1A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007570c592 6 bytes [68, B1, D3, 1A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075742538 6 bytes [68, 9A, D3, 1A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!GetDC 00000000751f72c4 4 bytes [68, 92, 18, 1A] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!GetDC + 5 00000000751f72c9 1 byte [C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!ReleaseDC 00000000751f7446 6 bytes [68, 10, 19, 1A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!TranslateMessage 00000000751f7809 6 bytes [68, A5, 5D, 1B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000751f78e2 6 bytes [68, 22, DE, 1A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000751f7bd3 6 bytes [68, 4A, DE, 1A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000751f8048 4 bytes [68, D1, 18, 1A] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000751f804d 1 byte [C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!RegisterClassW 00000000751f8a65 6 bytes [68, C1, 5A, 1B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!RegisterClassExW 00000000751fb17d 6 bytes [68, 5B, 5B, 1B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!RegisterClassExA 00000000751fdb98 6 bytes [68, AD, 5B, 1B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000752005ba 6 bytes [68, 72, DE, 1A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000075200d32 6 bytes [68, F3, 59, 1B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000075201218 6 bytes [68, 55, DC, 1A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!EndPaint 0000000075201341 4 bytes [68, F7, 17, 1A] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000075201346 1 byte [C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000075201361 4 bytes [68, 87, 17, 1A] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000075201366 1 byte [C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000075202a8d 6 bytes [68, 23, DC, 1A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!GetCapture 0000000075202aac 6 bytes [68, 83, DD, 1A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000075203391 4 bytes [68, 37, 18, 1A] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000075203396 1 byte [C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!RegisterClassA 000000007520434b 6 bytes [68, 0E, 5B, 1B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075205f74 6 bytes [68, 9D, DE, 1A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000075206222 6 bytes [68, E3, 19, 1A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!CallWindowProcA 000000007520792f 6 bytes [68, 3C, 5A, 1B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000075207fbb 6 bytes [68, 1E, 59, 1B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 000000007520810c 6 bytes [68, AD, 59, 1B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!DefFrameProcW 00000000752085c1 6 bytes [68, D5, 58, 1B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 00000000752086b4 6 bytes [68, 67, 59, 1B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007521d41f 6 bytes [68, 50, 19, 1A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!ReleaseCapture 000000007521ed49 6 bytes [68, 33, DD, 1A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!SetCapture 000000007521ed56 4 bytes [68, D9, DC, 1A] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!SetCapture + 5 000000007521ed5b 1 byte [C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075239854 6 bytes [68, 9F, 57, 1B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075239cfd 6 bytes [68, 9C, DC, 1A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075239f1d 6 bytes [68, 54, 5F, 1B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000752587cb 4 bytes [68, 4F, 57, 1B] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 00000000752587d0 1 byte [C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000075b1c664 6 bytes [68, DC, 08, 1B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000075b1e13a 6 bytes [68, 7C, 0A, 1B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000075b1f8d8 6 bytes [68, 49, 09, 1B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000075b23184 6 bytes [68, 50, 0A, 1B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000075b45761 6 bytes [68, 1E, 06, 1B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000075b45fef 6 bytes [68, DA, 05, 1B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000075b4632d 6 bytes [68, 62, 06, 1B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000075b4fa49 6 bytes [68, 77, 09, 1B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000075b5f564 6 bytes [68, 0C, 07, 1B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000075b5f639 6 bytes [68, 46, 08, 1B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000075b74f2f 6 bytes [68, F6, 09, 1B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000075b7525a 6 bytes [68, B7, 06, 1B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000075bbece5 6 bytes [68, A9, 07, 1B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000075bbedb7 6 bytes [68, 91, 08, 1B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075d23918 6 bytes [68, 27, E3, 1A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000075d24296 6 bytes [68, 38, DF, 1A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075d24406 6 bytes [68, 80, E3, 1A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\WS2_32.dll!send 0000000075d26f01 6 bytes [68, 5F, E3, 1A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075d37673 6 bytes [68, C8, DE, 1A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000075841224 6 bytes [68, 89, 7E, 1A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752e1465 2 bytes [2E, 75] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752e14bb 2 bytes [2E, 75] .text ... |
15.05.2013, 12:06 | #3 |
| Sparkassen-Trojaner Gmer log Teil 2:
__________________Code:
ATTFilter * 2 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000778208fc 4 bytes [68, A0, CF, 26] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 0000000077820901 1 byte [C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000778325fd 6 bytes [68, BD, 57, 27, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007783c45a 6 bytes [68, CB, D0, 26, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077842a63 6 bytes [68, 03, 58, 27, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077864128 6 bytes [68, 49, 58, 27, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007786e659 6 bytes [68, 8F, 58, 27, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 000000007605455c 6 bytes [68, 34, D3, 26, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000760579f8 6 bytes [68, F3, D2, 26, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!GetDC 00000000751f72c4 4 bytes [68, 92, 18, 26] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!GetDC + 5 00000000751f72c9 1 byte [C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!ReleaseDC 00000000751f7446 6 bytes [68, 10, 19, 26, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!TranslateMessage 00000000751f7809 6 bytes [68, A5, 5D, 27, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000751f78e2 6 bytes [68, 22, DE, 26, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000751f7bd3 6 bytes [68, 4A, DE, 26, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000751f8048 4 bytes [68, D1, 18, 26] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000751f804d 1 byte [C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!RegisterClassW 00000000751f8a65 6 bytes [68, C1, 5A, 27, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!RegisterClassExW 00000000751fb17d 6 bytes [68, 5B, 5B, 27, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!RegisterClassExA 00000000751fdb98 6 bytes [68, AD, 5B, 27, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000752005ba 6 bytes [68, 72, DE, 26, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000075200d32 6 bytes [68, F3, 59, 27, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000075201218 6 bytes [68, 55, DC, 26, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!EndPaint 0000000075201341 4 bytes [68, F7, 17, 26] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000075201346 1 byte [C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000075201361 4 bytes [68, 87, 17, 26] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000075201366 1 byte [C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000075202a8d 6 bytes [68, 23, DC, 26, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!GetCapture 0000000075202aac 3 bytes [68, 83, DD] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!GetCapture + 4 0000000075202ab0 2 bytes [00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000075203391 4 bytes [68, 37, 18, 26] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000075203396 1 byte [C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!RegisterClassA 000000007520434b 6 bytes [68, 0E, 5B, 27, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075205f74 6 bytes [68, 9D, DE, 26, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000075206222 6 bytes [68, E3, 19, 26, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!CallWindowProcA 000000007520792f 6 bytes [68, 3C, 5A, 27, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000075207fbb 6 bytes [68, 1E, 59, 27, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 000000007520810c 6 bytes [68, AD, 59, 27, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!DefFrameProcW 00000000752085c1 6 bytes [68, D5, 58, 27, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 00000000752086b4 6 bytes [68, 67, 59, 27, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007521d41f 6 bytes [68, 50, 19, 26, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!ReleaseCapture 000000007521ed49 6 bytes [68, 33, DD, 26, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!SetCapture 000000007521ed56 4 bytes [68, D9, DC, 26] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!SetCapture + 5 000000007521ed5b 1 byte [C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075239854 6 bytes [68, 9F, 57, 27, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075239cfd 6 bytes [68, 9C, DC, 26, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075239f1d 6 bytes [68, 54, 5F, 27, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000752587cb 4 bytes [68, 4F, 57, 27] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 00000000752587d0 1 byte [C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007570c592 6 bytes [68, B1, D3, 26, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075742538 6 bytes [68, 9A, D3, 26, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075d23918 6 bytes [68, 27, E3, 26, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000075d24296 6 bytes [68, 38, DF, 26, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075d24406 6 bytes [68, 80, E3, 26, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\WS2_32.dll!send 0000000075d26f01 6 bytes [68, 5F, E3, 26, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075d37673 6 bytes [68, C8, DE, 26, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000075841224 6 bytes [68, 89, 7E, 26, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000075b1c664 6 bytes [68, DC, 08, 27, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000075b1e13a 6 bytes [68, 7C, 0A, 27, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000075b1f8d8 6 bytes [68, 49, 09, 27, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000075b23184 6 bytes [68, 50, 0A, 27, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000075b45761 6 bytes [68, 1E, 06, 27, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000075b45fef 6 bytes [68, DA, 05, 27, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000075b4632d 6 bytes [68, 62, 06, 27, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000075b4fa49 6 bytes [68, 77, 09, 27, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000075b5f564 6 bytes [68, 0C, 07, 27, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000075b5f639 6 bytes [68, 46, 08, 27, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000075b74f2f 6 bytes [68, F6, 09, 27, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000075b7525a 6 bytes [68, B7, 06, 27, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000075bbece5 6 bytes [68, A9, 07, 27, 00, C3] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[4084] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000075bbedb7 6 bytes [68, 91, 08, 27, 00, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000778208fc 6 bytes [68, A0, CF, 99, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000778325fd 6 bytes [68, BD, 57, 9A, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007783c45a 6 bytes [68, CB, D0, 99, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077842a63 6 bytes [68, 03, 58, 9A, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077864128 6 bytes [68, 49, 58, 9A, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007786e659 6 bytes [68, 8F, 58, 9A, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 000000007605455c 6 bytes [68, 34, D3, 99, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000760579f8 6 bytes [68, F3, D2, 99, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!GetDC 00000000751f72c4 6 bytes [68, 92, 18, 99, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!ReleaseDC 00000000751f7446 6 bytes [68, 10, 19, 99, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!TranslateMessage 00000000751f7809 6 bytes [68, A5, 5D, 9A, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000751f78e2 6 bytes [68, 22, DE, 99, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000751f7bd3 6 bytes [68, 4A, DE, 99, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000751f8048 6 bytes [68, D1, 18, 99, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!RegisterClassW 00000000751f8a65 6 bytes [68, C1, 5A, 9A, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!RegisterClassExW 00000000751fb17d 6 bytes [68, 5B, 5B, 9A, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!RegisterClassExA 00000000751fdb98 6 bytes [68, AD, 5B, 9A, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000752005ba 6 bytes [68, 72, DE, 99, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000075200d32 6 bytes [68, F3, 59, 9A, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000075201218 6 bytes [68, 55, DC, 99, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!EndPaint 0000000075201341 6 bytes [68, F7, 17, 99, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000075201361 6 bytes [68, 87, 17, 99, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000075202a8d 6 bytes [68, 23, DC, 99, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!GetCapture 0000000075202aac 6 bytes [68, 83, DD, 99, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000075203391 6 bytes [68, 37, 18, 99, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!RegisterClassA 000000007520434b 6 bytes [68, 0E, 5B, 9A, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075205f74 6 bytes [68, 9D, DE, 99, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000075206222 6 bytes [68, E3, 19, 99, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!CallWindowProcA 000000007520792f 6 bytes [68, 3C, 5A, 9A, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000075207fbb 6 bytes [68, 1E, 59, 9A, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 000000007520810c 6 bytes [68, AD, 59, 9A, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!DefFrameProcW 00000000752085c1 6 bytes [68, D5, 58, 9A, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 00000000752086b4 6 bytes [68, 67, 59, 9A, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007521d41f 6 bytes [68, 50, 19, 99, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!ReleaseCapture 000000007521ed49 6 bytes [68, 33, DD, 99, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!SetCapture 000000007521ed56 6 bytes [68, D9, DC, 99, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075239854 6 bytes [68, 9F, 57, 9A, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075239cfd 6 bytes [68, 9C, DC, 99, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075239f1d 6 bytes [68, 54, 5F, 9A, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000752587cb 6 bytes [68, 4F, 57, 9A, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007570c592 6 bytes [68, B1, D3, 99, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075742538 6 bytes [68, 9A, D3, 99, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075d23918 6 bytes [68, 27, E3, 99, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000075d24296 6 bytes [68, 38, DF, 99, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075d24406 6 bytes [68, 80, E3, 99, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\WS2_32.dll!send 0000000075d26f01 6 bytes [68, 5F, E3, 99, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075d37673 6 bytes [68, C8, DE, 99, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000075841224 6 bytes [68, 89, 7E, 99, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000075b1c664 6 bytes [68, DC, 08, 9A, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000075b1e13a 6 bytes [68, 7C, 0A, 9A, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000075b1f8d8 6 bytes [68, 49, 09, 9A, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000075b23184 6 bytes [68, 50, 0A, 9A, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000075b45761 6 bytes [68, 1E, 06, 9A, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000075b45fef 6 bytes [68, DA, 05, 9A, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000075b4632d 6 bytes [68, 62, 06, 9A, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000075b4fa49 6 bytes [68, 77, 09, 9A, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000075b5f564 6 bytes [68, 0C, 07, 9A, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000075b5f639 6 bytes [68, 46, 08, 9A, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000075b74f2f 6 bytes [68, F6, 09, 9A, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000075b7525a 6 bytes [68, B7, 06, 9A, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000075bbece5 6 bytes [68, A9, 07, 9A, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000075bbedb7 6 bytes [68, 91, 08, 9A, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\SysWOW64\WINMM.dll!PlaySoundW 0000000073832ef2 6 bytes [68, EF, D3, 99, 02, C3] .text C:\Windows\SysWOW64\ACEngSvr.exe[3656] C:\Windows\SysWOW64\WINMM.dll!PlaySound 000000007385441d 6 bytes [68, C8, D3, 99, 02, C3] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752e1465 2 bytes [2E, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752e14bb 2 bytes [2E, 75] .text ... * 2 .text C:\Windows\AsScrPro.