Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 21.02.2013, 22:45   #1
fantie
 
Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de) - Standard

Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de)



Habe heute eine Email von o.g. Absender bekommen mit einer Rechnung als ZIP-Datei. War über den Rechnungsbetrag so entsetzt, dass ich den Anhang ohne zu überlegen geöffnet habe.
Datei ließ sich aber nicht öffnen. Microsoft Security Essentials zeigt jetzt dauernd an, dass die Bedrohung entfernt wurde und keine weiteren Aktionen notwendig sind. Fundort file:C:\Users\Ralph\AppData\Local\Temp\{11377-4BF4E8-4BF8E8}. Ist mein Computer jetzt wieder in Ordnung?

Alt 21.02.2013, 23:08   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de) - Standard

Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de)



Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________

__________________

Alt 22.02.2013, 17:32   #3
fantie
 
Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de) - Standard

Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de)



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 22.02.2013 18:06:55 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Acer\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,19 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 55,49% Memory free
6,37 Gb Paging File | 4,82 Gb Available in Paging File | 75,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 293,33 Gb Total Space | 215,35 Gb Free Space | 73,41% Space Free | Partition Type: NTFS
Drive D: | 293,08 Gb Total Space | 215,70 Gb Free Space | 73,60% Space Free | Partition Type: NTFS
 
Computer Name: ACER-PC | User Name:*********** Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Acer\Downloads\OTL(5).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Ralph\AppData\Roaming\Kuev\hyemo.exe ()
PRC - C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
PRC - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\ba39e27ea796912fce296963622dfbae\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\12630df9abc4ebf7ff67de989b8e8123\System.Configuration.Install.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\ddbbfda715843c275166d3867d28e67a\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a0445401f2473a1aa4b66c9c0791c7f6\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\c1b67737c13c99776cde5989ec2885c8\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\dcb0e7d56ffca14d7c483103235b11ad\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e7b4706dfe18f29486dbaf5d35e01765\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\9071f089ab65d518d1bd7e8fa857a95f\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\Ralph\AppData\Roaming\Kuev\hyemo.exe ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (cpuz135) -- D:\treiber und software\pc-wizard_2012.2.0\pcwiz_x64.sys (CPUID)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Acer\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = hxxp://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&userid=EB_USER_ID&ctid=CT2625848&SSPV=TB_IESB21
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE 58 79 58 C7 4B CD 01  [binary data]
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Acer\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.iminent.com/?appId=e6f5e873-ec9d-47a6-bce3-eaaef6f74c75&lcid=1031&ref=homepage
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1003\..\SearchScopes,DefaultScope = {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1003\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = hxxp://search.iminent.com/?appId=e6f5e873-ec9d-47a6-bce3-eaaef6f74c75&lcid=1031&ref=toolbox&q={searchTerms}
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..CT2625848.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.selectedEngine: "DVDVideoSoftTB DE Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2625848&SearchSource=13&CUI=SB_CUI"
FF - prefs.js..extensions.enabledAddons: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}:10.13.40.15
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.02.11 19:34:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.02 10:59:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.06.19 12:13:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\mozilla\Extensions
[2013.02.22 17:21:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\ghp7knlq.default\extensions
[2012.12.25 16:04:17 | 000,000,000 | ---D | M] (DVDVideoSoftTB DE) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\ghp7knlq.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
[2012.12.25 16:04:28 | 000,001,064 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\mozilla\firefox\profiles\ghp7knlq.default\searchplugins\dvdvideosofttb-de-customized-web-search.xml
[2012.06.17 16:42:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.08.02 10:59:12 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.14 23:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Acer\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Acer\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-370788336-4045942230-824405379-1000\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-370788336-4045942230-824405379-1003\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1000..\Run: [ASRockIES]  File not found
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1000..\Run: [ASRockOCTuner]  File not found
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1003..\Run: [ljyrunnu] C:\Users\Ralph\AppData\Local\Temp\Llrn\fezqkunnu.exe ()
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1003..\Run: [mhwxelle] C:\Users\Ralph\AppData\Local\Temp\Gepy\pgkymfwelle.exe ()
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1003..\Run: [mixerd] C:\Users\Ralph\AppData\Roaming\mixerd.exe ()
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1003..\Run: [Vekiuwule] C:\Users\Ralph\AppData\Roaming\Kuev\hyemo.exe ()
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_Plugin.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{342748DA-103B-4BD7-9A8D-3A3A35BED687}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0DF9C30-4BA1-41D0-A66F-25C127C5BBFF}: DhcpNameServer = 193.189.244.225 193.189.244.206
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.22 17:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013.02.22 17:42:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.02.22 17:42:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.02.22 17:25:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.02.22 17:25:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.02.18 19:55:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.18 19:55:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.02.18 19:55:03 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.02.14 16:40:43 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.14 16:40:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.14 16:40:42 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.14 16:40:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.14 16:40:41 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.14 16:40:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.14 16:40:41 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.14 16:40:41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.14 16:40:40 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.14 16:40:40 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.14 16:40:40 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.14 16:40:40 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.14 16:40:38 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.14 16:40:38 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.14 16:40:38 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.14 15:53:43 | 005,500,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.14 15:53:41 | 003,957,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.14 15:53:41 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.14 15:53:33 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013.02.14 15:53:33 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.02.14 15:53:33 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013.02.14 15:53:33 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.02.14 15:53:33 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.14 15:53:32 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.02.14 15:53:32 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.14 15:53:32 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.02.14 15:53:32 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.14 15:53:32 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.14 15:53:32 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.14 15:53:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.02.14 15:53:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.02.14 15:53:31 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013.02.14 15:53:31 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.02.14 15:53:31 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.02.14 15:53:31 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.02.14 15:53:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.02.14 15:53:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.02.14 15:53:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.02.14 15:53:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.02.14 15:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.02.14 15:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.02.14 15:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.02.14 15:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.02.14 15:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.02.14 15:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.02.14 15:53:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.02.14 15:53:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.02.14 15:53:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.02.14 15:53:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.02.14 15:53:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.02.14 15:53:29 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.02.14 15:53:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.02.14 15:53:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.02.14 15:53:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.02.14 15:53:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.02.14 15:53:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.02.14 15:53:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.02.14 15:53:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.02.14 15:53:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.02.14 15:53:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.14 15:53:25 | 000,287,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.11 19:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013.02.11 19:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013.02.06 20:26:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.02.06 20:24:09 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.06 20:24:04 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.06 20:24:04 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.06 20:24:04 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.22 17:42:54 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.02.22 17:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.22 17:14:25 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.22 17:14:25 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.22 17:09:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.22 17:09:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2013.02.22 17:09:13 | 2566,365,184 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.14 16:50:45 | 000,376,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.14 16:43:33 | 001,518,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.14 16:43:33 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.14 16:43:33 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.14 16:43:33 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.14 16:43:33 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.11 21:23:02 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.11 19:38:27 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.11 19:38:26 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.06 20:23:58 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.06 20:23:55 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.06 20:23:55 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.06 20:23:55 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.06 20:23:54 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013.02.06 20:23:54 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
 
========== Files Created - No Company Name ==========
 
[2013.02.22 17:42:54 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.02.22 17:42:54 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012.06.17 17:04:16 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.17 12:45:41 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.06.17 12:45:41 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012.01.18 05:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 05:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 05:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.02.11 19:34:32 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\DVDVideoSoft
[2013.02.11 19:34:04 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.06.16 16:54:55 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Foxit Software
[2012.06.16 16:55:32 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Iminent
[2012.08.15 13:29:16 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Lexware
[2012.06.16 16:57:15 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\MAGIX
[2012.06.16 15:33:49 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\OpenOffice.org
[2012.07.05 13:04:27 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\PhotoScape
[2013.01.22 13:53:44 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\DVDVideoSoft
[2012.07.10 14:04:19 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Foxit Software
[2012.06.16 17:57:24 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Iminent
[2012.08.17 18:06:39 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Lexware
[2012.12.03 12:31:09 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\MAGIX
[2012.06.17 15:58:35 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\OpenOffice.org
[2012.08.03 14:00:08 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\PhotoScape
[2013.02.22 09:45:34 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Bafeyz
[2012.12.25 16:11:14 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\DVDVideoSoft
[2013.02.02 20:09:58 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\FILEminimizerPictures
[2012.07.28 14:04:23 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Foxit Software
[2012.06.16 17:56:48 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Iminent
[2013.02.22 13:16:32 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Ipidy
[2013.02.22 09:45:34 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Kuev
[2012.08.16 07:49:29 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Lexware
[2012.06.20 21:01:07 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\MAGIX
[2012.06.17 14:06:15 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\OpenOffice.org
[2012.08.07 19:08:56 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\PhotoScape
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 22.02.2013 18:48:55 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Acer\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,19 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 47,59% Memory free
6,37 Gb Paging File | 4,62 Gb Available in Paging File | 72,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 293,33 Gb Total Space | 215,34 Gb Free Space | 73,41% Space Free | Partition Type: NTFS
Drive D: | 293,08 Gb Total Space | 215,70 Gb Free Space | 73,60% Space Free | Partition Type: NTFS
 
Computer Name: ACER-PC | User Name: Acer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-370788336-4045942230-824405379-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Users\Ralph\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0102FE8B-254B-40D5-9D7F-FFC79D9A0423}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{030F8F94-1BFC-4060-B0D7-9773B22D9D9C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{1B5B6CBA-3A90-4582-9089-F332C8F7FB5E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1F2191F4-8B8C-40A1-BDD4-D0210C5644B1}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1FE81CE1-7D45-4863-977E-4F56A59BD922}" = rport=138 | protocol=17 | dir=out | app=system | 
"{23343BD9-7F28-4BD8-9B71-2DA5DF98FC99}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2C4D9537-42B2-41A0-A540-F00B0D478D8B}" = rport=139 | protocol=6 | dir=out | app=system | 
"{45D77A20-079E-4CFF-95E3-F6D531B2357A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{546471DB-116B-43F9-8C9A-163D9F3AA182}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7567F652-9642-4F0D-A27E-2117E02113AF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{76D5E7E9-1522-4AE1-92CB-1100F719D8E1}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{843E6327-1BF1-4E4C-8F24-243078861A89}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9443823F-99D8-4B01-9AF7-2EA257236E53}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{AD60B028-B1C7-4E0C-8499-0745BF8593DD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CE666B1D-2997-4481-86C3-5BB39A866F68}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E10A967C-2CAA-4ED0-B532-69ABC9164691}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E31E9FBF-DC08-4056-A755-048C26749213}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E48E4404-CA9B-4B50-82FB-643DEE564E48}" = lport=445 | protocol=6 | dir=in | app=system | 
"{EC738DD2-8E7D-4443-A517-AC4466EA61AD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FB9D9FA6-1CB2-4F28-8A0B-927DD02375A8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FBF73F83-EE14-4ED0-AB08-60D4603159D8}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C929B62-EBAD-447B-9C10-8EE1ED7176DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1050FC65-D7E4-4740-96BB-F7271D20570D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{15514EFE-1234-438D-9616-022E5B0FA596}" = protocol=6 | dir=out | app=system | 
"{1B8B3054-CA7B-40B5-8469-FE9BC55449CD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{254870A2-465F-4720-920A-CF8CEA628189}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{385D6BCB-099E-45C4-9A3E-FC0369EF956A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{40ECCEF8-F147-45C1-AAD7-8F25512F5E60}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{471EA1DA-DEB0-496E-A84D-07EF756AEE5B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{4CDFB222-B31A-47B9-AF5E-9C578BE429A4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4D4309E0-5886-4C60-BE07-978110C24B06}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5AE6AA16-D4F1-4B21-AA9A-A264CBAE9171}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{640DB87C-F0F9-4803-B308-67B4C0924A30}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6ECB6A22-94E7-4442-BFFD-145EDC05B7CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8A7177CD-FD0E-4F8A-9752-7DD435895C44}" = dir=in | app=c:\program files (x86)\iminent\iminent.exe | 
"{8E2ED69D-9376-4CF0-AAA2-00E2E7418A7B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{940ACFE7-2CCF-4EF1-9D4B-8E2DFEBE5942}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A0EE29E8-5CB4-4F91-9D09-B48E99E5CA72}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AF4876BD-911B-4FF7-BE80-47D7C62ED40B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{B27E2BD6-5348-4737-82CC-B68B71C28D57}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B47FC13D-21E4-42A2-9645-D7FE79D25A78}" = dir=in | app=c:\program files (x86)\iminent\iminent.messengers.exe | 
"{BBB45D23-12FA-4993-8E08-4C2F27B488A3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{BEA9861C-F3C7-477A-97AA-00DE0008C104}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C551BFB8-DD01-4C9D-9975-BA57C1D86103}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CFE55414-B6AD-4AD9-A7CE-9A7AD5B33B15}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DBAB3F01-A59E-4E15-AAEE-2181323F5650}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DDDBD26D-603D-435A-B7E0-B19B67CF8562}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E70B622F-ED5E-4409-8070-9FD5C136F25D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EF4A51AB-00CD-4F06-9C08-887B215F84CD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"TCP Query User{CC4739AF-8724-4CD0-B8F5-DE4AA2DCC808}C:\users\ralph\appdata\roaming\kuev\hyemo.exe" = protocol=6 | dir=in | app=c:\users\ralph\appdata\roaming\kuev\hyemo.exe | 
"UDP Query User{BEFDAACB-2D02-4E1F-9904-6E9D3D83D832}C:\users\ralph\appdata\roaming\kuev\hyemo.exe" = protocol=17 | dir=in | app=c:\users\ralph\appdata\roaming\kuev\hyemo.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FE89496-456F-4689-9FFE-41AA127B70B3}" = MAGIX Music Maker Silver
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{39AF5C9F-9673-438F-BBF9-47690B989F7F}" = QuickSteuer 2012
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}" = IMinent Toolbar
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D366D527-EE72-42C2-80BC-531BB30D924A}" = MAGIX Photo Manager 10
"{E3CDAAD3-F806-4F2A-BACF-487AD2E5B3EB}" = QuickSteuer 2011
"{E80714D0-951E-4B4F-8716-F24C9CCC27C9}" = CK Gruß- und Einladungskarten Designer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F7538994-FA9A-41AC-A390-808A6E26B971}" = MAGIX Screenshare
"{F7CF0E9A-D48B-4942-9537-259ED0568DF4}" = Iminent
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASRock IES_is1" = ASRock IES v2.0.8
"ASRock OC Tuner_is1" = ASRock OC Tuner v2.2.93
"FILEminimizer Pictures_is1" = FILEminimizer Pictures
"Foxit Reader_is1" = Foxit Reader
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"IMBoosterARP" = Iminent
"MAGIX_MSI_Foto_Manager_10" = MAGIX Photo Manager 10
"MAGIX_MSI_mm17_silver" = MAGIX Music Maker Silver
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PhotoCardMaker_is1" = PhotoCardMaker 1.0.2
"PhotoScape" = PhotoScape
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CT2625848" = DVDVideoSoftTB DE Toolbar
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-370788336-4045942230-824405379-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.02.2013 12:15:45 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
 Zeitstempel: 0x5000b729  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00a7000a  ID des fehlerhaften
 Prozesses: 0xf44  Startzeit der fehlerhaften Anwendung: 0x01ce1117de6f4cf7  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: unknown  Berichtskennung: 1c4214ec-7d0b-11e2-baf8-002522e80768
 
Error - 22.02.2013 12:17:05 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
 Zeitstempel: 0x5000b729  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x05a3000a  ID des fehlerhaften
 Prozesses: 0xb70  Startzeit der fehlerhaften Anwendung: 0x01ce11180d832bdc  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: unknown  Berichtskennung: 4c122797-7d0b-11e2-baf8-002522e80768
 
Error - 22.02.2013 12:17:10 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
 Zeitstempel: 0x5000b729  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x02ca000a  ID des fehlerhaften
 Prozesses: 0xb64  Startzeit der fehlerhaften Anwendung: 0x01ce111810def1d0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: unknown  Berichtskennung: 4f10f0d1-7d0b-11e2-baf8-002522e80768
 
Error - 22.02.2013 12:28:17 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
 Zeitstempel: 0x5000b729  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00b5000a  ID des fehlerhaften
 Prozesses: 0x11a8  Startzeit der fehlerhaften Anwendung: 0x01ce11199df657c6  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: unknown  Berichtskennung: dcab4275-7d0c-11e2-baf8-002522e80768
 
Error - 22.02.2013 12:29:07 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
 Zeitstempel: 0x5000b729  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x04d3000a  ID des fehlerhaften
 Prozesses: 0x268  Startzeit der fehlerhaften Anwendung: 0x01ce1119bac42b6f  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: unknown  Berichtskennung: fa45f386-7d0c-11e2-baf8-002522e80768
 
Error - 22.02.2013 12:31:39 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
 Zeitstempel: 0x5000b729  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x030e000a  ID des fehlerhaften
 Prozesses: 0x102c  Startzeit der fehlerhaften Anwendung: 0x01ce111a144a3601  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: unknown  Berichtskennung: 551241ae-7d0d-11e2-baf8-002522e80768
 
Error - 22.02.2013 12:35:03 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
 Zeitstempel: 0x5000b729  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x04d2000a  ID des fehlerhaften
 Prozesses: 0x474  Startzeit der fehlerhaften Anwendung: 0x01ce111a8eeb9623  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: unknown  Berichtskennung: cea8e0a1-7d0d-11e2-baf8-002522e80768
 
Error - 22.02.2013 12:57:20 | Computer Name = Acer-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 14.0.1.4577 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 12b8    Startzeit:
 01ce111b04790e01    Endzeit: 130    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 e30db135-7d10-11e2-baf8-002522e80768  
 
Error - 22.02.2013 12:58:26 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
 Zeitstempel: 0x5000b729  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x04ed000a  ID des fehlerhaften
 Prozesses: 0xc50  Startzeit der fehlerhaften Anwendung: 0x01ce111dd404eb4d  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: unknown  Berichtskennung: 12562a52-7d11-11e2-baf8-002522e80768
 
Error - 22.02.2013 13:04:42 | Computer Name = Acer-PC | Source = Application Hang | ID = 1002
Description = Programm OTL(4).exe, Version 3.2.69.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: aa4    Startzeit: 
01ce111e01eb7d3b    Endzeit: 4    Anwendungspfad: C:\Users\Acer\Downloads\OTL(4).exe    Berichts-ID:
   
 
[ System Events ]
Error - 26.09.2012 11:36:46 | Computer Name = Acer-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 26.09.2012 11:36:47 | Computer Name = Acer-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 24.10.2012 15:29:58 | Computer Name = Acer-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst lmhosts erreicht.
 
