| |
| |||||||
Log-Analyse und Auswertung: Trojaner von Kaspersky nicht gelöschtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.04.2015, 20:54
| #1 |
 |  Trojaner von Kaspersky nicht gelöscht Guten Tag! In Windows 7 löscht Kaspersky den Trojaner Trojan Win32 Agent qt nicht. Wie kann ich ihn löschen? Ist dieser Trojaner gefährlich? Hat er mit folgendem Problem zu tun? Ich habe vor paar Tagen ein Mail erhalten, worin neben der privaten Adresse des Absenders noch stand <info@flipmailer> als Absender. Das Mail forderte den Empfänger auf, Freunde des Absenders zu werden werden. Aehnliche Mails gingen offenbar von meinem Computer aus an Adressen aus meinem Adressbuch. Vielen Dank für Ihre Hilfe zum voaus. St. Steiner [CODE]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-04-2015 02 Ran by Steiner at 2015-04-15 16:03:50 Running from C:\Users\Steiner\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3507 - Acer Incorporated) Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3506 - Acer Incorporated) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0609.2011 - Acer Incorporated) Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3501 - Acer Incorporated) Acronis True Image 2015 (HKLM-x32\...\{08DC7D7A-1CA0-4E96-B12F-9B9577FCF0F8}Visible) (Version: 18.0.6525 - Acronis) Acronis True Image 2015 (x32 Version: 18.0.6525 - Acronis) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated) Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated) Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.5 - Adobe Systems Incorporated) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated) Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated) Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated) Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden AMD Catalyst Install Manager (HKLM\...\{682EBE5A-58A4-37ED-7D1B-5AB6182BF8D5}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.) Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Banana Buchhaltung 7.0 (HKLM-x32\...\Banana70_is1) (Version: 7.0.2.0 - Banana.ch SA) Bing Bar (HKLM-x32\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Canon MP Navigator 3.0 (HKLM-x32\...\MP Navigator 3.0) (Version: - ) Canon MP600 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600) (Version: - ) Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - ) CashComm (HKLM-x32\...\{7400FBCF-B854-47B5-9D18-0E7DE5790989}) (Version: 5.1.33 - Softcrew AG) CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform) CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version: - ) clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.00.3004 - Acer Incorporated) clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.00.3004 - Acer Incorporated) clear.fi SDK - MVP 2 (x32 Version: 2.0.1505 - CyberLink Corp.) Hidden clear.fi SDK- Movie 2 (x32 Version: 2.0.1502 - CyberLink Corp.) Hidden CLX.PayMaker (HKLM-x32\...\{33EF44A6-381B-4585-BFF6-12C68D0BCF14}) (Version: 2.1.32.0 - CREALOGIX) CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1720_38230 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden D-Link DWA-131 Wireless N Nano USB Adapter (HKLM-x32\...\{D9198056-A296-4583-A790-C0E73694CFE8}) (Version: - D-Link) Documents Manager 3 (HKLM-x32\...\{64132D76-3A1B-4F67-B1A5-78EB97DFA5AA}) (Version: 2.1.18.0 - CREALOGIX) Dropbox (HKU\S-1-5-21-2167322945-2733738748-3786458674-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.) eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM) Elements 11 Organizer (x32 Version: 11.0 - Ihr Firmenname) Hidden Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Evernote v. 5.8.5 (HKLM-x32\...\{5EDC25EC-D966-11E4-9E5C-00163E98E7D6}) (Version: 5.8.5.7193 - Evernote Corp.) FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden File Scavenger 4.1 (de) (HKLM-x32\...\QueTek File Scavenger 4.1 (de)) (Version: 4.1.1.0 - QueTek Consulting Corporation) Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{6C5F8503-55D2-4398-858C-362B7A7AF51C}) (Version: 2.1.31.0 - MAGIX AG) Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden FRANZIS onlineTV 8 (HKLM-x32\...\{CBC88F0E-1960-4AC3-8C38-8BAD44E3F6E3}_is1) (Version: 8.3.0.1 - FRANZIS Verlag GmbH) Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.) Google Desktop (HKLM-x32\...\Google Desktop) (Version: - - Google) Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.) Google Earth (HKLM-x32\...\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3510 - Acer Incorporated) iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated) Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.0.199 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan) iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.) Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle) Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab) Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden MAGIX Fotos auf DVD 2013 Deluxe (HKLM-x32\...\MAGIX_{57F4B170-E76D-47F9-B6BA-F3D4FB7445B6}) (Version: 12.0.2.78 - MAGIX AG) MAGIX Fotos auf DVD 2013 Deluxe (Version: 12.0.2.78 - MAGIX AG) Hidden MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{AAE67184-CE3D-4B92-BD5D-1B448301BCCE}) (Version: 7.0.2.6 - MAGIX AG) MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2167322945-2733738748-3786458674-1000\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla) Mozilla Thunderbird 17.0.7 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 17.0.7 (x86 de)) (Version: 17.0.7 - Mozilla) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.18 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 4.0.14.18 - Egis Technology Inc.) Hidden Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10500.1.100 - Nero AG) Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG) Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.6.10300 - Nero AG) Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10600.4.100 - Nero AG) New Inside Out Advanced (HKLM-x32\...\{00D1D773-AC30-4C1D-8EB9-ABDB69E5D0B2}) (Version: 1.01.0000 - Macmillan) Parallels Access (HKLM-x32\...\{458B3F55-2F80-4391-BDF5-0EA426FACAD4}) (Version: 2.5.2.29536 - Parallels Software International Inc) PC-Navigo 2013 (HKLM\...\{00A0E68F-74F7-4574-A400-D4B8A152B1A0}) (Version: 2013 - NoorderSoft) PC-Navigo 2015 2015.0.0.8 (HKLM\...\{8459E801-F676-4BC1-B994-9DE445FB28ED}) (Version: 2015.0.0.8 - NoorderSoft) Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Pervasive.SQL V8 Workgroup (v8.6) (HKLM-x32\...\{5FCFC78C-438A-4F4D-B266-E32B8468BAFC}) (Version: 8.60.192.033 - Pervasive Software Inc. ) PhotoCardMaker 1.0.4 (HKLM-x32\...\PhotoCardMaker_is1) (Version: - Kigosoft Inc.) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.6.0 - Prolific Technology INC) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) QXL Ricardo Assistant 5 (HKLM-x32\...\QXL Ricardo Assistant 5) (Version: 0.0.0.0 - ) Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6505 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.47 - Piriform) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden Skype™ 6.1 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.1.129 - Skype Technologies S.A.) Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden SmartSound Quicktracks for Premiere Elements 9.0 (HKLM-x32\...\InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}) (Version: 3.12.3090 - SmartSound Software Inc) SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090 - SmartSound Software Inc) Hidden sweet-page uninstall (HKLM-x32\...\sweet-page uninstall) (Version: - sweet-page) <==== ATTENTION SystemAssister (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{b4704e3b}) (Version: - Software Publisher) <==== ATTENTION Taggr (HKLM-x32\...\{BEEF8F99-CE43-4721-9B61-F892BD705FAA}) (Version: 1.3.30.0 - u-blox) TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.15723 - TeamViewer) Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden VeryPDF PDF to Word OCR Converter v2.0 (HKLM-x32\...\VeryPDF PDF to Word OCR Converter v2.0_is1) (Version: - VeryPDF.com Company) Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3507 - Acer Incorporated) WildTangent Games App (Acer Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) WSE_Vosteran (HKLM-x32\...\WSE_Vosteran) (Version: - WSE_Vosteran) <==== ATTENTION! Wuala (HKU\S-1-5-21-2167322945-2733738748-3786458674-1000\...\Wuala) (Version: 1.0.444.0 - LaCie) Wuala CBFS (HKLM-x32\...\Wuala CBFS) (Version: 3.2.107.0 - LaCie) Wuala OverlayIcons (HKLM-x32\...\Wuala OverlayIcons) (Version: 1.0.0.2 - LaCie) XMedia Recode Packages (HKU\S-1-5-21-2167322945-2733738748-3786458674-1000\...\XMedia Recode Packages) (Version: - ) <==== ATTENTION Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== Fortsetzung in 2. Anfrage |
|
15.04.2015, 21:02
| #2 |
| | Trojaner von Kapspersky nicht gelöscht Forsetzung meiner Anfrage / Seite 1-21
__________________Guten Tag! In Windows 7 löscht Kaspersky den Trojaner Trojan Win32 Agent qt nicht. Wie kann ich ihn löschen? Ist dieser Trojaner gefährlich? Hat er mit folgendem Problem zu tun? Ich habe vor paar Tagen ein Mail erhalten, worin neben der privaten Adresse des Absenders noch stand <info@flipmailer> als Absender. Das Mail forderte den Empfänger auf, Freunde des Absenders zu werden werden. Aehnliche Mails gingen offenbar von meinem Computer aus an Adressen aus meinem Adressbuch. Vielen Dank für Ihre Hilfe zum voaus. St. Steiner [CODE]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-04-2015 02 Ran by Steiner at 2015-04-15 16:03:50 Running from C:\Users\Steiner\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3507 - Acer Incorporated) Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3506 - Acer Incorporated) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0609.2011 - Acer Incorporated) Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3501 - Acer Incorporated) Acronis True Image 2015 (HKLM-x32\...\{08DC7D7A-1CA0-4E96-B12F-9B9577FCF0F8}Visible) (Version: 18.0.6525 - Acronis) Acronis True Image 2015 (x32 Version: 18.0.6525 - Acronis) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated) Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated) Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.5 - Adobe Systems Incorporated) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated) Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated) Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated) Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden AMD Catalyst Install Manager (HKLM\...\{682EBE5A-58A4-37ED-7D1B-5AB6182BF8D5}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.) Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Banana Buchhaltung 7.0 (HKLM-x32\...\Banana70_is1) (Version: 7.0.2.0 - Banana.ch SA) Bing Bar (HKLM-x32\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Canon MP Navigator 3.0 (HKLM-x32\...\MP Navigator 3.0) (Version: - ) Canon MP600 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600) (Version: - ) Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - ) CashComm (HKLM-x32\...\{7400FBCF-B854-47B5-9D18-0E7DE5790989}) (Version: 5.1.33 - Softcrew AG) CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform) CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version: - ) clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.00.3004 - Acer Incorporated) clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.00.3004 - Acer Incorporated) clear.fi SDK - MVP 2 (x32 Version: 2.0.1505 - CyberLink Corp.) Hidden clear.fi SDK- Movie 2 (x32 Version: 2.0.1502 - CyberLink Corp.) Hidden CLX.PayMaker (HKLM-x32\...\{33EF44A6-381B-4585-BFF6-12C68D0BCF14}) (Version: 2.1.32.0 - CREALOGIX) CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1720_38230 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden D-Link DWA-131 Wireless N Nano USB Adapter (HKLM-x32\...\{D9198056-A296-4583-A790-C0E73694CFE8}) (Version: - D-Link) Documents Manager 3 (HKLM-x32\...\{64132D76-3A1B-4F67-B1A5-78EB97DFA5AA}) (Version: 2.1.18.0 - CREALOGIX) Dropbox (HKU\S-1-5-21-2167322945-2733738748-3786458674-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.) eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM) Elements 11 Organizer (x32 Version: 11.0 - Ihr Firmenname) Hidden Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Evernote v. 5.8.5 (HKLM-x32\...\{5EDC25EC-D966-11E4-9E5C-00163E98E7D6}) (Version: 5.8.5.7193 - Evernote Corp.) FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden File Scavenger 4.1 (de) (HKLM-x32\...\QueTek File Scavenger 4.1 (de)) (Version: 4.1.1.0 - QueTek Consulting Corporation) Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{6C5F8503-55D2-4398-858C-362B7A7AF51C}) (Version: 2.1.31.0 - MAGIX AG) Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden FRANZIS onlineTV 8 (HKLM-x32\...\{CBC88F0E-1960-4AC3-8C38-8BAD44E3F6E3}_is1) (Version: 8.3.0.1 - FRANZIS Verlag GmbH) Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.) Google Desktop (HKLM-x32\...\Google Desktop) (Version: - - Google) Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.) Google Earth (HKLM-x32\...\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3510 - Acer Incorporated) iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated) Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.0.199 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan) iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.) Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle) Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab) Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden MAGIX Fotos auf DVD 2013 Deluxe (HKLM-x32\...\MAGIX_{57F4B170-E76D-47F9-B6BA-F3D4FB7445B6}) (Version: 12.0.2.78 - MAGIX AG) MAGIX Fotos auf DVD 2013 Deluxe (Version: 12.0.2.78 - MAGIX AG) Hidden MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{AAE67184-CE3D-4B92-BD5D-1B448301BCCE}) (Version: 7.0.2.6 - MAGIX AG) MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2167322945-2733738748-3786458674-1000\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla) Mozilla Thunderbird 17.0.7 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 17.0.7 (x86 de)) (Version: 17.0.7 - Mozilla) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.18 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 4.0.14.18 - Egis Technology Inc.) Hidden Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10500.1.100 - Nero AG) Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG) Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.6.10300 - Nero AG) Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10600.4.100 - Nero AG) New Inside Out Advanced (HKLM-x32\...\{00D1D773-AC30-4C1D-8EB9-ABDB69E5D0B2}) (Version: 1.01.0000 - Macmillan) Parallels Access (HKLM-x32\...\{458B3F55-2F80-4391-BDF5-0EA426FACAD4}) (Version: 2.5.2.29536 - Parallels Software International Inc) PC-Navigo 2013 (HKLM\...\{00A0E68F-74F7-4574-A400-D4B8A152B1A0}) (Version: 2013 - NoorderSoft) PC-Navigo 2015 2015.0.0.8 (HKLM\...\{8459E801-F676-4BC1-B994-9DE445FB28ED}) (Version: 2015.0.0.8 - NoorderSoft) Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Pervasive.SQL V8 Workgroup (v8.6) (HKLM-x32\...\{5FCFC78C-438A-4F4D-B266-E32B8468BAFC}) (Version: 8.60.192.033 - Pervasive Software Inc. ) PhotoCardMaker 1.0.4 (HKLM-x32\...\PhotoCardMaker_is1) (Version: - Kigosoft Inc.) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.6.0 - Prolific Technology INC) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) QXL Ricardo Assistant 5 (HKLM-x32\...\QXL Ricardo Assistant 5) (Version: 0.0.0.0 - ) Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6505 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.47 - Piriform) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden Skype™ 6.1 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.1.129 - Skype Technologies S.A.) Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden SmartSound Quicktracks for Premiere Elements 9.0 (HKLM-x32\...\InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}) (Version: 3.12.3090 - SmartSound Software Inc) SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090 - SmartSound Software Inc) Hidden sweet-page uninstall (HKLM-x32\...\sweet-page uninstall) (Version: - sweet-page) <==== ATTENTION SystemAssister (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{b4704e3b}) (Version: - Software Publisher) <==== ATTENTION Taggr (HKLM-x32\...\{BEEF8F99-CE43-4721-9B61-F892BD705FAA}) (Version: 1.3.30.0 - u-blox) TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.15723 - TeamViewer) Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden VeryPDF PDF to Word OCR Converter v2.0 (HKLM-x32\...\VeryPDF PDF to Word OCR Converter v2.0_is1) (Version: - VeryPDF.com Company) Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3507 - Acer Incorporated) WildTangent Games App (Acer Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) WSE_Vosteran (HKLM-x32\...\WSE_Vosteran) (Version: - WSE_Vosteran) <==== ATTENTION! Wuala (HKU\S-1-5-21-2167322945-2733738748-3786458674-1000\...\Wuala) (Version: 1.0.444.0 - LaCie) Wuala CBFS (HKLM-x32\...\Wuala CBFS) (Version: 3.2.107.0 - LaCie) Wuala OverlayIcons (HKLM-x32\...\Wuala OverlayIcons) (Version: 1.0.0.2 - LaCie) XMedia Recode Packages (HKU\S-1-5-21-2167322945-2733738748-3786458674-1000\...