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000778208fc 4 bytes [68, A0, CF, 29] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 0000000077820901 1 byte [C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000778325fd 6 bytes [68, BD, 57, 2A, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007783c45a 6 bytes [68, CB, D0, 29, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077842a63 6 bytes [68, 03, 58, 2A, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077864128 6 bytes [68, 49, 58, 2A, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007786e659 6 bytes [68, 8F, 58, 2A, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 000000007605455c 6 bytes [68, 34, D3, 29, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000760579f8 6 bytes [68, F3, D2, 29, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007570c592 6 bytes [68, B1, D3, 29, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075742538 6 bytes [68, 9A, D3, 29, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!GetDC 00000000751f72c4 4 bytes [68, 92, 18, 29] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!GetDC + 5 00000000751f72c9 1 byte [C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!ReleaseDC 00000000751f7446 6 bytes [68, 10, 19, 29, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!TranslateMessage 00000000751f7809 6 bytes [68, A5, 5D, 2A, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000751f78e2 6 bytes [68, 22, DE, 29, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000751f7bd3 6 bytes [68, 4A, DE, 29, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000751f8048 4 bytes [68, D1, 18, 29] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000751f804d 1 byte [C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!RegisterClassW 00000000751f8a65 6 bytes [68, C1, 5A, 2A, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!RegisterClassExW 00000000751fb17d 6 bytes [68, 5B, 5B, 2A, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!RegisterClassExA 00000000751fdb98 6 bytes [68, AD, 5B, 2A, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000752005ba 6 bytes [68, 72, DE, 29, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000075200d32 6 bytes [68, F3, 59, 2A, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000075201218 6 bytes [68, 55, DC, 29, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!EndPaint 0000000075201341 4 bytes [68, F7, 17, 29] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000075201346 1 byte [C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000075201361 4 bytes [68, 87, 17, 29] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000075201366 1 byte [C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000075202a8d 6 bytes [68, 23, DC, 29, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!GetCapture 0000000075202aac 6 bytes [68, 83, DD, 29, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000075203391 4 bytes [68, 37, 18, 29] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000075203396 1 byte [C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!RegisterClassA 000000007520434b 6 bytes [68, 0E, 5B, 2A, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075205f74 6 bytes [68, 9D, DE, 29, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000075206222 6 bytes [68, E3, 19, 29, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!CallWindowProcA 000000007520792f 6 bytes [68, 3C, 5A, 2A, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000075207fbb 6 bytes [68, 1E, 59, 2A, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 000000007520810c 6 bytes [68, AD, 59, 2A, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!DefFrameProcW 00000000752085c1 6 bytes [68, D5, 58, 2A, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 00000000752086b4 6 bytes [68, 67, 59, 2A, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007521d41f 6 bytes [68, 50, 19, 29, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!ReleaseCapture 000000007521ed49 6 bytes [68, 33, DD, 29, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!SetCapture 000000007521ed56 4 bytes [68, D9, DC, 29] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!SetCapture + 5 000000007521ed5b 1 byte [C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075239854 6 bytes [68, 9F, 57, 2A, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075239cfd 6 bytes [68, 9C, DC, 29, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075239f1d 6 bytes [68, 54, 5F, 2A, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000752587cb 4 bytes [68, 4F, 57, 2A] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 00000000752587d0 1 byte [C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752e1465 2 bytes [2E, 75] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752e14bb 2 bytes [2E, 75] .text ... * 2 .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075d23918 6 bytes [68, 27, E3, 29, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000075d24296 6 bytes [68, 38, DF, 29, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075d24406 6 bytes [68, 80, E3, 29, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\WS2_32.dll!send 0000000075d26f01 6 bytes [68, 5F, E3, 29, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075d37673 6 bytes [68, C8, DE, 29, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000075841224 6 bytes [68, 89, 7E, 29, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000075b1c664 6 bytes [68, DC, 08, 2A, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000075b1e13a 6 bytes [68, 7C, 0A, 2A, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000075b1f8d8 6 bytes [68, 49, 09, 2A, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000075b23184 6 bytes [68, 50, 0A, 2A, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000075b45761 6 bytes [68, 1E, 06, 2A, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000075b45fef 6 bytes [68, DA, 05, 2A, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000075b4632d 6 bytes [68, 62, 06, 2A, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000075b4fa49 6 bytes [68, 77, 09, 2A, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000075b5f564 6 bytes [68, 0C, 07, 2A, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000075b5f639 6 bytes [68, 46, 08, 2A, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000075b74f2f 6 bytes [68, F6, 09, 2A, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000075b7525a 6 bytes [68, B7, 06, 2A, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000075bbece5 6 bytes [68, A9, 07, 2A, 00, C3] .text C:\Windows\AsScrPro.exe[4248] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000075bbedb7 6 bytes [68, 91, 08, 2A, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000778208fc 4 bytes [68, A0, CF, 2C] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 0000000077820901 1 byte [C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000778325fd 6 bytes [68, BD, 57, 2D, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007783c45a 6 bytes [68, CB, D0, 2C, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077842a63 6 bytes [68, 03, 58, 2D, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077864128 6 bytes [68, 49, 58, 2D, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007786e659 6 bytes [68, 8F, 58, 2D, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 000000007605455c 6 bytes [68, 34, D3, 2C, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000760579f8 6 bytes [68, F3, D2, 2C, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!GetDC 00000000751f72c4 4 bytes [68, 92, 18, 2C] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!GetDC + 5 00000000751f72c9 1 byte [C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!ReleaseDC 00000000751f7446 6 bytes [68, 10, 19, 2C, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!TranslateMessage 00000000751f7809 6 bytes [68, A5, 5D, 2D, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000751f78e2 6 bytes [68, 22, DE, 2C, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000751f7bd3 6 bytes [68, 4A, DE, 2C, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000751f8048 4 bytes [68, D1, 18, 2C] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000751f804d 1 byte [C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!RegisterClassW 00000000751f8a65 6 bytes [68, C1, 5A, 2D, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!RegisterClassExW 00000000751fb17d 6 bytes [68, 5B, 5B, 2D, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!RegisterClassExA 00000000751fdb98 6 bytes [68, AD, 5B, 2D, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000752005ba 6 bytes [68, 72, DE, 2C, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000075200d32 6 bytes [68, F3, 59, 2D, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000075201218 6 bytes [68, 55, DC, 2C, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!EndPaint 0000000075201341 4 bytes [68, F7, 17, 2C] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000075201346 1 byte [C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000075201361 4 bytes [68, 87, 17, 2C] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000075201366 1 byte [C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000075202a8d 6 bytes [68, 23, DC, 2C, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!GetCapture 0000000075202aac 6 bytes [68, 83, DD, 2C, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000075203391 4 bytes [68, 37, 18, 2C] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000075203396 1 byte [C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!RegisterClassA 000000007520434b 6 bytes [68, 0E, 5B, 2D, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075205f74 6 bytes [68, 9D, DE, 2C, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000075206222 6 bytes [68, E3, 19, 2C, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!CallWindowProcA 000000007520792f 6 bytes [68, 3C, 5A, 2D, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000075207fbb 6 bytes [68, 1E, 59, 2D, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 000000007520810c 6 bytes [68, AD, 59, 2D, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!DefFrameProcW 00000000752085c1 6 bytes [68, D5, 58, 2D, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 00000000752086b4 6 bytes [68, 67, 59, 2D, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007521d41f 6 bytes [68, 50, 19, 2C, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!ReleaseCapture 000000007521ed49 6 bytes [68, 33, DD, 2C, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!SetCapture 000000007521ed56 4 bytes [68, D9, DC, 2C] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!SetCapture + 5 000000007521ed5b 1 byte [C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075239854 6 bytes [68, 9F, 57, 2D, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075239cfd 6 bytes [68, 9C, DC, 2C, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075239f1d 6 bytes [68, 54, 5F, 2D, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000752587cb 4 bytes [68, 4F, 57, 2D] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 00000000752587d0 1 byte [C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007570c592 6 bytes [68, B1, D3, 2C, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075742538 6 bytes [68, 9A, D3, 2C, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075d23918 6 bytes [68, 27, E3, 2C, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000075d24296 6 bytes [68, 38, DF, 2C, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075d24406 6 bytes [68, 80, E3, 2C, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\WS2_32.dll!send 0000000075d26f01 6 bytes [68, 5F, E3, 2C, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075d37673 6 bytes [68, C8, DE, 2C, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000075841224 6 bytes [68, 89, 7E, 2C, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000075b1c664 6 bytes [68, DC, 08, 2D, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000075b1e13a 6 bytes [68, 7C, 0A, 2D, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000075b1f8d8 6 bytes [68, 49, 09, 2D, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000075b23184 6 bytes [68, 50, 0A, 2D, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000075b45761 6 bytes [68, 1E, 06, 2D, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000075b45fef 6 bytes [68, DA, 05, 2D, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000075b4632d 6 bytes [68, 62, 06, 2D, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000075b4fa49 6 bytes [68, 77, 09, 2D, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000075b5f564 6 bytes [68, 0C, 07, 2D, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000075b5f639 6 bytes [68, 46, 08, 2D, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000075b74f2f 6 bytes [68, F6, 09, 2D, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000075b7525a 6 bytes [68, B7, 06, 2D, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000075bbece5 6 bytes [68, A9, 07, 2D, 00, C3] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4932] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000075bbedb7 6 bytes [68, 91, 08, 2D, 00, C3] ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet) ---- EOF - GMER 2.1 ---- |
17.05.2013, 23:32 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Sparkassen-Trojaner Hallo und Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten! Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten |
17.05.2013, 23:49 | #5 |
| Sparkassen-Trojaner Ich habe einen Scan mit Microsoft Security Essentials gemacht, der hatte auch was gefunden und angeblich beseitigt. Ich dachte, MSE erstellt einen Log am Ende, deswegen habe ich mir den Namen nicht gemerkt. Habe aber keinen Log gefunden :-/ Sonst habe ich den Defogger laufen lassen und was in den Logs steht, sonst nix. |
18.05.2013, 00:26 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Sparkassen-Trojaner Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ --> Sparkassen-Trojaner |
18.05.2013, 11:14 | #7 |
| Sparkassen-Trojaner Hi, danke, dass du dir Zeit nimmst. Hier der Log von Combofix, ging problemlos: Code:
ATTFilter ComboFix 13-05-16.02 - Joe 18.05.2013 12:01:49.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4000.2513 [GMT 2:00] ausgeführt von:: c:\users\Joe\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Asus c:\programdata\Asus\Game Park Console\config.xml c:\programdata\Asus\Game Park Console\Core.bin c:\programdata\Asus\Game Park Console\Data\Categories\11\40C6DB12-FF02-4DDA-A39F-D8EAF9811CB5.png c:\programdata\Asus\Game Park Console\Data\Categories\4\4C38F26B-3F51-4D75-B7DF-D77877757242.png c:\programdata\Asus\Game Park Console\Data\Categories\47\CD1C975D-9EF3-457D-A522-B312BA06458F.png c:\programdata\Asus\Game Park Console\Data\Categories\48\A2FA725C-F129-41D9-83B5-AF3510F08B05.png c:\programdata\Asus\Game Park Console\Data\Categories\49\E3C9638A-4EAD-483F-AA04-52F5BC0DCA7D.png c:\programdata\Asus\Game Park Console\Data\Categories\55\minigames_logo.jpg c:\programdata\Asus\Game Park Console\Data\Categories\58\5DDEA329-960A-41B9-8487-EE218584F502.png c:\programdata\Asus\Game Park Console\Data\Categories\70\C4F5A270-2C7B-4B72-B742-422B713DD374.png c:\programdata\Asus\Game Park Console\Data\Categories\9\1D9A8FDF-1AE7-4ED3-A5AF-B1549955D7B9.png c:\programdata\Asus\Game Park Console\Data\Channels\11\D5B461EE-2A06-4788-BFB8-DE6C8ED55E9B.png c:\programdata\Asus\Game Park Console\Data\Channels\12\ACD687F4-8B2B-417A-BCB1-D7747D28492F.png c:\programdata\Asus\Game Park Console\Data\Channels\14\90118D72-6236-4F36-B524-2FB0C2489642.jpg c:\programdata\Asus\Game Park Console\Data\Channels\17\134EC2BA-A88E-4C4D-A9B6-41A5166A8233.png c:\programdata\Asus\Game Park Console\Data\Channels\29\F108EB5C-51D4-4B5B-A219-BE1103BAE319.png c:\programdata\Asus\Game Park Console\Data\DA\data.xml c:\programdata\Asus\Game Park Console\Data\DE\data.xml c:\programdata\Asus\Game Park Console\Data\EN\data.xml c:\programdata\Asus\Game Park Console\Data\ES\data.xml c:\programdata\Asus\Game Park Console\Data\FR\data.xml c:\programdata\Asus\Game Park Console\Data\IT\data.xml c:\programdata\Asus\Game Park Console\Data\JA\data.xml c:\programdata\Asus\Game Park Console\Data\KO\data.xml c:\programdata\Asus\Game Park Console\Data\NL\data.xml c:\programdata\Asus\Game Park Console\Data\Promotions\10\5074D418-DB4B-4CDC-A5EF-233049E91471.PNG c:\programdata\Asus\Game Park Console\Data\Promotions\10\9B8DF512-216E-4263-BFE8-99167701AEEE.swf c:\programdata\Asus\Game Park Console\Data\Promotions\14\7585427C-365A-4C13-8DA6-2FFA3B6D7D70.PNG c:\programdata\Asus\Game Park Console\Data\Promotions\14\7C9796CA-369F-4A1A-AF7B-9E7546D3D936.swf c:\programdata\Asus\Game Park Console\Data\Promotions\14\PAcmanIcon.png c:\programdata\Asus\Game Park Console\Data\Promotions\15\86850998-3979-440D-ADF9-E595F9EA9754.PNG c:\programdata\Asus\Game Park Console\Data\Promotions\15\A2143889-2218-4928-898A-3B3FFC3C4673.swf c:\programdata\Asus\Game Park Console\Data\Promotions\15\SharpenIcon.png c:\programdata\Asus\Game Park Console\Data\Promotions\16\07908AE6-0057-425E-AC41-59B10AA1B955.swf c:\programdata\Asus\Game Park Console\Data\Promotions\16\5E18B42E-7DF8-4C2F-8B90-493A4B78F57F.PNG c:\programdata\Asus\Game Park Console\Data\Promotions\16\TritrisIcon.png c:\programdata\Asus\Game Park Console\Data\Promotions\17\59A14F46-39F7-43AB-B41C-2AC985D94EB4.swf c:\programdata\Asus\Game Park Console\Data\Promotions\17\CEFDDDD3-09DA-4463-B0D2-5A92F4CBE5FC.PNG c:\programdata\Asus\Game Park Console\Data\Promotions\345\0AEEF17C-C22D-4DC1-BF5C-29F4A5259E5D.PNG c:\programdata\Asus\Game Park Console\Data\Promotions\345\65378131-5BDF-4A16-A52B-04B3DCCFAE25.swf c:\programdata\Asus\Game Park Console\Data\Promotions\346\058A0EF5-5538-4182-AE82-B1972C8D1D50.PNG c:\programdata\Asus\Game Park Console\Data\Promotions\346\ED14766D-B61F-4738-8845-3A1C77DBF6FC.swf c:\programdata\Asus\Game Park Console\Data\Promotions\347\93955C7A-BD7A-48DD-B8AF-0C37173BDF87.swf c:\programdata\Asus\Game Park Console\Data\Promotions\347\B09D41C3-BC42-4088-AB9B-DA41AAE945FE.PNG c:\programdata\Asus\Game Park Console\Data\Promotions\348\AD90F77B-65AD-48BA-B1C5-36B40631BBEA.swf c:\programdata\Asus\Game Park Console\Data\Promotions\348\B662D279-54C8-456D-9A9F-3C455F16FA25.PNG c:\programdata\Asus\Game Park Console\Data\Promotions\350\7C63E376-A4F0-4C21-B702-DF84710B85B8.swf c:\programdata\Asus\Game Park Console\Data\Promotions\350\DBE2A3F9-392B-4A1E-A6C7-BC5B33DF7AEC.PNG c:\programdata\Asus\Game Park Console\Data\Promotions\351\9E653D19-862C-41D7-9099-169E23D95CAA.PNG c:\programdata\Asus\Game Park Console\Data\Promotions\351\A31570D0-0447-41CB-880E-D2B344172D23.swf c:\programdata\Asus\Game Park Console\Data\Promotions\352\D87B8813-8616-454F-94D5-E436B18DC1BB.swf c:\programdata\Asus\Game Park Console\Data\Promotions\352\FD0047D9-1740-403D-8FFC-FD608119312F.PNG c:\programdata\Asus\Game Park Console\Data\Promotions\353\0476741B-F173-4BD8-A9F1-DAD219A92D4A.swf c:\programdata\Asus\Game Park Console\Data\Promotions\353\6C1E0D3D-332E-4F0B-BF7D-FB814A56956B.PNG c:\programdata\Asus\Game Park Console\Data\Promotions\354\E842BCD4-892E-4D0F-8882-274E1F667119.swf c:\programdata\Asus\Game Park Console\Data\Promotions\354\F250DB76-9A11-436E-8A26-7B86676DD2B5.PNG c:\programdata\Asus\Game Park Console\Data\Promotions\355\0A255F5C-562F-4883-8C03-F002E4B29B1E.swf c:\programdata\Asus\Game Park Console\Data\Promotions\355\613F6BAA-78CF-404A-8C85-5BB779EDF51C.PNG c:\programdata\Asus\Game Park Console\Data\Promotions\7\089CF4CD-70E8-47D1-BC80-2AC0C7FBB01A.PNG c:\programdata\Asus\Game Park Console\Data\Promotions\7\A6E453FE-8260-4118-83D6-DB8C11F49543.swf c:\programdata\Asus\Game Park Console\Data\Promotions\8\394d3f44d1ad.png c:\programdata\Asus\Game Park Console\Data\Promotions\8\8327803A-AA99-4CC5-A425-CA494F10A622.PNG c:\programdata\Asus\Game Park Console\Data\Promotions\8\BBBDDA17-6705-4D75-AF93-C75007DFE003.swf c:\programdata\Asus\Game Park Console\Data\Promotions\9\51442BBC-1A3A-4528-A602-AA88A5760983.swf c:\programdata\Asus\Game Park Console\Data\Promotions\9\bouncIcon.png c:\programdata\Asus\Game Park Console\Data\Promotions\9\E2807567-CC71-409C-83FB-6C71CED51F7B.PNG c:\programdata\Asus\Game Park Console\Data\Resources\04410fd6-b848-43e3-9381-d29f354d05c5.swf c:\programdata\Asus\Game Park Console\Data\Resources\26073da2-1b2d-4bc2-bed9-fe526a9a0ade.swf c:\programdata\Asus\Game Park Console\Data\Resources\8bdcd497-61fd-41bf-9b50-6f46505cd017.swf c:\programdata\Asus\Game Park Console\Data\Resources\cjkfont.bin c:\programdata\Asus\Game Park Console\Data\Resources\GameConsole.ico c:\programdata\Asus\Game Park Console\Data\Resources\lfont.bin c:\programdata\Asus\Game Park Console\Data\Resources\verdana.swf c:\programdata\Asus\Game Park Console\Data\SV\data.xml c:\programdata\Asus\Game Park Console\Data\Themes\2\B31C0F06-3956-49C7-B87B-3CC100FD72FA.png c:\programdata\Asus\Game Park Console\Data\Themes\4\98EA54D9-29B3-463A-9100-CE33F448E08E.png c:\programdata\Asus\Game Park Console\Data\Themes\5\198CC833-1C10-46C5-A4BE-1998A25A57F0.png c:\programdata\Asus\Game Park Console\Data\Themes\7\B665DA77-6221-4945-A2B9-7CA13B25FC09.png c:\programdata\Asus\Game Park Console\Data\Themes\8\969CA433-7F9E-4DD2-843F-B49973B8F1F1.png c:\programdata\Asus\Game Park Console\Data\Themes\9\CD29DF6A-F9DF-48F0-8208-FF98B59B7EF0.png c:\programdata\Asus\Game Park Console\Data\ZH\data.xml c:\programdata\Asus\Game Park Console\Data\ZZ\data.xml c:\programdata\Asus\Game Park Console\GameConsole.exe c:\programdata\Asus\Game Park Console\GDFShell.dll c:\programdata\Asus\LifeFrame\config0.cfg c:\programdata\Asus\LifeFrame\config1.cfg c:\programdata\Asus\LifeFrame\config2.cfg c:\programdata\Asus\LifeFrame\config3.cfg c:\programdata\Asus\LifeFrame\config4.cfg c:\programdata\Asus\LifeFrame\config5.cfg c:\programdata\Asus\LifeFrame\tmp0.img c:\programdata\Asus\LifeFrame\tmp1.img c:\programdata\Asus\LifeFrame\tmp2.img c:\programdata\Asus\LifeFrame\tmp3.img c:\programdata\Asus\LifeFrame\tmp4.img c:\programdata\Asus\LifeFrame\tmp5.img c:\programdata\FullRemove.exe c:\users\Joe\AppData\Roaming\Elaw c:\users\Joe\AppData\Roaming\Elaw\cyim.exe c:\users\Joe\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk c:\users\Joe\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk c:\windows\msvcr71.dll . . ((((((((((((((((((((((( Dateien erstellt von 2013-04-18 bis 2013-05-18 )))))))))))))))))))))))))))))) . . 2013-05-18 10:06 . 2013-05-18 10:06 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-18 09:55 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{50E80CE1-C6AF-453C-85BC-A4C6C02772B4}\mpengine.dll 2013-05-16 13:17 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-05-16 08:55 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll 2013-05-16 08:55 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-05-16 08:55 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-05-16 08:53 . 2013-04-05 00:55 816640 ----a-w- c:\windows\system32\jscript.dll 2013-05-16 08:53 . 