Error - 17.11.2012 15:06:09 | Computer Name = Acer-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.139.2168.0     Aktualisierungsquelle: 
%%859     Aktualisierungsphase: %%854     Quellpfad: Microsoft Deutschland | Geräte und Dienste     Signaturtyp: 
%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8904.0     Fehlercode: 0x80070643     Fehlerbeschreibung: Schwerwiegender
 Fehler bei der Installation. 
 
Error - 17.11.2012 15:06:14 | Computer Name = Acer-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Definitionsupdate für Microsoft Security Essentials
 – KB2310138 (Definition 1.139.2310.0)
 
Error - 17.11.2012 15:06:56 | Computer Name = Acer-PC | Source = WMPNetworkSvc | ID = 866333
Description = 
 
Error - 25.11.2012 14:07:26 | Computer Name = Acer-PC | Source = WMPNetworkSvc | ID = 866333
Description = 
 
Error - 03.12.2012 13:28:32 | Computer Name = Acer-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 03.12.2012 13:28:41 | Computer Name = Acer-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 03.12.2012 13:29:41 | Computer Name = Acer-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Apple Mobile Device" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
 ist fehlgeschlagen. Fehler:   %%1056
 
 
< End of report >
         
--- --- ---

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 22.02.2013 18:48:55 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Acer\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,19 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 47,59% Memory free
6,37 Gb Paging File | 4,62 Gb Available in Paging File | 72,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 293,33 Gb Total Space | 215,34 Gb Free Space | 73,41% Space Free | Partition Type: NTFS
Drive D: | 293,08 Gb Total Space | 215,70 Gb Free Space | 73,60% Space Free | Partition Type: NTFS
 
Computer Name: ACER-PC | User Name: Acer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-370788336-4045942230-824405379-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Users\Ralph\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0102FE8B-254B-40D5-9D7F-FFC79D9A0423}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{030F8F94-1BFC-4060-B0D7-9773B22D9D9C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{1B5B6CBA-3A90-4582-9089-F332C8F7FB5E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1F2191F4-8B8C-40A1-BDD4-D0210C5644B1}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1FE81CE1-7D45-4863-977E-4F56A59BD922}" = rport=138 | protocol=17 | dir=out | app=system | 
"{23343BD9-7F28-4BD8-9B71-2DA5DF98FC99}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2C4D9537-42B2-41A0-A540-F00B0D478D8B}" = rport=139 | protocol=6 | dir=out | app=system | 
"{45D77A20-079E-4CFF-95E3-F6D531B2357A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{546471DB-116B-43F9-8C9A-163D9F3AA182}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7567F652-9642-4F0D-A27E-2117E02113AF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{76D5E7E9-1522-4AE1-92CB-1100F719D8E1}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{843E6327-1BF1-4E4C-8F24-243078861A89}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9443823F-99D8-4B01-9AF7-2EA257236E53}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{AD60B028-B1C7-4E0C-8499-0745BF8593DD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CE666B1D-2997-4481-86C3-5BB39A866F68}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E10A967C-2CAA-4ED0-B532-69ABC9164691}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E31E9FBF-DC08-4056-A755-048C26749213}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E48E4404-CA9B-4B50-82FB-643DEE564E48}" = lport=445 | protocol=6 | dir=in | app=system | 
"{EC738DD2-8E7D-4443-A517-AC4466EA61AD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FB9D9FA6-1CB2-4F28-8A0B-927DD02375A8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FBF73F83-EE14-4ED0-AB08-60D4603159D8}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C929B62-EBAD-447B-9C10-8EE1ED7176DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1050FC65-D7E4-4740-96BB-F7271D20570D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{15514EFE-1234-438D-9616-022E5B0FA596}" = protocol=6 | dir=out | app=system | 
"{1B8B3054-CA7B-40B5-8469-FE9BC55449CD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{254870A2-465F-4720-920A-CF8CEA628189}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{385D6BCB-099E-45C4-9A3E-FC0369EF956A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{40ECCEF8-F147-45C1-AAD7-8F25512F5E60}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{471EA1DA-DEB0-496E-A84D-07EF756AEE5B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{4CDFB222-B31A-47B9-AF5E-9C578BE429A4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4D4309E0-5886-4C60-BE07-978110C24B06}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5AE6AA16-D4F1-4B21-AA9A-A264CBAE9171}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{640DB87C-F0F9-4803-B308-67B4C0924A30}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6ECB6A22-94E7-4442-BFFD-145EDC05B7CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8A7177CD-FD0E-4F8A-9752-7DD435895C44}" = dir=in | app=c:\program files (x86)\iminent\iminent.exe | 
"{8E2ED69D-9376-4CF0-AAA2-00E2E7418A7B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{940ACFE7-2CCF-4EF1-9D4B-8E2DFEBE5942}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A0EE29E8-5CB4-4F91-9D09-B48E99E5CA72}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AF4876BD-911B-4FF7-BE80-47D7C62ED40B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{B27E2BD6-5348-4737-82CC-B68B71C28D57}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B47FC13D-21E4-42A2-9645-D7FE79D25A78}" = dir=in | app=c:\program files (x86)\iminent\iminent.messengers.exe | 
"{BBB45D23-12FA-4993-8E08-4C2F27B488A3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{BEA9861C-F3C7-477A-97AA-00DE0008C104}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C551BFB8-DD01-4C9D-9975-BA57C1D86103}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CFE55414-B6AD-4AD9-A7CE-9A7AD5B33B15}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DBAB3F01-A59E-4E15-AAEE-2181323F5650}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DDDBD26D-603D-435A-B7E0-B19B67CF8562}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E70B622F-ED5E-4409-8070-9FD5C136F25D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EF4A51AB-00CD-4F06-9C08-887B215F84CD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"TCP Query User{CC4739AF-8724-4CD0-B8F5-DE4AA2DCC808}C:\users\ralph\appdata\roaming\kuev\hyemo.exe" = protocol=6 | dir=in | app=c:\users\ralph\appdata\roaming\kuev\hyemo.exe | 
"UDP Query User{BEFDAACB-2D02-4E1F-9904-6E9D3D83D832}C:\users\ralph\appdata\roaming\kuev\hyemo.exe" = protocol=17 | dir=in | app=c:\users\ralph\appdata\roaming\kuev\hyemo.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FE89496-456F-4689-9FFE-41AA127B70B3}" = MAGIX Music Maker Silver
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{39AF5C9F-9673-438F-BBF9-47690B989F7F}" = QuickSteuer 2012
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}" = IMinent Toolbar
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D366D527-EE72-42C2-80BC-531BB30D924A}" = MAGIX Photo Manager 10
"{E3CDAAD3-F806-4F2A-BACF-487AD2E5B3EB}" = QuickSteuer 2011
"{E80714D0-951E-4B4F-8716-F24C9CCC27C9}" = CK Gruß- und Einladungskarten Designer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F7538994-FA9A-41AC-A390-808A6E26B971}" = MAGIX Screenshare
"{F7CF0E9A-D48B-4942-9537-259ED0568DF4}" = Iminent
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASRock IES_is1" = ASRock IES v2.0.8
"ASRock OC Tuner_is1" = ASRock OC Tuner v2.2.93
"FILEminimizer Pictures_is1" = FILEminimizer Pictures
"Foxit Reader_is1" = Foxit Reader
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"IMBoosterARP" = Iminent
"MAGIX_MSI_Foto_Manager_10" = MAGIX Photo Manager 10
"MAGIX_MSI_mm17_silver" = MAGIX Music Maker Silver
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PhotoCardMaker_is1" = PhotoCardMaker 1.0.2
"PhotoScape" = PhotoScape
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CT2625848" = DVDVideoSoftTB DE Toolbar
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-370788336-4045942230-824405379-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.02.2013 12:15:45 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
 Zeitstempel: 0x5000b729  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00a7000a  ID des fehlerhaften
 Prozesses: 0xf44  Startzeit der fehlerhaften Anwendung: 0x01ce1117de6f4cf7  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: unknown  Berichtskennung: 1c4214ec-7d0b-11e2-baf8-002522e80768
 
Error - 22.02.2013 12:17:05 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
 Zeitstempel: 0x5000b729  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x05a3000a  ID des fehlerhaften
 Prozesses: 0xb70  Startzeit der fehlerhaften Anwendung: 0x01ce11180d832bdc  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: unknown  Berichtskennung: 4c122797-7d0b-11e2-baf8-002522e80768
 
Error - 22.02.2013 12:17:10 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
 Zeitstempel: 0x5000b729  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x02ca000a  ID des fehlerhaften
 Prozesses: 0xb64  Startzeit der fehlerhaften Anwendung: 0x01ce111810def1d0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: unknown  Berichtskennung: 4f10f0d1-7d0b-11e2-baf8-002522e80768
 
Error - 22.02.2013 12:28:17 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
 Zeitstempel: 0x5000b729  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00b5000a  ID des fehlerhaften
 Prozesses: 0x11a8  Startzeit der fehlerhaften Anwendung: 0x01ce11199df657c6  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: unknown  Berichtskennung: dcab4275-7d0c-11e2-baf8-002522e80768
 
Error - 22.02.2013 12:29:07 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
 Zeitstempel: 0x5000b729  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x04d3000a  ID des fehlerhaften
 Prozesses: 0x268  Startzeit der fehlerhaften Anwendung: 0x01ce1119bac42b6f  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: unknown  Berichtskennung: fa45f386-7d0c-11e2-baf8-002522e80768
 
Error - 22.02.2013 12:31:39 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
 Zeitstempel: 0x5000b729  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x030e000a  ID des fehlerhaften
 Prozesses: 0x102c  Startzeit der fehlerhaften Anwendung: 0x01ce111a144a3601  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: unknown  Berichtskennung: 551241ae-7d0d-11e2-baf8-002522e80768
 
Error - 22.02.2013 12:35:03 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
 Zeitstempel: 0x5000b729  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x04d2000a  ID des fehlerhaften
 Prozesses: 0x474  Startzeit der fehlerhaften Anwendung: 0x01ce111a8eeb9623  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: unknown  Berichtskennung: cea8e0a1-7d0d-11e2-baf8-002522e80768
 
Error - 22.02.2013 12:57:20 | Computer Name = Acer-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 14.0.1.4577 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 12b8    Startzeit:
 01ce111b04790e01    Endzeit: 130    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 e30db135-7d10-11e2-baf8-002522e80768  
 
Error - 22.02.2013 12:58:26 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
 Zeitstempel: 0x5000b729  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x04ed000a  ID des fehlerhaften
 Prozesses: 0xc50  Startzeit der fehlerhaften Anwendung: 0x01ce111dd404eb4d  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: unknown  Berichtskennung: 12562a52-7d11-11e2-baf8-002522e80768
 
Error - 22.02.2013 13:04:42 | Computer Name = Acer-PC | Source = Application Hang | ID = 1002
Description = Programm OTL(4).exe, Version 3.2.69.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: aa4    Startzeit: 
01ce111e01eb7d3b    Endzeit: 4    Anwendungspfad: C:\Users\Acer\Downloads\OTL(4).exe    Berichts-ID:
   
 
[ System Events ]
Error - 26.09.2012 11:36:46 | Computer Name = Acer-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 26.09.2012 11:36:47 | Computer Name = Acer-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 24.10.2012 15:29:58 | Computer Name = Acer-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst lmhosts erreicht.
 
Error - 17.11.2012 15:06:09 | Computer Name = Acer-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.139.2168.0     Aktualisierungsquelle: 
%%859     Aktualisierungsphase: %%854     Quellpfad: Microsoft Deutschland | Geräte und Dienste     Signaturtyp: 
%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8904.0     Fehlercode: 0x80070643     Fehlerbeschreibung: Schwerwiegender
 Fehler bei der Installation. 
 
Error - 17.11.2012 15:06:14 | Computer Name = Acer-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Definitionsupdate für Microsoft Security Essentials
 – KB2310138 (Definition 1.139.2310.0)
 
Error - 17.11.2012 15:06:56 | Computer Name = Acer-PC | Source = WMPNetworkSvc | ID = 866333
Description = 
 
Error - 25.11.2012 14:07:26 | Computer Name = Acer-PC | Source = WMPNetworkSvc | ID = 866333
Description = 
 
Error - 03.12.2012 13:28:32 | Computer Name = Acer-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 03.12.2012 13:28:41 | Computer Name = Acer-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 03.12.2012 13:29:41 | Computer Name = Acer-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Apple Mobile Device" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
 ist fehlgeschlagen. Fehler:   %%1056
 
 
< End of report >
         
--- --- ---
__________________

Alt 22.02.2013, 17:57   #4
fantie
 
Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de) - Standard

Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de)



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 22.02.2013 18:48:55 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Acer\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,19 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 47,59% Memory free
6,37 Gb Paging File | 4,62 Gb Available in Paging File | 72,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 293,33 Gb Total Space | 215,34 Gb Free Space | 73,41% Space Free | Partition Type: NTFS
Drive D: | 293,08 Gb Total Space | 215,70 Gb Free Space | 73,60% Space Free | Partition Type: NTFS
 
Computer Name: ACER-PC | User Name: Acer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Acer\Downloads\OTL(5).exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Ralph\AppData\Roaming\Kuev\hyemo.exe ()
PRC - C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
PRC - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\ba39e27ea796912fce296963622dfbae\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\12630df9abc4ebf7ff67de989b8e8123\System.Configuration.Install.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\ddbbfda715843c275166d3867d28e67a\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a0445401f2473a1aa4b66c9c0791c7f6\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\c1b67737c13c99776cde5989ec2885c8\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\dcb0e7d56ffca14d7c483103235b11ad\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e7b4706dfe18f29486dbaf5d35e01765\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\9071f089ab65d518d1bd7e8fa857a95f\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\Ralph\AppData\Roaming\Kuev\hyemo.exe ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (cpuz135) -- D:\treiber und software\pc-wizard_2012.2.0\pcwiz_x64.sys (CPUID)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Acer\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = hxxp://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Suche
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE 58 79 58 C7 4B CD 01  [binary data]
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Acer\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.iminent.com/?appId=e6f5e873-ec9d-47a6-bce3-eaaef6f74c75&lcid=1031&ref=homepage
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1003\..\SearchScopes,DefaultScope = {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1003\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = hxxp://search.iminent.com/?appId=e6f5e873-ec9d-47a6-bce3-eaaef6f74c75&lcid=1031&ref=toolbox&q={searchTerms}
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..CT2625848.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.selectedEngine: "DVDVideoSoftTB DE Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2625848&SearchSource=13&CUI=SB_CUI"
FF - prefs.js..extensions.enabledAddons: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}:10.13.40.15
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.02.11 19:34:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.02 10:59:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.06.19 12:13:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\mozilla\Extensions
[2013.02.22 17:21:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\ghp7knlq.default\extensions
[2012.12.25 16:04:17 | 000,000,000 | ---D | M] (DVDVideoSoftTB DE) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\ghp7knlq.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
[2012.12.25 16:04:28 | 000,001,064 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\mozilla\firefox\profiles\ghp7knlq.default\searchplugins\dvdvideosofttb-de-customized-web-search.xml
[2012.06.17 16:42:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.08.02 10:59:12 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.14 23:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Acer\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Acer\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-370788336-4045942230-824405379-1000\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-370788336-4045942230-824405379-1003\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1000..\Run: [ASRockIES]  File not found
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1000..\Run: [ASRockOCTuner]  File not found
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1003..\Run: [ljyrunnu] C:\Users\Ralph\AppData\Local\Temp\Llrn\fezqkunnu.exe ()
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1003..\Run: [mhwxelle] C:\Users\Ralph\AppData\Local\Temp\Gepy\pgkymfwelle.exe ()
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1003..\Run: [mixerd] C:\Users\Ralph\AppData\Roaming\mixerd.exe ()
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1003..\Run: [Vekiuwule] C:\Users\Ralph\AppData\Roaming\Kuev\hyemo.exe ()
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_Plugin.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{342748DA-103B-4BD7-9A8D-3A3A35BED687}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0DF9C30-4BA1-41D0-A66F-25C127C5BBFF}: DhcpNameServer = 193.189.244.225 193.189.244.206
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.22 17:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013.02.22 17:42:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.02.22 17:42:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.02.22 17:25:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.02.22 17:25:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.02.18 19:55:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.18 19:55:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.02.18 19:55:03 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.02.14 16:40:43 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.14 16:40:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.14 16:40:42 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.14 16:40:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.14 16:40:41 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.14 16:40:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.14 16:40:41 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.14 16:40:41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.14 16:40:40 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.14 16:40:40 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.14 16:40:40 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.14 16:40:40 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.14 16:40:38 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.14 16:40:38 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.14 16:40:38 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.14 15:53:43 | 005,500,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.14 15:53:41 | 003,957,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.14 15:53:41 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.14 15:53:33 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013.02.14 15:53:33 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.02.14 15:53:33 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013.02.14 15:53:33 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.02.14 15:53:33 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.14 15:53:32 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.02.14 15:53:32 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.14 15:53:32 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.02.14 15:53:32 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.14 15:53:32 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.14 15:53:32 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.14 15:53:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.02.14 15:53:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.02.14 15:53:31 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013.02.14 15:53:31 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.02.14 15:53:31 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.02.14 15:53:31 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.02.14 15:53:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.02.14 15:53:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.02.14 15:53:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.02.14 15:53:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.02.14 15:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.02.14 15:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.02.14 15:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.02.14 15:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.02.14 15:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.02.14 15:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.02.14 15:53:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.02.14 15:53:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.02.14 15:53:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.02.14 15:53:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.02.14 15:53:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.02.14 15:53:29 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.02.14 15:53:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.02.14 15:53:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.02.14 15:53:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.02.14 15:53:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.02.14 15:53:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.02.14 15:53:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.02.14 15:53:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.02.14 15:53:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.02.14 15:53:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.14 15:53:25 | 000,287,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.11 19:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013.02.11 19:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013.02.06 20:26:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.02.06 20:24:09 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.06 20:24:04 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.06 20:24:04 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.06 20:24:04 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.22 18:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.22 17:42:54 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.02.22 17:14:25 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.22 17:14:25 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.22 17:09:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.22 17:09:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2013.02.22 17:09:13 | 2566,365,184 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.14 16:50:45 | 000,376,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.14 16:43:33 | 001,518,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.14 16:43:33 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.14 16:43:33 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.14 16:43:33 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.14 16:43:33 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.11 21:23:02 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.11 19:38:27 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.11 19:38:26 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.06 20:23:58 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.06 20:23:55 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.06 20:23:55 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.06 20:23:55 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.06 20:23:54 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013.02.06 20:23:54 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
 
========== Files Created - No Company Name ==========
 
[2013.02.22 17:42:54 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.02.22 17:42:54 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012.06.17 17:04:16 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.17 12:45:41 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.06.17 12:45:41 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012.01.18 05:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 05:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 05:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.02.11 19:34:32 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\DVDVideoSoft
[2013.02.11 19:34:04 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.06.16 16:54:55 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Foxit Software
[2012.06.16 16:55:32 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Iminent
[2012.08.15 13:29:16 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Lexware
[2012.06.16 16:57:15 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\MAGIX
[2012.06.16 15:33:49 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\OpenOffice.org
[2012.07.05 13:04:27 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\PhotoScape
[2013.01.22 13:53:44 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\DVDVideoSoft
[2012.07.10 14:04:19 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Foxit Software
[2012.06.16 17:57:24 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Iminent
[2012.08.17 18:06:39 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Lexware
[2012.12.03 12:31:09 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\MAGIX
[2012.06.17 15:58:35 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\OpenOffice.org
[2012.08.03 14:00:08 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\PhotoScape
[2013.02.22 09:45:34 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Bafeyz
[2012.12.25 16:11:14 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\DVDVideoSoft
[2013.02.02 20:09:58 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\FILEminimizerPictures
[2012.07.28 14:04:23 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Foxit Software
[2012.06.16 17:56:48 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Iminent
[2013.02.22 13:16:32 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Ipidy
[2013.02.22 09:45:34 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Kuev
[2012.08.16 07:49:29 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Lexware
[2012.06.20 21:01:07 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\MAGIX
[2012.06.17 14:06:15 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\OpenOffice.org
[2012.08.07 19:08:56 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\PhotoScape
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


Sorry, falls ich etwas doppelt gemacht habe, bin leider nur Buchhalterin und computertechnisch nicht so bewandert. Ist keine böse Absicht

Alt 22.02.2013, 21:51   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de) - Standard

Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de)



Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?



Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus.

Anleitung MBAR:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.02.2013, 23:43   #6
fantie
 
Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de) - Standard

Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de)



Vielen Dankk für deine schnelle Antwort. Es handelt sich um meinen privaten Computer zu Hause.
Habe im Moment Probleme mit Modzilla Firefox. Kann nur im abgesicherten Modus arbeiten.
Beim Starten des Computers erscheint jetzt immer eine Fehlermeldung:

fezqkunnu.exe Anwendungsfehler: Die Anwendung konnte nicht korrekt gestartet werden
(0xc0000018). Klicken Sie auf "OK", um die Anwendung zu schließen:

Alt 23.02.2013, 00:00   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de) - Standard

Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de)



Zitat:
fezqkunnu.exe Anwendungsfehler: Die Anwendung konnte nicht korrekt gestartet werden
(0xc0000018). Klicken Sie auf "OK", um die Anwendung zu schließen:
Und? Schön, ist Teil des Problems, was ist mit den weiteren Logs von GMER und MBAR?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.02.2013, 01:43   #8
fantie
 
Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de) - Standard

Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de)



---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000770208ac 4 bytes [68, 93, 5C, 17]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 00000000770208b1 1 byte [C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007703260d 6 bytes [68, D6, FC, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007703c4aa 6 bytes [68, BE, 5D, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077042a93 6 bytes [68, 1C, FD, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077064170 6 bytes [68, 62, FD, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007706e6b5 6 bytes [68, A8, FD, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000074e832f2 6 bytes [68, 27, 60, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000074e8734e 6 bytes [68, E6, 5F, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetDC 0000000076177246 4 bytes [68, FA, B0, 16]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetDC + 5 000000007617724b 1 byte [C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007617730e 6 bytes [68, 78, B1, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000761779d8 4 bytes [68, 39, B1, 16]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000761779dd 1 byte [C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076177d79 6 bytes [68, 2C, B8, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076177e92 6 bytes [68, 37, 5B, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007617811b 6 bytes [68, 5F, 5B, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076178bd6 6 bytes [68, DA, FF, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076179ed3 6 bytes [68, 74, 00, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007617dd6d 6 bytes [68, C6, 00, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076180112 6 bytes [68, 87, 5B, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076180abb 6 bytes [68, 0C, FF, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076180e0d 6 bytes [68, 6A, 59, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076180e9a 4 bytes [68, 5F, B0, 16]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000076180e9f 1 byte [C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076180eba 4 bytes [68, EF, AF, 16]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000076180ebf 1 byte [C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076182bc7 6 bytes [68, 38, 59, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076182dbd 6 bytes [68, 98, 5A, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076182ec4 6 bytes [68, 48, 5A, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076182ed1 4 bytes [68, EE, 59, 17]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000076182ed6 1 byte [C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076183001 4 bytes [68, 9F, B0, 16]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000076183006 1 byte [C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076184b80 6 bytes [68, 27, 00, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076187af4 6 bytes [68, 55, FF, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007618808f 6 bytes [68, 37, FE, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000761881e0 6 bytes [68, C6, FE, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076188632 6 bytes [68, EE, FD, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076188807 6 bytes [68, 80, FE, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007619ed58 6 bytes [68, B2, 5B, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007619f1fe 6 bytes [68, 4B, B2, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetUpdateRect 00000000761a011b 6 bytes [68, B8, B1, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000761b97e4 6 bytes [68, B8, FC, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000761b9c8d 6 bytes [68, B1, 59, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000761b9f3b 6 bytes [68, DB, B9, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761d895b 4 bytes [68, 68, FC, 16]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 00000000761d8960 1 byte [C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 00000000764fbbdb 6 bytes [68, A4, 60, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000765314fd 6 bytes [68, 8D, 60, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000074b53bed 6 bytes [68, D4, 06, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000074b56737 6 bytes [68, E5, 02, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000074b568a7 6 bytes [68, 2D, 07, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WS2_32.dll!send 0000000074b5c4c8 6 bytes [68, 0C, 07, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000074b67133 6 bytes [68, 75, 02, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000747e12b0 6 bytes [68, 51, 5C, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000074bfc664 6 bytes [68, 76, 72, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000074bfe13a 6 bytes [68, 16, 74, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000074bff8d8 6 bytes [68, E3, 72, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000074c03184 6 bytes [68, EA, 73, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000074c25761 6 bytes [68, B8, 6F, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000074c25fef 6 bytes [68, 74, 6F, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000074c2632d 6 bytes [68, FC, 6F, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000074c2fa49 6 bytes [68, 11, 73, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000074c3f564 6 bytes [68, A6, 70, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000074c3f639 6 bytes [68, E0, 71, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000074c54f2f 6 bytes [68, 90, 73, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000074c5525a 6 bytes [68, 51, 70, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000074c9ece5 6 bytes [68, 43, 71, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000074c9edb7 6 bytes [68, 2B, 72, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000770208ac 6 bytes [68, 93, 5C, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007703260d 6 bytes [68, D6, FC, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007703c4aa 6 bytes [68, BE, 5D, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077042a93 6 bytes [68, 1C, FD, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077064170 6 bytes [68, 62, FD, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007706e6b5 6 bytes [68, A8, FD, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000074e832f2 6 bytes [68, 27, 60, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000074e8734e 6 bytes [68, E6, 5F, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetDC 0000000076177246 6 bytes [68, FA, B0, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007617730e 6 bytes [68, 78, B1, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000761779d8 6 bytes [68, 39, B1, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076177d79 6 bytes [68, 2C, B8, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076177e92 6 bytes [68, 37, 5B, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007617811b 6 bytes [68, 5F, 5B, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076178bd6 6 bytes [68, DA, FF, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076179ed3 6 bytes [68, 74, 00, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007617dd6d 6 bytes [68, C6, 00, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076180112 6 bytes [68, 87, 5B, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076180abb 6 bytes [68, 0C, FF, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076180e0d 6 bytes [68, 6A, 59, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076180e9a 6 bytes [68, 5F, B0, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076180eba 6 bytes [68, EF, AF, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076182bc7 6 bytes [68, 38, 59, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076182dbd 6 bytes [68, 98, 5A, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076182ec4 6 bytes [68, 48, 5A, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076182ed1 6 bytes [68, EE, 59, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076183001 6 bytes [68, 9F, B0, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076184b80 6 bytes [68, 27, 00, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076187af4 6 bytes [68, 55, FF, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007618808f 6 bytes [68, 37, FE, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000761881e0 6 bytes [68, C6, FE, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076188632 6 bytes [68, EE, FD, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076188807 6 bytes [68, 80, FE, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007619ed58 6 bytes [68, B2, 5B, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007619f1fe 6 bytes [68, 4B, B2, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetUpdateRect 00000000761a011b 6 bytes [68, B8, B1, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000761b97e4 6 bytes [68, B8, FC, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000761b9c8d 6 bytes [68, B1, 59, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000761b9f3b 6 bytes [68, DB, B9, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761d895b 6 bytes [68, 68, FC, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 00000000764fbbdb 6 bytes [68, A4, 60, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000765314fd 6 bytes [68, 8D, 60, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000074b53bed 6 bytes [68, D4, 06, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000074b56737 6 bytes [68, E5, 02, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000074b568a7 6 bytes [68, 2D, 07, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WS2_32.dll!send 0000000074b5c4c8 6 bytes [68, 0C, 07, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000074b67133 6 bytes [68, 75, 02, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fd1465 2 bytes [FD, 76]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fd14bb 2 bytes [FD, 76]
.text ... * 2
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000747e12b0 6 bytes [68, 51, 5C, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000074bfc664 6 bytes [68, 76, 72, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000074bfe13a 6 bytes [68, 16, 74, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000074bff8d8 6 bytes [68, E3, 72, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000074c03184 6 bytes [68, EA, 73, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000074c25761 6 bytes [68, B8, 6F, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000074c25fef 6 bytes [68, 74, 6F, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000074c2632d 6 bytes [68, FC, 6F, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000074c2fa49 6 bytes [68, 11, 73, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000074c3f564 6 bytes [68, A6, 70, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000074c3f639 6 bytes [68, E0, 71, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000074c54f2f 6 bytes [68, 90, 73, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000074c5525a 6 bytes [68, 51, 70, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000074c9ece5 6 bytes [68, 43, 71, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000074c9edb7 6 bytes [68, 2B, 72, 34, 05, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000770208ac 6 bytes [68, 93, 5C, 1B, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007703260d 6 bytes [68, D6, FC, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007703c4aa 6 bytes [68, BE, 5D, 1B, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077042a93 6 bytes [68, 1C, FD, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077064170 6 bytes [68, 62, FD, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007706e6b5 6 bytes [68, A8, FD, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\KERNEL32.dll!GetFileAttributesExW 0000000074e832f2 6 bytes [68, 27, 60, 1B, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\KERNEL32.dll!ExitProcess 0000000074e8734e 6 bytes [68, E6, 5F, 1B, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetDC 0000000076177246 6 bytes [68, FA, B0, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007617730e 6 bytes [68, 78, B1, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000761779d8 6 bytes [68, 39, B1, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076177d79 6 bytes [68, 2C, B8, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076177e92 6 bytes [68, 37, 5B, 1B, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007617811b 6 bytes [68, 5F, 5B, 1B, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076178bd6 6 bytes [68, DA, FF, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076179ed3 6 bytes [68, 74, 00, 1B, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007617dd6d 6 bytes [68, C6, 00, 1B, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076180112 6 bytes [68, 87, 5B, 1B, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076180abb 6 bytes [68, 0C, FF, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076180e0d 6 bytes [68, 6A, 59, 1B, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076180e9a 6 bytes [68, 5F, B0, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076180eba 6 bytes [68, EF, AF, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076182bc7 6 bytes [68, 38, 59, 1B, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076182dbd 6 bytes [68, 98, 5A, 1B, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076182ec4 6 bytes [68, 48, 5A, 1B, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076182ed1 6 bytes [68, EE, 59, 1B, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076183001 6 bytes [68, 9F, B0, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076184b80 6 bytes [68, 27, 00, 1B, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076187af4 6 bytes [68, 55, FF, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007618808f 6 bytes [68, 37, FE, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000761881e0 6 bytes [68, C6, FE, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076188632 6 bytes [68, EE, FD, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076188807 6 bytes [68, 80, FE, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007619ed58 6 bytes [68, B2, 5B, 1B, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007619f1fe 6 bytes [68, 4B, B2, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetUpdateRect 00000000761a011b 6 bytes [68, B8, B1, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000761b97e4 6 bytes [68, B8, FC, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000761b9c8d 6 bytes [68, B1, 59, 1B, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000761b9f3b 6 bytes [68, DB, B9, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761d895b 6 bytes [68, 68, FC, 1A, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000770208ac 6 bytes [68, 93, 5C, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007703260d 6 bytes [68, D6, FC, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007703c4aa 6 bytes [68, BE, 5D, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077042a93 6 bytes [68, 1C, FD, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077064170 6 bytes [68, 62, FD, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007706e6b5 6 bytes [68, A8, FD, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000074e832f2 6 bytes [68, 27, 60, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000074e8734e 6 bytes [68, E6, 5F, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!InternetCloseHandle 0000000074bfc664 6 bytes [68, 76, 72, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!HttpQueryInfoA 0000000074bfe13a 6 bytes [68, 16, 74, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!InternetReadFile 0000000074bff8d8 6 bytes [68, E3, 72, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!InternetQueryDataAvailable 0000000074c03184 6 bytes [68, EA, 73, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!HttpOpenRequestA 0000000074c25761 6 bytes [68, B8, 6F, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!HttpOpenRequestW 0000000074c25fef 6 bytes [68, 74, 6F, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!HttpSendRequestW 0000000074c2632d 6 bytes [68, FC, 6F, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!InternetReadFileExA 0000000074c2fa49 6 bytes [68, 11, 73, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!HttpSendRequestExW 0000000074c3f564 6 bytes [68, A6, 70, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!HttpEndRequestA 0000000074c3f639 6 bytes [68, E0, 71, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!InternetSetFilePointer 0000000074c54f2f 6 bytes [68, 90, 73, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!HttpSendRequestA 0000000074c5525a 6 bytes [68, 51, 70, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!HttpSendRequestExA 0000000074c9ece5 6 bytes [68, 43, 71, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!HttpEndRequestW 0000000074c9edb7 6 bytes [68, 2B, 72, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetDC 0000000076177246 6 bytes [68, FA, B0, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007617730e 6 bytes [68, 78, B1, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000761779d8 6 bytes [68, 39, B1, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076177d79 6 bytes [68, 2C, B8, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076177e92 6 bytes [68, 37, 5B, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007617811b 6 bytes [68, 5F, 5B, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076178bd6 6 bytes [68, DA, FF, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076179ed3 6 bytes [68, 74, 00, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007617dd6d 6 bytes [68, C6, 00, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076180112 6 bytes [68, 87, 5B, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076180abb 6 bytes [68, 0C, FF, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076180e0d 6 bytes [68, 6A, 59, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076180e9a 6 bytes [68, 5F, B0, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076180eba 6 bytes [68, EF, AF, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076182bc7 6 bytes [68, 38, 59, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076182dbd 6 bytes [68, 98, 5A, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076182ec4 6 bytes [68, 48, 5A, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076182ed1 6 bytes [68, EE, 59, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076183001 6 bytes [68, 9F, B0, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076184b80 6 bytes [68, 27, 00, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076187af4 6 bytes [68, 55, FF, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007618808f 6 bytes [68, 37, FE, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000761881e0 6 bytes [68, C6, FE, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076188632 6 bytes [68, EE, FD, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076188807 6 bytes [68, 80, FE, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007619ed58 6 bytes [68, B2, 5B, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007619f1fe 6 bytes [68, 4B, B2, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetUpdateRect 00000000761a011b 6 bytes [68, B8, B1, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000761b97e4 6 bytes [68, B8, FC, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000761b9c8d 6 bytes [68, B1, 59, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000761b9f3b 6 bytes [68, DB, B9, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761d895b 6 bytes [68, 68, FC, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 00000000764fbbdb 6 bytes [68, A4, 60, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000765314fd 6 bytes [68, 8D, 60, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\ws2_32.DLL!closesocket 0000000074b53bed 6 bytes [68, D4, 06, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\ws2_32.DLL!getaddrinfo 0000000074b56737 6 bytes [68, E5, 02, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\ws2_32.DLL!WSASend 0000000074b568a7 6 bytes [68, 2D, 07, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\ws2_32.DLL!send 0000000074b5c4c8 6 bytes [68, 0C, 07, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\ws2_32.DLL!gethostbyname 0000000074b67133 6 bytes [68, 75, 02, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\crypt32.DLL!PFXImportCertStore 00000000747e12b0 6 bytes [68, 51, 5C, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\SysWOW64\WINMM.dll!PlaySoundW 0000000072072d12 6 bytes [68, E2, 60, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\SysWOW64\WINMM.dll!PlaySound 0000000072093dad 6 bytes [68, BB, 60, 20, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000770208ac 6 bytes [68, 93, 5C, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007703260d 6 bytes [68, D6, FC, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007703c4aa 6 bytes [68, BE, 5D, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077042a93 6 bytes [68, 1C, FD, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077064170 6 bytes [68, 62, FD, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007706e6b5 6 bytes [68, A8, FD, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000074e832f2 6 bytes [68, 27, 60, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000074e8734e 6 bytes [68, E6, 5F, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 00000000764fbbdb 6 bytes [68, A4, 60, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000765314fd 6 bytes [68, 8D, 60, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetDC 0000000076177246 6 bytes [68, FA, B0, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007617730e 6 bytes [68, 78, B1, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000761779d8 6 bytes [68, 39, B1, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076177d79 6 bytes [68, 2C, B8, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076177e92 6 bytes [68, 37, 5B, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007617811b 6 bytes [68, 5F, 5B, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076178bd6 6 bytes [68, DA, FF, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076179ed3 6 bytes [68, 74, 00, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007617dd6d 6 bytes [68, C6, 00, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076180112 6 bytes [68, 87, 5B, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076180abb 6 bytes [68, 0C, FF, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076180e0d 6 bytes [68, 6A, 59, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076180e9a 6 bytes [68, 5F, B0, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076180eba 6 bytes [68, EF, AF, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076182bc7 6 bytes [68, 38, 59, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076182dbd 6 bytes [68, 98, 5A, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076182ec4 6 bytes [68, 48, 5A, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076182ed1 6 bytes [68, EE, 59, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076183001 6 bytes [68, 9F, B0, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076184b80 6 bytes [68, 27, 00, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076187af4 6 bytes [68, 55, FF, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007618808f 6 bytes [68, 37, FE, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000761881e0 6 bytes [68, C6, FE, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076188632 6 bytes [68, EE, FD, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076188807 6 bytes [68, 80, FE, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007619ed58 6 bytes [68, B2, 5B, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007619f1fe 6 bytes [68, 4B, B2, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetUpdateRect 00000000761a011b 6 bytes [68, B8, B1, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000761b97e4 6 bytes [68, B8, FC, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000761b9c8d 6 bytes [68, B1, 59, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000761b9f3b 6 bytes [68, DB, B9, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761d895b 6 bytes [68, 68, FC, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000074b53bed 6 bytes [68, D4, 06, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000074b56737 6 bytes [68, E5, 02, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000074b568a7 6 bytes [68, 2D, 07, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WS2_32.dll!send 0000000074b5c4c8 6 bytes [68, 0C, 07, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000074b67133 6 bytes [68, 75, 02, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000747e12b0 6 bytes [68, 51, 5C, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000074bfc664 6 bytes [68, 76, 72, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000074bfe13a 6 bytes [68, 16, 74, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000074bff8d8 6 bytes [68, E3, 72, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000074c03184 6 bytes [68, EA, 73, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000074c25761 6 bytes [68, B8, 6F, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000074c25fef 6 bytes [68, 74, 6F, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000074c2632d 6 bytes [68, FC, 6F, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000074c2fa49 6 bytes [68, 11, 73, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000074c3f564 6 bytes [68, A6, 70, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000074c3f639 6 bytes [68, E0, 71, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000074c54f2f 6 bytes [68, 