\XMedia Recode Packages) (Version: - ) <==== ATTENTION Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2167322945-2733738748-3786458674-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2167322945-2733738748-3786458674-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Steiner\AppData\Local\Microsoft\OneDrive\17.3.4726.0226_1\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2167322945-2733738748-3786458674-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Steiner\AppData\Local\Microsoft\OneDrive\17.3.4726.0226_1\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2167322945-2733738748-3786458674-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Steiner\AppData\Local\Microsoft\OneDrive\17.3.4726.0226_1\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2167322945-2733738748-3786458674-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Steiner\AppData\Local\Microsoft\OneDrive\17.3.4726.0226_1\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2167322945-2733738748-3786458674-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Steiner\AppData\Local\Microsoft\OneDrive\17.3.4726.0226_1\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2167322945-2733738748-3786458674-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Steiner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2167322945-2733738748-3786458674-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Steiner\AppData\Local\Microsoft\OneDrive\17.3.4726.0226_1\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2167322945-2733738748-3786458674-1000_Classes\CLSID\{f7dae9c5-ac51-5d9f-8780-2cc6bf8b05a9}\InprocServer32 -> C:\Program Files (x86)\Chart Installer\npNavConnect64.dll No File CustomCLSID: HKU\S-1-5-21-2167322945-2733738748-3786458674-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Steiner\AppData\Local\Microsoft\OneDrive\17.3.4726.0226_1\amd64\FileSyncApi64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2167322945-2733738748-3786458674-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steiner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2167322945-2733738748-3786458674-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steiner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2167322945-2733738748-3786458674-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steiner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2167322945-2733738748-3786458674-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steiner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2167322945-2733738748-3786458674-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steiner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2167322945-2733738748-3786458674-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steiner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2167322945-2733738748-3786458674-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steiner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2167322945-2733738748-3786458674-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steiner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ==================== Restore Points ========================= 15-04-2015 10:46:43 Geplanter Prüfpunkt ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0B6FA3B0-E4EE-458C-9FE6-E0CCEA0CF38D} - System32\Tasks\AdobeAAMUpdater-1.0-Steiner-PC_Acer-Steiner => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated) Task: {0C39DE8E-01ED-45DC-B236-3464C4F484DC} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {1646DA48-EF6D-4988-B968-3557FBCD0811} - System32\Tasks\{FBCC69D3-A103-4750-848B-764BED437914} => pcalua.exe -a "C:\Program Files (x86)\Canon\MP Navigator 3.0\Maint.exe" -d C:\Windows\system32 -c /UninstallRemove C:\Program Files (x86)\Canon\MP Navigator 3.0\uninst.ini Task: {30903388-BF73-4D7C-8C1A-2439D0565D57} - System32\Tasks\{20E4AB40-2565-435C-A023-0B500A1588F3} => pcalua.exe -a E:\SETUP.EXE -d E:\ Task: {435B1EAF-9E0A-4E81-B431-10E704561C15} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation) Task: {4D40B304-2CE0-4CE9-BC55-5C14A90B740A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd) Task: {53B34AD9-9B11-4CC0-B2FE-4E6102FD9020} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-07] (Google Inc.) Task: {5F2F0B1C-04BD-4CD7-932C-23988DD6099F} - System32\Tasks\{4EFE6F92-A9F5-4297-8EA0-15BCC1FF056E} => pcalua.exe -a "D:\Downloads Part D\mp600win64111ea23.exe" -d "D:\Downloads Part D" Task: {63277B56-CD3F-4B86-9EBC-FE1A777FBCB8} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-29] (Egis Technology Inc.) Task: {639C795C-167E-4295-A6CB-EDD94FFDCFC8} - System32\Tasks\{3BF61ED4-3A49-4697-914C-D969D2B26939} => pcalua.exe -a "D:\Downloads Part D\canon mp600\Treiber v Support Canon\mp600win64111ea23.exe" -d "D:\Downloads Part D\canon mp600\Treiber v Support Canon" Task: {72E1D1A9-CC79-4E29-8F30-099997E4E851} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {7D091404-2883-43FE-8030-74FE5892198B} - System32\Tasks\{FCAAABB8-1CE3-42CF-8B52-0A554070949C} => F:\Program Files (x86)\Acronis 2012\TrueImageHome\TrueImageLauncher.exe Task: {832998F8-5251-47AE-A9BA-BF4F1FF7385F} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-07] (Acer Incorporated) Task: {905A5953-E21A-421A-AEA0-F1E99D463CFD} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-29] (Egis Technology Inc.) Task: {92A61E1C-0B59-49CC-A46F-8EF475C6970C} - System32\Tasks\{DB35A81A-20F5-4153-BEDD-EB60BB54AD91} => pcalua.exe -a "D:\Downloads Part D\mpnwin303ea22.exe" -d "D:\Downloads Part D" Task: {A339DB0D-ECE4-4492-9FC2-08C7DA41C8AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated) Task: {B152CE53-F70B-4C31-AE24-86E5838B9ED9} - System32\Tasks\{BD26A1D0-C7F3-4922-902D-E5E04050D4E3} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.73.129.456/de/abandoninstall?page=tsProgressBar Task: {B1F6E092-44AA-46C3-926E-5B5D5879DA74} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {B6160EDB-9047-4CDB-8244-3BF09BFD2C36} - \WSE_Vosteran No Task File <==== ATTENTION Task: {B9803296-9222-4C18-AD47-4BC103FDDB6A} - System32\Tasks\{0426FF0F-C964-40AB-95A9-CC3E8875938E} => pcalua.exe -a "D:\Downloads Part D\mpnwin303ea22(6).exe" -d "D:\Downloads Part D" Task: {C732276E-EE13-41EB-B139-F1AC2C292D48} - System32\Tasks\{474222DC-515D-4009-9AD2-BE3AC9F8CD51} => pcalua.exe -a "D:\Downloads Part D\mp600win64111ea23(3).exe" -d "D:\Downloads Part D" Task: {CDFCF531-9EA2-4F5F-A4CA-2936231B1743} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {D06AF023-42EA-411A-8943-5100F44C9DBA} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {D51A20E0-6B12-4E18-8BAA-EAD1EF598D37} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\Cyberlink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-05-20] (CyberLink) Task: {DAE67989-2375-4C8A-BF6F-9303805E2391} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {E9734E78-0DF5-4AEA-A3E2-FB801A388C82} - System32\Tasks\{F3836397-7D7C-4079-B161-9072BE7BB8BB} => pcalua.exe -a "D:\Downloads Part D\mpnwin303ea22(5).exe" -d "D:\Downloads Part D" Task: {F8E8CCEA-6D64-424A-9C37-E932BF5FC80F} - System32\Tasks\{AF94FEC6-ADEB-46DE-8AF1-E7B9A35E501E} => F:\Program Files (x86)\Acronis 2012\TrueImageHome\TrueImageLauncher.exe Task: {F912EE9B-7374-4B3B-A840-6DD8146345AB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-07] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\WSE_Vosteran.job => C:\Users\Steiner\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION ==================== Loaded Modules (whitelisted) ============== 2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-03-13 17:46 - 2015-03-13 17:46 - 00263680 _____ () C:\Program Files (x86)\Parallels\Parallels Access\Application\amd64\AbstractTask.dll 2009-01-22 02:45 - 2009-01-22 02:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll 2012-11-21 18:10 - 2008-06-26 20:09 - 00167936 _____ () C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe 2004-07-22 21:40 - 2004-07-22 21:40 - 00106546 _____ () C:\PVSW\Bin\w3dbsmgr.exe 2012-02-07 04:17 - 2012-02-07 04:17 - 00636520 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe 2011-10-26 06:29 - 2011-10-26 06:29 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2011-06-17 22:42 - 2011-06-17 22:42 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2014-08-30 18:12 - 2014-08-30 18:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\kpcengine.2.3.dll 2015-03-13 18:36 - 2015-03-13 18:36 - 00400896 _____ () C:\Program Files (x86)\Parallels\Parallels Access\Application\PrlSdkCommunication.dll 2015-03-13 18:31 - 2015-03-13 18:31 - 00228352 _____ () C:\Program Files (x86)\Parallels\Parallels Access\Application\AbstractTask.dll 2015-03-13 18:51 - 2015-03-13 18:51 - 08071680 _____ () C:\Program Files (x86)\Parallels\Parallels Access\Application\PrlGui.dll 2015-03-13 18:51 - 2015-03-13 18:51 - 00067072 _____ () C:\Program Files (x86)\Parallels\Parallels Access\Application\PrlWebWidgets.dll 2012-11-21 18:10 - 2009-08-06 17:15 - 00376832 _____ () C:\Program Files (x86)\D-Link\DWA-131 revA\WlanDll.dll 2015-04-15 09:53 - 2015-04-15 09:53 - 00043008 _____ () c:\users\steiner\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6_glup.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Steiner\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Steiner\AppData\Roaming\Dropbox\bin\libEGL.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Steiner\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Steiner\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll 2015-04-02 12:58 - 2015-04-02 12:58 - 00439304 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll 2015-04-02 12:58 - 2015-04-02 12:58 - 00321032 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll 2004-07-22 21:19 - 2004-07-22 21:19 - 00700464 _____ () C:\PVSW\Bin\W3MKDE.DLL 2015-04-15 09:53 - 2015-04-15 09:53 - 00098816 _____ () C:\Users\Steiner\AppData\Local\Temp\_MEI40562\win32api.pyd 2015-04-15 09:53 - 2015-04-15 09:53 - 00110080 _____ () C:\Users\Steiner\AppData\Local\Temp\_MEI40562\pywintypes27.dll 2015-04-15 09:53 - 2015-04-15 09:53 - 00364544 _____ () C:\Users\Steiner\AppData\Local\Temp\_MEI40562\pythoncom27.dll 2015-04-15 09:53 - 2015-04-15 09:53 - 00045568 _____ () C:\Users\Steiner\AppData\Local\Temp\_MEI40562\_socket.pyd 2015-04-15 09:53 - 2015-04-15 09:53 - 01160704 _____ () C:\Users\Steiner\AppData\Local\Temp\_MEI40562\_ssl.pyd 2015-04-15 09:53 - 2015-04-15 09:53 - 00320512 _____ () C:\Users\Steiner\AppData\Local\Temp\_MEI40562\win32com.shell.shell.pyd 2015-04-15 09:53 - 2015-04-15 09:53 - 00713216 _____ () C:\Users\Steiner\AppData\Local\Temp\_MEI40562\_hashlib.pyd 2015-04-15 09:53 - 2015-04-15 09:53 - 01175040 _____ () C:\Users\Steiner\AppData\Local\Temp\_MEI40562\wx._core_.pyd 2015-04-15 09:53 - 2015-04-15 09:53 - 00805888 _____ () C:\Users\Steiner\AppData\Local\Temp\_MEI40562\wx._gdi_.pyd 2015-04-15 09:53 - 2015-04-15 09:53 - 00811008 _____ () C:\Users\Steiner\AppData\Local\Temp\_MEI40562\wx._windows_.pyd 2015-04-15 09:53 - 2015-04-15 09:53 - 01062400 _____ () C:\Users\Steiner\AppData\Local\Temp\_MEI40562\wx._controls_.pyd 2015-04-15 09:53 - 2015-04-15 09:53 - 00735232 _____ () C:\Users\Steiner\AppData\Local\Temp\_MEI40562\wx._misc_.pyd 2015-04-15 09:53 - 2015-04-15 09:53 - 00128512 _____ () C:\Users\Steiner\AppData\Local\Temp\_MEI40562\_elementtree.pyd 2015-04-15 09:53 - 2015-04-15 09:53 - 00127488 _____ () C:\Users\Steiner\AppData\Local\Temp\_MEI40562\pyexpat.pyd 2015-04-15 09:53 - 2015-04-15 09:53 - 00557056 _____ () C:\Users\Steiner\AppData\Local\Temp\_MEI40562\pysqlite2._sqlite.pyd 2015-04-15 09:53 - 2015-04-15 09:53 - 00087552 _____ () C:\Users\Steiner\AppData\Local\Temp\_MEI40562\_ctypes.pyd 2015-04-15 09:53 - 2015-04-15 09:53 - 00119808 _____ () C:\Users\Steiner\AppData\Local\Temp\_MEI40562\win32file.pyd 2015-04-15 09:53 - 2015-04-15 09:53 - 00108544 _____ () C:\Users\Steiner\AppData\Local\Temp\_MEI40562\win32security.pyd 2015-04-15 09:53 - 2015-04-15 09:53 - 00007168 _____ () C:\Users\Steiner\AppData\Local\Temp\_MEI40562\hashobjs_ext.pyd 2015-04-15 09:53 - 2015-04-15 09:53 - 00167936 _____ () C:\Users\Steiner\AppData\Local\Temp\_MEI40562\win32gui.pyd 2015-04-15 09:53 - 2015-04-15 09:53 - 00018432 _____ () C:\Users\Steiner\AppData\Local\Temp\_MEI40562\win32event.pyd 2015-04-15 09:53 - 2015-04-15 09:53 - 00038912 _____ () C:\Users\Steiner\AppData\Local\Temp\_MEI40562\win32inet.pyd 2015-04-15 09:53 - 2015-04-15 09:53 - 00011264 _____ () C:\Users\Steiner\AppData\Local\Temp\_MEI40562\win32crypt.pyd 2015-04-15 09:53 - 2015-04-15 09:53 - 00070656 _____ () C:\Users\Steiner\AppData\Local\Temp\_MEI40562\wx._html2.pyd 2015-04-15 09:53 - 2015-04-15 09:53 - 00027136 _____ () C:\Users\Steiner\AppData\Local\Temp\_MEI40562\_multiprocessing.pyd 2015-04-15 09:53 - 2015-04-15 09:53 - 00035840 _____ () C:\Users\Steiner\AppData\Local\Temp\_MEI40562\win32process.pyd 2015-04-15 09:53 - 2015-04-15 09:53 - 00686080 _____ () C:\Users\Steiner\AppData\Local\Temp\_MEI40562\unicodedata.pyd 2015-04-15 09:53 - 2015-04-15 09:53 - 00122368 _____ () C:\Users\Steiner\AppData\Local\Temp\_MEI40562\wx._wizard.pyd 2015-04-15 09:53 - 2015-04-15 09:53 - 00024064 _____ () C:\Users\Steiner\AppData\Local\Temp\_MEI40562\win32pipe.pyd 2015-04-15 09:53 - 2015-04-15 09:53 - 00025600 _____ () C:\Users\Steiner\AppData\Local\Temp\_MEI40562\win32pdh.pyd 2015-04-15 09:53 - 2015-04-15 09:53 - 00525640 _____ () C:\Users\Steiner\AppData\Local\Temp\_MEI40562\windows._lib_cacheinvalidation.pyd 2015-04-15 09:53 - 2015-04-15 09:53 - 00010240 _____ () C:\Users\Steiner\AppData\Local\Temp\_MEI40562\select.pyd 2015-04-15 09:53 - 2015-04-15 09:53 - 00017408 _____ () C:\Users\Steiner\AppData\Local\Temp\_MEI40562\win32profile.pyd 2015-04-15 09:53 - 2015-04-15 09:53 - 00022528 _____ () C:\Users\Steiner\AppData\Local\Temp\_MEI40562\win32ts.pyd 2015-04-15 09:53 - 2015-04-15 09:53 - 00078336 _____ () C:\Users\Steiner\AppData\Local\Temp\_MEI40562\wx._animate.pyd 2012-02-07 04:18 - 2012-02-07 04:18 - 00151656 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll 2012-11-25 22:07 - 2012-11-25 22:07 - 00036352 _____ () C:\Program Files (x86)\Google\Google Desktop Search\gzlib.dll 2014-11-27 10:42 - 2014-11-27 10:42 - 00037696 _____ () F:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll 2014-11-27 10:42 - 2014-11-27 10:42 - 00034624 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll 2014-11-27 10:47 - 2014-11-27 10:47 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll 2014-11-27 10:44 - 2014-11-27 10:44 - 00129344 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\EXPAT.dll 2015-04-02 12:58 - 2015-04-02 12:58 - 21121032 _____ () C:\Program Files (x86)\Evernote\Evernote\libcef.dll 2015-04-02 12:58 - 2015-04-02 12:58 - 00212488 _____ () C:\Program Files (x86)\Evernote\Evernote\websockets.dll 2015-04-02 12:57 - 2015-04-02 12:57 - 00988696 _____ () C:\Program Files (x86)\Evernote\Evernote\avcodec-54.dll 2015-04-02 12:58 - 2015-04-02 12:58 - 00138776 _____ () C:\Program Files (x86)\Evernote\Evernote\avutil-51.dll 2015-04-02 12:58 - 2015-04-02 12:58 - 00195096 _____ () C:\Program Files (x86)\Evernote\Evernote\avformat-54.dll 2014-12-15 19:07 - 2014-12-15 19:07 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\92a1650dbe9fad5f46633b835420e1a8\IsdiInterop.ni.dll 2012-10-09 02:40 - 2011-11-30 05:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2012-10-09 02:42 - 2012-02-07 11:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2014-08-30 18:12 - 2015-01-12 19:43 - 00332584 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com\nponlinebanking.dll 2014-08-30 18:12 - 2015-01-12 19:43 - 00459048 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll 2014-08-30 18:12 - 2015-01-12 19:43 - 00587048 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll |
|
15.04.2015, 21:08
| #3 |
| | Trojaner von Kaspersky nicht gelöscht Forsetzung meiner Anfrage / Seite 22-58
__________________Guten Tag! In Windows 7 löscht Kaspersky den Trojaner Trojan Win32 Agent qt nicht. Wie kann ich ihn löschen? Ist dieser Trojaner gefährlich? Hat er mit folgendem Problem zu tun? Ich habe vor paar Tagen ein Mail erhalten, worin neben der privaten Adresse des Absenders noch stand <info@flipmailer> als Absender. Das Mail forderte den Empfänger auf, Freunde des Absenders zu werden werden. Aehnliche Mails gingen offenbar von meinem Computer aus an Adressen aus meinem Adressbuch. Vielen Dank für Ihre Hilfe zum voaus. St. Steiner 2015-04-02 12:58 - 2015-04-02 12:58 - 21121032 _____ () C:\Program Files (x86)\Evernote\Evernote\libcef.dll 2015-04-02 12:58 - 2015-04-02 12:58 - 00212488 _____ () C:\Program Files (x86)\Evernote\Evernote\websockets.dll 2015-04-02 12:57 - 2015-04-02 12:57 - 00988696 _____ () C:\Program Files (x86)\Evernote\Evernote\avcodec-54.dll 2015-04-02 12:58 - 2015-04-02 12:58 - 00138776 _____ () C:\Program Files (x86)\Evernote\Evernote\avutil-51.dll 2015-04-02 12:58 - 2015-04-02 12:58 - 00195096 _____ () C:\Program Files (x86)\Evernote\Evernote\avformat-54.dll 2014-12-15 19:07 - 2014-12-15 19:07 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\92a1650dbe9fad5f46633b835420e1a8\IsdiInterop.ni.dll 2012-10-09 02:40 - 2011-11-30 05:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2012-10-09 02:42 - 2012-02-07 11:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2014-08-30 18:12 - 2015-01-12 19:43 - 00332584 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com\nponlinebanking.dll 2014-08-30 18:12 - 2015-01-12 19:43 - 00459048 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll 2014-08-30 18:12 - 2015-01-12 19:43 - 00587048 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2167322945-2733738748-3786458674-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Steiner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-2167322945-2733738748-3786458674-500 - Administrator - Disabled) ASPNET (S-1-5-21-2167322945-2733738748-3786458674-1004 - Limited - Enabled) Gast (S-1-5-21-2167322945-2733738748-3786458674-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2167322945-2733738748-3786458674-1002 - Limited - Enabled) Steiner (S-1-5-21-2167322945-2733738748-3786458674-1000 - Administrator - Enabled) => C:\Users\Steiner ==================== Faulty Device Manager Devices ============= Name: I:\ Description: Compact Flash Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: J:\ Description: SM/xD-Picture Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: L:\ Description: MS/MS-Pro/HG Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: M:\ Description: SD/MMC/MS/MSPRO Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: K:\ Description: SD/MMC Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (04/15/2015 09:54:22 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/14/2015 10:24:12 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/14/2015 10:04:18 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"1". Die abhängige Assemblierung "Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (04/14/2015 10:04:17 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Plug-ins\Common\DVControl,type="win32",version="1.0.0.0"1". Die abhängige Assemblierung "Plug-ins\Common\DVControl,type="win32",version="1.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (04/14/2015 08:08:08 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/13/2015 10:00:07 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: TrueImageHomeService.exe, Version: 16.0.0.6514, Zeitstempel: 0x51535945 Name des fehlerhaften Moduls: MSVCR80.dll, Version: 8.0.50727.6195, Zeitstempel: 0x4dcddbf3 Ausnahmecode: 0x40000015 Fehleroffset: 0x000046b4 ID des fehlerhaften Prozesses: 0x2088 Startzeit der fehlerhaften Anwendung: 0xTrueImageHomeService.exe0 Pfad der fehlerhaften Anwendung: TrueImageHomeService.exe1 Pfad des fehlerhaften Moduls: TrueImageHomeService.exe2 Berichtskennung: TrueImageHomeService.exe3 Error: (04/13/2015 10:00:03 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: TrueImageHomeService.exe, Version: 16.0.0.6514, Zeitstempel: 0x51535945 Name des fehlerhaften Moduls: MSVCR80.dll, Version: 8.0.50727.6195, Zeitstempel: 0x4dcddbf3 Ausnahmecode: 0x40000015 Fehleroffset: 0x000046b4 ID des fehlerhaften Prozesses: 0x2118 Startzeit der fehlerhaften Anwendung: 0xTrueImageHomeService.exe0 Pfad der fehlerhaften Anwendung: TrueImageHomeService.exe1 Pfad des fehlerhaften Moduls: TrueImageHomeService.exe2 Berichtskennung: TrueImageHomeService.exe3 Error: (04/13/2015 04:59:25 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"1". Die abhängige Assemblierung "Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (04/13/2015 04:59:23 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Plug-ins\Common\DVControl,type="win32",version="1.0.0.0"1". Die abhängige Assemblierung "Plug-ins\Common\DVControl,type="win32",version="1.