2013-04-05 00:55 599040 ----a-w- c:\windows\system32\vbscript.dll 2013-05-16 08:53 . 2013-04-04 22:11 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-05-16 08:53 . 2013-04-05 01:02 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll 2013-05-16 08:53 . 2013-04-04 22:04 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll 2013-05-16 08:53 . 2013-04-04 22:05 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll 2013-05-16 08:53 . 2013-04-05 01:03 887808 ----a-w- c:\program files\Internet Explorer\iedvtool.dll 2013-05-16 08:53 . 2013-04-05 01:19 10926080 ----a-w- c:\windows\system32\ieframe.dll 2013-05-15 08:51 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-05-15 08:51 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-05-15 08:51 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll 2013-05-15 08:50 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll 2013-05-15 08:50 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe 2013-05-15 08:50 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll 2013-05-15 08:50 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll 2013-05-15 08:50 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll 2013-05-15 08:50 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll 2013-05-15 08:50 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-05-15 08:50 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll 2013-05-15 08:50 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll 2013-05-14 19:30 . 2013-05-14 19:30 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2013-05-14 19:11 . 2013-05-14 19:11 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-05-14 19:11 . 2013-04-04 03:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-05-10 07:57 . 2013-05-10 07:57 187456 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll 2013-05-10 07:57 . 2013-05-10 07:57 187456 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll 2013-05-08 11:35 . 2013-05-16 13:07 -------- d-----w- c:\users\Joe\AppData\Roaming\Pyumq 2013-05-08 11:35 . 2013-05-08 11:35 -------- d-----w- c:\users\Joe\AppData\Roaming\Upgoic 2013-05-03 14:25 . 2013-05-03 14:25 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin 2013-04-25 11:15 . 2013-04-25 11:14 905296 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{62821906-D77F-4ABF-856E-E8D58DF61186}\gapaengine.dll 2013-04-24 11:01 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-20 07:50 . 2013-04-20 07:50 -------- d-----w- c:\programdata\McAfee Security Scan 2013-04-20 07:50 . 2013-04-22 10:47 -------- d-----w- c:\program files (x86)\McAfee Security Scan . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-18 09:44 . 2012-07-28 12:04 387 ----a-w- c:\users\Joe\AppData\Roaming\sp_data.sys 2013-05-15 17:51 . 2012-08-01 14:36 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-15 17:51 . 2012-08-01 14:36 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-05-14 11:00 . 2011-03-29 02:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-02 15:29 . 2012-07-28 13:21 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-13 05:49 . 2013-05-15 08:51 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-05-15 08:51 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-05-15 08:51 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-05-15 08:51 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-05-15 08:51 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-15 08:51 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-03-22 18:37 . 2012-09-28 17:23 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-03-22 18:37 . 2012-09-28 17:23 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-03-19 06:04 . 2013-04-10 13:26 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-19 05:46 . 2013-04-10 13:26 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 05:04 . 2013-04-10 13:26 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04 . 2013-04-10 13:26 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47 . 2013-04-10 13:26 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-03-19 03:06 . 2013-04-10 13:26 112640 ----a-w- c:\windows\system32\smss.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay] @="{49B8C132-9076-4A1D-8CEA-E477E7BFB71B}" [HKEY_CLASSES_ROOT\CLSID\{49B8C132-9076-4A1D-8CEA-E477E7BFB71B}] 2012-04-09 14:27 158224 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay] @="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}" [HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}] 2012-04-09 14:27 158224 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ICQ"="c:\program files (x86)\ICQ7M\ICQ.exe" [2012-07-28 127040] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-02-24 3331312] "ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104] "SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-23 318080] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-25 174720] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-10-19 2319536] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ FancyStart daemon.lnk - c:\windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe [2012-6-9 12862] McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R1 ljnscwbf;ljnscwbf;c:\windows\system32\drivers\ljnscwbf.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2011-03-18 74840] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560] R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216] R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2012-06-11 22016] R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2012-01-25 9728] R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2012-06-08 27136] R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-11-08 11776] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008] R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232] S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536] S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2012-04-09 352144] S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416] S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-02-17 277120] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400] S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512] S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-03-25 121144] S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-02 65657] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-22 130024] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-22 395752] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-11-03 317440] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2012-02-04 1838656] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . Inhalt des "geplante Tasks" Ordners . 2013-05-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-01 17:51] . 2013-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 02:28] . 2013-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 02:28] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon1] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2012-05-02 12:10 1721856 ----a-w- c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon2] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2012-05-02 12:10 1721856 ----a-w- c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon3] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2012-05-02 12:10 1721856 ----a-w- c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon4] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2012-05-02 12:10 1721856 ----a-w- c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay] @="{49B8C132-9076-4A1D-8CEA-E477E7BFB71B}" [HKEY_CLASSES_ROOT\CLSID\{49B8C132-9076-4A1D-8CEA-E477E7BFB71B}] 2012-04-09 14:27 190480 ----a-w- c:\windows\System32\CbFsMntNtf3.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay] @="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}" [HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}] 2012-04-09 14:27 190480 ----a-w- c:\windows\System32\CbFsMntNtf3.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-11-03 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-11-03 392472] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mStart Page = hxxp://asus.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = ;192.168.*.* IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\trjxqo70.default-1368569298600\ FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-Ybkeavh - c:\users\Joe\AppData\Roaming\Elaw\cyim.exe Wow6432Node-HKLM-Run-<NO NAME> - (no file) Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-05-18 12:09:31 ComboFix-quarantined-files.txt 2013-05-18 10:09 . Vor Suchlauf: 10 Verzeichnis(se), 76.691.832.832 Bytes frei Nach Suchlauf: 17 Verzeichnis(se), 78.171.762.688 Bytes frei . - - End Of File - - 8342FEFE7F5BD897F9340F744FF880A5 |
19.05.2013, 02:23 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Sparkassen-Trojaner Combofix-Skript
__________________ Logfiles bitte immer in CODE-Tags posten |
19.05.2013, 11:56 | #9 |
| Sparkassen-TrojanerCode:
ATTFilter ComboFix 13-05-18.03 - Joe 19.05.2013 12:40:05.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4000.2572 [GMT 2:00] ausgeführt von:: c:\users\Joe\Desktop\ComboFix.exe Benutzte Befehlsschalter :: c:\users\Joe\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\system32\drivers\ljnscwbf.sys" . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_ljnscwbf . . ((((((((((((((((((((((( Dateien erstellt von 2013-04-19 bis 2013-05-19 )))))))))))))))))))))))))))))) . . 2013-05-19 10:45 . 2013-05-19 10:45 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-19 10:22 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F583A89A-3520-4867-8329-1CCF475BFC22}\mpengine.dll 2013-05-18 10:37 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-05-16 08:55 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll 2013-05-16 08:55 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-05-16 08:55 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-05-16 08:53 . 2013-04-05 00:55 816640 ----a-w- c:\windows\system32\jscript.dll 2013-05-16 08:53 . 2013-04-05 00:55 599040 ----a-w- c:\windows\system32\vbscript.dll 2013-05-16 08:53 . 2013-04-04 22:11 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-05-16 08:53 . 2013-04-05 01:02 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll 2013-05-16 08:53 . 2013-04-04 22:04 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll 2013-05-16 08:53 . 2013-04-04 22:05 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll 2013-05-16 08:53 . 2013-04-05 01:03 887808 ----a-w- c:\program files\Internet Explorer\iedvtool.dll 2013-05-16 08:53 . 2013-04-05 01:19 10926080 ----a-w- c:\windows\system32\ieframe.dll 2013-05-15 08:51 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-05-15 08:51 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-05-15 08:51 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll 2013-05-15 08:50 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll 2013-05-15 08:50 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe 2013-05-15 08:50 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll 2013-05-15 08:50 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll 2013-05-15 08:50 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll 2013-05-15 08:50 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll 2013-05-15 08:50 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-05-15 08:50 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll 2013-05-15 08:50 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll 2013-05-14 19:30 . 2013-05-14 19:30 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2013-05-14 19:11 . 2013-05-14 19:11 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-05-14 19:11 . 2013-04-04 03:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-05-10 07:57 . 2013-05-10 07:57 187456 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll 2013-05-10 07:57 . 2013-05-10 07:57 187456 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll 2013-05-08 11:35 . 2013-05-16 13:07 -------- d-----w- c:\users\Joe\AppData\Roaming\Pyumq 2013-05-08 11:35 . 2013-05-08 11:35 -------- d-----w- c:\users\Joe\AppData\Roaming\Upgoic 2013-05-03 14:25 . 2013-05-03 14:25 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin 2013-04-25 11:15 . 2013-04-25 11:14 905296 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{62821906-D77F-4ABF-856E-E8D58DF61186}\gapaengine.dll 2013-04-24 11:01 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-20 07:50 . 2013-04-20 07:50 -------- d-----w- c:\programdata\McAfee Security Scan 2013-04-20 07:50 . 2013-04-22 10:47 -------- d-----w- c:\program files (x86)\McAfee Security Scan . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-19 10:46 . 2012-07-28 12:04 387 ----a-w- c:\users\Joe\AppData\Roaming\sp_data.sys 2013-05-15 17:51 . 2012-08-01 14:36 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-15 17:51 . 2012-08-01 14:36 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-05-14 11:00 . 2011-03-29 02:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-02 15:29 . 2012-07-28 13:21 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-13 05:49 . 2013-05-15 08:51 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-05-15 08:51 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-05-15 08:51 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-05-15 08:51 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-05-15 08:51 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-15 08:51 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-03-22 18:37 . 2012-09-28 17:23 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-03-22 18:37 . 2012-09-28 17:23 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-03-19 06:04 . 2013-04-10 13:26 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-19 05:46 . 2013-04-10 13:26 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 05:04 . 2013-04-10 13:26 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04 . 2013-04-10 13:26 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47 . 2013-04-10 13:26 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-03-19 03:06 . 2013-04-10 13:26 112640 ----a-w- c:\windows\system32\smss.exe . . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . . --- c:\windows\system32\drivers\cbfs3.sys --- Company: EldoS Corporation File Description: Callback File System Driver File Version: 3, 2, 107, 271 Product Name: Callback File System (TM) Copyright: Copyright (C) EldoS Corp. 2006-2012 Original Filename: cbfs3.sys File size: 352144 Created time: 2012-10-14 13:09 Modified time: 2012-04-09 14:27 MD5: 555FA105C22B1616094EDAD1CBFB0551 SHA1: A9806B9EBE5F25A9D1600F9CA7EDFAB5A720B3AC . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay] @="{49B8C132-9076-4A1D-8CEA-E477E7BFB71B}" [HKEY_CLASSES_ROOT\CLSID\{49B8C132-9076-4A1D-8CEA-E477E7BFB71B}] 2012-04-09 14:27 158224 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay] @="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}" [HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}] 2012-04-09 14:27 158224 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ICQ"="c:\program files (x86)\ICQ7M\ICQ.exe" [2012-07-28 127040] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-02-24 3331312] "ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104] "SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-23 318080] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-25 174720] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-10-19 2319536] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ FancyStart daemon.lnk - c:\windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe [2012-6-9 12862] McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2011-03-18 74840] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560] R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216] R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2012-06-11 22016] R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2012-01-25 9728] R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2012-06-08 27136] R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-11-08 11776] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008] R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232] S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536] S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2012-04-09 352144] S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416] S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-02-17 277120] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400] S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512] S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-03-25 121144] S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-02 65657] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-22 130024] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-22 395752] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-11-03 317440] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2012-02-04 1838656] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . Inhalt des "geplante Tasks" Ordners . 2013-05-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-01 17:51] . 2013-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 02:28] . 2013-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 02:28] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon1] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2012-05-02 12:10 1721856 ----a-w- c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon2] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2012-05-02 12:10 1721856 ----a-w- c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon3] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2012-05-02 12:10 1721856 ----a-w- c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon4] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2012-05-02 12:10 1721856 ----a-w- c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay] @="{49B8C132-9076-4A1D-8CEA-E477E7BFB71B}" [HKEY_CLASSES_ROOT\CLSID\{49B8C132-9076-4A1D-8CEA-E477E7BFB71B}] 2012-04-09 14:27 190480 ----a-w- c:\windows\System32\CbFsMntNtf3.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay] @="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}" [HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}] 2012-04-09 14:27 190480 ----a-w- c:\windows\System32\CbFsMntNtf3.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-11-03 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-11-03 392472] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984] "SynAsusAcpi"="c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe" [BU] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mStart Page = hxxp://asus.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = ;192.168.*.* IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\trjxqo70.default-1368569298600\ FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe c:\program files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe c:\program files (x86)\ASUS\FaceLogon\sensorsrv.exe c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe c:\program files (x86)\ASUS\Splendid\ACMON.exe c:\windows\SysWOW64\ACEngSvr.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe c:\windows\AsScrPro.exe c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe . ************************************************************************** . Zeit der Fertigstellung: 2013-05-19 12:51:02 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2013-05-19 10:51 ComboFix2.txt 2013-05-18 10:09 . Vor Suchlauf: 15 Verzeichnis(se), 78.314.065.920 Bytes frei Nach Suchlauf: 18 Verzeichnis(se), 78.821.994.496 Bytes frei . - - End Of File - - 4C9A4CB32214129C95A95D83A8899A55 |
19.05.2013, 20:29 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Sparkassen-Trojaner Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
20.05.2013, 00:40 | #11 |
| Sparkassen-TrojanerCode:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001 www.malwarebytes.org Database version: v2013.05.19.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Joe :: ASUS [administrator] 20.05.2013 01:18:55 mbar-log-2013-05-20 (01-18-55).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 29785 Time elapsed: 7 minute(s), 50 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software Run date: 2013-05-20 01:28:49 ----------------------------- 01:28:49.981 OS Version: Windows x64 6.1.7601 Service Pack 1 01:28:49.981 Number of processors: 2 586 0x2A07 01:28:49.981 ComputerName: ASUS UserName: Joe 01:28:50.714 Initialize success 01:29:02.399 AVAST engine defs: 13051901 01:29:13.865 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 01:29:13.865 Disk 0 Vendor: TOSHIBA_ AX00 Size: 305245MB BusType: 3 01:29:14.021 Disk 0 MBR read successfully 01:29:14.021 Disk 0 MBR scan 01:29:14.021 Disk 0 Windows 7 default MBR code 01:29:14.036 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048 01:29:14.052 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 122098 MB offset 52430848 01:29:14.099 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 157545 MB offset 302487552 01:29:14.239 Disk 0 scanning C:\Windows\system32\drivers 01:29:27.733 Service scanning 01:30:14.798 Modules scanning 01:30:14.798 Disk 0 trace - called modules: 01:30:14.798 01:30:15.313 Scan finished successfully 01:30:28.620 Disk 0 MBR has been saved successfully to "C:\Users\Joe\Desktop\MBR.dat" 01:30:28.620 The log file has been saved successfully to "C:\Users\Joe\Desktop\aswMBR.txt" Code:
ATTFilter 01:32:42.0002 7632 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 01:32:42.0174 7632 ============================================================ 01:32:42.0174 7632 Current date / time: 2013/05/20 01:32:42.0174 01:32:42.0174 7632 SystemInfo: 01:32:42.0174 7632 01:32:42.0174 7632 OS Version: 6.1.7601 ServicePack: 1.0 01:32:42.0174 7632 Product type: Workstation 01:32:42.0174 7632 ComputerName: ASUS 01:32:42.0174 7632 UserName: Joe 01:32:42.0174 7632 Windows directory: C:\Windows 01:32:42.0174 7632 System windows directory: C:\Windows 01:32:42.0174 7632 Running under WOW64 01:32:42.0174 7632 Processor architecture: Intel x64 01:32:42.0174 7632 Number of processors: 2 01:32:42.0174 7632 Page size: 0x1000 01:32:42.0174 7632 Boot type: Normal boot 01:32:42.0174 7632 ============================================================ 01:32:42.0876 7632 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 01:32:42.0876 7632 ============================================================ 01:32:42.0876 7632 \Device\Harddisk0\DR0: 01:32:42.0876 7632 MBR partitions: 01:32:42.0876 7632 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0xEE79000 01:32:42.0876 7632 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12079800, BlocksNum 0x133B4800 01:32:42.0876 7632 ============================================================ 01:32:42.0891 7632 C: <-> \Device\Harddisk0\DR0\Partition1 01:32:42.0923 7632 D: <-> \Device\Harddisk0\DR0\Partition2 01:32:42.0923 7632 ============================================================ 01:32:42.0923 7632 Initialize success 01:32:42.0923 7632 ============================================================ 01:32:49.0522 5992 ============================================================ 01:32:49.0522 5992 Scan started 01:32:49.0522 5992 Mode: Manual; SigCheck; TDLFS; 01:32:49.0522 5992 ============================================================ 01:32:50.0239 5992 ================ Scan system memory ======================== 01:32:50.0239 5992 System memory - ok 01:32:50.0239 5992 ================ Scan services ============================= 01:32:50.0816 5992 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 01:32:50.0957 5992 1394ohci - ok 01:32:51.0019 5992 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 01:32:51.0050 5992 ACPI - ok 01:32:51.0097 5992 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 01:32:51.0440 5992 AcpiPmi - ok 01:32:51.0534 5992 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 01:32:51.0550 5992 AdobeARMservice - ok 01:32:51.0643 5992 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 01:32:51.0643 5992 AdobeFlashPlayerUpdateSvc - ok 01:32:51.0706 5992 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 01:32:51.0721 5992 adp94xx - ok 01:32:51.0768 5992 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 01:32:51.0784 5992 adpahci - ok 01:32:51.0799 5992 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 01:32:51.0815 5992 adpu320 - ok 01:32:51.0830 5992 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 01:32:51.0940 5992 AeLookupSvc - ok 01:32:52.0002 5992 [ 69FD46FAC0D9C4A8ECD522AC6A7481F5 ] AFBAgent C:\Windows\system32\FBAgent.exe 01:32:52.0018 5992 AFBAgent - ok 01:32:52.0080 5992 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 01:32:52.0111 5992 AFD - ok 01:32:52.0205 5992 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys 01:32:52.0267 5992 AgereSoftModem - ok 01:32:52.0298 5992 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 01:32:52.0314 5992 agp440 - ok 01:32:52.0345 5992 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 01:32:52.0408 5992 ALG - ok 01:32:52.0439 5992 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 01:32:52.0439 5992 aliide - ok 01:32:52.0470 5992 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 01:32:52.0470 5992 amdide - ok 01:32:52.0517 5992 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 01:32:52.0564 5992 AmdK8 - ok 01:32:52.0595 5992 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 01:32:52.0626 5992 AmdPPM - ok 01:32:52.0657 5992 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 01:32:52.0657 5992 amdsata - ok 01:32:52.0688 5992 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 01:32:52.0704 5992 amdsbs - ok 01:32:52.0720 5992 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 01:32:52.0720 5992 amdxata - ok 01:32:52.0766 5992 [ 92A848F962DA91C631147D566414BB7E ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS 01:32:52.0782 5992 AmUStor - ok 01:32:52.0829 5992 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 01:32:52.0954 5992 AppID - ok 01:32:52.0985 5992 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 01:32:53.0047 5992 AppIDSvc - ok 01:32:53.0094 5992 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll 01:32:53.0141 5992 Appinfo - ok 01:32:53.0203 5992 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 01:32:53.0219 5992 arc - ok 01:32:53.0234 5992 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 01:32:53.0250 5992 arcsas - ok 01:32:53.0359 5992 [ A3626C6D3F2DC95497F3F61842D7FD89 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe 01:32:53.0359 5992 ASLDRService - ok 01:32:53.0422 5992 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys 01:32:53.0484 5992 ASMMAP64 - ok 01:32:53.0515 5992 [ 8569AF4C73747671194EA9EBB2F2D6CF ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys 01:32:53.0562 5992 asmthub3 - ok 01:32:53.0593 5992 [ 073716FBFFAC7057CD5FF00A1B558331 ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys 01:32:53.0640 5992 asmtxhci - ok 01:32:53.0765 5992 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 01:32:53.0796 5992 aspnet_state - ok 01:32:53.0858 5992 [ 52436245AAEF3B65DF7859949AB6A14E ] ASUS InstantOn C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe 01:32:53.0874 5992 ASUS InstantOn - ok 01:32:53.0905 5992 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 01:32:53.0952 5992 AsyncMac - ok 01:32:53.0999 5992 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 01:32:53.0999 5992 atapi - ok 01:32:54.0046 5992 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys 01:32:54.0139 5992 athr - ok 01:32:54.0170 5992 [ DBC598E47E7A382E60E2A4745D41FEF9 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe 01:32:54.0170 5992 ATKGFNEXSrv - ok 01:32:54.0280 5992 [ 41CEAFFCF3550785E59E3EC9BEE8D97A ] ATKWMIACPIIO C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys 01:32:54.0280 5992 ATKWMIACPIIO - ok 01:32:54.0342 5992 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 01:32:54.0404 5992 AudioEndpointBuilder - ok 01:32:54.0420 5992 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 01:32:54.0451 5992 AudioSrv - ok 01:32:54.0498 5992 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 01:32:54.0560 5992 AxInstSV - ok 01:32:54.0623 5992 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 01:32:54.0670 5992 b06bdrv - ok 01:32:54.0701 5992 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 01:32:54.0732 5992 b57nd60a - ok 01:32:54.0810 5992 [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE 01:32:54.0826 5992 BBSvc - ok 01:32:54.0857 5992 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 01:32:54.0888 5992 BDESVC - ok 01:32:54.0935 5992 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 01:32:54.0982 5992 Beep - ok 01:32:55.0044 5992 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 01:32:55.0122 5992 BFE - ok 01:32:55.0153 5992 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll 01:32:55.0200 5992 BITS - ok 01:32:55.0231 5992 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 01:32:55.0247 5992 blbdrive - ok 01:32:55.0309 5992 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 01:32:55.0356 5992 bowser - ok 01:32:55.0403 5992 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 01:32:55.0434 5992 BrFiltLo - ok 01:32:55.0450 5992 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 01:32:55.0465 5992 BrFiltUp - ok 01:32:55.0528 5992 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 01:32:55.0559 5992 BridgeMP - ok 01:32:55.0590 5992 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 01:32:55.0621 5992 Browser - ok 01:32:55.0652 5992 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 01:32:55.0699 5992 Brserid - ok 01:32:55.0715 5992 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 01:32:55.0730 5992 BrSerWdm - ok 01:32:55.0762 5992 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 01:32:55.0793 5992 BrUsbMdm - ok 01:32:55.0808 5992 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 01:32:55.0824 5992 BrUsbSer - ok 01:32:55.0871 5992 [ FF7C57973EEAD140062238C5A0B7D455 ] BTCFilterService C:\Windows\system32\DRIVERS\motfilt.sys 01:32:55.0918 5992 BTCFilterService - ok 01:32:55.0964 5992 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 01:32:56.0042 5992 BthEnum - ok 01:32:56.0089 5992 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 01:32:56.0120 5992 BTHMODEM - ok 01:32:56.0152 5992 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 01:32:56.0183 5992 BthPan - ok 01:32:56.0214 5992 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 01:32:56.0261 5992 BTHPORT - ok 01:32:56.0308 5992 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 01:32:56.0370 5992 bthserv - ok 01:32:56.0386 5992 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 01:32:56.0417 5992 BTHUSB - ok 01:32:56.0448 5992 catchme - ok 01:32:56.0495 5992 [ 555FA105C22B1616094EDAD1CBFB0551 ] cbfs3 C:\Windows\system32\drivers\cbfs3.sys 01:32:56.0510 5992 cbfs3 - ok 01:32:56.0542 5992 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 01:32:56.0604 5992 cdfs - ok 01:32:56.0651 5992 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 01:32:56.0666 5992 cdrom - ok 01:32:56.0698 5992 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 01:32:56.0760 5992 CertPropSvc - ok 01:32:56.0791 5992 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 01:32:56.0822 5992 circlass - ok 01:32:56.0885 5992 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 01:32:56.0900 5992 CLFS - ok 01:32:56.0978 5992 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 01:32:56.0978 5992 clr_optimization_v2.0.50727_32 - ok 01:32:57.0025 5992 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 01:32:57.0025 5992 clr_optimization_v2.0.50727_64 - ok 01:32:57.0103 5992 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 01:32:57.0103 5992 clr_optimization_v4.0.30319_32 - ok 01:32:57.0134 5992 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 01:32:57.0150 5992 clr_optimization_v4.0.30319_64 - ok 01:32:57.0181 5992 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 01:32:57.0228 5992 CmBatt - ok 01:32:57.0259 5992 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 01:32:57.0259 5992 cmdide - ok 01:32:57.0306 5992 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 01:32:57.0337 5992 CNG - ok 01:32:57.0384 5992 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 01:32:57.0384 5992 Compbatt - ok 01:32:57.0431 5992 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 01:32:57.0462 5992 CompositeBus - ok 01:32:57.0478 5992 COMSysApp - ok 01:32:57.0509 5992 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 01:32:57.0509 5992 crcdisk - ok 01:32:57.0556 5992 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 01:32:57.0602 5992 CryptSvc - ok 01:32:57.0696 5992 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 01:32:57.0727 5992 cvhsvc - ok 01:32:57.0790 5992 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 01:32:57.0852 5992 DcomLaunch - ok 01:32:57.0914 5992 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 01:32:57.0961 5992 defragsvc - ok 01:32:58.0008 5992 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 01:32:58.0039 5992 DfsC - ok 01:32:58.0086 5992 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 01:32:58.0117 5992 Dhcp - ok 01:32:58.0133 5992 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 01:32:58.0164 5992 discache - ok 01:32:58.0226 5992 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 01:32:58.0226 5992 Disk - ok 01:32:58.0258 5992 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 01:32:58.0304 5992 Dnscache - ok 01:32:58.0320 5992 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 01:32:58.0382 5992 dot3svc - ok 01:32:58.0398 5992 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 01:32:58.0445 5992 DPS - ok 01:32:58.0492 5992 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 01:32:58.0523 5992 drmkaud - ok 01:32:58.0570 5992 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 01:32:58.0601 5992 DXGKrnl - ok 01:32:58.0632 5992 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 01:32:58.0679 5992 EapHost - ok 01:32:58.0757 5992 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 01:32:58.0850 5992 ebdrv - ok 01:32:58.0882 5992 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 01:32:58.0928 5992 EFS - ok 01:32:59.0006 5992 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 01:32:59.0069 5992 ehRecvr - ok 01:32:59.0084 5992 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 01:32:59.0131 5992 ehSched - ok 01:32:59.0194 5992 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 01:32:59.0225 5992 elxstor - ok 01:32:59.0318 5992 [ 7DB097F4F6786307168C0DDDEC43A565 ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE 01:32:59.0350 5992 EPSON_EB_RPCV4_04 - ok 01:32:59.0365 5992 [ 258AA65A0862E19B7DE6981FDA3758AD ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE 01:32:59.0381 5992 EPSON_PM_RPCV4_04 - ok 01:32:59.0412 5992 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 01:32:59.0428 5992 ErrDev - ok 01:32:59.0474 5992 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 01:32:59.0537 5992 EventSystem - ok 01:32:59.0568 5992 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 01:32:59.0599 5992 exfat - ok 01:32:59.0630 5992 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 01:32:59.0677 5992 fastfat - ok 01:32:59.0724 5992 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 01:32:59.0786 5992 Fax - ok 01:32:59.0818 5992 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 01:32:59.0849 5992 fdc - ok 01:32:59.0896 5992 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 01:32:59.0942 5992 fdPHost - ok 01:32:59.0942 5992 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 01:33:00.0005 5992 FDResPub - ok 01:33:00.0020 5992 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 01:33:00.0036 5992 FileInfo - ok 01:33:00.0052 5992 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 01:33:00.0098 5992 Filetrace - ok 01:33:00.0130 5992 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 01:33:00.0161 5992 flpydisk - ok 01:33:00.0192 5992 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 01:33:00.0208 5992 FltMgr - ok 01:33:00.0254 5992 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll 01:33:00.0332 5992 FontCache - ok 01:33:00.0395 5992 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 01:33:00.0395 5992 FontCache3.0.0.0 - ok 01:33:00.0410 5992 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 01:33:00.0410 5992 FsDepends - ok 01:33:00.0426 5992 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 01:33:00.0442 5992 Fs_Rec - ok 01:33:00.0488 5992 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 01:33:00.0535 5992 fvevol - ok 01:33:00.0566 5992 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 01:33:00.0582 5992 gagp30kx - ok 01:33:00.0613 5992 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 01:33:00.0691 5992 gpsvc - ok 01:33:00.0738 5992 gupdate - ok 01:33:00.0754 5992 gupdatem - ok 01:33:00.0800 5992 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 01:33:00.0816 5992 gusvc - ok 01:33:00.0847 5992 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 01:33:00.0878 5992 hcw85cir - ok 01:33:00.0925 5992 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 01:33:00.0956 5992 HdAudAddService - ok 01:33:01.0003 5992 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 01:33:01.0034 5992 HDAudBus - ok 01:33:01.0050 5992 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 01:33:01.0081 5992 HidBatt - ok 01:33:01.0097 5992 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 01:33:01.0128 5992 HidBth - ok 01:33:01.0159 5992 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 01:33:01.0175 5992 HidIr - ok 01:33:01.0190 5992 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll 01:33:01.0237 5992 hidserv - ok 01:33:01.0300 5992 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 01:33:01.0315 5992 HidUsb - ok 01:33:01.0362 5992 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 01:33:01.0409 5992 hkmsvc - ok 01:33:01.0424 5992 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 01:33:01.0471 5992 HomeGroupListener - ok 01:33:01.0502 5992 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 01:33:01.0534 5992 HomeGroupProvider - ok 01:33:01.0565 5992 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 01:33:01.0580 5992 HpSAMD - ok 01:33:01.0627 5992 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 01:33:01.0705 5992 HTTP - ok 01:33:01.0721 5992 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 01:33:01.0736 5992 hwpolicy - ok 01:33:01.0768 5992 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 01:33:01.0783 5992 i8042prt - ok 01:33:01.0846 5992 [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 01:33:01.0861 5992 iaStor - ok 01:33:01.0908 5992 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 01:33:01.0924 5992 iaStorV - ok 01:33:01.0986 5992 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 01:33:02.0017 5992 idsvc - ok 01:33:02.0282 5992 [ 0089B53F1BEFD34B7D8CA4AB021335FA ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 01:33:02.0626 5992 igfx - ok 01:33:02.0672 5992 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 01:33:02.0672 5992 iirsp - ok 01:33:02.0719 5992 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 01:33:02.0782 5992 IKEEXT - ok 01:33:02.0875 5992 [ 651972B4061F940DC154C6F7B948B76A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 01:33:02.0969 5992 IntcAzAudAddService - ok 01:33:03.0031 5992 [ AE594CC17C33AC146739494615E14851 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys 01:33:03.0062 5992 IntcDAud - ok 01:33:03.0109 5992 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 01:33:03.0109 5992 intelide - ok 01:33:03.0156 5992 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 01:33:03.0187 5992 intelppm - ok 01:33:03.0234 5992 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 01:33:03.0281 5992 IPBusEnum - ok 01:33:03.0312 5992 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 01:33:03.0359 5992 IpFilterDriver - ok 01:33:03.0406 5992 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 01:33:03.0437 5992 iphlpsvc - ok 01:33:03.0452 5992 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 01:33:03.0499 5992 IPMIDRV - ok 01:33:03.0515 5992 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 01:33:03.0546 5992 IPNAT - ok 01:33:03.0593 5992 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 01:33:03.0671 5992 IRENUM - ok 01:33:03.0702 5992 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 01:33:03.0718 5992 isapnp - ok 01:33:03.0749 5992 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 01:33:03.0764 5992 iScsiPrt - ok 01:33:03.0796 5992 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 01:33:03.0796 5992 kbdclass - ok 01:33:03.0827 5992 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 01:33:03.0858 5992 kbdhid - ok 01:33:03.0905 5992 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys 01:33:03.0920 5992 kbfiltr - ok 01:33:03.0920 5992 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 01:33:03.0936 5992 KeyIso - ok 01:33:03.0967 5992 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 01:33:03.0967 5992 KSecDD - ok 01:33:03.0983 5992 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 01:33:03.0998 5992 KSecPkg - ok 01:33:04.0045 5992 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 01:33:04.0076 5992 ksthunk - ok 01:33:04.0108 5992 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 01:33:04.0154 5992 KtmRm - ok 01:33:04.0217 5992 [ A4A9CA24E54E81C6C3E469EAEB4B3F42 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys 01:33:04.0217 5992 L1C - ok 01:33:04.0264 5992 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll 01:33:04.0310 5992 LanmanServer - ok 01:33:04.0342 