90, 73, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000074c5525a 6 bytes [68, 51, 70, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000074c9ece5 6 bytes [68, 43, 71, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000074c9edb7 6 bytes [68, 2B, 72, 88, 02, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000770208ac 4 bytes [68, 93, 5C, 33]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 00000000770208b1 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007703260d 6 bytes [68, D6, FC, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007703c4aa 6 bytes [68, BE, 5D, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077042a93 6 bytes [68, 1C, FD, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077064170 6 bytes [68, 62, FD, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007706e6b5 6 bytes [68, A8, FD, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000074e832f2 6 bytes [68, 27, 60, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000074e8734e 6 bytes [68, E6, 5F, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 00000000764fbbdb 6 bytes [68, A4, 60, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000765314fd 6 bytes [68, 8D, 60, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetDC 0000000076177246 4 bytes [68, FA, B0, 32]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetDC + 5 000000007617724b 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007617730e 6 bytes [68, 78, B1, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000761779d8 4 bytes [68, 39, B1, 32]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000761779dd 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076177d79 6 bytes [68, 2C, B8, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076177e92 6 bytes [68, 37, 5B, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007617811b 6 bytes [68, 5F, 5B, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076178bd6 6 bytes [68, DA, FF, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076179ed3 6 bytes [68, 74, 00, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007617dd6d 6 bytes [68, C6, 00, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076180112 6 bytes [68, 87, 5B, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076180abb 6 bytes [68, 0C, FF, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076180e0d 6 bytes [68, 6A, 59, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076180e9a 4 bytes [68, 5F, B0, 32]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000076180e9f 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076180eba 4 bytes [68, EF, AF, 32]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000076180ebf 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076182bc7 6 bytes [68, 38, 59, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076182dbd 6 bytes [68, 98, 5A, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076182ec4 6 bytes [68, 48, 5A, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076182ed1 4 bytes [68, EE, 59, 33]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000076182ed6 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076183001 4 bytes [68, 9F, B0, 32]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000076183006 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076184b80 6 bytes [68, 27, 00, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076187af4 6 bytes [68, 55, FF, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007618808f 6 bytes [68, 37, FE, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000761881e0 6 bytes [68, C6, FE, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076188632 6 bytes [68, EE, FD, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076188807 6 bytes [68, 80, FE, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007619ed58 6 bytes [68, B2, 5B, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007619f1fe 6 bytes [68, 4B, B2, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetUpdateRect 00000000761a011b 6 bytes [68, B8, B1, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000761b97e4 6 bytes [68, B8, FC, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000761b9c8d 6 bytes [68, B1, 59, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000761b9f3b 6 bytes [68, DB, B9, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761d895b 4 bytes [68, 68, FC, 32]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 00000000761d8960 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000074bfc664 6 bytes [68, 76, 72, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000074bfe13a 6 bytes [68, 16, 74, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000074bff8d8 6 bytes [68, E3, 72, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000074c03184 6 bytes [68, EA, 73, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000074c25761 6 bytes [68, B8, 6F, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000074c25fef 6 bytes [68, 74, 6F, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000074c2632d 6 bytes [68, FC, 6F, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000074c2fa49 6 bytes [68, 11, 73, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000074c3f564 6 bytes [68, A6, 70, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000074c3f639 6 bytes [68, E0, 71, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000074c54f2f 6 bytes [68, 90, 73, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000074c5525a 6 bytes [68, 51, 70, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000074c9ece5 6 bytes [68, 43, 71, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000074c9edb7 6 bytes [68, 2B, 72, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000074b53bed 6 bytes [68, D4, 06, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000074b56737 6 bytes [68, E5, 02, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000074b568a7 6 bytes [68, 2D, 07, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WS2_32.dll!send 0000000074b5c4c8 6 bytes [68, 0C, 07, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000074b67133 6 bytes [68, 75, 02, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000747e12b0 6 bytes [68, 51, 5C, 32, 00, C3]
.text C:\Users\Ralph\AppData\Roaming\Kuev\hyemo.exe[3116] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000074b56737 6 bytes [68, E5, 02, 42, 00, C3]
.text C:\Users\Ralph\AppData\Roaming\Kuev\hyemo.exe[3116] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000074b67133 6 bytes [68, 75, 02, 42, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000770208ac 4 bytes [68, 93, 5C, B3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 00000000770208b1 1 byte [C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007703260d 6 bytes [68, D6, FC, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007703c4aa 6 bytes [68, BE, 5D, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077042a93 6 bytes [68, 1C, FD, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077064170 6 bytes [68, 62, FD, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007706e6b5 6 bytes [68, A8, FD, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000074e832f2 6 bytes [68, 27, 60, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000074e8734e 6 bytes [68, E6, 5F, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000074bfc664 6 bytes [68, 76, 72, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000074bfe13a 6 bytes [68, 16, 74, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000074bff8d8 6 bytes [68, E3, 72, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000074c03184 6 bytes [68, EA, 73, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000074c25761 6 bytes [68, B8, 6F, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000074c25fef 6 bytes [68, 74, 6F, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000074c2632d 6 bytes [68, FC, 6F, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000074c2fa49 6 bytes [68, 11, 73, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000074c3f564 6 bytes [68, A6, 70, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000074c3f639 6 bytes [68, E0, 71, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000074c54f2f 6 bytes [68, 90, 73, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000074c5525a 6 bytes [68, 51, 70, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000074c9ece5 6 bytes [68, 43, 71, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000074c9edb7 6 bytes [68, 2B, 72, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetDC 0000000076177246 4 bytes [68, FA, B0, B2]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetDC + 5 000000007617724b 1 byte [C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007617730e 6 bytes [68, 78, B1, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000761779d8 4 bytes [68, 39, B1, B2]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000761779dd 1 byte [C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076177d79 6 bytes [68, 2C, B8, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076177e92 6 bytes [68, 37, 5B, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007617811b 6 bytes [68, 5F, 5B, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076178bd6 6 bytes [68, DA, FF, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076179ed3 6 bytes [68, 74, 00, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007617dd6d 6 bytes [68, C6, 00, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076180112 6 bytes [68, 87, 5B, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076180abb 6 bytes [68, 0C, FF, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076180e0d 6 bytes [68, 6A, 59, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076180e9a 4 bytes [68, 5F, B0, B2]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000076180e9f 1 byte [C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076180eba 4 bytes [68, EF, AF, B2]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000076180ebf 1 byte [C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076182bc7 6 bytes [68, 38, 59, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076182dbd 6 bytes [68, 98, 5A, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076182ec4 6 bytes [68, 48, 5A, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076182ed1 4 bytes [68, EE, 59, B3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000076182ed6 1 byte [C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076183001 4 bytes [68, 9F, B0, B2]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000076183006 1 byte [C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076184b80 6 bytes [68, 27, 00, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076187af4 6 bytes [68, 55, FF, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007618808f 6 bytes [68, 37, FE, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000761881e0 6 bytes [68, C6, FE, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076188632 6 bytes [68, EE, FD, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076188807 6 bytes [68, 80, FE, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007619ed58 6 bytes [68, B2, 5B, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007619f1fe 6 bytes [68, 4B, B2, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetUpdateRect 00000000761a011b 6 bytes [68, B8, B1, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000761b97e4 6 bytes [68, B8, FC, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000761b9c8d 6 bytes [68, B1, 59, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000761b9f3b 6 bytes [68, DB, B9, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761d895b 4 bytes [68, 68, FC, B2]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 00000000761d8960 1 byte [C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 00000000764fbbdb 6 bytes [68, A4, 60, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000765314fd 6 bytes [68, 8D, 60, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000747e12b0 6 bytes [68, 51, 5C, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fd1465 2 bytes [FD, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fd14bb 2 bytes [FD, 76]
.text ... * 2
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000074b53bed 6 bytes [68, D4, 06, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000074b56737 6 bytes [68, E5, 02, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000074b568a7 6 bytes [68, 2D, 07, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WS2_32.dll!send 0000000074b5c4c8 6 bytes [68, 0C, 07, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000074b67133 6 bytes [68, 75, 02, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007701f941 8 bytes {MOV EDX, 0xd03e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 000000007701f94b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 000000007701f9bd 8 bytes {MOV EDX, 0xd01a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15 000000007701f9c7 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 000000007701fad5 8 bytes {MOV EDX, 0xd0168; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15 000000007701fadf 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007701fb85 8 bytes {MOV EDX, 0xd0428; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 000000007701fb8f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007701fbb5 8 bytes {MOV EDX, 0xd0368; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 000000007701fbbf 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007701fbcd 8 bytes {MOV EDX, 0xd0128; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 000000007701fbd7 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007701fbe5 8 bytes {MOV EDX, 0xd04e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 000000007701fbef 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007701fc15 8 bytes {MOV EDX, 0xd0528; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 000000007701fc1f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007701fc95 8 bytes {MOV EDX, 0xd04a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 000000007701fc9f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007701fcad 8 bytes {MOV EDX, 0xd0468; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 000000007701fcb7 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007701fcf9 8 bytes {MOV EDX, 0xd0068; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 000000007701fd03 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5 000000007701fd5d 8 bytes {MOV EDX, 0xd02e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15 000000007701fd67 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007701fdf1 8 bytes {MOV EDX, 0xd00a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 000000007701fdfb 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5 000000007701ff39 8 bytes {MOV EDX, 0xd02a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15 000000007701ff43 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077020049 8 bytes {MOV EDX, 0xd0028; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 0000000077020053 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5 0000000077020731 8 bytes {MOV EDX, 0xd0268; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15 000000007702073b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000770208ac 6 bytes [68, 93, 5C, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 0000000077020fad 8 bytes {MOV EDX, 0xd01e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15 0000000077020fb7 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5 000000007702100d 8 bytes {MOV EDX, 0xd0228; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15 0000000077021017 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077021055 8 bytes {MOV EDX, 0xd03a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 000000007702105f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000770210cd 8 bytes {MOV EDX, 0xd0328; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 00000000770210d7 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000770212d1 8 bytes {MOV EDX, 0xd00e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 00000000770212db 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007703260d 6 bytes [68, D6, FC, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007703c4aa 6 bytes [68, BE, 5D, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077042a93 6 bytes [68, 1C, FD, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077064170 6 bytes [68, 62, FD, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007706e6b5 6 bytes [68, A8, FD, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000074e8102d 5 bytes JMP 0000000100010030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000074e81062 5 bytes JMP 0000000100010070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000074e832f2 6 bytes [68, 27, 60, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000074e8734e 6 bytes [68, E6, 5F, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\KERNELBASE.dll!CreateEventW 000000007533119f 5 bytes JMP 0000000100020030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\KERNELBASE.dll!OpenEventW 00000000753311cf 5 bytes JMP 0000000100020070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000074c25fef 6 bytes [68, 74, 6F, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000074c2632d 6 bytes [68, FC, 6F, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000074c2fa49 6 bytes [68, 11, 73, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000074c3f564 6 bytes [68, A6, 70, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000074c54f2f 6 bytes [68, 90, 73, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000074c9edb7 6 bytes [68, 2B, 72, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps 00000000753d4df0 5 bytes JMP 00000001000f03b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SelectObject 00000000753d4eb0 5 bytes JMP 00000001000f05f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SetBkMode 00000000753d50eb 5 bytes JMP 00000001000f08f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SetTextColor 00000000753d5176 5 bytes JMP 00000001000f0a30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!DeleteObject 00000000753d5689 5 bytes JMP 00000001000f01b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000753d5876 5 bytes JMP 00000001000f0170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetCurrentObject 00000000753d6abf 5 bytes JMP 00000001000f0370
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SaveDC 00000000753d6e3b 5 bytes JMP 00000001000f0570
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!RestoreDC 00000000753d6ee3 5 bytes JMP 00000001000f0530
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode 00000000753d6fb9 5 bytes JMP 00000001000f06b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!StretchDIBits 00000000753d726e 5 bytes JMP 00000001000f0770
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!IntersectClipRect 00000000753d7a94 5 bytes JMP 00000001000f03f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetTextAlign 00000000753d7ca5 5 bytes JMP 00000001000f0d70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW 00000000753d7e47 5 bytes JMP 00000001000f0e30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SetTextAlign 00000000753d8080 5 bytes JMP 00000001000f09f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!ExtTextOutW 00000000753d834a 5 bytes JMP 00000001000f0970
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!MoveToEx 00000000753d86b6 5 bytes JMP 00000001000f0470
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn 00000000753d89e9 5 bytes JMP 00000001000f02f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SelectClipRgn 00000000753d8c0d 5 bytes JMP 00000001000f05b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000753d95f4 5 bytes JMP 00000001000f00b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetClipBox 00000000753d988e 5 bytes JMP 00000001000f0330
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetTextFaceW 00000000753dac0a 5 bytes JMP 00000001000f0d30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetFontData 00000000753daf37 5 bytes JMP 00000001000f0c70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!Rectangle 00000000753db7c5 5 bytes JMP 00000001000f09b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!LineTo 00000000753dbba5 5 bytes JMP 00000001000f0430
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SetICMMode 00000000753dbf60 5 bytes JMP 00000001000f0db0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!CreateICW 00000000753dc208 5 bytes JMP 00000001000f0130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W 00000000753dc4db 5 bytes JMP 00000001000f0670
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SetWorldTransform 00000000753dc6f6 5 bytes JMP 00000001000f06f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA 00000000753dcfb9 5 bytes JMP 00000001000f0df0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A 00000000753dd0d5 5 bytes JMP 00000001000f0630
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!ExtTextOutA 00000000753dd8bf 5 bytes JMP 00000001000f0930
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000753de45d 5 bytes JMP 00000001000f00f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!ExtEscape 00000000753dfd24 5 bytes JMP 00000001000f02b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!Escape 00000000753e13bd 5 bytes JMP 00000001000f0270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetTextFaceA 00000000753e18d0 5 bytes JMP 00000001000f0cf0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode 00000000753e4bd0 5 bytes JMP 00000001000f0b30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SetMiterLimit 00000000753e4d07 5 bytes JMP 00000001000f0b70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!EndPage 00000000753e6665 5 bytes JMP 00000001000f0230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!ResetDCW 00000000753ee135 5 bytes JMP 00000001000f0ab0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW 00000000753f93cd 5 bytes JMP 00000001000f0cb0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW 00000000753fc5d9 5 bytes JMP 00000001000f0bb0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!AddFontResourceW 00000000753fd26a 5 bytes JMP 00000001000f0bf0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW 00000000753fd8d1 5 bytes JMP 00000001000f0c30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!AbortDoc 0000000075403acc 5 bytes JMP 00000001000f0030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!EndDoc 0000000075403f19 5 bytes JMP 00000001000f01f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!StartPage 000000007540400a 5 bytes JMP 00000001000f0730
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!StartDocW 0000000075404c41 5 bytes JMP 00000001000f07f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!BeginPath 00000000754053ed 5 bytes JMP 00000001000f0830
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SelectClipPath 0000000075405444 5 bytes JMP 00000001000f0af0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!CloseFigure 000000007540549f 5 bytes JMP 00000001000f0070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!EndPath 00000000754054f6 5 bytes JMP 00000001000f0a70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!StrokePath 000000007540572f 5 bytes JMP 00000001000f07b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!FillPath 00000000754057c2 5 bytes JMP 00000001000f0870
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!PolylineTo 0000000075405c34 5 bytes JMP 00000001000f04f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!PolyBezierTo 0000000075405cc5 5 bytes JMP 00000001000f04b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!PolyDraw 0000000075405d77 5 bytes JMP 00000001000f08b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetDC 0000000076177246 6 bytes [68, FA, B0, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007617730e 6 bytes [68, 78, B1, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000761779d8 6 bytes [68, 39, B1, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076177d79 6 bytes [68, 2C, B8, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076177e92 6 bytes [68, 37, 5B, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007617811b 6 bytes [68, 5F, 5B, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!MapWindowPoints 000000007617819d 5 bytes JMP 0000000100100570
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076178bd6 6 bytes [68, DA, FF, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076179ed3 6 bytes [68, 74, 00, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 000000007617c55d 5 bytes JMP 00000001001002b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007617dd6d 6 bytes [68, C6, 00, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076180112 6 bytes [68, 87, 5B, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 00000000761805ff 5 bytes JMP 00000001001002f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetClientRect 00000000761808e5 7 bytes JMP 00000001001005b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076180abb 6 bytes [68, 0C, FF, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetParent 0000000076180b0e 7 bytes JMP 00000001001006f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!IsWindowVisible 0000000076180cd5 7 bytes JMP 00000001001006b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076180e0d 6 bytes [68, 6A, 59, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076180e9a 6 bytes [68, 5F, B0, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076180eba 6 bytes [68, EF, AF, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076180f14 5 bytes JMP 00000001001005f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!MonitorFromWindow 00000000761827db 7 bytes JMP 0000000100100630
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076182bc7 6 bytes [68, 38, 59, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076182dbd 6 bytes [68, 98, 5A, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076182ec4 6 bytes [68, 48, 5A, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076182ed1 6 bytes [68, EE, 59, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076183001 6 bytes [68, 9F, B0, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!ScreenToClient 000000007618361b 7 bytes JMP 0000000100100670
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!SetCursor 0000000076184076 5 bytes JMP 0000000100100530
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076184b80 6 bytes [68, 27, 00, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetTopWindow 0000000076187a54 7 bytes JMP 0000000100100730
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076187af4 6 bytes [68, 55, FF, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007618808f 6 bytes [68, 37, FE, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000761881e0 6 bytes [68, C6, FE, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076188632 6 bytes [68, EE, FD, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable 00000000761887c9 5 bytes JMP 00000001001000f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber 00000000761887e9 5 bytes JMP 0000000100100330
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076188807 6 bytes [68, 80, FE, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764]