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (04/13/2015 00:01:40 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 11996 System errors: ============= Error: (04/15/2015 10:02:01 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung empfangen: 80. Error: (04/14/2015 07:18:46 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (04/14/2015 07:18:35 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Der Dienst "Parallels Access Dispatcher Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (04/14/2015 06:47:26 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Der Dienst "Parallels Access Dispatcher Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (04/14/2015 10:17:52 AM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk9\DR13 gefunden. Error: (04/13/2015 10:45:32 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (04/13/2015 00:11:17 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden. Error: (04/11/2015 00:14:09 AM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: Der Dienst Acronis Nonstop Backup Service konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden. Error: (04/10/2015 06:46:00 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk9\DR17 gefunden. Error: (04/10/2015 05:24:55 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden. Microsoft Office Sessions: ========================= Error: (04/15/2015 09:54:22 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/14/2015 10:24:12 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/14/2015 10:04:18 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"F:\Adobe Premiere Elements 9\MPEGHDVExport.exe Error: (04/14/2015 10:04:17 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Plug-ins\Common\DVControl,type="win32",version="1.0.0.0"F:\Adobe Premiere Elements 9\Adobe Premiere Elements.exe Error: (04/14/2015 08:08:08 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/13/2015 10:00:07 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: TrueImageHomeService.exe16.0.0.651451535945MSVCR80.dll8.0.50727.61954dcddbf340000015000046b4208801d0762470931481C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exeC:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSV CR80.dllae51628d-e217-11e4-8a48-e840f2eb45f1 Error: (04/13/2015 10:00:03 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: TrueImageHomeService.exe16.0.0.651451535945MSVCR80.dll8.0.50727.61954dcddbf340000015000046b4211801d076246db8c0b0C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exeC:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSV CR80.dllac27276f-e217-11e4-8a48-e840f2eb45f1 Error: (04/13/2015 04:59:25 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"F:\Adobe Premiere Elements 9\MPEGHDVExport.exe Error: (04/13/2015 04:59:23 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Plug-ins\Common\DVControl,type="win32",version="1.0.0.0"F:\Adobe Premiere Elements 9\Adobe Premiere Elements.exe Error: (04/13/2015 00:01:40 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 11996 CodeIntegrity Errors: =================================== Date: 2015-02-17 03:24:37.538 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-17 03:24:37.476 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-01-12 18:35:52.429 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-01-12 18:35:52.429 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-01-12 18:35:37.007 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-01-12 18:35:37.007 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-01-12 18:35:34.767 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-01-12 18:35:34.767 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-01-12 18:35:34.677 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-01-12 18:35:34.667 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz Percentage of memory in use: 31% Total physical RAM: 8140.59 MB Available physical RAM: 5550.23 MB Total Pagefile: 16279.38 MB Available Pagefile: 13208.6 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:230.71 GB) (Free:86.67 GB) NTFS Drive d: (DATA) (Fixed) (Total:456.46 GB) (Free:106.99 GB) NTFS Drive e: (AcronisTrueImage) (CDROM) (Total:1.59 GB) (Free:0 GB) CDFS Drive f: (Programme) (Fixed) (Total:225.24 GB) (Free:179.26 GB) NTFS Drive g: (WD Elements _ Festplatte 1) (Fixed) (Total:1863.01 GB) (Free:1006.1 GB) NTFS Drive i: (LACIE 80GB) (Fixed) (Total:76.67 GB) (Free:35.32 GB) FAT32 Drive p: (HD-CEU2 Buffalo Festplatte 2) (Fixed) (Total:931.51 GB) (Free:632.48 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 73B54E1B) Partition 1: (Not Active) - (Size=993 KB) - (Type=42) Partition 2: (Not Active) - (Size=19 GB) - (Type=27) Partition 3: (Active) - (Size=100 MB) - (Type=42) Partition 4: (Not Active) - (Size=230.7 GB) - (Type=42) ======================================================== Disk: 1 (Size: 76.7 GB) (Disk ID: 12345678) Partition 1: (Active) - (Size=76.7 GB) - (Type=0C) ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 001A85C3) Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS) ======================================================== Disk: 3 (Size: 931.5 GB) (Disk ID: 0AD080F7) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End Of Log ============================[/CODE] [CODE]Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-04-2015 02 Ran by Steiner (administrator) on Steiner-PC_Acer on 15-04-2015 16:03:14 Running from C:\Users\Steiner\Downloads Loaded Profiles: Steiner (Available profiles: Steiner) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (AMD) C:\Windows\System32\atieclxx.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Parallels Holdings, Ltd. and its affiliates.) C:\Program Files (x86)\Parallels\Parallels Access\Application\amd64\prl_pm_service.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe () C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe (Parallels Holdings, Ltd. and its affiliates.) C:\Program Files (x86)\Parallels\Parallels Access\Application\amd64\prl_deskctl_agent.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (CANON INC.) F:\Program Files (x86)\BJMYPRT.EXE (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Microsoft Corporation) C:\Users\Steiner\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Parallels Holdings, Ltd. and its affiliates.) C:\Program Files (x86)\Parallels\Parallels Access\Application\prl_deskctl_wizard.exe (D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-131 revA\wirelesscm.exe (Dropbox, Inc.) C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe () C:\PVSW\Bin\w3dbsmgr.exe (SWE von Schleusen) F:\UltimateZip\uzqkst.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe (Google) C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe (Geek Software GmbH) F:\Program Files (x86)\PDF24\pdf24.exe (Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Acronis) F:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Google) C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13353064 2011-11-14] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [571192 2014-08-14] (Acronis) HKLM\...\Run: [CanonMyPrinter] => F:\Program Files (x86)\BJMyPrt.exe [2782096 2010-07-26] (CANON INC.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.) HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-06-22] (Egis Technology Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-26] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-04] (Intel Corporation) HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [636520 2012-02-07] () HKLM-x32\...\Run: [Google Desktop Search] => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [1831424 2012-11-25] (Google) HKLM-x32\...\Run: [PDFPrint] => f:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH) HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [606096 2014-10-17] (Acronis International GmbH) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [TrueImageMonitor.exe] => F:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5343272 2014-11-27] (Acronis) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-19\...\Run: [Parallels Access] => C:\Program Files (x86)\Parallels\Parallels Access\Application\prl_deskctl_wizard.exe [6012416 2015-03-13] (Parallels Holdings, Ltd. and its affiliates.) HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\...\Run: [Parallels Access] => C:\Program Files (x86)\Parallels\Parallels Access\Application\prl_deskctl_wizard.exe [6012416 2015-03-13] (Parallels Holdings, Ltd. and its affiliates.) HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-2167322945-2733738748-3786458674-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google) HKU\S-1-5-21-2167322945-2733738748-3786458674-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.) HKU\S-1-5-21-2167322945-2733738748-3786458674-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.) HKU\S-1-5-21-2167322945-2733738748-3786458674-1000\...\Run: [OneDrive] => C:\Users\Steiner\AppData\Local\Microsoft\OneDrive\OneDrive.exe [281248 2015-03-29] (Microsoft Corporation) HKU\S-1-5-21-2167322945-2733738748-3786458674-1000\...\Run: [] => [X] HKU\S-1-5-21-2167322945-2733738748-3786458674-1000\...\Run: [Parallels Access] => C:\Program Files (x86)\Parallels\Parallels Access\Application\prl_deskctl_wizard.exe [6012416 2015-03-13] (Parallels Holdings, Ltd. and its affiliates.) HKU\S-1-5-21-2167322945-2733738748-3786458674-1000\...\RunOnce: [Uninstall C:\Users\Steiner\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Steiner\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64" HKU\S-1-5-21-2167322945-2733738748-3786458674-1000\...\MountPoints2: {23c622ac-51c9-11e2-a4e2-e840f2eb45f1} - H:\Start_eBanking_Login-Stick_Win.exe HKU\S-1-5-21-2167322945-2733738748-3786458674-1000\...\MountPoints2: {b77e4b31-11aa-11e2-b869-806e6f6e6963} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Autorun.hta HKU\S-1-5-21-2167322945-2733738748-3786458674-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-21] (Microsoft Corporation) HKU\S-1-5-18\...\Run: [Parallels Access] => C:\Program Files (x86)\Parallels\Parallels Access\Application\prl_deskctl_wizard.exe [6012416 2015-03-13] (Parallels Holdings, Ltd. and its affiliates.) HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} AppInit_DLLs-x32: c:/progra~3/{681a8~1/tela.dll => c:\ProgramData\{681A80D9-3898-515F-891E-21DD599CF253}\tela.dll [634880 2014-12-21] () AppInit_DLLs-x32: c:\progra~2\google\google~1\go36f4~1.dll => c:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [143872 2012-11-25] (Google) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk ShortcutTarget: Wireless Connection Manager.lnk -> C:\Program Files (x86)\D-Link\DWA-131 revA\wirelesscm.exe (D-Link Corp.) Startup: C:\Users\Steiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Steiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) Startup: C:\Users\Steiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk ShortcutTarget: EvernoteTray.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) Startup: C:\Users\Steiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pervasive.SQL Workgroup Engine.lnk ShortcutTarget: Pervasive.SQL Workgroup Engine.lnk -> C:\PVSW\Bin\w3dbsmgr.exe () Startup: C:\Users\Steiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UltimateZip Quick Start.lnk ShortcutTarget: UltimateZip Quick Start.lnk -> F:\UltimateZip\uzqkst.exe (SWE von Schleusen) SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Steiner\AppData\Local\Microsoft\OneDrive\17.3.4726.0226_1\amd64\FileSyncShell64.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Steiner\AppData\Local\Microsoft\OneDrive\17.3.4726.0226_1\amd64\FileSyncShell64.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Steiner\AppData\Local\Microsoft\OneDrive\17.3.4726.0226_1\amd64\FileSyncShell64.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Steiner\AppData\Local\Microsoft\OneDrive\17.3.4726.0226_1\amd64\FileSyncShell64.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Steiner\AppData\Local\Microsoft\OneDrive\17.3.4726.0226_1\amd64\FileSyncShell64.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steiner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steiner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steiner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steiner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steiner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steiner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steiner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steiner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [0WualaOverlayIcon1] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG) ShellIconOverlayIdentifiers: [0WualaOverlayIcon2] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG) ShellIconOverlayIdentifiers: [0WualaOverlayIcon3] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG) ShellIconOverlayIdentifiers: [0WualaOverlayIcon4] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG) ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {8E2AF6EB-276B-419B-ADB7-5E09F0869123} => C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => F:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => F:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => F:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis) ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG) ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG) ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG) ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG) ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG) ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Steiner\AppData\Local\Microsoft\OneDrive\17.3.4726.0226_1\FileSyncShell.dll (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Steiner\AppData\Local\Microsoft\OneDrive\17.3.4726.0226_1\FileSyncShell.dll (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Steiner\AppData\Local\Microsoft\OneDrive\17.3.4726.0226_1\FileSyncShell.dll (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Steiner\AppData\Local\Microsoft\OneDrive\17.3.4726.0226_1\FileSyncShell.dll (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Steiner\AppData\Local\Microsoft\OneDrive\17.3.4726.0226_1\FileSyncShell.dll (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {8E2AF6EB-276B-419B-ADB7-5E09F0869123} => C:\Windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.sweet-page.com/?type=hp&ts=1419177336&from=cor&uid=ST1000DM003-9YN162_Z1D2BML6XXXXZ1D2BML6 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.sweet-page.com/?type=hp&ts=1419177336&from=cor&uid=ST1000DM003-9YN162_Z1D2BML6XXXXZ1D2BML6 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1419177336&from=cor&uid=ST1000DM003-9YN162_Z1D2BML6XXXXZ1D2BML6&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1419177336&from=cor&uid=ST1000DM003-9YN162_Z1D2BML6XXXXZ1D2BML6&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1419177336&from=cor&uid=ST1000DM003-9YN162_Z1D2BML6XXXXZ1D2BML6 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1419177336&from=cor&uid=ST1000DM003-9YN162_Z1D2BML6XXXXZ1D2BML6 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1419177336&from=cor&uid=ST1000DM003-9YN162_Z1D2BML6XXXXZ1D2BML6&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1419177336&from=cor&uid=ST1000DM003-9YN162_Z1D2BML6XXXXZ1D2BML6&q={searchTerms} HKU\S-1-5-21-2167322945-2733738748-3786458674-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.sweet-page.com/?type=hp&ts=1419177336&from=cor&uid=ST1000DM003-9YN162_Z1D2BML6XXXXZ1D2BML6 HKU\S-1-5-21-2167322945-2733738748-3786458674-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1419177336&from=cor&uid=ST1000DM003-9YN162_Z1D2BML6XXXXZ1D2BML6 HKU\S-1-5-21-2167322945-2733738748-3786458674-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1419177336&from=cor&uid=ST1000DM003-9YN162_Z1D2BML6XXXXZ1D2BML6&q={searchTerms} HKU\S-1-5-21-2167322945-2733738748-3786458674-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKU\S-1-5-21-2167322945-2733738748-3786458674-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1419177336&from=cor&uid=ST1000DM003-9YN162_Z1D2BML6XXXXZ1D2BML6&q={searchTerms} SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1419177336&from=cor&uid=ST1000DM003-9YN162_Z1D2BML6XXXXZ1D2BML6&q={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_frmr_14_51_ff&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0E0ByEyD0FtC0A0CyE0DtN0D0Tzu0StCtDzzyDtN1L2XzutAtFyCtFtCtDtFyBtN1L1 CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyByC0F0Dzy0EtC0EtGtD0A0FtDtGyByB0DyDtGtBzz0AyCtGtDtD0ByCyE0FtAyDyDyEtByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0Dzy0DtBy D0BtAtGtDtA0FyBtGyEyBzz0CtGzztA0A0FtGyDyDyB0ByDyCzytB0A0EyEzz2Q&cr=1993718045&ir= SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1419177336&from=cor&uid=ST1000DM003-9YN162_Z1D2BML6XXXXZ1D2BML6&q={searchTerms} SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1419177336&from=cor&uid=ST1000DM003-9YN162_Z1D2BML6XXXXZ1D2BML6&q={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1419177336&from=cor&uid=ST1000DM003-9YN162_Z1D2BML6XXXXZ1D2BML6&q={searchTerms} SearchScopes: HKU\S-1-5-21-2167322945-2733738748-3786458674-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_frmr_14_51_ff&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0E0ByEyD0FtC0A0CyE0DtN0D0Tzu0StCtDzzyDtN1L2XzutAtFyCtFtCtDtFyBtN1L1 CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyByC0F0Dzy0EtC0EtGtD0A0FtDtGyByB0DyDtGtBzz0AyCtGtDtD0ByCyE0FtAyDyDyEtByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0Dzy0DtBy D0BtAtGtDtA0FyBtGyEyBzz0CtGzztA0A0FtGyDyDyB0ByDyCzytB0A0EyEzz2Q&cr=1993718045&ir= SearchScopes: HKU\S-1-5-21-2167322945-2733738748-3786458674-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_frmr_14_51_ff&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0E0ByEyD0FtC0A0CyE0DtN0D0Tzu0StCtDzzyDtN1L2XzutAtFyCtFtCtDtFyBtN1L1 CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyByC0F0Dzy0EtC0EtGtD0A0FtDtGyByB0DyDtGtBzz0AyCtGtDtD0ByCyE0FtAyDyDyEtByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0Dzy0DtBy D0BtAtGtDtA0FyBtGyEyBzz0CtGzztA0A0FtGyDyDyB0ByDyCzytB0A0EyEzz2Q&cr=1993718045&ir= SearchScopes: HKU\S-1-5-21-2167322945-2733738748-3786458674-1000 -> {1EFF62A6-FA12-4F7E-B46C-EADDB54B8D61} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=MGX&o=15359&src=kw&q={searchTerms}&locale=&apn_ptnrs=JQ&apn_dtid=YYYYYYYYCH&apn_uid=1C2E4B08-0B9F-4E03-B266-6DA3833FA8C5&apn_sauid=DEB3DE94-D704-4209-9716-B3C8A29709DE SearchScopes: HKU\S-1-5-21-2167322945-2733738748-3786458674-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1419177336&from=cor&uid=ST1000DM003-9YN162_Z1D2BML6XXXXZ1D2BML6&q={searchTerms} SearchScopes: HKU\S-1-5-21-2167322945-2733738748-3786458674-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2015-01-12] (Kaspersky Lab ZAO) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2015-01-12] (Kaspersky Lab ZAO) BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2015-01-12] (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2015-01-12] (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-12-17] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-02] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2015-01-12] (Kaspersky Lab ZAO) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-12-17] (Oracle Corporation) BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2015-01-12] (Kaspersky Lab ZAO) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Steiner\AppData\Roaming\Mozilla\Firefox\Profiles\wnbxnwri.default FF Homepage: google.ch FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-24] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-24] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @canon.com/EPPEX -> F:\Program Files\Canon\NPEZFFPI.DLL [2010-02-05] (CANON INC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-07-12] (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> d:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-17] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-12-17] (Oracle Corporation) FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-12] () FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-12] () FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-12] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-12-14] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-12-14] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-08] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2167322945-2733738748-3786458674-1000: navionics.com/NavConnect -> C:\Program Files (x86)\Chart Installer\npNavConnect.dll No File FF user.js: detected! => C:\Users\Steiner\AppData\Roaming\Mozilla\Firefox\Profiles\wnbxnwri.default\user.js [2015-01-12] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweet-page.xml [2014-12-21] FF Extension: rrocccKettsale - C:\Users\Steiner\AppData\Roaming\Mozilla\Firefox\Profiles\wnbxnwri.default\Extensions\Gca@S.net [2015-01-12] FF Extension: saleprIzzes - C:\Users\Steiner\AppData\Roaming\Mozilla\Firefox\Profiles\wnbxnwri.default\Extensions\yDvkSdoq@Kz.org [2015-01-12] FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2015-04-08] FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2015-04-08] FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Steiner\AppData\Roaming\Mozilla\Firefox\Profiles\m93z6qw9.default-1418573547687\extensions\faststartff@gmail.com FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-12] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-12] FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-12] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\Steiner\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (No Name) - C:\Users\Steiner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-05] CHR Extension: (No Name) - C:\Users\Steiner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-05-05] CHR Extension: (No Name) - C:\Users\Steiner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-05-05] CHR Extension: (No Name) - C:\Users\Steiner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-05-05] CHR Extension: (No Name) - C:\Users\Steiner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-05-05] CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - https://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2167322945-2733738748-3786458674-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - https://clients2.google.com/service/update2/crx StartMenuInternet: Google Chrome - chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.) R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO) R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] S3 GoogleDesktopManager; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [1831424 2012-11-25] (Google) [File not signed] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation) R2 prl_mobdisp; C:\Program Files (x86)\Parallels\Parallels Access\Application\amd64\prl_pm_service.exe [21201408 2015-03-13] (Parallels Holdings, Ltd. and its affiliates.) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation) R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd) R1 EterlogicVirtualSerialDriver; C:\Windows\system32\drivers\VSPE.sys [40728 2013-06-06] () R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [296736 2015-04-14] (Acronis International GmbH) R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO) R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2015-01-12] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [819896 2015-03-12] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO) R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2015-01-12] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO) S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2012-03-26] (Apple Inc.) [File not signed] R3 prl_virtual_sound; C:\Windows\System32\DRIVERS\prl_virtual_sound.sys [46824 2015-03-13] (Parallels Holdings, Ltd. and its affiliates.) R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation) R3 ROCKEYNT; C:\Windows\System32\DRIVERS\Rockey4.sys [33536 2015-03-18] (Feitian Technologies Co., Ltd.) S3 Rockey_USB; C:\Windows\System32\DRIVERS\Rockey4USB.sys [23936 2015-03-18] (Feitian Technologies Co., Ltd.) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1328928 2015-04-14] (Acronis International GmbH) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [234784 2015-04-14] (Acronis International GmbH) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-15 16:03 - 2015-04-15 16:03 - 00040643 _____ () C:\Users\Steiner\Downloads\FRST.txt 2015-04-15 16:03 - 2015-04-15 16:03 - 00000000 ____D () C:\FRST 2015-04-15 16:01 - 2015-04-15 16:01 - 02097152 _____ (Farbar) C:\Users\Steiner\Downloads\FRST64.exe 2015-04-15 15:57 - 2015-04-15 16:00 - 00000476 _____ () C:\Users\Steiner\Downloads\defogger_disable.log 2015-04-15 15:57 - 2015-04-15 15:57 - 00000000 _____ () C:\Users\Steiner\defogger_reenable 2015-04-15 15:54 - 2015-04-15 15:54 - 00050477 _____ () C:\Users\Steiner\Downloads\Defogger.exe 2015-04-15 09:53 - 2015-04-15 09:53 - 00000000 ___HD () C:\OneDriveTemp 2015-04-15 09:52 - 2015-04-15 09:52 - 00001170 _____ () C:\Windows\PFRO.log 2015-04-14 19:18 - 2015-04-14 19:18 - 00004204 _____ () C:\Windows\DPINST.LOG 2015-04-14 19:18 - 2015-04-14 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Parallels 2015-04-14 19:18 - 2015-04-14 19:18 - 00000000 ____D () C:\Program Files (x86)\Parallels 2015-04-14 18:52 - 2015-04-14 19:07 - 92042784 _____ (Parallels Software International Inc ) C:\Users\Steiner\ParallelsAccess-2.5.2-29536-win.exe 2015-04-14 18:47 - 2015-04-15 14:02 - 00000000 ____D () C:\ProgramData\Parallels 2015-04-14 18:47 - 2015-04-15 09:54 - 00008797 _____ () C:\Users\Steiner\AppData\Local\parallels-pax.log 2015-04-14 18:47 - 2015-04-15 09:52 - 00000000 ____D () C:\Users\Steiner\AppData\Roaming\Parallels 2015-04-14 18:47 - 2015-04-14 19:18 - 00002219 _____ () C:\Users\Public\Desktop\Parallels Access.lnk 2015-04-14 18:47 - 2015-04-14 19:18 - 00000000 ____D () C:\ProgramData\Downloaded Installations 2015-04-14 18:47 - 2015-04-14 18:47 - 00000000 ____D () C:\Users\Steiner\Documents\My Parallels 2015-04-14 18:40 - 2015-04-14 18:40 - 00296736 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\file_tracker.sys 2015-04-14 18:40 - 2015-04-14 18:40 - 00234784 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tib_mounter.sys 2015-04-14 18:39 - 2015-04-14 18:39 - 00000919 _____ () C:\Users\Public\Desktop\Acronis True Image 2015.lnk 2015-04-14 18:39 - 2015-04-14 18:39 - 00000919 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis True Image 2015.lnk 2015-04-14 18:39 - 2015-04-14 18:39 - 00000000 ____D () C:\Users\Steiner\AppData\Roaming\F3170B3A-3990-43D4-8102-4F2D44273AE3 2015-04-08 23:58 - 2015-04-08 23:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote 2015-04-08 17:48 - 2015-04-08 17:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-04-07 11:22 - 2015-04-07 11:24 - 00000000 ____D () C:\Vor-Papkorb 2015-04 2015-04-06 15:25 - 2015-04-06 15:25 - 00001806 _____ () C:\Users\Public\Desktop\Taggr GPSfoto.lnk 2015-04-06 15:25 - 2015-04-06 15:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\u-blox 2015-04-06 15:24 - 2015-04-06 15:24 - 00000000 ____D () C:\Users\Steiner\AppData\Local\Downloaded Installations 2015-04-04 18:08 - 2015-04-04 18:08 - 00000000 ___SD () C:\Windows\SysWOW64\GWX 2015-04-04 18:08 - 2015-04-04 18:08 - 00000000 ___SD () C:\Windows\system32\GWX 2015-04-02 17:40 - 2015-04-02 17:40 - 27831632 _____ (Navionics) C:\Users\Steiner\Downloads\Chart Installer.exe 2015-03-29 21:09 - 2015-03-29 21:09 - 00001183 _____ () C:\Users\Steiner\Desktop\OneDrive - Verknüpfung.lnk 2015-03-29 21:05 - 2015-03-29 21:05 - 07210656 _____ (Microsoft Corporation) C:\Users\Steiner\Downloads\OneDriveSetup(1).exe 2015-03-25 23:40 - 2015-03-26 12:16 - 00000000 ____D () C:\PSE Installation _stst 2015-03-25 23:34 - 2015-03-25 23:35 - 00000000 ____D () C:\0 gelöschte Dateien 2015-03-25 10:52 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-03-25 10:52 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-03-25 10:52 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-03-25 10:52 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-03-25 10:52 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-03-25 10:52 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-03-25 10:52 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-03-25 10:52 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-03-21 19:41 - 2015-04-15 09:53 - 00005701 _____ () C:\Windows\pvsw.log 2015-03-21 19:40 - 2015-04-15 09:52 - 00002681 _____ () C:\Windows\setupact.log 2015-03-21 19:40 - 2015-03-21 19:40 - 00000000 _____ () C:\Windows\setuperr.log 2015-03-18 18:18 - 2005-08-03 17:05 - 00035892 _____ (Prolific Technology Inc.) C:\Windows\SysWOW64\SER9PL.sys 2015-03-18 18:18 - 2005-08-03 17:04 - 00026719 _____ () C:\Windows\SysWOW64\SERSPL.VXD 2015-03-18 13:22 - 2015-03-18 13:22 - 00000634 _____ () C:\Users\Public\Desktop\Shortcut to Navigo2015.exe.lnk 2015-03-18 13:22 - 2015-03-18 13:22 - 00000000 ____D () C:\Users\Steiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC-Navigo 2015 2015-03-18 13:22 - 2015-03-18 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC-Navigo 2015 2015-03-18 13:21 - 2015-03-21 22:54 - 00000000 ____D () C:\navigo2015 2015-03-18 13:13 - 2015-03-18 13:18 - 675350528 _____ (NoorderSoft) C:\Users\Steiner\Downloads\setupnavigo2015.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-15 15:57 - 2012-11-19 14:12 - 00000000 ____D () C:\Users\Steiner 2015-04-15 15:56 - 2012-03-06 13:11 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-04-15 15:56 - 2012-03-06 13:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-04-15 15:56 - 2012-03-06 13:11 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-04-15 15:56 - 2012-03-06 13:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-04-15 15:46 - 2014-12-21 17:46 - 00000300 _____ () C:\Windows\Tasks\WSE_Vosteran.job 2015-04-15 15:09 - 2012-10-09 02:22 - 01469299 _____ () C:\Windows\WindowsUpdate.log 2015-04-15 15:05 - 2013-01-07 10:44 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-15 14:41 - 2012-11-21 18:36 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-04-15 10:01 - 2009-07-14 06:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-15 10:01 - 2009-07-14 06:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-15 09:58 - 2012-09-29 03:42 - 00710336 _____ () C:\Windows\system32\perfh007.dat 2015-04-15 09:58 - 2012-09-29 03:42 - 00154514 _____ () C:\Windows\system32\perfc007.dat 2015-04-15 09:58 - 2009-07-14 07:13 - 01651100 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-15 09:53 - 2015-02-20 19:25 - 00000000 ___RD () C:\Users\Steiner\OneDrive 2015-04-15 09:53 - 2012-11-21 00:33 - 00000000 ____D () C:\Users\Steiner\AppData\Roaming\Dropbox 2015-04-15 09:52 - 2013-01-07 10:44 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-15 09:52 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-14 18:41 - 2014-09-23 22:29 - 00000000 ____D () C:\ProgramData\Acronis 2015-04-14 18:39 - 2013-04-05 11:19 - 01328928 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tib.sys 2015-04-14 18:39 - 2013-02-03 13:46 - 00304416 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\snapman.sys 2015-04-14 18:39 - 2013-02-03 13:46 - 00134432 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\fltsrv.sys 2015-04-14 17:56 - 2013-11-26 00:19 - 00958976 ___SH () C:\Users\Steiner\Thumbs.db 2015-04-14 12:09 - 2012-11-19 14:56 - 00000000 ____D () C:\Users\Steiner\AppData\Roaming\Adobe 2015-04-14 10:27 - 2013-02-13 12:27 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2015-04-14 10:27 - 2012-03-06 13:10 - 00000000 ____D () C:\Program Files (x86)\Adobe 2015-04-14 10:24 - 2012-11-19 14:12 - 00136048 _____ () C:\Users\Steiner\AppData\Local\GDIPFONTCACHEV1.DAT 2015-04-14 10:22 - 2009-07-14 06:45 - 00514560 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-04-11 10:05 - 2014-12-15 10:27 - 00001034 _____ () C:\Users\Steiner\Desktop\Dropbox.lnk 2015-04-11 10:05 - 2012-11-27 22:36 - 00002943 _____ () C:\Windows\wininit.ini 2015-04-11 10:05 - 2012-11-21 00:34 - 00000000 ____D () C:\Users\Steiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-04-09 20:35 - 2012-11-19 16:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-04-02 22:35 - 2013-07-08 21:27 - 00000000 ____D () C:\Users\Steiner\AppData\Roaming\concept design 2015-04-02 18:47 - 2012-03-06 13:10 - 00000000 ____D () C:\ProgramData\Adobe 2015-04-02 18:43 - 2012-11-21 18:15 - 00000000 ____D () C:\Users\Steiner\AppData\Local\Adobe 2015-03-31 23:05 - 2014-12-21 18:59 - 00000000 ____D () C:\ProgramData\2355320829 2015-03-29 21:05 - 2015-02-20 19:25 - 00002197 _____ () C:\Users\Steiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2015-03-29 21:05 - 2015-02-20 19:25 - 00002128 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2015-03-29 21:05 - 2015-02-20 19:25 - 00002128 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2015-03-29 21:05 - 2015-02-20 19:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive 2015-03-25 18:29 - 2014-12-15 10:07 - 00000000 ____D () C:\Windows\system32\appraiser 2015-03-25 18:29 - 2014-05-06 23:35 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-03-22 00:39 - 2013-02-19 13:03 - 00000000 ____D () C:\Users\Steiner\temp 2015-03-21 19:56 - 2012-11-19 14:13 - 00000000 ____D () C:\Users\Steiner\AppData\Local\VirtualStore |
|
15.04.2015, 21:25
| #4 |
| | Trojaner von Kaspersky nicht gelöscht Forsetzung meiner Anfrage / Seite 58 - 81 Guten Tag! In Windows 7 löscht Kaspersky den Trojaner Trojan Win32 Agent qt nicht. Wie kann ich ihn löschen? Ist dieser Trojaner gefährlich? Hat er mit folgendem Problem zu tun? Ich habe vor paar Tagen ein Mail erhalten, worin neben der privaten Adresse des Absenders noch stand <info@flipmailer> als Absender. Das Mail forderte den Empfänger auf, Freunde des Absenders zu werden werden. Aehnliche Mails gingen offenbar von meinem Computer aus an Adressen aus meinem Adressbuch. Vielen Dank für Ihre Hilfe zum voaus. St. Steiner Code:
ATTFilter 2015-03-18 18:18 - 2012-03-06 12:40 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-18 13:22 - 2013-04-12 09:56 - 00033536 _____ (Feitian Technologies Co., Ltd.) C:\Windows\system32\Drivers\Rockey4.sys
2015-03-18 13:22 - 2013-04-12 09:56 - 00023936 _____ (Feitian Technologies Co., Ltd.) C:\Windows\system32\Drivers\Rockey4USB.sys
2015-03-18 13:22 - 2013-04-12 09:56 - 00007680 _____ () C:\Windows\system32\Ry4CoInst.dll
2015-03-18 13:21 - 2013-04-12 09:52 - 00000000 ____D () C:\ProgramData\InstallMate
2015-03-17 18:33 - 2015-01-12 10:10 - 00000000 ____D () C:\ProgramData\freeddeeLivery
2015-03-17 18:33 - 2015-01-12 10:09 - 00000000 ____D () C:\ProgramData\nitroddeal
2015-03-17 13:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
==================== Files in the root of some directories =======
2013-03-18 22:52 - 2013-03-19 00:11 - 0000132 _____ () C:\Users\Steiner\AppData\Roaming\Adobe CS5-Voreinstellungen für PNG-Format
2014-12-21 18:46 - 2015-01-12 10:10 - 0000135 _____ () C:\Users\Steiner\AppData\Roaming\WB.CFG
2013-07-11 21:57 - 2013-07-11 21:57 - 0003584 _____ () C:\Users\Steiner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-23 11:46 - 2014-12-23 11:46 - 0000001 _____ () C:\Users\Steiner\AppData\Local\DSI.DAT
2014-12-23 11:46 - 2014-12-23 11:46 - 0022528 _____ () C:\Users\Steiner\AppData\Local\dsisetup6442992.exe
2013-02-19 00:22 - 2013-02-19 00:22 - 0000095 _____ () C:\Users\Steiner\AppData\Local\fusioncache.dat
2015-04-14 18:47 - 2015-04-15 09:54 - 0008797 _____ () C:\Users\Steiner\AppData\Local\parallels-pax.log
2012-11-21 18:37 - 2012-11-21 18:37 - 0017408 _____ () C:\Users\Steiner\AppData\Local\WebpageIcons.db
2012-03-06 13:12 - 2012-10-09 02:58 - 0002472 _____ () C:\ProgramData\clear.fiSDK20.log
2012-03-06 13:13 - 2012-10-09 02:57 - 0000032 _____ () C:\ProgramData\PS.log
Files to move or delete:
====================
C:\Users\Steiner\ParallelsAccess-2.5.2-29536-win.exe
Some content of TEMP:
====================
C:\Users\Steiner\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\Steiner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6_glup.dll
C:\Users\Steiner\AppData\Local\Temp\proxy_util_w32.dll
C:\Users\Steiner\AppData\Local\Temp\readSTILog.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-14 10:03
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-04-15 18:58:34
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST1000DM rev.CC4B 931.51GB
Running: Gmer-19357.exe; Driver: C:\Users\Steiner\AppData\Local\Temp\fglirfoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077081401 2 bytes JMP 7677b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2452] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077081419 2 bytes JMP 7677b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077081431 2 bytes JMP 767f8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007708144a 2 bytes CALL 767548ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2452] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000770814dd 2 bytes JMP 767f87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000770814f5 2 bytes JMP 767f8978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2452] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007708150d 2 bytes JMP 767f8698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077081525 2 bytes JMP 767f8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007708153d 2 bytes JMP 7676fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2452] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077081555 2 bytes JMP 767768ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007708156d 2 bytes JMP 767f8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077081585 2 bytes JMP 767f8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2452] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007708159d 2 bytes JMP 767f865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000770815b5 2 bytes JMP 7676fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000770815cd 2 bytes JMP 7677b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000770816b2 2 bytes JMP 767f8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000770816bd 2 bytes JMP 767f85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Steiner\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077081401 2 bytes JMP 7677b21b C:\Windows\syswow64\kernel32.dll
.text C:\Users\Steiner\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3216] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077081419 2 bytes JMP 7677b346 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Steiner\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077081431 2 bytes JMP 767f8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Steiner\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007708144a 2 bytes CALL 767548ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Users\Steiner\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3216] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000770814dd 2 bytes JMP 767f87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Steiner\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000770814f5 2 bytes JMP 767f8978 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Steiner\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3216] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007708150d 2 bytes JMP 767f8698 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Steiner\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077081525 2 bytes JMP 767f8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Steiner\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007708153d 2 bytes JMP 7676fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Steiner\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3216] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077081555 2 bytes JMP 767768ef C:\Windows\syswow64\kernel32.dll