5992 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 01:33:04.0388 5992 LanmanWorkstation - ok 01:33:04.0451 5992 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 01:33:04.0498 5992 lltdio - ok 01:33:04.0529 5992 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 01:33:04.0591 5992 lltdsvc - ok 01:33:04.0622 5992 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 01:33:04.0654 5992 lmhosts - ok 01:33:04.0732 5992 [ 7F32D4C47A50E7223491E8FB9359907D ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 01:33:04.0747 5992 LMS - ok 01:33:04.0794 5992 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 01:33:04.0810 5992 LSI_FC - ok 01:33:04.0825 5992 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 01:33:04.0841 5992 LSI_SAS - ok 01:33:04.0841 5992 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 01:33:04.0856 5992 LSI_SAS2 - ok 01:33:04.0872 5992 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 01:33:04.0888 5992 LSI_SCSI - ok 01:33:04.0934 5992 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 01:33:04.0981 5992 luafv - ok 01:33:05.0090 5992 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe 01:33:05.0106 5992 McComponentHostService - ok 01:33:05.0122 5992 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 01:33:05.0153 5992 Mcx2Svc - ok 01:33:05.0153 5992 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 01:33:05.0168 5992 megasas - ok 01:33:05.0200 5992 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 01:33:05.0215 5992 MegaSR - ok 01:33:05.0246 5992 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 01:33:05.0262 5992 MEIx64 - ok 01:33:05.0293 5992 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 01:33:05.0340 5992 MMCSS - ok 01:33:05.0356 5992 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 01:33:05.0402 5992 Modem - ok 01:33:05.0434 5992 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 01:33:05.0465 5992 monitor - ok 01:33:05.0512 5992 [ 43E754047C6DEE50666554D3C66D6279 ] motccgp C:\Windows\system32\DRIVERS\motccgp.sys 01:33:05.0543 5992 motccgp - ok 01:33:05.0558 5992 [ 577399C75CF85AC68E7830EB150F45EF ] motccgpfl C:\Windows\system32\DRIVERS\motccgpfl.sys 01:33:05.0574 5992 motccgpfl - ok 01:33:05.0590 5992 [ 785B2CBA23D374649D98715C3EE17B2A ] motmodem C:\Windows\system32\DRIVERS\motmodem.sys 01:33:05.0636 5992 motmodem - ok 01:33:05.0714 5992 [ FDF0D78147DA8B2A93FE42D9A14C1B0B ] Motorola Device Manager C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe 01:33:05.0730 5992 Motorola Device Manager - ok 01:33:05.0761 5992 [ 19BC2161C3FCCED802F1BCD9B78C3466 ] MotoSwitchService C:\Windows\system32\DRIVERS\motswch.sys 01:33:05.0777 5992 MotoSwitchService - ok 01:33:05.0792 5992 [ C4F1495598C7E1FEF53BCFD84A5BD53E ] Motousbnet C:\Windows\system32\DRIVERS\Motousbnet.sys 01:33:05.0808 5992 Motousbnet - ok 01:33:05.0839 5992 [ D075B1D964A314D240F5498773EE89DF ] motusbdevice C:\Windows\system32\DRIVERS\motusbdevice.sys 01:33:05.0886 5992 motusbdevice - ok 01:33:05.0917 5992 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 01:33:05.0933 5992 mouclass - ok 01:33:05.0980 5992 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 01:33:06.0011 5992 mouhid - ok 01:33:06.0058 5992 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 01:33:06.0058 5992 mountmgr - ok 01:33:06.0136 5992 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 01:33:06.0151 5992 MozillaMaintenance - ok 01:33:06.0182 5992 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys 01:33:06.0198 5992 MpFilter - ok 01:33:06.0229 5992 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 01:33:06.0245 5992 mpio - ok 01:33:06.0260 5992 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 01:33:06.0307 5992 mpsdrv - ok 01:33:06.0354 5992 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 01:33:06.0416 5992 MpsSvc - ok 01:33:06.0448 5992 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 01:33:06.0494 5992 MRxDAV - ok 01:33:06.0510 5992 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 01:33:06.0541 5992 mrxsmb - ok 01:33:06.0572 5992 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 01:33:06.0588 5992 mrxsmb10 - ok 01:33:06.0604 5992 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 01:33:06.0619 5992 mrxsmb20 - ok 01:33:06.0635 5992 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 01:33:06.0650 5992 msahci - ok 01:33:06.0666 5992 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 01:33:06.0682 5992 msdsm - ok 01:33:06.0713 5992 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 01:33:06.0728 5992 MSDTC - ok 01:33:06.0744 5992 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 01:33:06.0791 5992 Msfs - ok 01:33:06.0838 5992 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 01:33:06.0884 5992 mshidkmdf - ok 01:33:06.0900 5992 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 01:33:06.0916 5992 msisadrv - ok 01:33:06.0962 5992 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 01:33:06.0994 5992 MSiSCSI - ok 01:33:07.0009 5992 msiserver - ok 01:33:07.0056 5992 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 01:33:07.0087 5992 MSKSSRV - ok 01:33:07.0150 5992 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe 01:33:07.0165 5992 MsMpSvc - ok 01:33:07.0181 5992 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 01:33:07.0212 5992 MSPCLOCK - ok 01:33:07.0243 5992 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 01:33:07.0290 5992 MSPQM - ok 01:33:07.0306 5992 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 01:33:07.0321 5992 MsRPC - ok 01:33:07.0337 5992 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 01:33:07.0337 5992 mssmbios - ok 01:33:07.0368 5992 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 01:33:07.0415 5992 MSTEE - ok 01:33:07.0430 5992 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 01:33:07.0462 5992 MTConfig - ok 01:33:07.0462 5992 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 01:33:07.0477 5992 Mup - ok 01:33:07.0493 5992 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 01:33:07.0555 5992 napagent - ok 01:33:07.0618 5992 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 01:33:07.0649 5992 NativeWifiP - ok 01:33:07.0711 5992 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 01:33:07.0727 5992 NDIS - ok 01:33:07.0789 5992 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 01:33:07.0820 5992 NdisCap - ok 01:33:07.0836 5992 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 01:33:07.0898 5992 NdisTapi - ok 01:33:07.0914 5992 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 01:33:07.0945 5992 Ndisuio - ok 01:33:07.0976 5992 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 01:33:08.0023 5992 NdisWan - ok 01:33:08.0039 5992 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 01:33:08.0086 5992 NDProxy - ok 01:33:08.0117 5992 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 01:33:08.0179 5992 NetBIOS - ok 01:33:08.0195 5992 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 01:33:08.0242 5992 NetBT - ok 01:33:08.0273 5992 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 01:33:08.0273 5992 Netlogon - ok 01:33:08.0320 5992 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 01:33:08.0382 5992 Netman - ok 01:33:08.0429 5992 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 01:33:08.0444 5992 NetMsmqActivator - ok 01:33:08.0444 5992 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 01:33:08.0460 5992 NetPipeActivator - ok 01:33:08.0491 5992 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 01:33:08.0538 5992 netprofm - ok 01:33:08.0616 5992 [ FB21D47BA5606A4EDBBAC353D4BD06F0 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys 01:33:08.0678 5992 netr28x - ok 01:33:08.0725 5992 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 01:33:08.0741 5992 NetTcpActivator - ok 01:33:08.0741 5992 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 01:33:08.0741 5992 NetTcpPortSharing - ok 01:33:08.0788 5992 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 01:33:08.0788 5992 nfrd960 - ok 01:33:08.0850 5992 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys 01:33:08.0866 5992 NisDrv - ok 01:33:08.0928 5992 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe 01:33:08.0944 5992 NisSrv - ok 01:33:09.0037 5992 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 01:33:09.0115 5992 NlaSvc - ok 01:33:09.0162 5992 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 01:33:09.0193 5992 Npfs - ok 01:33:09.0224 5992 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 01:33:09.0256 5992 nsi - ok 01:33:09.0271 5992 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 01:33:09.0318 5992 nsiproxy - ok 01:33:09.0365 5992 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 01:33:09.0396 5992 Ntfs - ok 01:33:09.0412 5992 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 01:33:09.0474 5992 Null - ok 01:33:09.0521 5992 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 01:33:09.0536 5992 nvraid - ok 01:33:09.0552 5992 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 01:33:09.0552 5992 nvstor - ok 01:33:09.0583 5992 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 01:33:09.0599 5992 nv_agp - ok 01:33:09.0614 5992 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 01:33:09.0646 5992 ohci1394 - ok 01:33:09.0708 5992 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 01:33:09.0724 5992 ose - ok 01:33:09.0848 5992 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 01:33:09.0989 5992 osppsvc - ok 01:33:10.0020 5992 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 01:33:10.0036 5992 p2pimsvc - ok 01:33:10.0067 5992 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 01:33:10.0082 5992 p2psvc - ok 01:33:10.0114 5992 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 01:33:10.0129 5992 Parport - ok 01:33:10.0145 5992 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 01:33:10.0160 5992 partmgr - ok 01:33:10.0176 5992 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 01:33:10.0207 5992 PcaSvc - ok 01:33:10.0223 5992 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 01:33:10.0238 5992 pci - ok 01:33:10.0285 5992 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 01:33:10.0285 5992 pciide - ok 01:33:10.0301 5992 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 01:33:10.0316 5992 pcmcia - ok 01:33:10.0332 5992 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 01:33:10.0332 5992 pcw - ok 01:33:10.0363 5992 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 01:33:10.0426 5992 PEAUTH - ok 01:33:10.0504 5992 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 01:33:10.0519 5992 PerfHost - ok 01:33:10.0566 5992 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 01:33:10.0628 5992 pla - ok 01:33:10.0660 5992 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 01:33:10.0706 5992 PlugPlay - ok 01:33:10.0738 5992 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 01:33:10.0753 5992 PNRPAutoReg - ok 01:33:10.0769 5992 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 01:33:10.0784 5992 PNRPsvc - ok 01:33:10.0816 5992 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 01:33:10.0862 5992 PolicyAgent - ok 01:33:10.0909 5992 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 01:33:10.0940 5992 Power - ok 01:33:10.0987 5992 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 01:33:11.0034 5992 PptpMiniport - ok 01:33:11.0050 5992 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 01:33:11.0081 5992 Processor - ok 01:33:11.0112 5992 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 01:33:11.0143 5992 ProfSvc - ok 01:33:11.0143 5992 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 01:33:11.0159 5992 ProtectedStorage - ok 01:33:11.0206 5992 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 01:33:11.0252 5992 Psched - ok 01:33:11.0330 5992 [ EA735BF6DF13A857A83C99BF27A422AD ] PST Service C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe 01:33:11.0346 5992 PST Service ( UnsignedFile.Multi.Generic ) - warning 01:33:11.0346 5992 PST Service - detected UnsignedFile.Multi.Generic (1) 01:33:11.0424 5992 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 01:33:11.0471 5992 ql2300 - ok 01:33:11.0486 5992 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 01:33:11.0502 5992 ql40xx - ok 01:33:11.0518 5992 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 01:33:11.0533 5992 QWAVE - ok 01:33:11.0549 5992 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 01:33:11.0580 5992 QWAVEdrv - ok 01:33:11.0580 5992 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 01:33:11.0627 5992 RasAcd - ok 01:33:11.0658 5992 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 01:33:11.0705 5992 RasAgileVpn - ok 01:33:11.0736 5992 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 01:33:11.0783 5992 RasAuto - ok 01:33:11.0798 5992 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 01:33:11.0845 5992 Rasl2tp - ok 01:33:11.0876 5992 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 01:33:11.0923 5992 RasMan - ok 01:33:11.0970 5992 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 01:33:12.0017 5992 RasPppoe - ok 01:33:12.0017 5992 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 01:33:12.0079 5992 RasSstp - ok 01:33:12.0126 5992 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 01:33:12.0157 5992 rdbss - ok 01:33:12.0173 5992 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 01:33:12.0188 5992 rdpbus - ok 01:33:12.0235 5992 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 01:33:12.0266 5992 RDPCDD - ok 01:33:12.0298 5992 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 01:33:12.0344 5992 RDPENCDD - ok 01:33:12.0360 5992 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 01:33:12.0407 5992 RDPREFMP - ok 01:33:12.0438 5992 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 01:33:12.0485 5992 RDPWD - ok 01:33:12.0516 5992 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 01:33:12.0532 5992 rdyboost - ok 01:33:12.0563 5992 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 01:33:12.0610 5992 RemoteAccess - ok 01:33:12.0641 5992 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 01:33:12.0688 5992 RemoteRegistry - ok 01:33:12.0719 5992 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 01:33:12.0750 5992 RFCOMM - ok 01:33:12.0766 5992 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 01:33:12.0812 5992 RpcEptMapper - ok 01:33:12.0828 5992 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 01:33:12.0859 5992 RpcLocator - ok 01:33:12.0875 5992 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 01:33:12.0922 5992 RpcSs - ok 01:33:12.0953 5992 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 01:33:12.0984 5992 rspndr - ok 01:33:13.0000 5992 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 01:33:13.0015 5992 SamSs - ok 01:33:13.0031 5992 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 01:33:13.0031 5992 sbp2port - ok 01:33:13.0078 5992 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 01:33:13.0109 5992 SCardSvr - ok 01:33:13.0124 5992 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 01:33:13.0156 5992 scfilter - ok 01:33:13.0187 5992 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 01:33:13.0249 5992 Schedule - ok 01:33:13.0265 5992 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 01:33:13.0296 5992 SCPolicySvc - ok 01:33:13.0327 5992 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 01:33:13.0358 5992 SDRSVC - ok 01:33:13.0421 5992 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE 01:33:13.0436 5992 SeaPort - ok 01:33:13.0468 5992 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 01:33:13.0514 5992 secdrv - ok 01:33:13.0546 5992 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 01:33:13.0577 5992 seclogon - ok 01:33:13.0624 5992 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll 01:33:13.0670 5992 SENS - ok 01:33:13.0686 5992 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 01:33:13.0702 5992 SensrSvc - ok 01:33:13.0748 5992 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 01:33:13.0764 5992 Serenum - ok 01:33:13.0811 5992 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 01:33:13.0826 5992 Serial - ok 01:33:13.0842 5992 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 01:33:13.0858 5992 sermouse - ok 01:33:13.0904 5992 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 01:33:13.0951 5992 SessionEnv - ok 01:33:13.0967 5992 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 01:33:13.0982 5992 sffdisk - ok 01:33:13.0982 5992 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 01:33:14.0014 5992 sffp_mmc - ok 01:33:14.0029 5992 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 01:33:14.0060 5992 sffp_sd - ok 01:33:14.0092 5992 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 01:33:14.0107 5992 sfloppy - ok 01:33:14.0170 5992 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys 01:33:14.0216 5992 Sftfs - ok 01:33:14.0263 5992 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 01:33:14.0279 5992 sftlist - ok 01:33:14.0294 5992 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys 01:33:14.0310 5992 Sftplay - ok 01:33:14.0310 5992 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys 01:33:14.0326 5992 Sftredir - ok 01:33:14.0326 5992 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys 01:33:14.0341 5992 Sftvol - ok 01:33:14.0357 5992 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 01:33:14.0372 5992 sftvsa - ok 01:33:14.0419 5992 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 01:33:14.0482 5992 SharedAccess - ok 01:33:14.0513 5992 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 01:33:14.0544 5992 ShellHWDetection - ok 01:33:14.0591 5992 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys 01:33:14.0606 5992 SiSGbeLH - ok 01:33:14.0638 5992 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 01:33:14.0638 5992 SiSRaid2 - ok 01:33:14.0653 5992 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 01:33:14.0669 5992 SiSRaid4 - ok 01:33:14.0731 5992 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 01:33:14.0731 5992 SkypeUpdate - ok 01:33:14.0778 5992 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 01:33:14.0825 5992 Smb - ok 01:33:14.0872 5992 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 01:33:14.0903 5992 SNMPTRAP - ok 01:33:14.0903 5992 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 01:33:14.0918 5992 spldr - ok 01:33:14.0950 5992 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 01:33:14.0981 5992 Spooler - ok 01:33:15.0059 5992 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 01:33:15.0199 5992 sppsvc - ok 01:33:15.0199 5992 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 01:33:15.0246 5992 sppuinotify - ok 01:33:15.0277 5992 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 01:33:15.0324 5992 srv - ok 01:33:15.0340 5992 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 01:33:15.0371 5992 srv2 - ok 01:33:15.0386 5992 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 01:33:15.0402 5992 srvnet - ok 01:33:15.0449 5992 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 01:33:15.0480 5992 SSDPSRV - ok 01:33:15.0496 5992 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 01:33:15.0527 5992 SstpSvc - ok 01:33:15.0558 5992 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 01:33:15.0558 5992 stexstor - ok 01:33:15.0605 5992 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 01:33:15.0652 5992 stisvc - ok 01:33:15.0667 5992 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 01:33:15.0683 5992 swenum - ok 01:33:15.0714 5992 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 01:33:15.0761 5992 swprv - ok 01:33:15.0839 5992 [ 7E8902F9929A5D9FFD0F545332CE0F10 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 01:33:15.0901 5992 SynTP - ok 01:33:15.0948 5992 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 01:33:16.0010 5992 SysMain - ok 01:33:16.0026 5992 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 01:33:16.0057 5992 TabletInputService - ok 01:33:16.0088 5992 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 01:33:16.0135 5992 TapiSrv - ok 01:33:16.0151 5992 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 01:33:16.0198 5992 TBS - ok 01:33:16.0276 5992 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 01:33:16.0322 5992 Tcpip - ok 01:33:16.0385 5992 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 01:33:16.0416 5992 TCPIP6 - ok 01:33:16.0447 5992 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 01:33:16.0463 5992 tcpipreg - ok 01:33:16.0510 5992 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 01:33:16.0541 5992 TDPIPE - ok 01:33:16.0572 5992 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 01:33:16.0588 5992 TDTCP - ok 01:33:16.0603 5992 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 01:33:16.0650 5992 tdx - ok 01:33:16.0650 5992 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 