Geändert von fantie (23.02.2013 um 01:48 Uhr) Grund: falsch versendet

Alt 23.02.2013, 01:49   #9
fantie
 
Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de) - Standard

Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de)



C:\Windows\syswow64\USER32.dll!CloseClipboard 00000000761891f4 5 bytes JMP 00000001001000b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!OpenClipboard 0000000076189232 5 bytes JMP 0000000100100070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout 0000000076189485 5 bytes JMP 00000001001004f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats 000000007618b779 5 bytes JMP 00000001001001b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow 000000007618b798 5 bytes JMP 00000001001003f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!CountClipboardFormats 000000007618b7b6 5 bytes JMP 00000001001001f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007618b7e6 5 bytes JMP 00000001001004b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetClipboardOwner 000000007618cee9 5 bytes JMP 0000000100100370
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW 0000000076190880 5 bytes JMP 0000000100100230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain 000000007619ec67 5 bytes JMP 0000000100100430
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007619ed58 6 bytes [68, B2, 5B, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007619f1fe 6 bytes [68, 4B, B2, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA 000000007619f66f 5 bytes JMP 0000000100100270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetUpdateRect 00000000761a011b 6 bytes [68, B8, B1, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!SetClipboardData 00000000761b8de7 5 bytes JMP 0000000100100170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000761b97e4 6 bytes [68, B8, FC, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000761b9c8d 5 bytes JMP 00000001037859b1
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000761b9f3b 5 bytes JMP 000000010377b9db
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!EmptyClipboard 00000000761d7e49 5 bytes JMP 0000000100100130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetClipboardViewer 00000000761d82a1 5 bytes JMP 0000000100100470
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat 00000000761d84bf 5 bytes JMP 00000001001003b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761d895b 6 bytes [68, 68, FC, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 00000000764fbbdb 6 bytes [68, A4, 60, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000765314fd 6 bytes [68, 8D, 60, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\SspiCli.dll!FreeContextBuffer 00000000746f9556 5 bytes JMP 00000001002100f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\SspiCli.dll!FreeCredentialsHandle 00000000747004d3 5 bytes JMP 0000000100210130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\SspiCli.dll!DeleteSecurityContext 0000000074700b0b 5 bytes JMP 0000000100210270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\SspiCli.dll!ApplyControlToken 0000000074700b80 5 bytes JMP 00000001002101b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\SspiCli.dll!QueryContextAttributesA 0000000074700e80 5 bytes JMP 0000000100210070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\SspiCli.dll!QueryCredentialsAttributesA 0000000074700fe8 5 bytes JMP 00000001002100b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 00000000747011a0 5 bytes JMP 00000001002101f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 00000000747011ef 5 bytes JMP 0000000100210230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\SspiCli.dll!AcquireCredentialsHandleA 0000000074701479 5 bytes JMP 0000000100210030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\SspiCli.dll!InitializeSecurityContextA 00000000747014e2 5 bytes JMP 0000000100210170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\ole32.dll!OleSetClipboard 0000000074d6f2fe 5 bytes JMP 0000000100220030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard 0000000074d72489 5 bytes JMP 0000000100220070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\ole32.dll!OleGetClipboard 0000000074d9f825 5 bytes JMP 00000001002200b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000747e12b0 6 bytes [68, 51, 5C, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fd1465 2 bytes [FD, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fd14bb 2 bytes [FD, 76]
.text ... * 2
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000074b53bed 6 bytes [68, D4, 06, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000074b56737 6 bytes [68, E5, 02, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000074b568a7 6 bytes [68, 2D, 07, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WS2_32.dll!send 0000000074b5c4c8 6 bytes [68, 0C, 07, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000074b67133 6 bytes [68, 75, 02, 78, 03, C3]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fd1465 2 bytes [FD, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fd14bb 2 bytes [FD, 76]
.text ... * 2

---- Threads - GMER 2.1 ----

Thread C:\Windows\system32\svchost.exe [1492:2764] 000007fef6f72888
Thread C:\Windows\SysWOW64\svchost.exe [3020:2792] 000000007ef90000
Thread C:\Windows\SysWOW64\svchost.exe [3020:2788] 000000007ef93177
Thread C:\Windows\SysWOW64\svchost.exe [3020:3112] 000000007ef96b9b
Thread C:\Windows\SysWOW64\svchost.exe [3020:4064] 000000007efa1486
Thread C:\Windows\SysWOW64\svchost.exe [3020:4068] 000000007ef95538
Thread C:\Windows\SysWOW64\svchost.exe [3020:3924] 000000007ef95ab0
Thread C:\Windows\SysWOW64\svchost.exe [3020:3896] 000000007ef95ab0
Thread C:\Windows\SysWOW64\svchost.exe [3020:236] 000000007ef95ab0
Thread C:\Windows\SysWOW64\svchost.exe [3020:3488] 000000007ef95ab0
Thread C:\Windows\SysWOW64\svchost.exe [3020:616] 000000007ef95ab0
Thread C:\Windows\SysWOW64\svchost.exe [3020:4076] 000000007ef95ab0
Thread C:\Windows\SysWOW64\svchost.exe [3020:3304] 000000007ef95ab0
Thread C:\Windows\SysWOW64\svchost.exe [3020:2292] 000000007ef95ab0
Thread C:\Windows\SysWOW64\svchost.exe [3020:4184] 000000007ef95ab0
Thread C:\Windows\SysWOW64\svchost.exe [3020:4208] 000000007ef95ab0
Thread C:\Windows\SysWOW64\svchost.exe [3020:4216] 000000007ef95ab0
Thread C:\Windows\SysWOW64\svchost.exe [3020:4240] 000000007ef95ab0
Thread C:\Windows\SysWOW64\svchost.exe [3020:4252] 000000007ef95ab0
Thread C:\Windows\SysWOW64\svchost.exe [3020:4268] 000000007ef95ab0
Thread C:\Windows\SysWOW64\svchost.exe [3020:4288] 000000007ef95ab0
Thread C:\Windows\SysWOW64\svchost.exe [3020:4300] 000000007ef95ab0
Thread C:\Windows\SysWOW64\svchost.exe [3020:4320] 000000007ef95ab0
Thread C:\Windows\SysWOW64\svchost.exe [3020:4412] 000000007ef95ab0
Thread C:\Windows\SysWOW64\svchost.exe [3020:4448] 000000007ef95ab0
Thread C:\Windows\SysWOW64\svchost.exe [3020:4488] 000000007ef95ab0
Thread C:\Windows\SysWOW64\svchost.exe [3020:4508] 000000007ef95beb
Thread C:\Windows\SysWOW64\svchost.exe [3020:4516] 000000007ef95beb
Thread C:\Windows\SysWOW64\svchost.exe [3020:4532] 000000007ef95beb
Thread C:\Windows\SysWOW64\svchost.exe [3020:4548] 000000007ef95beb
Thread C:\Windows\SysWOW64\svchost.exe [3020:4572] 000000007ef95beb
Thread C:\Windows\SysWOW64\svchost.exe [3020:4648] 000000007ef95beb
Thread C:\Windows\SysWOW64\svchost.exe [3020:4652] 000000007ef95beb
Thread C:\Windows\SysWOW64\svchost.exe [3020:4656] 000000007ef95beb
Thread C:\Windows\SysWOW64\svchost.exe [3020:4756] 000000007ef95beb
Thread C:\Windows\SysWOW64\svchost.exe [3020:4780] 000000007ef95beb
Thread C:\Windows\SysWOW64\svchost.exe [3020:4824] 000000007ef95beb
Thread C:\Windows\SysWOW64\svchost.exe [3020:4844] 000000007ef95beb
Thread C:\Windows\SysWOW64\svchost.exe [3020:4852] 000000007ef95beb
Thread C:\Windows\SysWOW64\svchost.exe [3020:4856] 000000007ef95beb
Thread C:\Windows\SysWOW64\svchost.exe [3020:4936] 000000007ef95beb
Thread C:\Windows\SysWOW64\svchost.exe [3020:4912] 000000007ef98a3d
Thread C:\Windows\SysWOW64\svchost.exe [3020:2536] 000000007ef98a3d
Thread C:\Windows\SysWOW64\svchost.exe [3020:4616] 000000007ef98a3d

---- EOF - GMER 2.1 ----

Alt 23.02.2013, 02:31   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de) - Standard

Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de)



Die Logs sollten in CODE-Tags gepostet werden! Wenn zu groß dann nur das zu große Log zippen und hier anhängen
außerdem fehlt das Log von MBAR

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.02.2013, 03:04   #11
fantie
 
Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de) - Standard

Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de)



Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.22.01

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Acer :: ACER-PC [administrator]

23.02.2013 03:30:24
mbar-log-2013-02-23 (03-30-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28297
Time elapsed: 8 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Users\Ralph\Downloads\7 zip.exe (PUP.Offerware) -> Delete on reboot.

(end)

Malwarebytes Anti-Rootkit BETA 1.01.0.1020
Malwarebytes : Free Anti-Malware download

Database version: v2013.02.22.01

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Acer :: ACER-PC [administrator]

23.02.2013 03:30:24
mbar-log-2013-02-23 (03-30-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28297
Time elapsed: 8 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Users\Ralph\Downloads\7 zip.exe (PUP.Offerware) -> Delete on reboot.

(end)

Malwarebytes Anti-Rootkit BETA 1.01.0.1020
Malwarebytes : Free Anti-Malware download

Database version: v2013.02.23.02

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Acer :: ACER-PC [administrator]

23.02.2013 03:47:31
mbar-log-2013-02-23 (03-47-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28292
Time elapsed: 10 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Es tut mir wirklich sehr leid, wenn ich dir Umstände bereite, aber als unerfahrene 50jährige Frau habe ich mein Bestes gegeben und bin jetzt auch vollkommen mit durch. Ich hoffe, du kannst trotzdem etwas damit anfangen und übst etwas Nachsicht. Habe auch versucht, Codes-Tags hinzubekommen, ist mir leider nicht geglückt, da fehlt dann doch einiges an Fachwissen. Wusste bis gestern nicht mal was Log-files sind und wie sie erstellt werden. Habe mich da auch durch das Forum gewurschtelt. Aber jetzt sehe ich auch nicht mehr durch und hoffe, du hilfst mir trotzdem weiter. Dafür schon mal vielen Dank im Voraus.

Alt 23.02.2013, 03:48   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de) - Standard

Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de)



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.02.2013, 11:50   #13
fantie
 
Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de) - Standard

Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de)



Hallo, habe jetzt ein Riesenproblem. Mein Computer ist jetzt angeblich vom Bundesamt für Sicherheit gesperrt worden und ich soll 100 € sofort bezahlen. Kann an meinem Rechner nichts mehr machen. Empfänge meine Emails übers IPhone. Ist noch was zu retten??

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-23 15:50:56
-----------------------------
15:50:56.638    OS Version: Windows x64 6.1.7600 
15:50:56.638    Number of processors: 4 586 0xF0B
15:50:56.638    ComputerName: ACER-PC  UserName: Acer
15:50:57.408    Initialize success
15:52:21.472    AVAST engine defs: 13022300
15:52:44.045    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
15:52:44.045    Disk 0 Vendor: WDC_WD6400AAKS-22A7B0 01.03B01 Size: 610480MB BusType: 3
15:52:44.060    Disk 0 MBR read successfully
15:52:44.060    Disk 0 MBR scan
15:52:44.076    Disk 0 Windows 7 default MBR code
15:52:44.076    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         9993 MB offset 63
15:52:44.091    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       300374 MB offset 20467712
15:52:44.107    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       300111 MB offset 635633664
15:52:44.123    Disk 0 scanning C:\Windows\system32\drivers
15:52:50.193    Service scanning
15:53:03.495    Modules scanning
15:53:03.495    Disk 0 trace - called modules:
15:53:03.515    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys 
15:53:03.525    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800377e060]
15:53:03.525    3 CLASSPNP.SYS[fffff8800196043f] -> nt!IofCallDriver -> [0xfffffa8003528520]
15:53:03.535    5 ACPI.sys[fffff88000f3b781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8003525060]
15:53:04.625    AVAST engine scan C:\Windows
15:53:06.010    AVAST engine scan C:\Windows\system32
15:54:54.602    AVAST engine scan C:\Windows\system32\drivers
15:55:01.700    AVAST engine scan C:\Users\Acer
15:55:37.707    AVAST engine scan C:\ProgramData
15:57:20.125    Disk 0 MBR has been saved successfully to "C:\Users\Acer\Documents\MBR.dat"
15:57:20.125    The log file has been saved successfully to "C:\Users\Acer\Documents\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-23 15:50:56
-----------------------------
15:50:56.638    OS Version: Windows x64 6.1.7600 
15:50:56.638    Number of processors: 4 586 0xF0B
15:50:56.638    ComputerName: ACER-PC  UserName: Acer
15:50:57.408    Initialize success
15:52:21.472    AVAST engine defs: 13022300
15:52:44.045    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
15:52:44.045    Disk 0 Vendor: WDC_WD6400AAKS-22A7B0 01.03B01 Size: 610480MB BusType: 3
15:52:44.060    Disk 0 MBR read successfully
15:52:44.060    Disk 0 MBR scan
15:52:44.076    Disk 0 Windows 7 default MBR code
15:52:44.076    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         9993 MB offset 63
15:52:44.091    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       300374 MB offset 20467712
15:52:44.107    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       300111 MB offset 635633664
15:52:44.123    Disk 0 scanning C:\Windows\system32\drivers
15:52:50.193    Service scanning
15:53:03.495    Modules scanning
15:53:03.495    Disk 0 trace - called modules:
15:53:03.515    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys 
15:53:03.525    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800377e060]
15:53:03.525    3 CLASSPNP.SYS[fffff8800196043f] -> nt!IofCallDriver -> [0xfffffa8003528520]
15:53:03.535    5 ACPI.sys[fffff88000f3b781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8003525060]
15:53:04.625    AVAST engine scan C:\Windows
15:53:06.010    AVAST engine scan C:\Windows\system32
15:54:54.602    AVAST engine scan C:\Windows\system32\drivers
15:55:01.700    AVAST engine scan C:\Users\Acer
15:55:37.707    AVAST engine scan C:\ProgramData
15:57:20.125    Disk 0 MBR has been saved successfully to "C:\Users\Acer\Documents\MBR.dat"
15:57:20.125    The log file has been saved successfully to "C:\Users\Acer\Documents\aswMBR.txt"
15:57:22.090    Scan finished successfully
15:57:37.243    Disk 0 MBR has been saved successfully to "C:\Users\Acer\Documents\MBR.dat"
15:57:37.259    The log file has been saved successfully to "C:\Users\Acer\Documents\aswMBR.txt"
         
