Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F sowie TR/Agent.385024.338

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 07.05.2013, 21:46   #1
KlausKlaus
 
Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F  sowie  TR/Agent.385024.338 - Standard

Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F sowie TR/Agent.385024.338



Hallo liebe Trojaner-Boarder.

Bei euch im Forum habe ich schon mehrfach Themen gesehen und gelesen, die Ähnlichkeiten mit meinem Problem haben, speziell die, wo es um Ausspähen von Sparkasse-Daten geht.
Ich habe aber die Schritte, die dort empfohlen wurden, nicht durchgeführt, da oftmals geschrieben wurde, dass jeder Befall anders ist. Daher schildere ich mein Problem mal jetzt hier und hoffe auch eure Hilfe.

Letzten Donnerstag (02.05.13) erhielt ich von meiner Sparkasse einen Anruf, in dem mir mitgeteilt wurde, dass auf einem Server im Ausland meine Zugangsdaten für meinen Onlinebanking-Zugang aufgetaucht seien und dass aus Sicherheitsgründen dieser Zugang jetzt gesperrt würde.
Offensichtlich habe ein Trojaner meine Passwörter ausgespäht.
Nachdem ich mein Avira Antivir per Update auf den neuesten Stand gebracht habe, wurden auch mehrere Malware-Programme gefunden:

- ADWARE/Rogue.218624
- TR/Agent.385024.338
- EXP/CVE-2013-2423.F
Diese 3 befinden sich immernoch im Quarantäne-Bereich von Avira Antivir.

Vor der Aktualisierung von Avira Antivir waren noch 2 weitere Funde in Quarantäne, die danach jedoch nicht mehr da waren. Dies gilt auch für die zugehörigen Berichte.
Wenn ich mich richtig erinnere, waren es ähnliche Bezeichnungen wie bei EXP/CVE...
Ich befürchte, dass, wenn überhaupt, eine dieser beiden Dateien der besagte Trojaner war.
Die oben explizit genannten Funde wurden erst am 04.05.13 (ADWARE,TR/)bzw. am 07.05.13 (EXP/CVE) gemacht.

Meine Frage ist nun, wie ich den ganzen Müll wieder weg bekommen? Ich weiß auch nicht, was von dem Trojaner, der mein Onlinebanking ausgepäht hat, noch übrig ist in meinem System.

Ich hoffe, dass ihr mir helfen könnt und würde mich über eine Antwort sehr freuen!

Ich habe auch schon OTL und GMER durchlaufen lassen, hier die logs:

OTL.txt:

Code:
ATTFilter
OTL logfile created on: 07.05.2013 20:47:26 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Christian\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19412)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 44,75% Memory free
6,19 Gb Paging File | 4,27 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,20 Gb Total Space | 129,22 Gb Free Space | 45,31% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTIAN-VAIO | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Christian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files\sony\VAIO Update\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Program Files\sony\VAIO Update\VUAgent.exe (Sony Corporation)
PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
PRC - C:\Program Files\sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
PRC - C:\Program Files\Logitech\SetPoint\LBTWiz.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
PRC - C:\Program Files\sony\VAIO Media plus\VMpTtray.exe (Sony Corporation)
PRC - C:\Program Files\sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe (Realtek Semiconductor)
PRC - C:\Program Files\sony\Network Utility\LANUtil.exe (Sony Corporation)
PRC - C:\Program Files\sony\Network Utility\NSUService.exe (Sony Corporation)
PRC - C:\Program Files\sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Program Files\sony\VAIO Power Management\SPMService.exe (Sony Corporation)
PRC - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15e2d7f51f15830591727d6d6a1e4032\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\421cb77e6a4c21f94e3c5ddf766de23b\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\System32\CmdLineExt03.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\f300bbe8b18d4a04933422f241aa1428\System.IdentityModel.Selectors.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1c40efd2328e271920f4b4eda38c0125\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9b2eef59d0cfc5aff182d0951de5f040\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\895899bb8c1772f2043de17305d7eb35\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\f9d4a89fc32b5a458c0a02c48dc8538e\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\bb8af3cf69f1337efda4e810b6751b89\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3421.42239__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3421.42258__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3421.42253__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3421.42257__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3421.42313__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3421.42295__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3421.42282__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3421.42247__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3421.42331__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3421.42332__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3421.42247__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3421.42300__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3421.42300__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3421.42299__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3421.42284__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3421.42248__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3421.42259__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3421.42308__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3421.42259__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3421.42293__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3421.42284__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3421.42263__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3421.42292__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3421.42279__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3421.42283__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3421.42294__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3421.42263__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3421.42283__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3421.42284__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3421.42294__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3294.18728__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3294.18709__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3294.18751__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3294.18787__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3294.18795__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3294.18747__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3294.18794__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3294.18699__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3294.18701__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3294.18753__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3294.18745__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3294.18787__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3294.18708__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3294.18832__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3294.18755__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3294.18735__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3294.18771__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3294.18785__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3294.18737__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3294.18731__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3294.18717__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3294.18727__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3294.18758__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3294.18755__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3294.18772__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3294.18767__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3294.18766__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3294.18765__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3294.18771__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3294.18742__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3294.18760__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3294.18756__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3294.18748__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3294.18769__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3294.18757__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3421.42357__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3421.42340__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3294.18746__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3294.18728__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3421.42234__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3421.42326__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3294.18725__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3294.18720__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3294.18745__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3421.42321__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3421.42252__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3421.42325__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3421.42238__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3294.18714__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3294.18748__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3421.42236__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3294.18750__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3294.18744__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3421.42243__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3421.42237__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3421.42236__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3421.42235__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3294.18740__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3421.42326__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3294.18774__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (VUAgent) -- C:\Program Files\sony\VAIO Update\VUAgent.exe (Sony Corporation)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (VcmIAlzMgr) -- C:\Program Files\sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (SOHCImp) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHPlMgr) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHDBSvr) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (RtkAudioService) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe (Realtek Semiconductor)
SRV - (NSUService) -- C:\Program Files\sony\Network Utility\NSUService.exe (Sony Corporation)
SRV - (VAIO Power Management) -- C:\Program Files\sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (uCamMonitor) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (lxcg_device) -- C:\Windows\System32\lxcgcoms.exe ( )
 