01:33:16.0666 5992 TermDD - ok 01:33:16.0697 5992 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 01:33:16.0744 5992 TermService - ok 01:33:16.0744 5992 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 01:33:16.0775 5992 Themes - ok 01:33:16.0806 5992 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 01:33:16.0837 5992 THREADORDER - ok 01:33:16.0868 5992 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys 01:33:16.0884 5992 TPM - ok 01:33:16.0915 5992 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 01:33:16.0962 5992 TrkWks - ok 01:33:17.0024 5992 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 01:33:17.0071 5992 TrustedInstaller - ok 01:33:17.0087 5992 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 01:33:17.0118 5992 tssecsrv - ok 01:33:17.0149 5992 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 01:33:17.0180 5992 TsUsbFlt - ok 01:33:17.0212 5992 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 01:33:17.0227 5992 TsUsbGD - ok 01:33:17.0258 5992 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 01:33:17.0305 5992 tunnel - ok 01:33:17.0321 5992 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 01:33:17.0321 5992 uagp35 - ok 01:33:17.0352 5992 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 01:33:17.0414 5992 udfs - ok 01:33:17.0430 5992 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 01:33:17.0461 5992 UI0Detect - ok 01:33:17.0492 5992 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 01:33:17.0508 5992 uliagpkx - ok 01:33:17.0555 5992 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 01:33:17.0570 5992 umbus - ok 01:33:17.0586 5992 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 01:33:17.0602 5992 UmPass - ok 01:33:17.0742 5992 [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 01:33:17.0789 5992 UNS - ok 01:33:17.0820 5992 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 01:33:17.0867 5992 upnphost - ok 01:33:17.0914 5992 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 01:33:17.0945 5992 usbccgp - ok 01:33:17.0976 5992 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 01:33:18.0007 5992 usbcir - ok 01:33:18.0038 5992 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 01:33:18.0054 5992 usbehci - ok 01:33:18.0101 5992 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 01:33:18.0132 5992 usbhub - ok 01:33:18.0148 5992 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 01:33:18.0148 5992 usbohci - ok 01:33:18.0179 5992 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 01:33:18.0194 5992 usbprint - ok 01:33:18.0226 5992 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 01:33:18.0257 5992 usbscan - ok 01:33:18.0272 5992 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 01:33:18.0319 5992 USBSTOR - ok 01:33:18.0350 5992 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 01:33:18.0366 5992 usbuhci - ok 01:33:18.0428 5992 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 01:33:18.0460 5992 usbvideo - ok 01:33:18.0475 5992 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 01:33:18.0506 5992 UxSms - ok 01:33:18.0522 5992 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 01:33:18.0538 5992 VaultSvc - ok 01:33:18.0569 5992 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 01:33:18.0584 5992 vdrvroot - ok 01:33:18.0600 5992 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 01:33:18.0662 5992 vds - ok 01:33:18.0709 5992 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 01:33:18.0725 5992 vga - ok 01:33:18.0740 5992 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 01:33:18.0772 5992 VgaSave - ok 01:33:18.0787 5992 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 01:33:18.0803 5992 vhdmp - ok 01:33:18.0850 5992 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 01:33:18.0850 5992 viaide - ok 01:33:18.0896 5992 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 01:33:18.0912 5992 volmgr - ok 01:33:18.0943 5992 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 01:33:18.0959 5992 volmgrx - ok 01:33:18.0974 5992 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys 01:33:18.0990 5992 volsnap - ok 01:33:19.0037 5992 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 01:33:19.0052 5992 vsmraid - ok 01:33:19.0099 5992 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 01:33:19.0193 5992 VSS - ok 01:33:19.0208 5992 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 01:33:19.0240 5992 vwifibus - ok 01:33:19.0240 5992 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 01:33:19.0271 5992 vwififlt - ok 01:33:19.0302 5992 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 01:33:19.0364 5992 W32Time - ok 01:33:19.0380 5992 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 01:33:19.0411 5992 WacomPen - ok 01:33:19.0442 5992 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 01:33:19.0474 5992 WANARP - ok 01:33:19.0474 5992 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 01:33:19.0505 5992 Wanarpv6 - ok 01:33:19.0552 5992 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 01:33:19.0630 5992 wbengine - ok 01:33:19.0645 5992 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 01:33:19.0661 5992 WbioSrvc - ok 01:33:19.0692 5992 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 01:33:19.0723 5992 wcncsvc - ok 01:33:19.0739 5992 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 01:33:19.0754 5992 WcsPlugInService - ok 01:33:19.0786 5992 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 01:33:19.0786 5992 Wd - ok 01:33:19.0817 5992 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 01:33:19.0864 5992 Wdf01000 - ok 01:33:19.0879 5992 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 01:33:19.0973 5992 WdiServiceHost - ok 01:33:19.0973 5992 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 01:33:19.0988 5992 WdiSystemHost - ok 01:33:20.0020 5992 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 01:33:20.0051 5992 WebClient - ok 01:33:20.0066 5992 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 01:33:20.0113 5992 Wecsvc - ok 01:33:20.0129 5992 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 01:33:20.0176 5992 wercplsupport - ok 01:33:20.0207 5992 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 01:33:20.0254 5992 WerSvc - ok 01:33:20.0285 5992 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 01:33:20.0332 5992 WfpLwf - ok 01:33:20.0363 5992 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys 01:33:20.0378 5992 WimFltr - ok 01:33:20.0425 5992 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 01:33:20.0425 5992 WIMMount - ok 01:33:20.0456 5992 WinDefend - ok 01:33:20.0456 5992 WinHttpAutoProxySvc - ok 01:33:20.0519 5992 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 01:33:20.0566 5992 Winmgmt - ok 01:33:20.0628 5992 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 01:33:20.0722 5992 WinRM - ok 01:33:20.0784 5992 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys 01:33:20.0800 5992 WinUsb - ok 01:33:20.0831 5992 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 01:33:20.0878 5992 Wlansvc - ok 01:33:20.0971 5992 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 01:33:21.0049 5992 wlidsvc - ok 01:33:21.0080 5992 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 01:33:21.0096 5992 WmiAcpi - ok 01:33:21.0127 5992 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 01:33:21.0158 5992 wmiApSrv - ok 01:33:21.0190 5992 WMPNetworkSvc - ok 01:33:21.0236 5992 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 01:33:21.0252 5992 WPCSvc - ok 01:33:21.0268 5992 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 01:33:21.0299 5992 WPDBusEnum - ok 01:33:21.0330 5992 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 01:33:21.0377 5992 ws2ifsl - ok 01:33:21.0392 5992 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll 01:33:21.0408 5992 wscsvc - ok 01:33:21.0424 5992 WSearch - ok 01:33:21.0502 5992 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 01:33:21.0580 5992 wuauserv - ok 01:33:21.0595 5992 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 01:33:21.0642 5992 WudfPf - ok 01:33:21.0673 5992 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 01:33:21.0689 5992 WUDFRd - ok 01:33:21.0720 5992 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 01:33:21.0736 5992 wudfsvc - ok 01:33:21.0767 5992 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll 01:33:21.0798 5992 WwanSvc - ok 01:33:21.0814 5992 ================ Scan global =============================== 01:33:21.0845 5992 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 01:33:21.0876 5992 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 01:33:21.0876 5992 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 01:33:21.0892 5992 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 01:33:21.0923 5992 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 01:33:21.0923 5992 [Global] - ok 01:33:21.0923 5992 ================ Scan MBR ================================== 01:33:21.0938 5992 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 01:33:22.0422 5992 \Device\Harddisk0\DR0 - ok 01:33:22.0422 5992 ================ Scan VBR ================================== 01:33:22.0422 5992 [ E14A76216885B5F2297461FD64106EBF ] \Device\Harddisk0\DR0\Partition1 01:33:22.0422 5992 \Device\Harddisk0\DR0\Partition1 - ok 01:33:22.0438 5992 [ 20FA95381BEDE84505459E72CCE4A9E5 ] \Device\Harddisk0\DR0\Partition2 01:33:22.0453 5992 \Device\Harddisk0\DR0\Partition2 - ok 01:33:22.0453 5992 ============================================================ 01:33:22.0453 5992 Scan finished 01:33:22.0453 5992 ============================================================ 01:33:22.0453 6612 Detected object count: 1 01:33:22.0453 6612 Actual detected object count: 1 01:33:41.0267 6612 PST Service ( UnsignedFile.Multi.Generic ) - skipped by user 01:33:41.0267 6612 PST Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 01:34:32.0879 3836 Deinitialize success Geändert von flyingnoodls (20.05.2013 um 00:47 Uhr) |
20.05.2013, 21:58 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Sparkassen-Trojaner JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
20.05.2013, 22:23 | #13 |
| Sparkassen-TrojanerCode:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 7 Home Premium x64 Ran by Joe on 20.05.2013 at 23:03:06,70 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9 Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EB1CE354-81C0-4B82-9B58-BFC7713C6DB0} ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted: [File] C:\Users\Joe\AppData\Roaming\mozilla\firefox\profiles\trjxqo70.default-1368569298600\user.js Emptied folder: C:\Users\Joe\AppData\Roaming\mozilla\firefox\profiles\trjxqo70.default-1368569298600\minidumps [1 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 20.05.2013 at 23:06:39,27 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter # AdwCleaner v2.301 - Datei am 20/05/2013 um 23:10:10 erstellt # Aktualisiert am 16/05/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Joe - ASUS # Bootmodus : Normal # Ausgeführt unter : C:\Users\Joe\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16483 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v21.0 (de) Datei : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\trjxqo70.default-1368569298600\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [4358 octets] - [14/05/2013 23:56:56] AdwCleaner[R2].txt - [972 octets] - [15/05/2013 00:19:56] AdwCleaner[S1].txt - [4531 octets] - [14/05/2013 23:57:48] AdwCleaner[S2].txt - [906 octets] - [20/05/2013 23:10:10] ########## EOF - C:\AdwCleaner[S2].txt - [965 octets] ########## Code:
ATTFilter OTL logfile created on: 20.05.2013 23:14:18 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joe\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 65,22% Memory free 7,81 Gb Paging File | 6,34 Gb Available in Paging File | 81,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,24 Gb Total Space | 71,87 Gb Free Space | 60,28% Space Free | Partition Type: NTFS Drive D: | 153,85 Gb Total Space | 24,48 Gb Free Space | 15,91% Space Free | Partition Type: NTFS Drive E: | 465,88 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ASUS | User Name: Joe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Users\Joe\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (Motorola Mobility LLC) PRC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Motorola Mobility LLC) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) PRC - C:\Windows\AsScrPro.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS) PRC - C:\Windows\SysWOW64\ACEngSvr.exe (ASUSTeK) PRC - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola) PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll () ========== Services (SafeList) ========== SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.) SRV:64bit: - (EPSON_EB_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION) SRV:64bit: - (EPSON_PM_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Motorola Device Manager) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Motorola Mobility LLC) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (ASUS InstantOn) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe (ASUS) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (PST Service) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (motccgp) -- C:\Windows\SysNative\drivers\motccgp.sys (Motorola Mobility Inc) DRV:64bit: - (Motousbnet) -- C:\Windows\SysNative\drivers\Motousbnet.sys (Motorola Mobility Inc) DRV:64bit: - (MotoSwitchService) -- C:\Windows\SysNative\drivers\motswch.sys (Motorola) DRV:64bit: - (motmodem) -- C:\Windows\SysNative\drivers\motmodem.sys (Motorola Mobility Inc) DRV:64bit: - (cbfs3) -- C:\Windows\SysNative\drivers\cbfs3.sys (EldoS Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.) DRV:64bit: - (motccgpfl) -- C:\Windows\SysNative\drivers\motccgpfl.sys (Motorola Mobility Inc) DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc) DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc) DRV:64bit: - (motusbdevice) -- C:\Windows\SysNative\drivers\motusbdevice.sys (Motorola Inc) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp) DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (BTCFilterService) -- C:\Windows\SysNative\drivers\motfilt.sys (Motorola Inc) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-236100789-3848551917-3574890089-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-236100789-3848551917-3574890089-1000\..\SearchScopes,DefaultScope = {53C6CB24-A906-4DF8-8C26-8AA9DA0B50F7} IE - HKU\S-1-5-21-236100789-3848551917-3574890089-1000\..\SearchScopes\{53C6CB24-A906-4DF8-8C26-8AA9DA0B50F7}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz= IE - HKU\S-1-5-21-236100789-3848551917-3574890089-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-236100789-3848551917-3574890089-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;192.168.*.* ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.02.16 22:25:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.14 21:28:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.16 21:18:07 | 000,000,000 | ---D | M] [2012.11.12 11:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joe\AppData\Roaming\mozilla\Extensions [2013.05.14 21:29:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.14 21:29:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2013.05.19 12:46:51 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS) O4 - HKU\S-1-5-21-236100789-3848551917-3574890089-1000..\Run: [ICQ] C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-236100789-3848551917-3574890089-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-236100789-3848551917-3574890089-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C0EF544-3440-4CD5-BDF2-17A3DBEABB62}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CC4673B-E3E1-4F3E-8F44-C1E26AF1DCB5}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation) O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.20 23:03:04 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.05.20 23:03:01 | 000,000,000 | ---D | C] -- C:\JRT [2013.05.20 23:00:34 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Joe\Desktop\JRT.exe [2013.05.20 01:09:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.20 01:08:48 | 000,000,000 | ---D | C] -- C:\Users\Joe\Desktop\mbar-1.05.0.1001 [2013.05.20 01:08:01 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Joe\Desktop\tdsskiller.exe [2013.05.20 01:07:03 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Joe\Desktop\aswMBR.exe [2013.05.19 12:51:04 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.05.19 12:46:52 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013.05.19 12:39:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.05.19 12:34:24 | 005,067,228 | R--- | C] (Swearware) -- C:\Users\Joe\Desktop\ComboFix.exe [2013.05.18 11:59:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.05.18 11:59:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.05.18 11:59:46 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.18 11:59:32 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.05.16 21:17:35 | 000,000,000 | ---D | C] -- C:\Config.Msi [2013.05.16 10:54:09 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.05.16 10:54:09 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.05.16 10:54:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.05.16 10:54:04 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.05.16 10:54:04 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.05.16 10:54:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.05.16 10:54:04 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.05.16 10:54:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.05.16 10:54:03 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.05.16 10:54:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.05.16 10:54:02 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.05.16 10:54:01 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.05.16 10:53:59 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.05.16 10:53:59 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.05.16 10:53:59 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.05.15 11:57:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe [2013.05.15 10:51:09 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2013.05.15 10:51:09 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2013.05.15 10:50:58 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.05.15 10:50:58 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.05.15 10:50:58 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013.05.15 10:50:58 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2013.05.15 10:50:50 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll [2013.05.15 00:08:24 | 000,000,000 | ---D | C] -- C:\Users\Joe\Desktop\Alte Firefox-Daten [2013.05.14 21:30:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.05.14 21:11:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.05.14 21:11:27 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.05.14 21:11:27 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.05.14 21:11:27 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.05.08 13:35:50 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Upgoic [2013.05.08 13:35:50 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Pyumq [2013.04.22 12:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus ========== Files - Modified Within 30 Days ========== [2013.05.20 23:11:36 | 000,000,387 | ---- | M] () -- C:\Users\Joe\AppData\Roaming\sp_data.sys [2013.05.20 23:11:21 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.20 23:11:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.20 23:11:04 | 3145,826,304 | -HS- | M] () -- C:\hiberfil.sys [2013.05.20 23:10:39 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.20 23:10:39 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.20 23:01:15 | 000,632,031 | ---- | M] () -- C:\Users\Joe\Desktop\adwcleaner.exe [2013.05.20 23:00:37 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Joe\Desktop\JRT.exe [2013.05.20 22:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.20 22:34:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.20 01:30:28 | 000,000,512 | ---- | M] () -- C:\Users\Joe\Desktop\MBR.dat [2013.05.20 01:08:29 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Joe\Desktop\aswMBR.exe [2013.05.20 01:08:01 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Joe\Desktop\tdsskiller.exe [2013.05.20 01:06:04 | 012,917,756 | ---- | M] () -- C:\Users\Joe\Desktop\mbar-1.05.0.1001.zip [2013.05.19 12:46:51 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.05.19 12:34:44 | 005,067,228 | R--- | M] (Swearware) -- C:\Users\Joe\Desktop\ComboFix.exe [2013.05.18 14:37:24 | 000,110,375 | ---- | M] () -- C:\Users\Joe\Desktop\946787_668778629815802_402435058_n.jpg [2013.05.17 22:44:35 | 000,239,612 | ---- | M] () -- C:\Users\Joe\Desktop\maltis.jpg [2013.05.16 21:18:08 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2013.05.16 15:06:14 | 000,397,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.16 10:58:12 | 001,636,028 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.16 10:58:12 | 000,697,322 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.16 10:58:12 | 000,652,600 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.16 10:58:12 | 000,148,328 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.16 10:58:12 | 000,121,274 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.15 19:51:27 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.05.15 19:51:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.05.15 17:14:33 | 000,345,724 | ---- | M] () -- C:\Users\Joe\Desktop\Orthopaedie-Altklausur-2006WS-Gruppe_A.odt [2013.05.15 12:00:36 | 000,377,856 | ---- | M] () -- C:\Users\Joe\Desktop\gmer_2.1.19163.exe [2013.05.15 11:58:56 | 000,718,787 | ---- | M] () -- C:\Users\Joe\Desktop\69886-alle-hilfesuchenden-eroeffnu.pdf [2013.05.15 11:57:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe [2013.05.15 11:57:15 | 000,000,000 | ---- | M] () -- C:\Users\Joe\defogger_reenable [2013.05.15 11:56:37 | 000,050,477 | ---- | M] () -- C:\Users\Joe\Desktop\Defogger.exe [2013.05.15 00:18:09 | 000,039,929 | ---- | M] () -- C:\Users\Joe\Desktop\malware.jpg [2013.05.14 21:30:06 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.05.08 22:28:35 | 000,002,182 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2013.05.06 13:35:42 | 000,216,584 | ---- | M] () -- C:\Users\Joe\Desktop\32_externe_neue_aeappo_bewerbung_Aug13_VARIANTE2_1_Kopie_VER.pdf [2013.04.22 12:47:53 | 000,002,048 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.04.22 12:47:53 | 000,002,048 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.04.21 12:18:42 | 000,001,621 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini ========== Files Created - No Company Name ========== [2013.05.20 23:01:15 | 000,632,031 | ---- | C] () -- C:\Users\Joe\Desktop\adwcleaner.exe [2013.05.20 01:30:28 | 000,000,512 | ---- | C] () -- C:\Users\Joe\Desktop\MBR.dat [2013.05.20 01:05:59 | 012,917,756 | ---- | C] () -- C:\Users\Joe\Desktop\mbar-1.05.0.1001.zip [2013.05.18 14:46:38 | 000,110,375 | ---- | C] () -- C:\Users\Joe\Desktop\946787_668778629815802_402435058_n.jpg [2013.05.18 11:59:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.05.18 11:59:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.05.18 11:59:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.05.18 11:59:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.05.18 11:59:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.05.17 22:44:35 | 000,239,612 | ---- | C] () -- C:\Users\Joe\Desktop\maltis.jpg [2013.05.15 17:14:33 | 000,345,724 | ---- | C] () -- C:\Users\Joe\Desktop\Orthopaedie-Altklausur-2006WS-Gruppe_A.odt [2013.05.15 12:00:36 | 000,377,856 | ---- | C] () -- C:\Users\Joe\Desktop\gmer_2.1.19163.exe [2013.05.15 11:59:04 | 000,718,787 | ---- | C] () -- C:\Users\Joe\Desktop\69886-alle-hilfesuchenden-eroeffnu.pdf [2013.05.15 11:57:15 | 000,000,000 | ---- | C] () -- C:\Users\Joe\defogger_reenable [2013.05.15 11:56:32 | 000,050,477 | ---- | C] () -- C:\Users\Joe\Desktop\Defogger.exe [2013.05.15 00:18:09 | 000,039,929 | ---- | C] () -- C:\Users\Joe\Desktop\malware.jpg [2013.05.14 21:30:06 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.05.14 21:30:06 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.05.06 13:35:42 | 000,216,584 | ---- | C] () -- C:\Users\Joe\Desktop\32_externe_neue_aeappo_bewerbung_Aug13_VARIANTE2_1_Kopie_VER.pdf [2013.04.22 12:47:53 | 000,002,048 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.04.22 12:47:50 | 000,002,048 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012.07.29 14:18:19 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2012.07.28 14:04:14 | 000,000,387 | ---- | C] () -- C:\Users\Joe\AppData\Roaming\sp_data.sys [2012.06.09 15:35:49 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2012.03.05 03:24:03 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2012.03.05 03:23:54 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.03.05 03:23:53 | 000,217,536 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.03.05 03:23:53 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.03.05 03:23:52 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012.03.05 03:23:52 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012.02.24 04:28:11 | 001,591,930 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 20.05.2013 23:14:18 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joe\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 65,22% Memory free 7,81 Gb Paging File | 6,34 Gb Available in Paging File | 81,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,24 Gb Total Space | 71,87 Gb Free Space | 60,28% Space Free | Partition Type: NTFS Drive D: | 153,85 Gb Total Space | 24,48 Gb Free Space | 15,91% Space Free | Partition Type: NTFS Drive E: | 465,88 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ASUS | User Name: Joe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0B5C0026-3D1F-41FE-BE44-8F3CC58D6C9C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{1C622B62-9812-473A-9694-43BE9880C938}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2E8BC44F-71ED-4DD5-953F-9EC3B66368BD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{52026CE6-7339-4932-AC84-0A5D6A8E9FCE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5361333C-1BB8-4453-9B46-67332BCC102E}" = lport=10243 | protocol=6 | dir=in | app=system | "{6B172638-80F6-4F70-9DA1-256890CA8A6B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6E160FBE-34C2-4E27-8B20-024917ECEFCD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7200A232-CB9A-4548-89E0-CF072E6C2E3E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{79EFC616-4D96-4ADF-9BFF-EEDDC798A18D}" = lport=137 | protocol=17 | dir=in | app=system | "{9C1A304E-E904-4163-8685-B057898DAB62}" = rport=137 | protocol=17 | dir=out | app=system | "{9D320615-9EFE-49C3-B424-2CA1174EF7FB}" = rport=10243 | protocol=6 | dir=out | app=system | "{A11B5B9D-D30E-4E6D-B613-FBF1612FE835}" = rport=138 | protocol=17 | dir=out | app=system | "{A3E42950-C2EF-4603-9EDD-B59C1F1E1EB1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A56F99CF-933B-4F79-9B77-D54139039647}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{A608DB4C-DF2F-441A-BD39-7C13F34F5787}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A7302ADA-0DA6-4AA9-81FF-858F4C6B3848}" = lport=139 | protocol=6 | dir=in | app=system | "{ABBED92B-30DF-4AAF-A9B4-EE77382EDDAB}" = rport=445 | protocol=6 | dir=out | app=system | "{AFCAF206-534A-41FF-914A-5233CED97C01}" = lport=138 | protocol=17 | dir=in | app=system | "{B8019F4B-F6D1-4BD9-AA4A-8D773E2E3C15}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BB84E384-0AC6-45E6-A3D7-457188CD9EFF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D43A4F56-2E2D-4B37-8F1A-E49D6FB921AC}" = lport=445 | protocol=6 | dir=in | app=system | "{DBAD66F7-9B9D-4550-8E0B-8334C9253738}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{E44DF357-C07A-4237-A73F-8DA86DC3FA96}" = rport=139 | protocol=6 | dir=out | app=system | "{F77FB93A-F906-42E4-808B-4093E80C690A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FE323625-4A37-4AF5-85F7-1220DB7E4512}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{085D8B8A-01C8-474C-9850-26BAF824941B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{111359A1-32CF-4845-8BF6-649A7497F908}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{13A83034-8528-4A7A-8A67-C59CF4E31E09}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{19E284DE-FE65-45E9-8827-69D5454439A1}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{1B00A9A6-75DD-45C4-BE89-AB1B5A648222}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{21D81408-E5AE-494A-9F19-0985B781280D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2E6C793B-42D4-4EA7-99BC-9044656C7502}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{37CFE252-1D5D-411D-85A5-FB83D97C65DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{40970073-D479-476A-A69A-0CEFB6FABBE7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{56048913-2EE4-4FB6-9B10-B11FD9535645}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{571576D3-FB44-4106-895E-49C2B0766AD3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{59946201-37DF-458C-9238-2E37B660B48D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{657A2AC7-2FEF-4EA7-AD91-846D51CB621A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{6B453DB7-F2FA-4AF8-8796-0A73B34D19A6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{7C361E44-B538-4418-9BAA-799169D45374}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8241FB29-D9F2-4CDB-8829-62152A40AC80}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{9A27F507-C651-4851-8B34-05489C22346C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{9A6B5B6E-9701-4D3E-A857-BDEFFAAC6CC7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9F88D56F-9FE0-4A0E-911E-B80F155C8F1A}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{AD46D245-DF6B-4D41-AF5A-EAF74E9967C9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{B47194E0-0074-4543-B500-C795480F44A4}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{B895C586-3D59-4702-9349-FBB0630F617B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{BA2CEAF1-C66A-4C11-A788-DBD7D26C3DC8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{C1A280E9-7438-4759-84CE-63669528EEA8}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{CE15CB09-D002-4115-92F7-2D1504B41AC3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{DB37BB20-8703-4A10-85B0-1B585BB88CAB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{EDA33C67-02FC-4CBB-B8DE-B369AC2BA16B}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{F11EFF30-F169-45A5-8DB7-BBFDAA041230}" = protocol=6 | dir=out | app=system | "{F5826050-CE87-4DB0-BE47-5BE553A29588}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FF140651-CB2F-4364-8561-C0011F4439D8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "TCP Query User{4E2CBE00-D67A-42DB-963A-4BCCF5D04CE6}C:\program files (x86)\icq7m\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "TCP Query User{8C47AFEE-0DAF-48F7-BC95-10152D925307}C:\users\joe\appdata\roaming\wuala\wuala.exe" = protocol=6 | dir=in | app=c:\users\joe\appdata\roaming\wuala\wuala.exe | "TCP Query User{9E19B1C1-6941-4367-88FB-D635E971FC93}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{B6FB69C4-6222-4E85-A125-C71B6848127E}C:\users\joe\appdata\roaming\cyob\memi.exe" = protocol=6 | dir=in | app=c:\users\joe\appdata\roaming\cyob\memi.exe | "TCP Query User{E42833B9-C528-4181-9735-61257B60E965}C:\users\joe\appdata\roaming\cyob\memi.exe" = protocol=6 | dir=in | app=c:\users\joe\appdata\roaming\cyob\memi.exe | "UDP Query User{04804AE3-06AA-4D1C-8F7C-974C0E3E023F}C:\users\joe\appdata\roaming\cyob\memi.exe" = protocol=17 | dir=in | app=c:\users\joe\appdata\roaming\cyob\memi.exe | "UDP Query User{169E7D01-583D-45F8-BE69-F36F3C5D7C03}C:\users\joe\appdata\roaming\wuala\wuala.exe" = protocol=17 | dir=in | app=c:\users\joe\appdata\roaming\wuala\wuala.exe | "UDP Query User{6F1E306C-E3B7-4EA7-8805-0E4AB3A21AED}C:\program files (x86)\icq7m\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "UDP Query User{A52467EF-DEFF-4F0F-8DA4-AB091AD0BEBB}C:\users\joe\appdata\roaming\cyob\memi.exe" = protocol=17 | dir=in | app=c:\users\joe\appdata\roaming\cyob\memi.exe | "UDP Query User{B72745A7-F7D8-4240-887D-8EF8441C9513}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid "{C5A22A98-AC82-4404-BFB0-1E9F654EB176}" = Motorola Mobile Drivers Installation 6.0.0 "{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CutePDF Writer Installation" = CutePDF Writer 2.8 "EPSON SX218 Series" = EPSON SX218 Series Printer Uninstall "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Security Client" = Microsoft Security Essentials "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{1231D46E-3174-4F1F-859E-41DCB0D070D2}" = mediscript Hammerexamen "{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources "{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer "{19EA33FB-B34E-40EA-8B8A-61743AEB795A}" = Wireless Console 3 "{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21 "{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials "{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3FA377B8-23F4-470B-A567-5EED6B90C70E}" = cdrLabel 7.1 "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack "{4555BB9E-E715-4260-A178-E8EFD2B653E3}" = Alcor Micro USB Card Reader "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項 "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS FaceLogon "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn for NB "{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack "{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer "{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources "{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111249233}" = Dream Vacation Solitaire "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115065740}" = Bubbletown "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115290153}" = Go Go Gourmet Chef of the Year "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115320460}" = Turbo Fiesta "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116672750}" = World of Goo "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117080787}" = Plants vs Zombies "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117948443}" = Mahjong Memoirs "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118716773}" = Deadtime Stories "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119205603}" = Farm Frenzy 3 - Madagascar "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8EA569F1-97AF-4C3E-A0CB-4846C2D35A81}" = LibreOffice 4.0.0.3 "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package "{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials "{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений "{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources "{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections "{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}" = ASUS FancyStart "{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack "{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources "{DEAD13D3-BC70-4AAE-AEF9-BE6297E106D1}" = Motorola Device Software Update "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver "{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas "{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources "{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support "{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources "{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17 "AmUStor" = Alcor Micro USB Card Reader "Asus Vibe2.0" = AsusVibe2.0 "ASUS WebStorage" = ASUS WebStorage "ASUS_Screensaver" = ASUS_Screensaver "DivX Setup" = DivX-Setup "EPSON Scanner" = EPSON Scan "EPSON SX218 Series Manual" = EPSON SX218 Series Handbuch "Game Park Console" = Game Park Console "Google Chrome" = Google Chrome "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "McAfee Security Scan" = McAfee Security Scan Plus "Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "Office14.SingleImage" = Microsoft Office Home and Student 2010 "ST6UNST #1" = FMS32-PRO Version 3.1.5 "VLC media player" = VLC media player 2.0.3 "Winamp" = Winamp "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.20 (32-Bit) "Wuala CBFS" = Wuala CBFS "Wuala OverlayIcons" = Wuala OverlayIcons ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-236100789-3848551917-3574890089-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Winamp Detect" = Winamp Erkennungs-Plug-in "Wuala" = Wuala < End of report > |
20.05.2013, 22:25 | #14 |
| Sparkassen-TrojanerCode:
ATTFilter OTL logfile created on: 20.05.2013 23:14:18 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joe\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 65,22% Memory free 7,81 Gb Paging File | 6,34 Gb Available in Paging File | 81,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,24 Gb Total Space | 71,87 Gb Free Space | 60,28% Space Free | Partition Type: NTFS Drive D: | 153,85 Gb Total Space | 24,48 Gb Free Space | 15,91% Space Free | Partition Type: NTFS Drive E: | 465,88 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ASUS | User Name: Joe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Users\Joe\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (Motorola Mobility LLC) PRC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Motorola Mobility LLC) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) PRC - C:\Windows\AsScrPro.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS) PRC - C:\Windows\SysWOW64\ACEngSvr.exe (ASUSTeK) PRC - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola) PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll () ========== Services (SafeList) ========== SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.) SRV:64bit: - (EPSON_EB_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION) SRV:64bit: - (EPSON_PM_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Motorola Device Manager) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Motorola Mobility LLC) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (ASUS InstantOn) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe (ASUS) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (PST Service) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (motccgp) -- C:\Windows\SysNative\drivers\motccgp.sys (Motorola Mobility Inc) DRV:64bit: - (Motousbnet) -- C:\Windows\SysNative\drivers\Motousbnet.sys (Motorola Mobility Inc) DRV:64bit: - (MotoSwitchService) -- C:\Windows\SysNative\drivers\motswch.sys (Motorola) DRV:64bit: - (motmodem) -- C:\Windows\SysNative\drivers\motmodem.sys (Motorola Mobility Inc) DRV:64bit: - (cbfs3) -- C:\Windows\SysNative\drivers\cbfs3.sys (EldoS Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.) DRV:64bit: - (motccgpfl) -- C:\Windows\SysNative\drivers\motccgpfl.sys (Motorola Mobility Inc) DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc) DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc) DRV:64bit: - (motusbdevice) -- C:\Windows\SysNative\drivers\motusbdevice.sys (Motorola Inc) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp) DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (BTCFilterService) -- C:\Windows\SysNative\drivers\motfilt.sys (Motorola Inc) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-236100789-3848551917-3574890089-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-236100789-3848551917-3574890089-1000\..\SearchScopes,DefaultScope = {53C6CB24-A906-4DF8-8C26-8AA9DA0B50F7} IE - HKU\S-1-5-21-236100789-3848551917-3574890089-1000\..\SearchScopes\{53C6CB24-A906-4DF8-8C26-8AA9DA0B50F7}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz= IE - HKU\S-1-5-21-236100789-3848551917-3574890089-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-236100789-3848551917-3574890089-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;192.168.*.* ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.02.16 22:25:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.14 21:28:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.16 21:18:07 | 000,000,000 | ---D | M] [2012.11.12 11:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joe\AppData\Roaming\mozilla\Extensions [2013.05.14 21:29:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.14 21:29:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2013.05.19 12:46:51 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS) O4 - HKU\S-1-5-21-236100789-3848551917-3574890089-1000..