Code:
ATTFilter
16:31:52.0920 4584  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:31:53.0091 4584  ============================================================
16:31:53.0091 4584  Current date / time: 2013/02/23 16:31:53.0091
16:31:53.0091 4584  SystemInfo:
16:31:53.0091 4584  
16:31:53.0091 4584  OS Version: 6.1.7600 ServicePack: 0.0
16:31:53.0091 4584  Product type: Workstation
16:31:53.0091 4584  ComputerName: ACER-PC
16:31:53.0091 4584  UserName: Acer
16:31:53.0091 4584  Windows directory: C:\Windows
16:31:53.0091 4584  System windows directory: C:\Windows
16:31:53.0091 4584  Running under WOW64
16:31:53.0091 4584  Processor architecture: Intel x64
16:31:53.0091 4584  Number of processors: 4
16:31:53.0091 4584  Page size: 0x1000
16:31:53.0091 4584  Boot type: Normal boot
16:31:53.0091 4584  ============================================================
16:31:54.0261 4584  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:31:54.0480 4584  ============================================================
16:31:54.0480 4584  \Device\Harddisk0\DR0:
16:31:54.0480 4584  MBR partitions:
16:31:54.0480 4584  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1385000, BlocksNum 0x24AAB000
16:31:54.0480 4584  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x25E30000, BlocksNum 0x24A27800
16:31:54.0480 4584  ============================================================
16:31:54.0511 4584  C: <-> \Device\Harddisk0\DR0\Partition1
16:31:54.0558 4584  D: <-> \Device\Harddisk0\DR0\Partition2
16:31:54.0558 4584  ============================================================
16:31:54.0558 4584  Initialize success
16:31:54.0558 4584  ============================================================
16:32:27.0125 1916  ============================================================
16:32:27.0125 1916  Scan started
16:32:27.0125 1916  Mode: Manual; SigCheck; TDLFS; 
16:32:27.0125 1916  ============================================================
16:32:27.0561 1916  ================ Scan system memory ========================
16:32:27.0561 1916  System memory - ok
16:32:27.0561 1916  ================ Scan services =============================
16:32:27.0671 1916  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
16:32:27.0717 1916  1394ohci - ok
16:32:27.0733 1916  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
16:32:27.0749 1916  ACPI - ok
16:32:27.0749 1916  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
16:32:27.0764 1916  AcpiPmi - ok
16:32:27.0842 1916  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:32:27.0858 1916  AdobeARMservice - ok
16:32:27.0920 1916  [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:32:27.0936 1916  AdobeFlashPlayerUpdateSvc - ok
16:32:27.0967 1916  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
16:32:27.0998 1916  adp94xx - ok
16:32:28.0014 1916  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
16:32:28.0029 1916  adpahci - ok
16:32:28.0045 1916  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
16:32:28.0061 1916  adpu320 - ok
16:32:28.0076 1916  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:32:28.0107 1916  AeLookupSvc - ok
16:32:28.0139 1916  [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD             C:\Windows\system32\drivers\afd.sys
16:32:28.0154 1916  AFD - ok
16:32:28.0170 1916  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
16:32:28.0185 1916  agp440 - ok
16:32:28.0201 1916  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
16:32:28.0217 1916  ALG - ok
16:32:28.0217 1916  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
16:32:28.0232 1916  aliide - ok
16:32:28.0232 1916  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
16:32:28.0248 1916  amdide - ok
16:32:28.0263 1916  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
16:32:28.0279 1916  AmdK8 - ok
16:32:28.0295 1916  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
16:32:28.0295 1916  AmdPPM - ok
16:32:28.0326 1916  [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:32:28.0341 1916  amdsata - ok
16:32:28.0341 1916  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
16:32:28.0357 1916  amdsbs - ok
16:32:28.0373 1916  [ DB27766102C7BF7E95140A2AA81D042E ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:32:28.0388 1916  amdxata - ok
16:32:28.0404 1916  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID           C:\Windows\system32\drivers\appid.sys
16:32:28.0419 1916  AppID - ok
16:32:28.0419 1916  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:32:28.0466 1916  AppIDSvc - ok
16:32:28.0466 1916  [ D065BE66822847B7F127D1F90158376E ] Appinfo         C:\Windows\System32\appinfo.dll
16:32:28.0482 1916  Appinfo - ok
16:32:28.0529 1916  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:32:28.0544 1916  Apple Mobile Device - ok
16:32:28.0560 1916  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
16:32:28.0575 1916  AppMgmt - ok
16:32:28.0591 1916  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
16:32:28.0607 1916  arc - ok
16:32:28.0622 1916  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
16:32:28.0622 1916  arcsas - ok
16:32:28.0653 1916  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:32:28.0685 1916  AsyncMac - ok
16:32:28.0685 1916  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
16:32:28.0700 1916  atapi - ok
16:32:28.0716 1916  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:32:28.0763 1916  AudioEndpointBuilder - ok
16:32:28.0778 1916  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:32:28.0809 1916  AudioSrv - ok
16:32:28.0825 1916  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:32:28.0841 1916  AxInstSV - ok
16:32:28.0856 1916  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
16:32:28.0872 1916  b06bdrv - ok
16:32:28.0903 1916  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
16:32:28.0919 1916  b57nd60a - ok
16:32:28.0919 1916  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:32:28.0934 1916  BDESVC - ok
16:32:28.0965 1916  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:32:28.0997 1916  Beep - ok
16:32:29.0028 1916  [ 4992C609A6315671463E30F6512BC022 ] BFE             C:\Windows\System32\bfe.dll
16:32:29.0059 1916  BFE - ok
16:32:29.0090 1916  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\System32\qmgr.dll
16:32:29.0121 1916  BITS - ok
16:32:29.0137 1916  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:32:29.0153 1916  blbdrive - ok
16:32:29.0199 1916  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:32:29.0215 1916  Bonjour Service - ok
16:32:29.0231 1916  [ 19D20159708E152267E53B66677A4995 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:32:29.0246 1916  bowser - ok
16:32:29.0246 1916  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:32:29.0262 1916  BrFiltLo - ok
16:32:29.0277 1916  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:32:29.0293 1916  BrFiltUp - ok
16:32:29.0324 1916  [ 6B054C67AAA87843504E8E3C09102009 ] Browser         C:\Windows\System32\browser.dll
16:32:29.0340 1916  Browser - ok
16:32:29.0355 1916  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:32:29.0371 1916  Brserid - ok
16:32:29.0371 1916  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:32:29.0387 1916  BrSerWdm - ok
16:32:29.0402 1916  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:32:29.0418 1916  BrUsbMdm - ok
16:32:29.0418 1916  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:32:29.0433 1916  BrUsbSer - ok
16:32:29.0433 1916  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
16:32:29.0449 1916  BTHMODEM - ok
16:32:29.0465 1916  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
16:32:29.0496 1916  bthserv - ok
16:32:29.0511 1916  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:32:29.0543 1916  cdfs - ok
16:32:29.0558 1916  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:32:29.0558 1916  cdrom - ok
16:32:29.0589 1916  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc     C:\Windows\System32\certprop.dll
16:32:29.0621 1916  CertPropSvc - ok
16:32:29.0621 1916  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
16:32:29.0636 1916  circlass - ok
16:32:29.0652 1916  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
16:32:29.0667 1916  CLFS - ok
16:32:29.0714 1916  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:32:29.0730 1916  clr_optimization_v2.0.50727_32 - ok
16:32:29.0761 1916  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:32:29.0777 1916  clr_optimization_v2.0.50727_64 - ok
16:32:29.0823 1916  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:32:29.0839 1916  clr_optimization_v4.0.30319_32 - ok
16:32:29.0855 1916  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:32:29.0870 1916  clr_optimization_v4.0.30319_64 - ok
16:32:29.0886 1916  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:32:29.0901 1916  CmBatt - ok
16:32:29.0917 1916  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
16:32:29.0933 1916  cmdide - ok
16:32:29.0979 1916  [ CA7720B73446FDDEC5C69519C1174C98 ] CNG             C:\Windows\system32\Drivers\cng.sys
16:32:30.0011 1916  CNG - ok
16:32:30.0026 1916  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:32:30.0042 1916  Compbatt - ok
16:32:30.0073 1916  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
16:32:30.0104 1916  CompositeBus - ok
16:32:30.0104 1916  COMSysApp - ok
16:32:30.0182 1916  [ 8F5B84350BFC4FE3A65D921B4BD0E737 ] cpuz135         D:\treiber und software\pc-wizard_2012.2.0\pcwiz_x64.sys
16:32:30.0213 1916  cpuz135 - ok
16:32:30.0229 1916  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
16:32:30.0245 1916  crcdisk - ok
16:32:30.0260 1916  [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:32:30.0276 1916  CryptSvc - ok
16:32:30.0291 1916  [ 4A6173C2279B498CD8F57CAE504564CB ] CSC             C:\Windows\system32\drivers\csc.sys
16:32:30.0307 1916  CSC - ok
16:32:30.0338 1916  [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService      C:\Windows\System32\cscsvc.dll
16:32:30.0354 1916  CscService - ok
16:32:30.0385 1916  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:32:30.0416 1916  DcomLaunch - ok
16:32:30.0447 1916  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
16:32:30.0479 1916  defragsvc - ok
16:32:30.0510 1916  [ 9C253CE7311CA60FC11C774692A13208 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:32:30.0525 1916  DfsC - ok
16:32:30.0541 1916  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:32:30.0557 1916  Dhcp - ok
16:32:30.0572 1916  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
16:32:30.0603 1916  discache - ok
16:32:30.0635 1916  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
16:32:30.0635 1916  Disk - ok
16:32:30.0666 1916  [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:32:30.0681 1916  Dnscache - ok
16:32:30.0697 1916  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc         C:\Windows\System32\dot3svc.dll
16:32:30.0728 1916  dot3svc - ok
16:32:30.0744 1916  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS             C:\Windows\system32\dps.dll
16:32:30.0775 1916  DPS - ok
16:32:30.0791 1916  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:32:30.0806 1916  drmkaud - ok
16:32:30.0837 1916  [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:32:30.0853 1916  DXGKrnl - ok
16:32:30.0869 1916  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
16:32:30.0900 1916  EapHost - ok
16:32:30.0978 1916  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
16:32:31.0025 1916  ebdrv - ok
16:32:31.0040 1916  [ 156F6159457D0AA7E59B62681B56EB90 ] EFS             C:\Windows\System32\lsass.exe
16:32:31.0056 1916  EFS - ok
16:32:31.0103 1916  [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:32:31.0118 1916  ehRecvr - ok
16:32:31.0149 1916  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
16:32:31.0149 1916  ehSched - ok
16:32:31.0196 1916  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
16:32:31.0212 1916  elxstor - ok
16:32:31.0227 1916  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
16:32:31.0227 1916  ErrDev - ok
16:32:31.0259 1916  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
16:32:31.0290 1916  EventSystem - ok
16:32:31.0305 1916  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
16:32:31.0337 1916  exfat - ok
16:32:31.0368 1916  Fabs - ok
16:32:31.0383 1916  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:32:31.0415 1916  fastfat - ok
16:32:31.0446 1916  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax             C:\Windows\system32\fxssvc.exe
16:32:31.0461 1916  Fax - ok
16:32:31.0477 1916  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:32:31.0477 1916  fdc - ok
16:32:31.0493 1916  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
16:32:31.0524 1916  fdPHost - ok
16:32:31.0539 1916  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:32:31.0571 1916  FDResPub - ok
16:32:31.0586 1916  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:32:31.0586 1916  FileInfo - ok
16:32:31.0602 1916  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:32:31.0633 1916  Filetrace - ok
16:32:31.0695 1916  [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
16:32:31.0742 1916  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
16:32:31.0742 1916  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
16:32:31.0758 1916  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:32:31.0773 1916  flpydisk - ok
16:32:31.0805 1916  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:32:31.0820 1916  FltMgr - ok
16:32:31.0945 1916  [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache       C:\Windows\system32\FntCache.dll
16:32:31.0976 1916  FontCache - ok
16:32:32.0007 1916  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:32:32.0023 1916  FontCache3.0.0.0 - ok
16:32:32.0039 1916  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:32:32.0054 1916  FsDepends - ok
16:32:32.0070 1916  [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:32:32.0085 1916  Fs_Rec - ok
16:32:32.0117 1916  [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:32:32.0132 1916  fvevol - ok
16:32:32.0148 1916  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
16:32:32.0163 1916  gagp30kx - ok
16:32:32.0179 1916  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:32:32.0195 1916  GEARAspiWDM - ok
16:32:32.0226 1916  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc           C:\Windows\System32\gpsvc.dll
16:32:32.0241 1916  gpsvc - ok
16:32:32.0257 1916  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:32:32.0273 1916  hcw85cir - ok
16:32:32.0288 1916  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
16:32:32.0304 1916  HDAudBus - ok
16:32:32.0304 1916  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
16:32:32.0319 1916  HidBatt - ok
16:32:32.0319 1916  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
16:32:32.0335 1916  HidBth - ok
16:32:32.0351 1916  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
16:32:32.0366 1916  HidIr - ok
16:32:32.0382 1916  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
16:32:32.0413 1916  hidserv - ok
16:32:32.0444 1916  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:32:32.0460 1916  HidUsb - ok
16:32:32.0475 1916  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:32:32.0507 1916  hkmsvc - ok
16:32:32.0507 1916  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:32:32.0522 1916  HomeGroupListener - ok
16:32:32.0553 1916  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:32:32.0569 1916  HomeGroupProvider - ok
16:32:32.0585 1916  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
16:32:32.0600 1916  HpSAMD - ok
16:32:32.0616 1916  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:32:32.0663 1916  HTTP - ok
16:32:32.0678 1916  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:32:32.0678 1916  hwpolicy - ok
16:32:32.0709 1916  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
16:32:32.0725 1916  i8042prt - ok
16:32:32.0756 1916  [ B75E45C564E944A2657167D197AB29DA ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:32:32.0772 1916  iaStorV - ok
16:32:32.0803 1916  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:32:32.0819 1916  idsvc - ok
16:32:32.0850 1916  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
16:32:32.0850 1916  iirsp - ok
16:32:32.0881 1916  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
16:32:32.0928 1916  IKEEXT - ok
16:32:32.0975 1916  [ F04D22D7A49A1B2210DBADF0B803E870 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:32:33.0021 1916  IntcAzAudAddService - ok
16:32:33.0037 1916  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
16:32:33.0053 1916  intelide - ok
16:32:33.0053 1916  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:32:33.0068 1916  intelppm - ok
16:32:33.0084 1916  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:32:33.0115 1916  IPBusEnum - ok
16:32:33.0131 1916  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:32:33.0162 1916  IpFilterDriver - ok
16:32:33.0177 1916  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:32:33.0224 1916  iphlpsvc - ok
16:32:33.0224 1916  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:32:33.0240 1916  IPMIDRV - ok
16:32:33.0255 1916  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:32:33.0287 1916  IPNAT - ok
16:32:33.0318 1916  [ 0F261EC4F514926177C70C1832374231 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
16:32:33.0349 1916  iPod Service - ok
16:32:33.0365 1916  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:32:33.0380 1916  IRENUM - ok
16:32:33.0380 1916  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
16:32:33.0396 1916  isapnp - ok
16:32:33.0411 1916  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
16:32:33.0411 1916  iScsiPrt - ok
16:32:33.0427 1916  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:32:33.0443 1916  kbdclass - ok
16:32:33.0458 1916  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:32:33.0474 1916  kbdhid - ok
16:32:33.0474 1916  [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso          C:\Windows\system32\lsass.exe
16:32:33.0489 1916  KeyIso - ok
16:32:33.0505 1916  [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:32:33.0521 1916  KSecDD - ok
16:32:33.0536 1916  [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:32:33.0552 1916  KSecPkg - ok
16:32:33.0567 1916  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:32:33.0599 1916  ksthunk - ok
16:32:33.0614 1916  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:32:33.0661 1916  KtmRm - ok
16:32:33.0677 1916  [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:32:33.0692 1916  LanmanServer - ok
16:32:33.0708 1916  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:32:33.0755 1916  LanmanWorkstation - ok
16:32:33.0770 1916  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:32:33.0801 1916  lltdio - ok
16:32:33.0817 1916  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:32:33.0848 1916  lltdsvc - ok
16:32:33.0879 1916  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:32:33.0911 1916  lmhosts - ok
16:32:33.0942 1916  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
16:32:33.0942 1916  LSI_FC - ok
16:32:33.0957 1916  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
16:32:33.0973 1916  LSI_SAS - ok
16:32:33.0989 1916  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:32:34.0004 1916  LSI_SAS2 - ok
16:32:34.0004 1916  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:32:34.0020 1916  LSI_SCSI - ok
16:32:34.0051 1916  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
16:32:34.0082 1916  luafv - ok
16:32:34.0191 1916  [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
16:32:34.0269 1916  LVUVC64 - ok
16:32:34.0285 1916  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:32:34.0301 1916  Mcx2Svc - ok
16:32:34.0316 1916  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
16:32:34.0316 1916  megasas - ok
16:32:34.0332 1916  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
16:32:34.0347 1916  MegaSR - ok
16:32:34.0379 1916  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
16:32:34.0410 1916  MMCSS - ok
16:32:34.0425 1916  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
16:32:34.0457 1916  Modem - ok
16:32:34.0472 1916  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:32:34.0488 1916  monitor - ok
16:32:34.0488 1916  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:32:34.0503 1916  mouclass - ok
16:32:34.0519 1916  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:32:34.0535 1916  mouhid - ok
16:32:34.0550 1916  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:32:34.0550 1916  mountmgr - ok
16:32:34.0581 1916  [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:32:34.0597 1916  MozillaMaintenance - ok
16:32:34.0628 1916  [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
16:32:34.0644 1916  MpFilter - ok
16:32:34.0659 1916  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
16:32:34.0675 1916  mpio - ok
16:32:34.0691 1916  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:32:34.0722 1916  mpsdrv - ok
16:32:34.0737 1916  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:32:34.0784 1916  MpsSvc - ok
16:32:34.0800 1916  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:32:34.0815 1916  MRxDAV - ok
16:32:34.0831 1916  [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:32:34.0847 1916  mrxsmb - ok
16:32:34.0878 1916  [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:32:34.0893 1916  mrxsmb10 - ok
16:32:34.0893 1916  [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:32:34.0909 1916  mrxsmb20 - ok
16:32:34.0925 1916  [ 5C37497276E3B3A5488B23A326A754B7 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
16:32:34.0940 1916  msahci - ok
16:32:34.0940 1916  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
16:32:34.0956 1916  msdsm - ok
16:32:34.0971 1916  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
16:32:34.0987 1916  MSDTC - ok
16:32:35.0003 1916  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:32:35.0034 1916  Msfs - ok
16:32:35.0049 1916  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:32:35.0081 1916  mshidkmdf - ok
16:32:35.0096 1916  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
16:32:35.0112 1916  msisadrv - ok
16:32:35.0127 1916  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:32:35.0159 1916  MSiSCSI - ok
16:32:35.0174 1916  msiserver - ok
16:32:35.0190 1916  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:32:35.0221 1916  MSKSSRV - ok
16:32:35.0283 1916  [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
16:32:35.0299 1916  MsMpSvc - ok
16:32:35.0299 1916  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:32:35.0346 1916  MSPCLOCK - ok
16:32:35.0361 1916  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:32:35.0393 1916  MSPQM - ok
16:32:35.0393 1916  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:32:35.0408 1916  MsRPC - ok
16:32:35.0424 1916  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
16:32:35.0439 1916  mssmbios - ok
16:32:35.0439 1916  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:32:35.0471 1916  MSTEE - ok
16:32:35.0486 1916  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
16:32:35.0502 1916  MTConfig - ok
16:32:35.0502 1916  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
16:32:35.0517 1916  Mup - ok
16:32:35.0549 1916  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
16:32:35.0580 1916  napagent - ok
16:32:35.0595 1916  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:32:35.0611 1916  NativeWifiP - ok
16:32:35.0642 1916  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:32:35.0673 1916  NDIS - ok
16:32:35.0689 1916  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:32:35.0720 1916  NdisCap - ok
16:32:35.0736 1916  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:32:35.0767 1916  NdisTapi - ok
16:32:35.0767 1916  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:32:35.0798 1916  Ndisuio - ok
16:32:35.0814 1916  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:32:35.0845 1916  NdisWan - ok
16:32:35.0861 1916  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:32:35.0892 1916  NDProxy - ok
16:32:35.0939 1916  [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl         C:\Windows\system32\DRIVERS\netaapl64.sys