.text C:\Users\Steiner\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007708156d 2 bytes JMP 767f8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Steiner\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077081585 2 bytes JMP 767f8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Steiner\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3216] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007708159d 2 bytes JMP 767f865c C:\Windows\syswow64\kernel32.dll
.text C:\Users\Steiner\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000770815b5 2 bytes JMP 7676fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Steiner\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000770815cd 2 bytes JMP 7677b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Users\Steiner\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000770816b2 2 bytes JMP 767f8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Steiner\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000770816bd 2 bytes JMP 767f85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Dropbox.exe[3520] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000077081401 2 bytes JMP 7677b21b C:\Windows\syswow64\kernel32.dll
.text C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Dropbox.exe[3520] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000077081419 2 bytes JMP 7677b346 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Dropbox.exe[3520] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000077081431 2 bytes JMP 767f8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Dropbox.exe[3520] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 000000007708144a 2 bytes CALL 767548ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Dropbox.exe[3520] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 00000000770814dd 2 bytes JMP 767f87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Dropbox.exe[3520] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 00000000770814f5 2 bytes JMP 767f8978 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Dropbox.exe[3520] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 000000007708150d 2 bytes JMP 767f8698 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Dropbox.exe[3520] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077081525 2 bytes JMP 767f8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Dropbox.exe[3520] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 000000007708153d 2 bytes JMP 7676fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Dropbox.exe[3520] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000077081555 2 bytes JMP 767768ef C:\Windows\syswow64\kernel32.dll
.text C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Dropbox.exe[3520] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 000000007708156d 2 bytes JMP 767f8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Dropbox.exe[3520] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000077081585 2 bytes JMP 767f8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Dropbox.exe[3520] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 000000007708159d 2 bytes JMP 767f865c C:\Windows\syswow64\kernel32.dll
.text C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Dropbox.exe[3520] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 00000000770815b5 2 bytes JMP 7676fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Dropbox.exe[3520] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 00000000770815cd 2 bytes JMP 7677b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Dropbox.exe[3520] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 00000000770816b2 2 bytes JMP 767f8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Dropbox.exe[3520] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 00000000770816bd 2 bytes JMP 767f85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[1784] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077081401 2 bytes JMP 7677b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[1784] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077081419 2 bytes JMP 7677b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[1784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077081431 2 bytes JMP 767f8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[1784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007708144a 2 bytes CALL 767548ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[1784] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000770814dd 2 bytes JMP 767f87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[1784] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000770814f5 2 bytes JMP 767f8978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[1784] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007708150d 2 bytes JMP 767f8698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[1784] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077081525 2 bytes JMP 767f8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[1784] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007708153d 2 bytes JMP 7676fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[1784] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077081555 2 bytes JMP 767768ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[1784] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007708156d 2 bytes JMP 767f8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[1784] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077081585 2 bytes JMP 767f8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[1784] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007708159d 2 bytes JMP 767f865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[1784] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000770815b5 2 bytes JMP 7676fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[1784] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000770815cd 2 bytes JMP 7677b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[1784] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000770816b2 2 bytes JMP 767f8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[1784] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000770816bd 2 bytes JMP 767f85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[3940] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077081401 2 bytes JMP 7677b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[3940] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077081419 2 bytes JMP 7677b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[3940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077081431 2 bytes JMP 767f8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[3940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007708144a 2 bytes CALL 767548ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[3940] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000770814dd 2 bytes JMP 767f87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[3940] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000770814f5 2 bytes JMP 767f8978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[3940] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007708150d 2 bytes JMP 767f8698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[3940] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077081525 2 bytes JMP 767f8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[3940] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007708153d 2 bytes JMP 7676fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[3940] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077081555 2 bytes JMP 767768ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[3940] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007708156d 2 bytes JMP 767f8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[3940] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077081585 2 bytes JMP 767f8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[3940] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007708159d 2 bytes JMP 767f865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[3940] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000770815b5 2 bytes JMP 7676fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[3940] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000770815cd 2 bytes JMP 7677b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[3940] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000770816b2 2 bytes JMP 767f8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[3940] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000770816bd 2 bytes JMP 767f85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077a31398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077a3143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077a31594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077a3191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077a31bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077a31d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077a31edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077a31fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077a327b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077a327d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077a3282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077a32898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077a32d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077a32d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000077a3323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000077a333c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077a33a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077a33ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077a33b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077a34190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077a34241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077a342b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077a343f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077a34434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 0000000077a345d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 0000000077a346d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077a34a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077a34b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077a34c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077a34d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077a34ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077a34ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077a350f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077a352f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077a353f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 0000000077a355e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077a364d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 0000000077a3668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 0000000077a3687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 0000000077a368bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077a368d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 0000000077a3692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077a37166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077a37dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077a37e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077a81380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077a81500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a81530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a81650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077a81700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a81d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077a81f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a827e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000754d13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000754d146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000754d16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000754d19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000754d19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3056] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000754d1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077a31398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077a3143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077a31594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077a3191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077a31bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077a31d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077a31edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077a31fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077a327b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077a327d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077a3282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077a32898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077a32d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077a32d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000077a3323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000077a333c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077a33a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077a33ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077a33b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077a34190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077a34241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077a342b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077a343f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077a34434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 0000000077a345d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 0000000077a346d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077a34a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077a34b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077a34c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077a34d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077a34ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077a34ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077a350f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077a352f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077a353f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 0000000077a355e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077a364d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 0000000077a3668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 0000000077a3687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 0000000077a368bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077a368d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 0000000077a3692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077a37166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077a37dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077a37e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077a81380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077a81500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a81530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a81650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077a81700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a81d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077a81f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a827e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000754d13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000754d146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000754d16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000754d19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000754d19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4244] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000754d1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077a31398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077a3143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077a31594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077a3191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077a31bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077a31d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077a31edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077a31fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077a327b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077a327d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077a3282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077a32898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077a32d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077a32d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000077a3323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000077a333c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077a33a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077a33ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077a33b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077a34190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077a34241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077a342b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077a343f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077a34434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 0000000077a345d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 0000000077a346d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077a34a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077a34b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077a34c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077a34d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077a34ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077a34ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077a350f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077a352f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077a353f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 0000000077a355e4 8 bytes [0D, F0, AD, BA, DE, C0
|
|
15.04.2015, 21:29
| #5 |