\Run: [ICQ] C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-236100789-3848551917-3574890089-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-236100789-3848551917-3574890089-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C0EF544-3440-4CD5-BDF2-17A3DBEABB62}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CC4673B-E3E1-4F3E-8F44-C1E26AF1DCB5}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation) O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.20 23:03:04 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.05.20 23:03:01 | 000,000,000 | ---D | C] -- C:\JRT [2013.05.20 23:00:34 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Joe\Desktop\JRT.exe [2013.05.20 01:09:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.20 01:08:48 | 000,000,000 | ---D | C] -- C:\Users\Joe\Desktop\mbar-1.05.0.1001 [2013.05.20 01:08:01 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Joe\Desktop\tdsskiller.exe [2013.05.20 01:07:03 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Joe\Desktop\aswMBR.exe [2013.05.19 12:51:04 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.05.19 12:46:52 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013.05.19 12:39:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.05.19 12:34:24 | 005,067,228 | R--- | C] (Swearware) -- C:\Users\Joe\Desktop\ComboFix.exe [2013.05.18 11:59:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.05.18 11:59:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.05.18 11:59:46 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.18 11:59:32 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.05.16 21:17:35 | 000,000,000 | ---D | C] -- C:\Config.Msi [2013.05.16 10:54:09 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.05.16 10:54:09 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.05.16 10:54:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.05.16 10:54:04 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.05.16 10:54:04 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.05.16 10:54:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.05.16 10:54:04 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.05.16 10:54:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.05.16 10:54:03 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.05.16 10:54:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.05.16 10:54:02 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.05.16 10:54:01 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.05.16 10:53:59 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.05.16 10:53:59 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.05.16 10:53:59 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.05.15 11:57:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe [2013.05.15 10:51:09 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2013.05.15 10:51:09 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2013.05.15 10:50:58 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.05.15 10:50:58 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.05.15 10:50:58 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013.05.15 10:50:58 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2013.05.15 10:50:50 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll [2013.05.15 00:08:24 | 000,000,000 | ---D | C] -- C:\Users\Joe\Desktop\Alte Firefox-Daten [2013.05.14 21:30:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.05.14 21:11:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.05.14 21:11:27 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.05.14 21:11:27 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.05.14 21:11:27 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.05.08 13:35:50 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Upgoic [2013.05.08 13:35:50 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Pyumq [2013.04.22 12:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus ========== Files - Modified Within 30 Days ========== [2013.05.20 23:11:36 | 000,000,387 | ---- | M] () -- C:\Users\Joe\AppData\Roaming\sp_data.sys [2013.05.20 23:11:21 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.20 23:11:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.20 23:11:04 | 3145,826,304 | -HS- | M] () -- C:\hiberfil.sys [2013.05.20 23:10:39 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.20 23:10:39 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.20 23:01:15 | 000,632,031 | ---- | M] () -- C:\Users\Joe\Desktop\adwcleaner.exe [2013.05.20 23:00:37 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Joe\Desktop\JRT.exe [2013.05.20 22:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.20 22:34:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.20 01:30:28 | 000,000,512 | ---- | M] () -- C:\Users\Joe\Desktop\MBR.dat [2013.05.20 01:08:29 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Joe\Desktop\aswMBR.exe [2013.05.20 01:08:01 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Joe\Desktop\tdsskiller.exe [2013.05.20 01:06:04 | 012,917,756 | ---- | M] () -- C:\Users\Joe\Desktop\mbar-1.05.0.1001.zip [2013.05.19 12:46:51 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.05.19 12:34:44 | 005,067,228 | R--- | M] (Swearware) -- C:\Users\Joe\Desktop\ComboFix.exe [2013.05.18 14:37:24 | 000,110,375 | ---- | M] () -- C:\Users\Joe\Desktop\946787_668778629815802_402435058_n.jpg [2013.05.17 22:44:35 | 000,239,612 | ---- | M] () -- C:\Users\Joe\Desktop\maltis.jpg [2013.05.16 21:18:08 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2013.05.16 15:06:14 | 000,397,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.16 10:58:12 | 001,636,028 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.16 10:58:12 | 000,697,322 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.16 10:58:12 | 000,652,600 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.16 10:58:12 | 000,148,328 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.16 10:58:12 | 000,121,274 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.15 19:51:27 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.05.15 19:51:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.05.15 17:14:33 | 000,345,724 | ---- | M] () -- C:\Users\Joe\Desktop\Orthopaedie-Altklausur-2006WS-Gruppe_A.odt [2013.05.15 12:00:36 | 000,377,856 | ---- | M] () -- C:\Users\Joe\Desktop\gmer_2.1.19163.exe [2013.05.15 11:58:56 | 000,718,787 | ---- | M] () -- C:\Users\Joe\Desktop\69886-alle-hilfesuchenden-eroeffnu.pdf [2013.05.15 11:57:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe [2013.05.15 11:57:15 | 000,000,000 | ---- | M] () -- C:\Users\Joe\defogger_reenable [2013.05.15 11:56:37 | 000,050,477 | ---- | M] () -- C:\Users\Joe\Desktop\Defogger.exe [2013.05.15 00:18:09 | 000,039,929 | ---- | M] () -- C:\Users\Joe\Desktop\malware.jpg [2013.05.14 21:30:06 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.05.08 22:28:35 | 000,002,182 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2013.05.06 13:35:42 | 000,216,584 | ---- | M] () -- C:\Users\Joe\Desktop\32_externe_neue_aeappo_bewerbung_Aug13_VARIANTE2_1_Kopie_VER.pdf [2013.04.22 12:47:53 | 000,002,048 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.04.22 12:47:53 | 000,002,048 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.04.21 12:18:42 | 000,001,621 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini ========== Files Created - No Company Name ========== [2013.05.20 23:01:15 | 000,632,031 | ---- | C] () -- C:\Users\Joe\Desktop\adwcleaner.exe [2013.05.20 01:30:28 | 000,000,512 | ---- | C] () -- C:\Users\Joe\Desktop\MBR.dat [2013.05.20 01:05:59 | 012,917,756 | ---- | C] () -- C:\Users\Joe\Desktop\mbar-1.05.0.1001.zip [2013.05.18 14:46:38 | 000,110,375 | ---- | C] () -- C:\Users\Joe\Desktop\946787_668778629815802_402435058_n.jpg [2013.05.18 11:59:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.05.18 11:59:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.05.18 11:59:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.05.18 11:59:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.05.18 11:59:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.05.17 22:44:35 | 000,239,612 | ---- | C] () -- C:\Users\Joe\Desktop\maltis.jpg [2013.05.15 17:14:33 | 000,345,724 | ---- | C] () -- C:\Users\Joe\Desktop\Orthopaedie-Altklausur-2006WS-Gruppe_A.odt [2013.05.15 12:00:36 | 000,377,856 | ---- | C] () -- C:\Users\Joe\Desktop\gmer_2.1.19163.exe [2013.05.15 11:59:04 | 000,718,787 | ---- | C] () -- C:\Users\Joe\Desktop\69886-alle-hilfesuchenden-eroeffnu.pdf [2013.05.15 11:57:15 | 000,000,000 | ---- | C] () -- C:\Users\Joe\defogger_reenable [2013.05.15 11:56:32 | 000,050,477 | ---- | C] () -- C:\Users\Joe\Desktop\Defogger.exe [2013.05.15 00:18:09 | 000,039,929 | ---- | C] () -- C:\Users\Joe\Desktop\malware.jpg [2013.05.14 21:30:06 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.05.14 21:30:06 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.05.06 13:35:42 | 000,216,584 | ---- | C] () -- C:\Users\Joe\Desktop\32_externe_neue_aeappo_bewerbung_Aug13_VARIANTE2_1_Kopie_VER.pdf [2013.04.22 12:47:53 | 000,002,048 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.04.22 12:47:50 | 000,002,048 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012.07.29 14:18:19 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2012.07.28 14:04:14 | 000,000,387 | ---- | C] () -- C:\Users\Joe\AppData\Roaming\sp_data.sys [2012.06.09 15:35:49 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2012.03.05 03:24:03 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2012.03.05 03:23:54 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.03.05 03:23:53 | 000,217,536 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.03.05 03:23:53 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.03.05 03:23:52 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012.03.05 03:23:52 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012.02.24 04:28:11 | 001,591,930 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 20.05.2013 23:14:18 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joe\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 65,22% Memory free 7,81 Gb Paging File | 6,34 Gb Available in Paging File | 81,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,24 Gb Total Space | 71,87 Gb Free Space | 60,28% Space Free | Partition Type: NTFS Drive D: | 153,85 Gb Total Space | 24,48 Gb Free Space | 15,91% Space Free | Partition Type: NTFS Drive E: | 465,88 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ASUS | User Name: Joe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0B5C0026-3D1F-41FE-BE44-8F3CC58D6C9C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{1C622B62-9812-473A-9694-43BE9880C938}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2E8BC44F-71ED-4DD5-953F-9EC3B66368BD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{52026CE6-7339-4932-AC84-0A5D6A8E9FCE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5361333C-1BB8-4453-9B46-67332BCC102E}" = lport=10243 | protocol=6 | dir=in | app=system | "{6B172638-80F6-4F70-9DA1-256890CA8A6B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6E160FBE-34C2-4E27-8B20-024917ECEFCD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7200A232-CB9A-4548-89E0-CF072E6C2E3E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{79EFC616-4D96-4ADF-9BFF-EEDDC798A18D}" = lport=137 | protocol=17 | dir=in | app=system | "{9C1A304E-E904-4163-8685-B057898DAB62}" = rport=137 | protocol=17 | dir=out | app=system | "{9D320615-9EFE-49C3-B424-2CA1174EF7FB}" = rport=10243 | protocol=6 | dir=out | app=system | "{A11B5B9D-D30E-4E6D-B613-FBF1612FE835}" = rport=138 | protocol=17 | dir=out | app=system | "{A3E42950-C2EF-4603-9EDD-B59C1F1E1EB1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A56F99CF-933B-4F79-9B77-D54139039647}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{A608DB4C-DF2F-441A-BD39-7C13F34F5787}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A7302ADA-0DA6-4AA9-81FF-858F4C6B3848}" = lport=139 | protocol=6 | dir=in | app=system | "{ABBED92B-30DF-4AAF-A9B4-EE77382EDDAB}" = rport=445 | protocol=6 | dir=out | app=system | "{AFCAF206-534A-41FF-914A-5233CED97C01}" = lport=138 | protocol=17 | dir=in | app=system | "{B8019F4B-F6D1-4BD9-AA4A-8D773E2E3C15}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BB84E384-0AC6-45E6-A3D7-457188CD9EFF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D43A4F56-2E2D-4B37-8F1A-E49D6FB921AC}" = lport=445 | protocol=6 | dir=in | app=system | "{DBAD66F7-9B9D-4550-8E0B-8334C9253738}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{E44DF357-C07A-4237-A73F-8DA86DC3FA96}" = rport=139 | protocol=6 | dir=out | app=system | "{F77FB93A-F906-42E4-808B-4093E80C690A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FE323625-4A37-4AF5-85F7-1220DB7E4512}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{085D8B8A-01C8-474C-9850-26BAF824941B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{111359A1-32CF-4845-8BF6-649A7497F908}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{13A83034-8528-4A7A-8A67-C59CF4E31E09}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{19E284DE-FE65-45E9-8827-69D5454439A1}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{1B00A9A6-75DD-45C4-BE89-AB1B5A648222}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{21D81408-E5AE-494A-9F19-0985B781280D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2E6C793B-42D4-4EA7-99BC-9044656C7502}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{37CFE252-1D5D-411D-85A5-FB83D97C65DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{40970073-D479-476A-A69A-0CEFB6FABBE7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{56048913-2EE4-4FB6-9B10-B11FD9535645}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{571576D3-FB44-4106-895E-49C2B0766AD3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{59946201-37DF-458C-9238-2E37B660B48D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{657A2AC7-2FEF-4EA7-AD91-846D51CB621A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{6B453DB7-F2FA-4AF8-8796-0A73B34D19A6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{7C361E44-B538-4418-9BAA-799169D45374}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8241FB29-D9F2-4CDB-8829-62152A40AC80}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{9A27F507-C651-4851-8B34-05489C22346C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{9A6B5B6E-9701-4D3E-A857-BDEFFAAC6CC7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9F88D56F-9FE0-4A0E-911E-B80F155C8F1A}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{AD46D245-DF6B-4D41-AF5A-EAF74E9967C9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{B47194E0-0074-4543-B500-C795480F44A4}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{B895C586-3D59-4702-9349-FBB0630F617B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{BA2CEAF1-C66A-4C11-A788-DBD7D26C3DC8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{C1A280E9-7438-4759-84CE-63669528EEA8}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{CE15CB09-D002-4115-92F7-2D1504B41AC3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{DB37BB20-8703-4A10-85B0-1B585BB88CAB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{EDA33C67-02FC-4CBB-B8DE-B369AC2BA16B}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{F11EFF30-F169-45A5-8DB7-BBFDAA041230}" = protocol=6 | dir=out | app=system | "{F5826050-CE87-4DB0-BE47-5BE553A29588}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FF140651-CB2F-4364-8561-C0011F4439D8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "TCP Query User{4E2CBE00-D67A-42DB-963A-4BCCF5D04CE6}C:\program files (x86)\icq7m\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "TCP Query User{8C47AFEE-0DAF-48F7-BC95-10152D925307}C:\users\joe\appdata\roaming\wuala\wuala.exe" = protocol=6 | dir=in | app=c:\users\joe\appdata\roaming\wuala\wuala.exe | "TCP Query User{9E19B1C1-6941-4367-88FB-D635E971FC93}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{B6FB69C4-6222-4E85-A125-C71B6848127E}C:\users\joe\appdata\roaming\cyob\memi.exe" = protocol=6 | dir=in | app=c:\users\joe\appdata\roaming\cyob\memi.exe | "TCP Query User{E42833B9-C528-4181-9735-61257B60E965}C:\users\joe\appdata\roaming\cyob\memi.exe" = protocol=6 | dir=in | app=c:\users\joe\appdata\roaming\cyob\memi.exe | "UDP Query User{04804AE3-06AA-4D1C-8F7C-974C0E3E023F}C:\users\joe\appdata\roaming\cyob\memi.exe" = protocol=17 | dir=in | app=c:\users\joe\appdata\roaming\cyob\memi.exe | "UDP Query User{169E7D01-583D-45F8-BE69-F36F3C5D7C03}C:\users\joe\appdata\roaming\wuala\wuala.exe" = protocol=17 | dir=in | app=c:\users\joe\appdata\roaming\wuala\wuala.exe | "UDP Query User{6F1E306C-E3B7-4EA7-8805-0E4AB3A21AED}C:\program files (x86)\icq7m\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "UDP Query User{A52467EF-DEFF-4F0F-8DA4-AB091AD0BEBB}C:\users\joe\appdata\roaming\cyob\memi.exe" = protocol=17 | dir=in | app=c:\users\joe\appdata\roaming\cyob\memi.exe | "UDP Query User{B72745A7-F7D8-4240-887D-8EF8441C9513}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid "{C5A22A98-AC82-4404-BFB0-1E9F654EB176}" = Motorola Mobile Drivers Installation 6.0.0 "{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CutePDF Writer Installation" = CutePDF Writer 2.8 "EPSON SX218 Series" = EPSON SX218 Series Printer Uninstall "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Security Client" = Microsoft Security Essentials "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{1231D46E-3174-4F1F-859E-41DCB0D070D2}" = mediscript Hammerexamen "{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources "{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer "{19EA33FB-B34E-40EA-8B8A-61743AEB795A}" = Wireless Console 3 "{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21 "{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials "{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3FA377B8-23F4-470B-A567-5EED6B90C70E}" = cdrLabel 7.1 "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack "{4555BB9E-E715-4260-A178-E8EFD2B653E3}" = Alcor Micro USB Card Reader "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項 "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS FaceLogon "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn for NB "{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack "{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer "{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources "{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111249233}" = Dream Vacation Solitaire "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115065740}" = Bubbletown "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115290153}" = Go Go Gourmet Chef of the Year "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115320460}" = Turbo Fiesta "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116672750}" = World of Goo "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117080787}" = Plants vs Zombies "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117948443}" = Mahjong Memoirs "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118716773}" = Deadtime Stories "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119205603}" = Farm Frenzy 3 - Madagascar "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8EA569F1-97AF-4C3E-A0CB-4846C2D35A81}" = LibreOffice 4.0.0.3 "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package "{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials "{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений "{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources "{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections "{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}" = ASUS FancyStart "{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack "{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources "{DEAD13D3-BC70-4AAE-AEF9-BE6297E106D1}" = Motorola Device Software Update "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver "{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas "{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources "{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support "{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources "{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17 "AmUStor" = Alcor Micro USB Card Reader "Asus Vibe2.0" = AsusVibe2.0 "ASUS WebStorage" = ASUS WebStorage "ASUS_Screensaver" = ASUS_Screensaver "DivX Setup" = DivX-Setup "EPSON Scanner" = EPSON Scan "EPSON SX218 Series Manual" = EPSON SX218 Series Handbuch "Game Park Console" = Game Park Console "Google Chrome" = Google Chrome "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "McAfee Security Scan" = McAfee Security Scan Plus "Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "Office14.SingleImage" = Microsoft Office Home and Student 2010 "ST6UNST #1" = FMS32-PRO Version 3.1.5 "VLC media player" = VLC media player 2.0.3 "Winamp" = Winamp "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.20 (32-Bit) "Wuala CBFS" = Wuala CBFS "Wuala OverlayIcons" = Wuala OverlayIcons ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-236100789-3848551917-3574890089-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Winamp Detect" = Winamp Erkennungs-Plug-in "Wuala" = Wuala < End of report > |
20.05.2013, 22:35 | #15 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Sparkassen-TrojanerFixen mit OTL
Code:
ATTFilter :OTL FF - user.js - File not found [2013.05.08 13:35:50 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Upgoic [2013.05.08 13:35:50 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Pyumq :Files ipconfig /flushdns /c :Commands [purity] [emptytemp] [resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Sparkassen-Trojaner |
appdatalow, bho, bildschirm, bingbar, browser, error, fehler, firefox, flash player, focus, home, hängt, iexplore.exe, install.exe, installation, internet browser, logfile, malware, mozilla, object, plug-in, problem, realtek, registrierungsdatenbank, registry, scan, security, sekunden, software, svchost.exe, windows |