16:32:35.0939 1916  Netaapl - ok
16:32:35.0954 1916  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:32:35.0985 1916  NetBIOS - ok
16:32:36.0017 1916  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:32:36.0048 1916  NetBT - ok
16:32:36.0063 1916  [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon        C:\Windows\system32\lsass.exe
16:32:36.0063 1916  Netlogon - ok
16:32:36.0095 1916  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
16:32:36.0126 1916  Netman - ok
16:32:36.0141 1916  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
16:32:36.0188 1916  netprofm - ok
16:32:36.0204 1916  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:32:36.0204 1916  NetTcpPortSharing - ok
16:32:36.0235 1916  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
16:32:36.0251 1916  nfrd960 - ok
16:32:36.0282 1916  [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:32:36.0297 1916  NisDrv - ok
16:32:36.0329 1916  [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
16:32:36.0344 1916  NisSrv - ok
16:32:36.0360 1916  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:32:36.0407 1916  NlaSvc - ok
16:32:36.0422 1916  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:32:36.0453 1916  Npfs - ok
16:32:36.0453 1916  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
16:32:36.0500 1916  nsi - ok
16:32:36.0500 1916  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:32:36.0531 1916  nsiproxy - ok
16:32:36.0563 1916  [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:32:36.0609 1916  Ntfs - ok
16:32:36.0609 1916  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
16:32:36.0641 1916  Null - ok
16:32:36.0859 1916  [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:32:37.0062 1916  nvlddmkm - ok
16:32:37.0093 1916  [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:32:37.0109 1916  nvraid - ok
16:32:37.0124 1916  [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:32:37.0124 1916  nvstor - ok
16:32:37.0171 1916  [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc           C:\Windows\system32\nvvsvc.exe
16:32:37.0187 1916  nvsvc - ok
16:32:37.0233 1916  [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:32:37.0265 1916  nvUpdatusService - ok
16:32:37.0296 1916  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
16:32:37.0296 1916  nv_agp - ok
16:32:37.0311 1916  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
16:32:37.0327 1916  ohci1394 - ok
16:32:37.0343 1916  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:32:37.0358 1916  p2pimsvc - ok
16:32:37.0374 1916  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:32:37.0389 1916  p2psvc - ok
16:32:37.0405 1916  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
16:32:37.0421 1916  Parport - ok
16:32:37.0436 1916  [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:32:37.0452 1916  partmgr - ok
16:32:37.0467 1916  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:32:37.0483 1916  PcaSvc - ok
16:32:37.0499 1916  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci             C:\Windows\system32\DRIVERS\pci.sys
16:32:37.0514 1916  pci - ok
16:32:37.0530 1916  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
16:32:37.0530 1916  pciide - ok
16:32:37.0545 1916  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
16:32:37.0561 1916  pcmcia - ok
16:32:37.0577 1916  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:32:37.0577 1916  pcw - ok
16:32:37.0608 1916  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:32:37.0639 1916  PEAUTH - ok
16:32:37.0670 1916  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
16:32:37.0686 1916  PeerDistSvc - ok
16:32:37.0733 1916  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:32:37.0748 1916  PerfHost - ok
16:32:37.0795 1916  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla             C:\Windows\system32\pla.dll
16:32:37.0842 1916  pla - ok
16:32:37.0857 1916  [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:32:37.0873 1916  PlugPlay - ok
16:32:37.0889 1916  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:32:37.0904 1916  PNRPAutoReg - ok
16:32:37.0904 1916  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:32:37.0920 1916  PNRPsvc - ok
16:32:37.0951 1916  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:32:37.0982 1916  PolicyAgent - ok
16:32:38.0013 1916  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
16:32:38.0045 1916  Power - ok
16:32:38.0060 1916  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:32:38.0091 1916  PptpMiniport - ok
16:32:38.0107 1916  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
16:32:38.0123 1916  Processor - ok
16:32:38.0154 1916  [ 97293447431311C06703368AD0F6C4BE ] ProfSvc         C:\Windows\system32\profsvc.dll
16:32:38.0169 1916  ProfSvc - ok
16:32:38.0185 1916  [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:32:38.0185 1916  ProtectedStorage - ok
16:32:38.0201 1916  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:32:38.0232 1916  Psched - ok
16:32:38.0279 1916  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
16:32:38.0310 1916  ql2300 - ok
16:32:38.0310 1916  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
16:32:38.0325 1916  ql40xx - ok
16:32:38.0341 1916  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
16:32:38.0357 1916  QWAVE - ok
16:32:38.0372 1916  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:32:38.0388 1916  QWAVEdrv - ok
16:32:38.0388 1916  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:32:38.0419 1916  RasAcd - ok
16:32:38.0435 1916  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:32:38.0481 1916  RasAgileVpn - ok
16:32:38.0481 1916  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
16:32:38.0528 1916  RasAuto - ok
16:32:38.0528 1916  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:32:38.0575 1916  Rasl2tp - ok
16:32:38.0591 1916  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
16:32:38.0622 1916  RasMan - ok
16:32:38.0637 1916  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:32:38.0669 1916  RasPppoe - ok
16:32:38.0669 1916  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:32:38.0700 1916  RasSstp - ok
16:32:38.0715 1916  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:32:38.0747 1916  rdbss - ok
16:32:38.0762 1916  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
16:32:38.0778 1916  rdpbus - ok
16:32:38.0793 1916  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:32:38.0825 1916  RDPCDD - ok
16:32:38.0840 1916  [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
16:32:38.0856 1916  RDPDR - ok
16:32:38.0871 1916  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:32:38.0903 1916  RDPENCDD - ok
16:32:38.0918 1916  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:32:38.0949 1916  RDPREFMP - ok
16:32:38.0965 1916  [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:32:38.0981 1916  RDPWD - ok
16:32:38.0981 1916  [ 634B9A2181D98F15941236886164EC8B ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:32:38.0996 1916  rdyboost - ok
16:32:39.0012 1916  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:32:39.0059 1916  RemoteAccess - ok
16:32:39.0074 1916  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:32:39.0105 1916  RemoteRegistry - ok
16:32:39.0137 1916  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:32:39.0168 1916  RpcEptMapper - ok
16:32:39.0183 1916  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
16:32:39.0199 1916  RpcLocator - ok
16:32:39.0215 1916  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs           C:\Windows\system32\rpcss.dll
16:32:39.0246 1916  RpcSs - ok
16:32:39.0261 1916  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:32:39.0293 1916  rspndr - ok
16:32:39.0308 1916  [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
16:32:39.0324 1916  RTL8167 - ok
16:32:39.0339 1916  [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap           C:\Windows\system32\DRIVERS\vms3cap.sys
16:32:39.0355 1916  s3cap - ok
16:32:39.0371 1916  [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs           C:\Windows\system32\lsass.exe
16:32:39.0371 1916  SamSs - ok
16:32:39.0386 1916  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
16:32:39.0402 1916  sbp2port - ok
16:32:39.0417 1916  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:32:39.0449 1916  SCardSvr - ok
16:32:39.0527 1916  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:32:39.0573 1916  scfilter - ok
16:32:39.0605 1916  [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule        C:\Windows\system32\schedsvc.dll
16:32:39.0620 1916  Schedule - ok
16:32:39.0651 1916  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:32:39.0683 1916  SCPolicySvc - ok
16:32:39.0698 1916  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:32:39.0714 1916  SDRSVC - ok
16:32:39.0714 1916  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:32:39.0745 1916  secdrv - ok
16:32:39.0761 1916  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
16:32:39.0792 1916  seclogon - ok
16:32:39.0823 1916  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
16:32:39.0854 1916  SENS - ok
16:32:39.0870 1916  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:32:39.0870 1916  SensrSvc - ok
16:32:39.0885 1916  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
16:32:39.0901 1916  Serenum - ok
16:32:39.0901 1916  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:32:39.0917 1916  Serial - ok
16:32:39.0932 1916  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
16:32:39.0932 1916  sermouse - ok
16:32:39.0948 1916  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
16:32:39.0995 1916  SessionEnv - ok
16:32:39.0995 1916  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
16:32:40.0010 1916  sffdisk - ok
16:32:40.0026 1916  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
16:32:40.0026 1916  sffp_mmc - ok
16:32:40.0041 1916  [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
16:32:40.0057 1916  sffp_sd - ok
16:32:40.0057 1916  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
16:32:40.0073 1916  sfloppy - ok
16:32:40.0088 1916  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:32:40.0119 1916  SharedAccess - ok
16:32:40.0135 1916  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:32:40.0151 1916  ShellHWDetection - ok
16:32:40.0166 1916  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:32:40.0166 1916  SiSRaid2 - ok
16:32:40.0182 1916  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
16:32:40.0197 1916  SiSRaid4 - ok
16:32:40.0229 1916  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
16:32:40.0244 1916  SkypeUpdate - ok
16:32:40.0275 1916  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:32:40.0322 1916  Smb - ok
16:32:40.0338 1916  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:32:40.0353 1916  SNMPTRAP - ok
16:32:40.0369 1916  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:32:40.0369 1916  spldr - ok
16:32:40.0400 1916  [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler         C:\Windows\System32\spoolsv.exe
16:32:40.0416 1916  Spooler - ok
16:32:40.0478 1916  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe
16:32:40.0525 1916  sppsvc - ok
16:32:40.0541 1916  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:32:40.0572 1916  sppuinotify - ok
16:32:40.0603 1916  [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:32:40.0619 1916  srv - ok
16:32:40.0650 1916  [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:32:40.0650 1916  srv2 - ok
16:32:40.0681 1916  [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:32:40.0697 1916  srvnet - ok
16:32:40.0712 1916  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:32:40.0743 1916  SSDPSRV - ok
16:32:40.0759 1916  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:32:40.0790 1916  SstpSvc - ok
16:32:40.0821 1916  [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:32:40.0837 1916  Stereo Service - ok
16:32:40.0853 1916  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
16:32:40.0868 1916  stexstor - ok
16:32:40.0899 1916  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
16:32:40.0931 1916  stisvc - ok
16:32:40.0931 1916  [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
16:32:40.0946 1916  storflt - ok
16:32:40.0946 1916  [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc         C:\Windows\system32\DRIVERS\storvsc.sys
16:32:40.0962 1916  storvsc - ok
16:32:40.0977 1916  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
16:32:40.0993 1916  swenum - ok
16:32:41.0024 1916  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
16:32:41.0055 1916  swprv - ok
16:32:41.0087 1916  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain         C:\Windows\system32\sysmain.dll
16:32:41.0133 1916  SysMain - ok
16:32:41.0133 1916  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:32:41.0149 1916  TabletInputService - ok
16:32:41.0165 1916  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:32:41.0211 1916  TapiSrv - ok
16:32:41.0211 1916  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
16:32:41.0243 1916  TBS - ok
16:32:41.0305 1916  [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:32:41.0352 1916  Tcpip - ok
16:32:41.0399 1916  [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:32:41.0430 1916  TCPIP6 - ok
16:32:41.0445 1916  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:32:41.0477 1916  tcpipreg - ok
16:32:41.0492 1916  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:32:41.0508 1916  TDPIPE - ok
16:32:41.0523 1916  [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:32:41.0539 1916  TDTCP - ok
16:32:41.0555 1916  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:32:41.0586 1916  tdx - ok
16:32:41.0601 1916  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
16:32:41.0601 1916  TermDD - ok
16:32:41.0633 1916  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService     C:\Windows\System32\termsrv.dll
16:32:41.0664 1916  TermService - ok
16:32:41.0679 1916  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
16:32:41.0695 1916  Themes - ok
16:32:41.0695 1916  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
16:32:41.0726 1916  THREADORDER - ok
16:32:41.0742 1916  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
16:32:41.0773 1916  TrkWks - ok
16:32:41.0804 1916  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:32:41.0820 1916  TrustedInstaller - ok
16:32:41.0835 1916  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:32:41.0867 1916  tssecsrv - ok
16:32:41.0882 1916  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:32:41.0913 1916  tunnel - ok
16:32:41.0929 1916  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
16:32:41.0945 1916  uagp35 - ok
16:32:41.0960 1916  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:32:41.0991 1916  udfs - ok
16:32:42.0007 1916  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:32:42.0023 1916  UI0Detect - ok
16:32:42.0054 1916  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
16:32:42.0069 1916  uliagpkx - ok
16:32:42.0085 1916  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
16:32:42.0101 1916  umbus - ok
16:32:42.0116 1916  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
16:32:42.0132 1916  UmPass - ok
16:32:42.0147 1916  [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService    C:\Windows\System32\umrdp.dll
16:32:42.0147 1916  UmRdpService - ok
16:32:42.0179 1916  [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv        C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
16:32:42.0210 1916  UMVPFSrv - ok
16:32:42.0225 1916  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
16:32:42.0257 1916  upnphost - ok
16:32:42.0288 1916  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
16:32:42.0303 1916  USBAAPL64 - ok
16:32:42.0335 1916  [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
16:32:42.0350 1916  usbaudio - ok
16:32:42.0366 1916  [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:32:42.0366 1916  usbccgp - ok
16:32:42.0381 1916  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
16:32:42.0397 1916  usbcir - ok
16:32:42.0428 1916  [ 92969BA5AC44E229C55A332864F79677 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:32:42.0444 1916  usbehci - ok
16:32:42.0459 1916  [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:32:42.0475 1916  usbhub - ok
16:32:42.0475 1916  [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci         C:\Windows\system32\drivers\usbohci.sys
16:32:42.0491 1916  usbohci - ok
16:32:42.0506 1916  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:32:42.0522 1916  usbprint - ok
16:32:42.0537 1916  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
16:32:42.0553 1916  usbscan - ok
16:32:42.0569 1916  [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:32:42.0584 1916  USBSTOR - ok
16:32:42.0584 1916  [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
16:32:42.0600 1916  usbuhci - ok
16:32:42.0615 1916  [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
16:32:42.0631 1916  usbvideo - ok
16:32:42.0647 1916  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
16:32:42.0678 1916  UxSms - ok
16:32:42.0678 1916  [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc        C:\Windows\system32\lsass.exe
16:32:42.0693 1916  VaultSvc - ok
16:32:42.0709 1916  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
16:32:42.0725 1916  vdrvroot - ok
16:32:42.0740 1916  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds             C:\Windows\System32\vds.exe
16:32:42.0756 1916  vds - ok
16:32:42.0771 1916  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:32:42.0787 1916  vga - ok
16:32:42.0787 1916  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:32:42.0818 1916  VgaSave - ok
16:32:42.0834 1916  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
16:32:42.0834 1916  vhdmp - ok
16:32:42.0849 1916  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
16:32:42.0865 1916  viaide - ok
16:32:42.0881 1916  [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus           C:\Windows\system32\DRIVERS\vmbus.sys
16:32:42.0896 1916  vmbus - ok
16:32:42.0896 1916  [ AE10C35761889E65A6F7176937C5592C ] VMBusHID        C:\Windows\system32\DRIVERS\VMBusHID.sys
16:32:42.0912 1916  VMBusHID - ok
16:32:42.0927 1916  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
16:32:42.0927 1916  volmgr - ok
16:32:42.0959 1916  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:32:42.0990 1916  volmgrx - ok
16:32:43.0005 1916  [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:32:43.0021 1916  volsnap - ok
16:32:43.0052 1916  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
16:32:43.0052 1916  vsmraid - ok
16:32:43.0099 1916  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS             C:\Windows\system32\vssvc.exe
16:32:43.0115 1916  VSS - ok
16:32:43.0130 1916  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
16:32:43.0146 1916  vwifibus - ok
16:32:43.0161 1916  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
16:32:43.0208 1916  W32Time - ok
16:32:43.0208 1916  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
16:32:43.0224 1916  WacomPen - ok
16:32:43.0239 1916  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:32:43.0271 1916  WANARP - ok
16:32:43.0271 1916  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:32:43.0302 1916  Wanarpv6 - ok
16:32:43.0333 1916  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
16:32:43.0364 1916  wbengine - ok
16:32:43.0380 1916  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:32:43.0395 1916  WbioSrvc - ok
16:32:43.0427 1916  [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:32:43.0442 1916  wcncsvc - ok
16:32:43.0442 1916  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:32:43.0458 1916  WcsPlugInService - ok
16:32:43.0473 1916  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
16:32:43.0489 1916  Wd - ok
16:32:43.0520 1916  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:32:43.0536 1916  Wdf01000 - ok
16:32:43.0551 1916  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:32:43.0567 1916  WdiServiceHost - ok
16:32:43.0567 1916  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:32:43.0583 1916  WdiSystemHost - ok
16:32:43.0614 1916  [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient       C:\Windows\System32\webclnt.dll
16:32:43.0629 1916  WebClient - ok
16:32:43.0629 1916  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:32:43.0676 1916  Wecsvc - ok
16:32:43.0676 1916  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:32:43.0723 1916  wercplsupport - ok
16:32:43.0739 1916  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:32:43.0770 1916  WerSvc - ok
16:32:43.0785 1916  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:32:43.0817 1916  WfpLwf - ok
16:32:43.0832 1916  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:32:43.0832 1916  WIMMount - ok
16:32:43.0848 1916  WinDefend - ok
16:32:43.0848 1916  WinHttpAutoProxySvc - ok
16:32:43.0895 1916  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:32:43.0941 1916  Winmgmt - ok
16:32:44.0004 1916  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM           C:\Windows\system32\WsmSvc.dll
16:32:44.0066 1916  WinRM - ok
16:32:44.0097 1916  [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
16:32:44.0113 1916  WinUsb - ok
16:32:44.0144 1916  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:32:44.0175 1916  Wlansvc - ok
16:32:44.0175 1916  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
16:32:44.0191 1916  WmiAcpi - ok
16:32:44.0207 1916  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:32:44.0222 1916  wmiApSrv - ok
16:32:44.0238 1916  WMPNetworkSvc - ok
16:32:44.0253 1916  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:32:44.0253 1916  WPCSvc - ok
16:32:44.0269 1916  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:32:44.0285 1916  WPDBusEnum - ok
16:32:44.0300 1916  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:32:44.0331 1916  ws2ifsl - ok
16:32:44.0347 1916  [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc          C:\Windows\System32\wscsvc.dll
16:32:44.0363 1916  wscsvc - ok
16:32:44.0363 1916  WSearch - ok
16:32:44.0425 1916  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:32:44.0472 1916  wuauserv - ok
16:32:44.0487 1916  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:32:44.0503 1916  WudfPf - ok
16:32:44.0519 1916  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:32:44.0534 1916  WUDFRd - ok
16:32:44.0550 1916  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:32:44.0565 1916  wudfsvc - ok
16:32:44.0581 1916  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:32:44.0597 1916  WwanSvc - ok
16:32:44.0612 1916  ================ Scan global ===============================
16:32:44.0643 1916  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:32:44.0659 1916  [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
16:32:44.0675 1916  [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
16:32:44.0690 1916  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:32:44.0721 1916  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:32:44.0721 1916  [Global] - ok
16:32:44.0721 1916  ================ Scan MBR ==================================
16:32:44.0737 1916  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:32:44.0924 1916  \Device\Harddisk0\DR0 - ok
16:32:44.0924 1916  ================ Scan VBR ==================================
16:32:44.0940 1916  [ 270BAC60E90E625133D4A3F09F8934D3 ] \Device\Harddisk0\DR0\Partition1
16:32:44.0940 1916  \Device\Harddisk0\DR0\Partition1 - ok
16:32:44.0955 1916  [ 18C1231D4A1D6AF78B7D9838869EB9CC ] \Device\Harddisk0\DR0\Partition2
16:32:44.0955 1916  \Device\Harddisk0\DR0\Partition2 - ok
16:32:44.0955 1916  ============================================================
16:32:44.0955 1916  Scan finished
16:32:44.0955 1916  ============================================================
16:32:44.0971 1444  Detected object count: 1
16:32:44.0971 1444  Actual detected object count: 1
16:33:13.0881 1444  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
16:33:13.0881 1444  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:33:22.0383 4516  Deinitialize success
         