| | Trojaner von Kaspersky nicht gelöscht Forsetzung meiner Anfrage / Seite – 81 bis schluss Guten Tag! In Windows 7 löscht Kaspersky den Trojaner Trojan Win32 Agent qt nicht. Wie kann ich ihn löschen? Ist dieser Trojaner gefährlich? Hat er mit folgendem Problem zu tun? Ich habe vor paar Tagen ein Mail erhalten, worin neben der privaten Adresse des Absenders noch stand <info@flipmailer> als Absender. Das Mail forderte den Empfänger auf, Freunde des Absenders zu werden werden. Aehnliche Mails gingen offenbar von meinem Computer aus an Adressen aus meinem Adressbuch. Vielen Dank für Ihre Hilfe zum voaus. St. Steiner [CODE]0000000077a352f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077a353f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 0000000077a355e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077a364d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 0000000077a3668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 0000000077a3687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 0000000077a368bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077a368d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 0000000077a3692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077a37166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077a37dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077a37e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077a81380 8 bytes {JMP QWORD [RIP-0x4a220]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077a81500 8 bytes {JMP QWORD [RIP-0x49cef]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a81530 8 bytes {JMP QWORD [RIP-0x4ac62]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a81650 8 bytes {JMP QWORD [RIP-0x4a80f]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077a81700 8 bytes {JMP QWORD [RIP-0x4adda]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a81d30 8 bytes {JMP QWORD [RIP-0x49edf]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077a81f80 8 bytes {JMP QWORD [RIP-0x4a1b5]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a827e0 8 bytes {JMP QWORD [RIP-0x4ab13]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000754d13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000754d146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000754d16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000754d19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000754d19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3420] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000754d1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077a31398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077a3143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077a31594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077a3191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077a31bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077a31d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077a31edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077a31fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077a327b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077a327d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077a3282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077a32898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077a32d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077a32d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000077a3323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000077a333c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077a33a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077a33ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077a33b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077a34190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077a34241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077a342b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077a343f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077a34434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 0000000077a345d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 0000000077a346d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077a34a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077a34b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077a34c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077a34d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077a34ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077a34ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077a350f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077a352f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077a353f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 0000000077a355e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077a364d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 0000000077a3668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 0000000077a3687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 0000000077a368bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077a368d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 0000000077a3692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077a37166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077a37dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077a37e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077a81380 8 bytes {JMP QWORD [RIP-0x4a220]} .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077a81500 8 bytes {JMP QWORD [RIP-0x49cef]} .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a81530 8 bytes {JMP QWORD [RIP-0x4ac62]} .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a81650 8 bytes {JMP QWORD [RIP-0x4a80f]} .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077a81700 8 bytes {JMP QWORD [RIP-0x4adda]} .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a81d30 8 bytes {JMP QWORD [RIP-0x49edf]} .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077a81f80 8 bytes {JMP QWORD [RIP-0x4a1b5]} .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a827e0 8 bytes {JMP QWORD [RIP-0x4ab13]} .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000754d13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000754d146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000754d16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000754d19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000754d19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[3484] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000754d1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077a31398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077a3143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077a31594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077a3191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077a31bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077a31d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077a31edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077a31fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077a327b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077a327d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077a3282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077a32898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077a32d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077a32d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000077a3323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000077a333c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077a33a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077a33ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077a33b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077a34190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077a34241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077a342b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077a343f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077a34434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 0000000077a345d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 0000000077a346d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077a34a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077a34b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077a34c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077a34d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077a34ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077a34ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077a350f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077a352f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077a353f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 0000000077a355e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077a364d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 0000000077a3668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 0000000077a3687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 0000000077a368bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077a368d4 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 0000000077a3692c 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077a37166 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077a37dd1 8 bytes [10, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077a37e57 8 bytes [00, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077a81380 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077a81500 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a81530 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a81650 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077a81700 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a81d30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077a81f80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a827e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000754d13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000754d146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000754d16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000754d19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000754d19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[6248] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000754d1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077a31398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077a3143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077a31594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077a3191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077a31bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077a31d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077a31edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077a31fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077a327b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077a327d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077a3282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077a32898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077a32d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077a32d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000077a3323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000077a333c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077a33a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077a33ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077a33b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077a34190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077a34241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077a342b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077a343f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077a34434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 0000000077a345d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 0000000077a346d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077a34a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077a34b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077a34c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077a34d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077a34ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077a34ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077a350f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077a352f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077a353f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 0000000077a355e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077a364d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 0000000077a3668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 0000000077a3687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 0000000077a368bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077a368d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 0000000077a3692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077a37166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077a37dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077a37e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077a81380 8 bytes {JMP QWORD [RIP-0x4a220]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077a81500 8 bytes {JMP QWORD [RIP-0x49cef]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a81530 8 bytes {JMP QWORD [RIP-0x4ac62]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a81650 8 bytes {JMP QWORD [RIP-0x4a80f]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077a81700 8 bytes {JMP QWORD [RIP-0x4adda]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a81d30 8 bytes {JMP QWORD [RIP-0x49edf]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077a81f80 8 bytes {JMP QWORD [RIP-0x4a1b5]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a827e0 8 bytes {JMP QWORD [RIP-0x4ab13]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000754d13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000754d146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000754d16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000754d19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000754d19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000754d1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077081401 2 bytes JMP 7677b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077081419 2 bytes JMP 7677b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077081431 2 bytes JMP 767f8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007708144a 2 bytes CALL 767548ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000770814dd 2 bytes JMP 767f87a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000770814f5 2 bytes JMP 767f8978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007708150d 2 bytes JMP 767f8698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077081525 2 bytes JMP 767f8a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007708153d 2 bytes JMP 7676fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077081555 2 bytes JMP 767768ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007708156d 2 bytes JMP 767f8f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077081585 2 bytes JMP 767f8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007708159d 2 bytes JMP 767f865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000770815b5 2 bytes JMP 7676fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000770815cd 2 bytes JMP 7677b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000770816b2 2 bytes JMP 767f8e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6280] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000770816bd 2 bytes JMP 767f85f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077a31398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077a3143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077a31594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077a3191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077a31bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077a31d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077a31edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077a31fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077a327b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077a327d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077a3282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077a32898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077a32d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077a32d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000077a3323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000077a333c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077a33a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077a33ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077a33b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077a34190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077a34241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077a342b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077a343f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077a34434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 0000000077a345d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 0000000077a346d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077a34a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077a34b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077a34c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077a34d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077a34ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077a34ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077a350f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077a352f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077a353f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 0000000077a355e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077a364d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 0000000077a3668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 0000000077a3687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 0000000077a368bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077a368d4 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 0000000077a3692c 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077a37166 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077a37dd1 8 bytes [10, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077a37e57 8 bytes [00, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077a81380 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077a81500 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a81530 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a81650 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077a81700 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a81d30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077a81f80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a827e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000754d13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000754d146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000754d16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000754d19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000754d19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[7828] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000754d1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077a31398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077a3143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077a31594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077a3191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077a31bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077a31d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077a31edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077a31fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077a327b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077a327d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077a3282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077a32898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077a32d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077a32d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... |
|
15.04.2015, 21:30
| #6 |
| | Trojaner von Kaspersky nicht gelöscht Forsetzung meiner Anfrage / Seite – 81 bis schluss 2 Guten Tag! In Windows 7 löscht Kaspersky den Trojaner Trojan Win32 Agent qt nicht. Wie kann ich ihn löschen? Ist dieser Trojaner gefährlich? Hat er mit folgendem Problem zu tun? Ich habe vor paar Tagen ein Mail erhalten, worin neben der privaten Adresse des Absenders noch stand <info@flipmailer> als Absender. Das Mail forderte den Empfänger auf, Freunde des Absenders zu werden werden. Aehnliche Mails gingen offenbar von meinem Computer aus an Adressen aus meinem Adressbuch. Vielen Dank für Ihre Hilfe zum voaus. St. Steiner * 2 .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000077a3323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000077a333c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077a33a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077a33ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077a33b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077a34190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077a34241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077a342b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077a343f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077a34434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 0000000077a345d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 0000000077a346d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077a34a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077a34b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077a34c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077a34d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077a34ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077a34ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077a350f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077a352f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077a353f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 0000000077a355e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077a364d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 0000000077a3668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 0000000077a3687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 0000000077a368bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077a368d4 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 0000000077a3692c 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077a37166 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077a37dd1 8 bytes [10, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077a37e57 8 bytes [00, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077a81380 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077a81500 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a81530 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a81650 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077a81700 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a81d30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077a81f80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a827e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000754d13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000754d146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000754d16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000754d19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000754d19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe[8592] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000754d1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077a31398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077a3143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077a31594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077a3191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077a31bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077a31d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077a31edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077a31fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077a327b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077a327d2 8 bytes {JMP 0x10} .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077a3282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077a32898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077a32d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077a32d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000077a3323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000077a333c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077a33a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077a33ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077a33b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077a34190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077a34241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077a342b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077a343f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077a34434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 0000000077a345d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 0000000077a346d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077a34a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077a34b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077a34c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077a34d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077a34ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077a34ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077a350f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077a352f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077a353f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 0000000077a355e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077a364d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 0000000077a3668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 0000000077a3687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 0000000077a368bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077a368d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 0000000077a3692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077a37166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077a37dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077a37e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077a81380 8 bytes {JMP QWORD [RIP-0x4a220]} .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077a81500 8 bytes {JMP QWORD [RIP-0x49cef]} .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a81530 8 bytes {JMP QWORD [RIP-0x4ac62]} .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a81650 8 bytes {JMP QWORD [RIP-0x4a80f]} .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077a81700 8 bytes {JMP QWORD [RIP-0x4adda]} .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a81d30 8 bytes {JMP QWORD [RIP-0x49edf]} .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077a81f80 8 bytes {JMP QWORD [RIP-0x4a1b5]} .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a827e0 8 bytes {JMP QWORD [RIP-0x4ab13]} .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000754d13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000754d146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000754d16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000754d19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000754d19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Steiner\Downloads\Gmer-19357.exe[7808] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000754d1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ---- Processes - GMER 2.1 ---- Library c:\users\steiner\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6_glup.dll (*** suspicious ***) @ C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Dropbox.exe [3520](2015-04-15 07:53:24) 00000000032a0000 Library C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Dropbox.exe [3520] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:24) 0000000062b30000 Library C:\Users\Steiner\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Dropbox.exe [3520] (ICU I18N DLL/The ICU Project)(2015-03-04 21:45:30) 000000004a900000 Library C:\Users\Steiner\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Dropbox.exe [3520] (ICU Common DLL/The ICU Project)(2015-03-04 21:45:30) 0000000005ea0000 Library C:\Users\Steiner\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Dropbox.exe [3520] (ICU Data DLL/The ICU Project)(2015-03-04 21:45:30) 000000004ad00000 Library C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Dropbox.exe [3520] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 0000000062530000 Library C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Dropbox.exe [3520] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000062240000 Library C:\Users\Steiner\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Dropbox.exe [3520](2015-03-04 21:45:30) 0000000062180000 Library C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Dropbox.exe [3520] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000061fa0000 Library C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Dropbox.exe [3520] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000060fb0000 Library C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Dropbox.exe [3520] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000060d90000 Library C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Dropbox.exe [3520] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000060b30000 Library C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Dropbox.exe [3520] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000060b00000 Library C:\Users\Steiner\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Dropbox.exe [3520](2015-03-04 21:45:30) 0000000060af0000 Library C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Dropbox.exe [3520] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 0000000060980000 Library C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Dropbox.exe [3520] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000060940000 Library C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Dropbox.exe [3520] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 00000000608f0000 Library C:\Users\Steiner\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Dropbox.exe [3520](2015-03-04 21:45:30) 0000000060790000 Library C:\Users\Steiner\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\Steiner\AppData\Roaming\Dropbox\bin\Dropbox.exe [3520](2015-03-04 21:45:30) 0000000060750000 Library C:\Users\Steiner\AppData\Local\Temp\_MEI40562\python27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1784] (Python Core/Python Software Foundation)(2015-04-15 07:53:03) 000000001e000000 Library C:\Users\Steiner\AppData\Local\Temp\_MEI40562\win32api.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1784](2015-04-15 07:53:03) 000000001e8c0000 Library C:\Users\Steiner\AppData\Local\Temp\_MEI40562\pywintypes27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1784](2015-04-15 07:53:03) 000000001e7a0000 Library C:\Users\Steiner\AppData\Local\Temp\_MEI40562\pythoncom27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1784](2015-04-15 07:53:02) 0000000000270000 Library C:\Users\Steiner\AppData\Local\Temp\_MEI40562\_socket.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1784](2015-04-15 07:53:03) 0000000000240000 Library C:\Users\Steiner\AppData\Local\Temp\_MEI40562\_ssl.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1784](2015-04-15 07:53:03) 0000000010000000 Library C:\Users\Steiner\AppData\Local\Temp\_MEI40562\win32com.shell.shell.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1784](2015-04-15 07:53:03) 000000001e800000 Library C:\Users\Steiner\AppData\Local\Temp\_MEI40562\_hashlib.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1784](2015-04-15 07:53:03) 0000000000490000 Library C:\Users\Steiner\AppData\Local\Temp\_MEI40562\wx._core_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1784](2015-04-15 07:53:02) 0000000003180000 Library C:\Users\Steiner\AppData\Local\Temp\_MEI40562\wxbase294u_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1784] (wxWidgets for MSW/wxWidgets development team)(2015-04-15 07:53:03) 00000000032b0000 Library C:\Users\Steiner\AppData\Local\Temp\_MEI40562\wxbase294u_net_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1784] (wxWidgets for MSW/wxWidgets development team)(2015-04-15 07:53:03) 0000000000380000 Library C:\Users\Steiner\AppData\Local\Temp\_MEI40562\wxmsw294u_core_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1784] (wxWidgets for MSW/wxWidgets development team)(2015-04-15 07:53:03) 00000000034a0000 Library C:\Users\Steiner\AppData\Local\Temp\_MEI40562\wxmsw294u_adv_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1784] (wxWidgets for MSW/wxWidgets development team)(2015-04-15 07:53:03) 0000000003940000 Library C:\Users\Steiner\AppData\Local\Temp\_MEI40562\wx._gdi_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1784](2015-04-15 07:53:03) 0000000004280000 Library C:\Users\Steiner\AppData\Local\Temp\_MEI40562\wx._windows_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1784](2015-04-15 07:53:03) 0000000004350000 Library C:\Users\Steiner\AppData\Local\Temp\_MEI40562\wxmsw294u_html_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1784] (wxWidgets for MSW/wxWidgets development team)(2015-04-15 07:53:03) 0000000004420000 Library C:\Users\Steiner\AppData\Local\Temp\_MEI40562\wx._controls_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1784](2015-04-15 07:53:03) 00000000046e0000 Library C:\Users\Steiner\AppData\Local\Temp\_MEI40562\wx._misc_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1784](2015-04-15 07:53:02) 00000000047f0000 Library C:\Users\Steiner\AppData\Local\Temp\_MEI40562\_elementtree.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1784](2015-04-15 07:53:03) 000000001d100000 Library C:\Users\Steiner\AppData\Local\Temp\_MEI40562\pyexpat.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1784](2015-04-15 07:53:03) 0000000000570000 Library C:\Users\Steiner\AppData\Local\Temp\_MEI40562\pysqlite2._sqlite.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1784](2015-04-15 07:53:03) 00000000044c0000 Library C:\Users\Steiner\AppData\Local\Temp\_MEI40562\_ctypes.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1784](2015-04-15 07:53:03) 000000001d1a0000 Library C:\Users\Steiner\AppData\Local\Temp\_MEI40562\win32file.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1784](2015-04-15 07:53:03) 000000001ea10000 Library C:\Users\Steiner\AppData\Local\Temp\_MEI40562\win32security.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1784](2015-04-15 07:53:03) 000000001ec80000 Library C:\Users\Steiner\AppData\Local\Temp\_MEI40562\hashobjs_ext.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1784](2015-04-15 07:53:03) 00000000005a0000 Library C:\Users\Steiner\AppData\Local\Temp\_MEI40562\win32gui.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1784](2015-04-15 07:53:03) 000000001ea40000 Library C:\Users\Steiner\AppData\Local\Temp\_MEI40562\win32event.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1784](2015-04-15 07:53:03) 000000001e9b0000 Library C:\Users\Steiner\AppData\Local\Temp\_MEI40562\win32inet.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1784](2015-04-15 07:53:03) 000000001eaa0000 Library C:\Users\Steiner\AppData\Local\Temp\_MEI40562\win32crypt.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1784](2015-04-15 07:53:02) 000000001e980000 Library C:\Users\Steiner\AppData\Local\Temp\_MEI40562\wx._html2.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1784](2015-04-15 07:53:03) 0000000002210000 Library C:\Users\Steiner\AppData\Local\Temp\_MEI40562\wxmsw294u_webview_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1784] (wxWidgets for MSW/wxWidgets development team)(2015-04-15 07:53:03) 00000000023a0000 Library C:\Users\Steiner\AppData\Local\Temp\_MEI40562\_multiprocessing.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1784](2015-04-15 07:53:03) 0000000002280000 Library C:\Users\Steiner\AppData\Local\Temp\_MEI40562\win32process.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1784](2015-04-15 07:53:02) 000000001ebf0000 Library C:\Users\Steiner\AppData\Local\Temp\_MEI40562\unicodedata.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1784](2015-04-15 07:53:03) 0000000005a80000 Library C:\Users\Steiner\AppData\Local\Temp\_MEI40562\wx._wizard.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1784](2015-04-15 07:53:02) 00000000023c0000 Library C:\Users\Steiner\AppData\Local\Temp\_MEI40562\win32pipe.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1784](2015-04-15 07:53:03) 000000001eb90000 Library C:\Users\Steiner\AppData\Local\Temp\_MEI40562\win32pdh.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1784](2015-04-15 07:53:03) 000000001eb60000 Library C:\Users\Steiner\AppData\Local\Temp\_MEI40562\select.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1784](2015-04-15 07:53:03) 0000000002400000 Library C:\Users\Steiner\AppData\Local\Temp\_MEI40562\win32profile.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1784](2015-04-15 07:53:03) 000000001ec20000 Library C:\Users\Steiner\AppData\Local\Temp\_MEI40562\win32ts.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1784](2015-04-15 07:53:02) 000000001ed40000 Library C:\Users\Steiner\AppData\Local\Temp\_MEI40562\wx._animate.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1784](2015-04-15 07:53:02) 0000000002420000 ---- EOF - GMER 2.1 ----[/CODE] Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 15.04.2015 Suchlauf-Zeit: 20:28:01 Logdatei: Malwarebytes Bedrohungssuchlauf Quarantäne.txt Administrator: Ja Version: 2.01.4.1018 Malware Datenbank: v2015.04.15.07 Rootkit Datenbank: v2015.03.31.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: ******* Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 375485 Verstrichene Zeit: 23 Min, 8 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 19 PUP.Optional.Vosteran, HKLM\SOFTWARE\CLASSES\APPID\{4CB3598A-82E8-4D1F-983F-061238AE696E}, In Quarantäne, [855e29433a5015215a9be851fe050af6], PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{4CB3598A-82E8-4D1F-983F-061238AE696E}, In Quarantäne, [855e29433a5015215a9be851fe050af6], PUP.Optional.Vosteran, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{4CB3598A-82E8-4D1F-983F-061238AE696E}, In Quarantäne, [855e29433a5015215a9be851fe050af6], PUP.Optional.Vosteran.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\Vosteran.AL7WY5AFFKPOXQSQ7W2JLHF424, In Quarantäne, [974c23496c1e0e285614d1fd649fea16], PUP.Optional.Vosteran.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\oilkkkefbalmbfppgjmgjoefbclebkce, In Quarantäne, [9d4695d7e6a4e94db6ca6e659d66cc34], PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\sweet-pageSoftware, In Quarantäne, [e6fde983fe8cab8b154b1129db2a956b], PUP.Optional.Vosteran.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\Vosteran.AL7WY5AFFKPOXQSQ7W2JLHF424, In Quarantäne, [f9ead09c7b0ff046c0aad1fd5ca70cf4], PUP.Optional.Vosteran.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\oilkkkefbalmbfppgjmgjoefbclebkce, In Quarantäne, [954e1b5121693afc7709c70ce91a6c94], PUP.Optional.InstallCore.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLCORE\WSE_Vosteran, In Quarantäne, [e9fa3a32becc8babdd9cfae306fd01ff], PUP.Optional.Vosteran.