Habe jetzt über das Konto meiner Tochter gearbeitet. Bevor ich deine Anweisungen ausgeführt habe, habe ich noch eine Virenscan mit MSE durchgeführt. Hat aber keine Bedrohungen gefunden. Auf meinem Konto ist das Bild vom BKA Virus verschwunden, kann aber nicht damit arbeiten.
Hoffe, das ich jetzt alles richtig gemacht habe und du mir weiterhelfen kannst und ich den Computer nicht platt machen muss.

Noch mal ich, jetzt ist mein Konto wieder total lahm gelegt und es erscheint nur das Bild vom BKA Virus.

Alt 24.02.2013, 20:19   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de) - Standard

Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de)



Mit dem anderen Benutzerkonto kannst du aber noch arbeiten?
Wenn ja: Dann bitte jetzt CF ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.02.2013, 22:40   #15
fantie
 
Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de) - Standard

Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de)



Code:
ATTFilter
ComboFix 13-02-24.01 - Acer 24.02.2013  23:28:55.2.4 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.3263.1810 [GMT 1:00]
ausgeführt von:: c:\users\Jenny\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\IMinent Toolbar\tbHElper.dll
c:\users\Jenny\vlc-0.9.9-win32.exe
c:\users\Ralph\AppData\Roaming\Kuev
c:\users\Ralph\AppData\Roaming\Kuev\hyemo.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-01-24 bis 2013-02-24  ))))))))))))))))))))))))))))))
.
.
2013-02-24 22:34 . 2013-02-24 22:34	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-02-24 22:34 . 2013-02-24 22:34	--------	d-----w-	c:\users\Ralph\AppData\Local\temp
2013-02-24 22:34 . 2013-02-24 22:34	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-02-24 22:34 . 2013-02-24 22:34	--------	d-----w-	c:\users\Acer\AppData\Local\temp
2013-02-24 22:18 . 2013-02-08 00:28	9162192	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{977F6861-A8A1-4F1D-979D-466FA646EBD2}\mpengine.dll
2013-02-23 15:36 . 2013-02-08 00:28	9162192	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-23 11:22 . 2013-02-23 11:22	--------	d-----w-	c:\users\Ralph\AppData\Roaming\Rhliz
2013-02-23 02:20 . 2013-02-23 02:20	--------	d-----w-	c:\programdata\Malwarebytes
2013-02-23 02:13 . 2013-02-23 02:13	--------	d-----w-	c:\users\Ralph\AppData\Local\WinZip
2013-02-23 02:13 . 2013-02-23 11:33	--------	d-----w-	c:\programdata\WinZip
2013-02-23 02:13 . 2013-02-23 02:13	--------	d-----w-	c:\program files\WinZip
2013-02-23 00:48 . 2013-02-23 00:48	--------	d-----w-	c:\users\Acer\AppData\Local\ElevatedDiagnostics
2013-02-23 00:32 . 2013-02-19 02:57	9162192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{10533BF5-C9F0-4EBB-BE30-FD0672F70683}\mpengine.dll
2013-02-22 23:28 . 2013-02-22 23:28	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2013-02-22 16:43 . 2013-02-22 16:43	--------	d-----w-	c:\programdata\McAfee
2013-02-22 16:42 . 2013-02-22 16:42	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2013-02-22 16:25 . 2013-02-22 16:25	--------	d-sh--w-	c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-02-22 16:25 . 2013-02-22 16:25	--------	d--h--w-	c:\programdata\Common Files
2013-02-22 08:45 . 2013-02-23 11:37	--------	d-----w-	c:\users\Ralph\AppData\Roaming\Ipidy
2013-02-22 08:45 . 2013-02-22 08:45	--------	d-----w-	c:\users\Ralph\AppData\Roaming\Bafeyz
2013-02-18 18:55 . 2013-02-18 18:55	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2013-02-18 18:55 . 2013-02-18 18:55	--------	d-----r-	c:\program files (x86)\Skype
2013-02-14 15:42 . 2013-01-09 01:10	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 15:42 . 2013-01-08 22:01	768000	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 14:53 . 2013-01-05 05:57	5500776	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-11 18:34 . 2013-02-11 18:34	--------	d-----w-	c:\program files (x86)\DVDVideoSoft
2013-02-11 18:34 . 2013-02-11 18:34	--------	d-----w-	c:\program files (x86)\Common Files\DVDVideoSoft
2013-02-06 19:26 . 2013-02-06 19:26	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-02-06 19:24 . 2013-02-06 19:23	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-06 19:19 . 2013-02-22 23:35	--------	d-----w-	c:\users\Ralph\AppData\Local\Mozilla Firefox
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-14 15:44 . 2012-06-15 21:15	70004024	----a-w-	c:\windows\system32\MRT.exe
2013-02-11 18:38 . 2012-06-15 21:38	697712	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-11 18:38 . 2012-06-15 21:38	74096	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-06 19:23 . 2012-06-16 14:34	861088	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2013-02-06 19:23 . 2012-06-16 14:16	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-01-17 00:28 . 2012-06-15 20:56	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-14 14:53	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-12-16 16:52 . 2012-12-21 13:08	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:40 . 2012-12-21 13:08	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:25 . 2012-12-21 13:08	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:25 . 2012-12-21 13:08	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-07 05:41 . 2013-01-09 11:51	441856	----a-w-	c:\windows\system32\Wpc.dll
2012-12-07 05:35 . 2013-01-09 11:51	2745856	----a-w-	c:\windows\system32\gameux.dll
2012-12-07 05:04 . 2013-01-09 11:51	308736	----a-w-	c:\windows\SysWow64\Wpc.dll
2012-12-07 04:57 . 2013-01-09 11:51	2576384	----a-w-	c:\windows\SysWow64\gameux.dll
2012-12-07 03:45 . 2013-01-09 11:51	43520	----a-w-	c:\windows\system32\csrr.rs
2012-12-07 03:45 . 2013-01-09 11:51	45568	----a-w-	c:\windows\system32\oflc-nz.rs
2012-12-07 03:45 . 2013-01-09 11:51	30720	----a-w-	c:\windows\system32\usk.rs
2012-12-07 03:45 . 2013-01-09 11:51	23552	----a-w-	c:\windows\system32\oflc.rs
2012-12-07 03:45 . 2013-01-09 11:51	44544	----a-w-	c:\windows\system32\pegibbfc.rs
2012-12-07 03:45 . 2013-01-09 11:51	40960	----a-w-	c:\windows\system32\cob-au.rs
2012-12-07 03:45 . 2013-01-09 11:51	21504	----a-w-	c:\windows\system32\grb.rs
2012-12-07 03:45 . 2013-01-09 11:51	20480	----a-w-	c:\windows\system32\pegi-pt.rs
2012-12-07 03:45 . 2013-01-09 11:51	20480	----a-w-	c:\windows\system32\pegi-fi.rs
2012-12-07 03:45 . 2013-01-09 11:51	46592	----a-w-	c:\windows\system32\fpb.rs
2012-12-07 03:45 . 2013-01-09 11:51	20480	----a-w-	c:\windows\system32\pegi.rs
2012-12-07 03:45 . 2013-01-09 11:51	15360	----a-w-	c:\windows\system32\djctq.rs
2012-12-07 03:45 . 2013-01-09 11:51	55296	----a-w-	c:\windows\system32\cero.rs
2012-12-07 03:45 . 2013-01-09 11:51	51712	----a-w-	c:\windows\system32\esrb.rs
2012-12-07 03:21 . 2013-01-09 11:51	45568	----a-w-	c:\windows\SysWow64\oflc-nz.rs
2012-12-07 03:21 . 2013-01-09 11:51	44544	----a-w-	c:\windows\SysWow64\pegibbfc.rs
2012-12-07 03:21 . 2013-01-09 11:51	43520	----a-w-	c:\windows\SysWow64\csrr.rs
2012-12-07 03:21 . 2013-01-09 11:51	30720	----a-w-	c:\windows\SysWow64\usk.rs
2012-12-07 03:21 . 2013-01-09 11:51	23552	----a-w-	c:\windows\SysWow64\oflc.rs
2012-12-07 03:21 . 2013-01-09 11:51	20480	----a-w-	c:\windows\SysWow64\pegi-pt.rs
2012-12-07 03:21 . 2013-01-09 11:51	20480	----a-w-	c:\windows\SysWow64\pegi.rs
2012-12-07 03:21 . 2013-01-09 11:51	20480	----a-w-	c:\windows\SysWow64\pegi-fi.rs
2012-12-07 03:21 . 2013-01-09 11:51	46592	----a-w-	c:\windows\SysWow64\fpb.rs
2012-12-07 03:21 . 2013-01-09 11:51	21504	----a-w-	c:\windows\SysWow64\grb.rs
2012-12-07 03:21 . 2013-01-09 11:51	55296	----a-w-	c:\windows\SysWow64\cero.rs
2012-12-07 03:21 . 2013-01-09 11:51	51712	----a-w-	c:\windows\SysWow64\esrb.rs
2012-12-07 03:21 . 2013-01-09 11:51	40960	----a-w-	c:\windows\SysWow64\cob-au.rs
2012-12-07 03:21 . 2013-01-09 11:51	15360	----a-w-	c:\windows\SysWow64\djctq.rs
2012-11-28 18:58 . 2012-11-28 18:58	972264	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4CCA90CA-3916-4274-8AB4-3BCB58578075}\gapaengine.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\users\Acer\AppData\LocalLow\CT2625848\ldrtbDVDV.dll" [2012-12-23 618904]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
2012-12-23 09:42	618904	----a-w-	c:\users\Acer\AppData\LocalLow\CT2625848\ldrtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
2010-07-02 07:54	2607872	----a-w-	c:\program files (x86)\IMinent Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-30 14:49	281760	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"= "c:\program files (x86)\IMinent Toolbar\tbcore3.dll" [2010-07-02 2607872]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\users\Acer\AppData\LocalLow\CT2625848\ldrtbDVDV.dll" [2012-12-23 618904]
.
[HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Iminent"="c:\program files (x86)\Iminent\Iminent.exe" [2012-04-27 1073744]
"IminentMessenger"="c:\program files (x86)\Iminent\Iminent.Messengers.exe" [2012-04-27 884816]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"LexwareInfoService"="c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
c:\users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 cpuz135;cpuz135;d:\treiber und software\pc-wizard_2012.2.0\pcwiz_x64.sys [2012-06-16 23816]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2012-03-26 22528]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-15 18:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-30 14:49	342176	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-18 8067616]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&userid=EB_USER_ID&ctid=CT2625848&SSPV=TB_IESB21
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\ghp7knlq.default\
FF - prefs.js: browser.search.selectedEngine - DVDVideoSoftTB DE Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2625848&SearchSource=13&CUI=SB_CUI
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=
FF - ExtSQL: 2012-12-25 16:03; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF - ExtSQL: 2012-12-25 16:04; {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}; c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\ghp7knlq.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
BHO-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
Wow6432Node-HKCU-Run-ASRockOCTuner - (no file)
Wow6432Node-HKCU-Run-ASRockIES - (no file)
Wow6432Node-HKLM-RunOnce-Z1 - c:\users\Ralph\Desktop\mbar\mbar.exe
Wow6432Node-HKLM-RunOnce- Malwarebytes Anti-Malware  (cleanup) - c:\users\Ralph\Desktop\mbar\Data\cleanup.dll
WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
AddRemove-FILEminimizer Pictures_is1 - c:\fileminimizer pictures\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="PhotoManager10Deluxe.8.alb"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-24  23:36:22
ComboFix-quarantined-files.txt  2013-02-24 22:36
.
Vor Suchlauf: 9 Verzeichnis(se), 233.539.796.992 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 233.763.012.608 Bytes frei
.
- - End Of File - - 7D4C0121F694A5407B7A582F458DFB75
         

Antwort

Themen zu Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de)
absender, aktionen, anhang, appdata, bedrohung, computer, dauernd, email, entfernt, essen, file, free, heute, local, microsoft, notwendig, ordnung, rechnung, security, setzt, temp, troja, trojan, users, win



Ähnliche Themen: Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de)


  1. 2 Trojaner eingefangen durch E-Mail-Anhänge // Trojan-Banker.Win32.Agent.ubo und Trojan.Win32.Yakes.ghny
    Log-Analyse und Auswertung - 19.07.2015 (28)
  2. Kontosicherheit bei Freenet Email Account
    Diskussionsforum - 21.04.2015 (24)
  3. ZoneArlarm scan ergab u.a. HEUR:Trojan.Win32.Generic , Trojan.Win32.Agent.aeqtk
    Log-Analyse und Auswertung - 11.02.2014 (9)
  4. Kaspersky findet Backdoor.Win32.Zaccess, Trojan-Ransom.Win32.Gimeno, Trojan.Win32.Inject
    Log-Analyse und Auswertung - 01.02.2014 (17)
  5. Windows 8.1: Trojan:Win32/Meredrop, Trojan:Win32/Malagent, Trojan:Win32/Matsnu.L und Worm:Win32/Ainslot.A
    Log-Analyse und Auswertung - 19.01.2014 (5)
  6. Desinfizierung durch Kaspersky nicht möglich: Trojan.Win32.Bromngr.k, HEUR:Trojan.Win32.Generic, Trojan-Downloader.Win32.MultiDL.I
    Plagegeister aller Art und deren Bekämpfung - 28.11.2013 (1)
  7. Trojan.Ransom.ED, Trojan.Agent.ED, Trojan.FakeMS.PRGen und Bublik b. durch Email erhalten?
    Plagegeister aller Art und deren Bekämpfung - 02.04.2013 (29)
  8. Bublik b.; Trojan.Ransom.ED; Trojan.Agent.ED und Trojan.FakeMS.PRGen in Email?
    Mülltonne - 28.03.2013 (0)
  9. Verschlüsselungs-Trojaner: Trojan.Win32.Yakes.bshd, Trojan.Win32.Bublik.abyj
    Plagegeister aller Art und deren Bekämpfung - 25.01.2013 (1)
  10. Virenfund: Trojan.Win32.zapchast.acwq und Trojan.Win32.small.bmrh
    Plagegeister aller Art und deren Bekämpfung - 17.08.2012 (27)
  11. Trojan:Win32/Alureon.FL | PWS:Win32/Fareit.A | Trojan:Win32/Sirefef.P....Auch MBR infiziert?
    Plagegeister aller Art und deren Bekämpfung - 06.01.2012 (7)
  12. Mehrere Viren u.a. Trojan-Dropper.Win32.FrauDrop.bdq, Trojan.Win32.Generic
    Log-Analyse und Auswertung - 13.09.2010 (5)
  13. Trojan.Win32.Agent.delx ; Trojan-Downloader.Win32.Agent.bvst; HackTool.Win32.Kiser.fb
    Plagegeister aller Art und deren Bekämpfung - 05.01.2010 (3)
  14. Trojan-Spy.Win32.Pophot.gzv / Trojan.Win32.Buzus.alwl / Virus.Win32.Virut.ce
    Plagegeister aller Art und deren Bekämpfung - 19.02.2009 (1)
  15. brauch hilfe bei: Win32/Oleloa.gen!, Trojan.Win32.Golid.g, Trojan.Win32.Small.ev
    Plagegeister aller Art und deren Bekämpfung - 28.11.2005 (1)
  16. Blub geräusch in windows xp
    Plagegeister aller Art und deren Bekämpfung - 08.01.2004 (9)

Zum Thema Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de) - Habe heute eine Email von o.g. Absender bekommen mit einer Rechnung als ZIP-Datei. War über den Rechnungsbetrag so entsetzt, dass ich den Anhang ohne zu überlegen geöffnet habe. Datei ließ - Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de)...
Archiv
Du betrachtest: Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.