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\MEDIAPLAYER\SHIMINCLUSIONLIST\vosteran.exe, In Quarantäne, [d40ffd6f6921c76feadf2a9fb053768a], PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WSE_Vosteran, In Quarantäne, [845f501c13772d09bc76c7116b98b14f], PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, In Quarantäne, [7073e587f595b77f694c68724db6837d], PUP.Optional.Vosteran.A, HKU\S-1-5-21-2167322945-2733738748-3786458674-1000\SOFTWARE\Vosteran Browser, In Quarantäne, [c61d6804bfcb42f4e1753c942ad9c53b], PUP.Optional.Vosteran.A, HKU\S-1-5-21-2167322945-2733738748-3786458674-1000\SOFTWARE\wse_vosteran, In Quarantäne, [61820369652523131145a8280bf8ff01], PUP.Optional.Vosteran.A, HKU\S-1-5-21-2167322945-2733738748-3786458674-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\oilkkkefbalmbfppgjmgjoefbclebkce, In Quarantäne, [6a792a42d2b8191d5e238152e61d2ed2], PUP.Optional.InstallCore.A, HKU\S-1-5-21-2167322945-2733738748-3786458674-1000\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [875c303cfc8eee48eb5261af3dc729d7], PUP.Optional.InstallCore.A, HKU\S-1-5-21-2167322945-2733738748-3786458674-1000\SOFTWARE\INSTALLCORE, In Quarantäne, [875cc5a7c6c4e6504dc25cca36cf6898], PUP.Optional.FastStart.A, HKU\S-1-5-21-2167322945-2733738748-3786458674-1000\SOFTWARE\MOZILLA\EXTENDS, In Quarantäne, [4f94b9b3612941f5194604de7f8432ce], PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\sweet-page uninstall, In Quarantäne, [eaf9402c2e5c7cba2087e4c4679ce31d], Registrierungswerte: 14 PUP.Optional.Vosteran.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_frmr_14_51_ff&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0E0ByEyD0FtC0A0CyE0DtN0D0Tzu0StCtDzzyDtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyByC0F0Dzy0EtC0EtGtD0A0FtDtGyByB0DyDtGtBzz0AyCtGtDtD0ByCyE0FtAyDyDyEtByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0Dzy0DtByD0BtAtGtDtA0FyBtGyEyBzz0CtGzztA0A0FtGyDyDyB0ByDyCzytB0A0EyEzz2Q&cr=1993718045&ir=, In Quarantäne, [d90a610b6624c86e907cc29259ac25db] PUP.Optional.Vosteran.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_frmr_14_51_ff&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0E0ByEyD0FtC0A0CyE0DtN0D0Tzu0StCtDzzyDtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyByC0F0Dzy0EtC0EtGtD0A0FtDtGyByB0DyDtGtBzz0AyCtGtDtD0ByCyE0FtAyDyDyEtByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0Dzy0DtByD0BtAtGtDtA0FyBtGyEyBzz0CtGzztA0A0FtGyDyDyB0ByDyCzytB0A0EyEzz2Q&cr=1993718045&ir=, In Quarantäne, [ab389cd0cdbded490903c98b53b234cc] PUP.Optional.Vosteran.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconPath, C:\Program Files (x86)\WSE_Vosteran\\FavIcon.ico, In Quarantäne, [13d0c7a5ee9c58de858781d3986d51af] PUP.Optional.Vosteran.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Vosteran, In Quarantäne, [0ed5d39918722e08ff0dbb990ef7837d] PUP.Optional.Vosteran.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Vosteran, In Quarantäne, [43a0303c93f73600ad5fe37148bdc43c] PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Vosteran\\, In Quarantäne, [11d22745b5d50b2bb9951d3258ad59a7] PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\m93z6qw9.default-1418573547687\extensions\faststartff@gmail.com, In Quarantäne, [746fd6962e5cbb7b4e2972d20ef76898] PUP.Optional.InstallCore.A, HKU\S-1-5-21-2167322945-2733738748-3786458674-1000\SOFTWARE\INSTALLCORE|tb, 0V1D1S1R1D0V1O, In Quarantäne, [875cc5a7c6c4e6504dc25cca36cf6898] PUP.Optional.Vosteran.A, HKU\S-1-5-21-2167322945-2733738748-3786458674-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_frmr_14_51_ff&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0E0ByEyD0FtC0A0CyE0DtN0D0Tzu0StCtDzzyDtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyByC0F0Dzy0EtC0EtGtD0A0FtDtGyByB0DyDtGtBzz0AyCtGtDtD0ByCyE0FtAyDyDyEtByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0Dzy0DtByD0BtAtGtDtA0FyBtGyEyBzz0CtGzztA0A0FtGyDyDyB0ByDyCzytB0A0EyEzz2Q&cr=1993718045&ir=, In Quarantäne, [8f54a1cbc6c40e287e8d6ee6d03548b8] PUP.Optional.Vosteran.A, HKU\S-1-5-21-2167322945-2733738748-3786458674-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_frmr_14_51_ff&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0E0ByEyD0FtC0A0CyE0DtN0D0Tzu0StCtDzzyDtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyByC0F0Dzy0EtC0EtGtD0A0FtDtGyByB0DyDtGtBzz0AyCtGtDtD0ByCyE0FtAyDyDyEtByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0Dzy0DtByD0BtAtGtDtA0FyBtGyEyBzz0CtGzztA0A0FtGyDyDyB0ByDyCzytB0A0EyEzz2Q&cr=1993718045&ir=, In Quarantäne, [5d86650733575dd99f6c7dd77c89cb35] PUP.Optional.Vosteran.A, HKU\S-1-5-21-2167322945-2733738748-3786458674-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconPath, C:\Program Files (x86)\WSE_Vosteran\\FavIcon.ico, In Quarantäne, [5c873e2ee3a751e56f9cdc789a6bf50b] PUP.Optional.Vosteran.A, HKU\S-1-5-21-2167322945-2733738748-3786458674-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Vosteran, In Quarantäne, [a63d04686723a4925daef262eb1a817f] PUP.Optional.Vosteran.A, HKU\S-1-5-21-2167322945-2733738748-3786458674-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Vosteran, In Quarantäne, [fee56ffd94f6092dc744aba9ab5a3dc3] PUP.Optional.FastStart.A, HKU\S-1-5-21-2167322945-2733738748-3786458674-1000\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, In Quarantäne, [4f94b9b3612941f5194604de7f8432ce] Registrierungsdaten: 14 PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.sweet-page.com/web/?type=ds&ts=1419177336&from=cor&uid=ST1000DM003-9YN162_Z1D2BML6XXXXZ1D2BML6&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1419177336&from=cor&uid=ST1000DM003-9YN162_Z1D2BML6XXXXZ1D2BML6&q={searchTerms}),Ersetzt,[6e7584e8dfab75c1abe735cee42227d9] PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.sweet-page.com/?type=hp&ts=1419177336&from=cor&uid=ST1000DM003-9YN162_Z1D2BML6XXXXZ1D2BML6, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/?type=hp&ts=1419177336&from=cor&uid=ST1000DM003-9YN162_Z1D2BML6XXXXZ1D2BML6),Ersetzt,[f2f166066f1b96a0227048bbbe48619f] PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.sweet-page.com/?type=hp&ts=1419177336&from=cor&uid=ST1000DM003-9YN162_Z1D2BML6XXXXZ1D2BML6, Gut: (www.google.com), Schlecht: (hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.sweet-page.com/?type=hp&ts=1419177336&from=cor&uid=ST1000DM003-9YN162_Z1D2BML6XXXXZ1D2BML6),Ersetzt,[e9fa5913d4b6a690ddb50df645c141bf] PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.sweet-page.com/web/?type=ds&ts=1419177336&from=cor&uid=ST1000DM003-9YN162_Z1D2BML6XXXXZ1D2BML6&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1419177336&from=cor&uid=ST1000DM003-9YN162_Z1D2BML6XXXXZ1D2BML6&q={searchTerms}),Ersetzt,[9c47294354360a2ce6acdc27fa0ce719] PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[2eb57cf01b6fa3936dcba3600ff7ff01] PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.sweet-page.com/web/?type=ds&ts=1419177336&from=cor&uid=ST1000DM003-9YN162_Z1D2BML6XXXXZ1D2BML6&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1419177336&from=cor&uid=ST1000DM003-9YN162_Z1D2BML6XXXXZ1D2BML6&q={searchTerms}),Ersetzt,[be255d0fc3c74cea96fc08fb47bf2dd3] PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.sweet-page.com/?type=hp&ts=1419177336&from=cor&uid=ST1000DM003-9YN162_Z1D2BML6XXXXZ1D2BML6, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/?type=hp&ts=1419177336&from=cor&uid=ST1000DM003-9YN162_Z1D2BML6XXXXZ1D2BML6),Ersetzt,[6b783537e5a5270fbad80bf859ad4bb5] PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.sweet-page.com/?type=hp&ts=1419177336&from=cor&uid=ST1000DM003-9YN162_Z1D2BML6XXXXZ1D2BML6, Gut: (www.google.com), Schlecht: (hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.sweet-page.com/?type=hp&ts=1419177336&from=cor&uid=ST1000DM003-9YN162_Z1D2BML6XXXXZ1D2BML6),Ersetzt,[865dfb7103874aecaee444bf778fd22e] PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.sweet-page.com/web/?type=ds&ts=1419177336&from=cor&uid=ST1000DM003-9YN162_Z1D2BML6XXXXZ1D2BML6&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1419177336&from=cor&uid=ST1000DM003-9YN162_Z1D2BML6XXXXZ1D2BML6&q={searchTerms}),Ersetzt,[30b32349dab069cdd9b99b688f779868] PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[f9eaec80a1e9dd5987b148bbf2148977] PUP.Optional.SweetPage.A, HKU\S-1-5-21-2167322945-2733738748-3786458674-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.sweet-page.com/?type=hp&ts=1419177336&from=cor&uid=ST1000DM003-9YN162_Z1D2BML6XXXXZ1D2BML6, Gut: (www.google.com), Schlecht: (hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.sweet-page.com/?type=hp&ts=1419177336&from=cor&uid=ST1000DM003-9YN162_Z1D2BML6XXXXZ1D2BML6),Ersetzt,[d50ef97391f95bdb8708fb088284e719] PUP.Optional.SweetPage.A, HKU\S-1-5-21-2167322945-2733738748-3786458674-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.sweet-page.com/?type=hp&ts=1419177336&from=cor&uid=ST1000DM003-9YN162_Z1D2BML6XXXXZ1D2BML6, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/?type=hp&ts=1419177336&from=cor&uid=ST1000DM003-9YN162_Z1D2BML6XXXXZ1D2BML6),Ersetzt,[de0577f59af07eb81d72f60d27df27d9] PUP.Optional.SweetPage.A, HKU\S-1-5-21-2167322945-2733738748-3786458674-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.sweet-page.com/web/?type=ds&ts=1419177336&from=cor&uid=ST1000DM003-9YN162_Z1D2BML6XXXXZ1D2BML6&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1419177336&from=cor&uid=ST1000DM003-9YN162_Z1D2BML6XXXXZ1D2BML6&q={searchTerms}),Ersetzt,[489b87e5d4b639fd0d82966d41c5f808] PUP.Optional.SweetPage.A, HKU\S-1-5-21-2167322945-2733738748-3786458674-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.sweet-page.com/web/?type=ds&ts=1419177336&from=cor&uid=ST1000DM003-9YN162_Z1D2BML6XXXXZ1D2BML6&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1419177336&from=cor&uid=ST1000DM003-9YN162_Z1D2BML6XXXXZ1D2BML6&q={searchTerms}),Ersetzt,[cd16c0ac038740f6dab510f35ea8a15f] Ordner: 13 Rogue.Multiple, C:\ProgramData\2355320829, In Quarantäne, [756e1755810932045efd205cea19f60a], PUP.Optional.SpeedTest.A, C:\Users\*******\AppData\Roaming\speedtest4354, In Quarantäne, [be25fc70187290a6473a365750b3cd33], PUP.Optional.SimilarSites.A, C:\Users\*******\AppData\Roaming\SimilarSites, In Quarantäne, [edf6aebecebcb5814574dbb7cd36e21e], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, In Quarantäne, [845fa6c6fc8e181e54639609a85ba957], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, In Quarantäne, [845fa6c6fc8e181e54639609a85ba957], PUP.Optional.SweetPage.A, C:\Users\*******\AppData\Roaming\sweet-page, In Quarantäne, [eaf9402c2e5c7cba2087e4c4679ce31d], PUP.Optional.SweetPage.A, C:\Users\*******\AppData\Roaming\sweet-page\images, In Quarantäne, [eaf9402c2e5c7cba2087e4c4679ce31d], PUP.Optional.SweetPage.A, C:\Users\*******\AppData\Roaming\sweet-page\images\code, In Quarantäne, [eaf9402c2e5c7cba2087e4c4679ce31d], PUP.Optional.Vosteran.A, C:\Program Files (x86)\WSE_Vosteran, In Quarantäne, [52918ddf89016acc05777f3005feac54], PUP.Optional.Vosteran.A, C:\Program Files (x86)\WSE_Vosteran\bh, In Quarantäne, [52918ddf89016acc05777f3005feac54], PUP.Optional.Vosteran.A, C:\Users\*******\AppData\Roaming\WSE_Vosteran, In Quarantäne, [14cf1953c2c82214c3ddb6f98182b44c], PUP.Optional.Vosteran.A, C:\Users\*******\AppData\Roaming\WSE_Vosteran\icons_3.6.10.7, In Quarantäne, [14cf1953c2c82214c3ddb6f98182b44c], PUP.Optional.Vosteran.A, C:\Users\*******\AppData\Roaming\WSE_Vosteran\UpdateProc, In Quarantäne, [14cf1953c2c82214c3ddb6f98182b44c], Dateien: 41 PUP.Optional.InstallCore, C:\Users\*******\AppData\Roaming\0F1F1C2Y1H1P1C0I0T\XMedia Recode Packages\uninstaller.exe, In Quarantäne, [9053c8a4fc8e3afcb44a8ac941c1f30d], PUP.Optional.SweetPage.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\sweet-page.xml, In Quarantäne, [02e1cf9db0da7db94f10c77345c0fe02], PUP.Optional.Vosteran.A, C:\Windows\Tasks\WSE_Vosteran.job, In Quarantäne, [5b88145836542e082675d07df90c1de3], PUP.Optional.SpeedTest.A, C:\Users\*******\AppData\Roaming\speedtest4354\speedtest4354.crx, In Quarantäne, [be25fc70187290a6473a365750b3cd33], PUP.Optional.SpeedTest.A, C:\Users\*******\AppData\Roaming\speedtest4354\speedtest4354.xpi, In Quarantäne, [be25fc70187290a6473a365750b3cd33], PUP.Optional.SweetPage.A, C:\Users\*******\AppData\Roaming\sweet-page\conf.ini, In Quarantäne, [eaf9402c2e5c7cba2087e4c4679ce31d], PUP.Optional.SweetPage.A, C:\Users\*******\AppData\Roaming\sweet-page\MessageBox.xml, In Quarantäne, [eaf9402c2e5c7cba2087e4c4679ce31d], PUP.Optional.SweetPage.A, C:\Users\*******\AppData\Roaming\sweet-page\un.ini, In Quarantäne, [eaf9402c2e5c7cba2087e4c4679ce31d], PUP.Optional.SweetPage.A, C:\Users\*******\AppData\Roaming\sweet-page\uninstallDlg2.xml, In Quarantäne, [eaf9402c2e5c7cba2087e4c4679ce31d], PUP.Optional.SweetPage.A, C:\Users\*******\AppData\Roaming\sweet-page\UninstallManager.exe, In Quarantäne, [eaf9402c2e5c7cba2087e4c4679ce31d], PUP.Optional.SweetPage.A, C:\Users\*******\AppData\Roaming\sweet-page\images\bg.png, In Quarantäne, [eaf9402c2e5c7cba2087e4c4679ce31d], PUP.Optional.SweetPage.A, C:\Users\*******\AppData\Roaming\sweet-page\images\bg1.png, In Quarantäne, [eaf9402c2e5c7cba2087e4c4679ce31d], PUP.Optional.SweetPage.A, C:\Users\*******\AppData\Roaming\sweet-page\images\bk_shadow.png, In Quarantäne, [eaf9402c2e5c7cba2087e4c4679ce31d], PUP.Optional.SweetPage.A, C:\Users\*******\AppData\Roaming\sweet-page\images\button.png, In Quarantäne, [eaf9402c2e5c7cba2087e4c4679ce31d], PUP.Optional.SweetPage.A, C:\Users\*******\AppData\Roaming\sweet-page\images\button1.png, In Quarantäne, [eaf9402c2e5c7cba2087e4c4679ce31d], PUP.Optional.SweetPage.A, C:\Users\*******\AppData\Roaming\sweet-page\images\checkbox.png, In Quarantäne, [eaf9402c2e5c7cba2087e4c4679ce31d], PUP.Optional.SweetPage.A, C:\Users\*******\AppData\Roaming\sweet-page\images\checkbox_select.png, In Quarantäne, [eaf9402c2e5c7cba2087e4c4679ce31d], PUP.Optional.SweetPage.A, C:\Users\*******\AppData\Roaming\sweet-page\images\checked.png, In Quarantäne, [eaf9402c2e5c7cba2087e4c4679ce31d], PUP.Optional.SweetPage.A, C:\Users\*******\AppData\Roaming\sweet-page\images\close.png, In Quarantäne, [eaf9402c2e5c7cba2087e4c4679ce31d], PUP.Optional.SweetPage.A, C:\Users\*******\AppData\Roaming\sweet-page\images\loading_bg.png, In Quarantäne, [eaf9402c2e5c7cba2087e4c4679ce31d], PUP.Optional.SweetPage.A, C:\Users\*******\AppData\Roaming\sweet-page\images\loading_light.png, In Quarantäne, [eaf9402c2e5c7cba2087e4c4679ce31d], PUP.Optional.SweetPage.A, C:\Users\*******\AppData\Roaming\sweet-page\images\min.png, In Quarantäne, [eaf9402c2e5c7cba2087e4c4679ce31d], PUP.Optional.SweetPage.A, C:\Users\*******\AppData\Roaming\sweet-page\images\scrollbar.bmp, In Quarantäne, [eaf9402c2e5c7cba2087e4c4679ce31d], PUP.Optional.SweetPage.A, C:\Users\*******\AppData\Roaming\sweet-page\images\Thumbs.db, In Quarantäne, [eaf9402c2e5c7cba2087e4c4679ce31d], PUP.Optional.SweetPage.A, C:\Users\*******\AppData\Roaming\sweet-page\images\unchecked.png, In Quarantäne, [eaf9402c2e5c7cba2087e4c4679ce31d], PUP.Optional.SweetPage.A, C:\Users\*******\AppData\Roaming\sweet-page\images\code\code1.jpg, In Quarantäne, [eaf9402c2e5c7cba2087e4c4679ce31d], PUP.Optional.SweetPage.A, C:\Users\*******\AppData\Roaming\sweet-page\images\code\code2.jpg, In Quarantäne, [eaf9402c2e5c7cba2087e4c4679ce31d], PUP.Optional.SweetPage.A, C:\Users\*******\AppData\Roaming\sweet-page\images\code\code3.jpg, In Quarantäne, [eaf9402c2e5c7cba2087e4c4679ce31d], PUP.Optional.SweetPage.A, C:\Users\*******\AppData\Roaming\sweet-page\images\code\code4.jpg, In Quarantäne, [eaf9402c2e5c7cba2087e4c4679ce31d], PUP.Optional.SweetPage.A, C:\Users\*******\AppData\Roaming\sweet-page\images\code\code5.jpg, In Quarantäne, [eaf9402c2e5c7cba2087e4c4679ce31d], PUP.Optional.SweetPage.A, C:\Users\*******\AppData\Roaming\sweet-page\images\code\code6.jpg, In Quarantäne, [eaf9402c2e5c7cba2087e4c4679ce31d], PUP.Optional.SweetPage.A, C:\Users\*******\AppData\Roaming\sweet-page\images\code\Thumbs.db, In Quarantäne, [eaf9402c2e5c7cba2087e4c4679ce31d], PUP.Optional.Vosteran.A, C:\Program Files (x86)\WSE_Vosteran\astcnfg.dat, In Quarantäne, [52918ddf89016acc05777f3005feac54], PUP.Optional.Vosteran.A, C:\Program Files (x86)\WSE_Vosteran\FavIcon.ico, In Quarantäne, [52918ddf89016acc05777f3005feac54], PUP.Optional.Vosteran.A, C:\Program Files (x86)\WSE_Vosteran\Sqlite3.dll, In Quarantäne, [52918ddf89016acc05777f3005feac54], PUP.Optional.Vosteran.A, C:\Program Files (x86)\WSE_Vosteran\uninst.dat, In Quarantäne, [52918ddf89016acc05777f3005feac54], PUP.Optional.Vosteran.A, C:\Program Files (x86)\WSE_Vosteran\uninstall.exe, In Quarantäne, [52918ddf89016acc05777f3005feac54], PUP.Optional.Vosteran.A, C:\Users\*******\AppData\Roaming\WSE_Vosteran\UpdateProc\config.dat, In Quarantäne, [14cf1953c2c82214c3ddb6f98182b44c], PUP.Optional.Vosteran.A, C:\Users\*******\AppData\Roaming\WSE_Vosteran\UpdateProc\info.dat, In Quarantäne, [14cf1953c2c82214c3ddb6f98182b44c], PUP.Optional.Vosteran.A, C:\Users\*******\AppData\Roaming\WSE_Vosteran\UpdateProc\STTL.DAT, In Quarantäne, [14cf1953c2c82214c3ddb6f98182b44c], PUP.Optional.Vosteran.A, C:\Users\*******\AppData\Roaming\WSE_Vosteran\UpdateProc\TTL.DAT, In Quarantäne, [14cf1953c2c82214c3ddb6f98182b44c], Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end)[/CODE |
|
15.04.2015, 23:58
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner von Kaspersky nicht gelöscht Hi, hab alle Themen zusammengeführt. Pro Posting ein neues Thema ist sinnfrei und kontraproduktiv. Achte in Zukunft darauf und darauf, dass alle Logs in CODE-Tags gepostet sind. Außerdem bitte ich darum, das Log von Kaspersky mit dem Fund nachzureichen. Schließlich beziehst du dich darauf und machst es zum Thema in deiner Überschrift.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
24.04.2015, 11:08
| #8 |
| | Trojaner Das Problem hat sich gelöst. Vielen Dank! Stemalex |
|
24.04.2015, 11:20
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner von Kaspersky nicht gelöscht Naja, von allein löst sich das nicht. Wurde das betroffene System neu aufgesetzt?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.04.2015, 11:26
| #10 |
| | Trojaner Ich habe den Kaspersky nochmals über alles laufen lassen und auch mit Malwarebytes geprüft. Meldungen über unsinnige Mails an Freunde sind auch keine mehr rausgegangen. Woran könnte ich dann noch erkennen, das etwas nicht stimmt? Mfg Stemalex |
|
24.04.2015, 11:35
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner von Kaspersky nicht gelöscht Eigentlich solltest du ja erstmal meiner Bitte, die Logs von Kaspersky (und MBAM) zu posten, nachkommen...
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.04.2015, 14:29
| #12 |
| | Trojaner Wo fiinde ich diese Logs von Kaspersky? |
|
24.04.2015, 14:34
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner von Kaspersky nicht gelöscht Musst du dich durch das Programm mal wühlen...wir haben hier nur für die gängigsten Virenscanner bebilderte Anleitung. Lies notfalls das Handbuch zur Software.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.04.2015, 14:43
| #14 |
| | Trojaner von Kaspersky nicht gelöscht Danke für den Hinweis. Ich melde mich in einer Woche nach meinem Urlauf wieder. |
|
24.04.2015, 15:04
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner von Kaspersky nicht gelöscht Tu das gute Erholung.Aber: ab nächsten Freitag bin ich nicht mehr da...
__________________ Logfiles bitte immer in CODE-Tags posten |
|
Linear-Darstellung