 
========== Driver Services (SafeList) ==========
 
DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (hwusbdev) -- system32\DRIVERS\ewusbdev.sys File not found
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (ewusbnet) -- system32\DRIVERS\ewusbnet.sys File not found
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYT
IE - HKLM\..\SearchScopes\{73B60328-40E2-4CBC-AAFD-169B4DB776FB}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig
IE - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYK_de
IE - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7SNYK_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\..\SearchScopes\{73B60328-40E2-4CBC-AAFD-169B4DB776FB}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
IE - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\..\SearchScopes\{D4FD0727-ECC5-44F1-9964-C4BDFAE5148A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=6368203A-A94A-4EDF-9CC7-4543A302D4CE&apn_sauid=79300CDA-3E42-4CA4-8C85-B25C039EADE0&
IE - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2013.01.03 22:39:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 15:18:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.12 15:18:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 15:18:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.12 15:18:11 | 000,000,000 | ---D | M]
 
[2010.07.27 17:35:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions
[2013.02.14 22:15:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\6bykvql9.default\extensions
[2010.12.13 12:07:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\6bykvql9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.22 17:42:12 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\6bykvql9.default\extensions\firefox@tvunetworks.com
[2012.12.12 01:31:30 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\6bykvql9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.02.14 22:15:46 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\6bykvql9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.12 15:18:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.04.12 15:18:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.04.12 15:18:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.04.12 15:18:21 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.04.12 15:18:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.04.12 15:18:16 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.04.12 15:18:16 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.04.12 15:18:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.12 15:18:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.04.12 15:18:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AML] C:\Program Files\Sony\VAIO Launcher\AML.exe (Sony)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [MarketingTools] C:\Program Files\sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1033429082-2119218386-936885420-1000..\Run: [Dywoyreven] C:\Users\Christian\AppData\Roaming\Tagy\qoer.exe ()
O4 - HKU\S-1-5-21-1033429082-2119218386-936885420-1000..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-1033429082-2119218386-936885420-1000..\Run: [EPSON SX110 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1033429082-2119218386-936885420-1000..\Run: [EPSON SX218 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1033429082-2119218386-936885420-1000..\Run: [EPSON SX218 Series (Kopie 1)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1033429082-2119218386-936885420-1000..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent File not found
O4 - HKU\S-1-5-21-1033429082-2119218386-936885420-1000..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKU\S-1-5-21-1033429082-2119218386-936885420-1000..\Run: [Spotify] C:\Users\Christian\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-1033429082-2119218386-936885420-1000..\Run: [Spotify Web Helper] C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-1033429082-2119218386-936885420-1000..\Run: [VMpTtray.exe] C:\Program Files\sony\VAIO Media plus\VMpTtray.exe (Sony Corporation)
O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk =  File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A017C41E-C727-41AC-A634-FF0F56357C14}: DhcpNameServer = 192.168.34.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBE8C1D3-07B5-4507-B8CA-145AFDF06D11}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Christian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Christian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4cf095e2-1bbd-11df-b773-002433d141d5}\Shell - "" = AutoRun
O33 - MountPoints2\{4cf095e2-1bbd-11df-b773-002433d141d5}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe
O33 - MountPoints2\{b30b1ddc-95d6-11e0-8ff4-001e101f07df}\Shell - "" = AutoRun
O33 - MountPoints2\{b30b1ddc-95d6-11e0-8ff4-001e101f07df}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d18f1afd-8406-11de-b72d-001dbaf4b813}\Shell - "" = AutoRun
O33 - MountPoints2\{d18f1afd-8406-11de-b72d-001dbaf4b813}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{f6d839dc-f149-11df-9bb7-002433d141d5}\Shell - "" = AutoRun
O33 - MountPoints2\{f6d839dc-f149-11df-9bb7-002433d141d5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f6d839e7-f149-11df-9bb7-001e101f305e}\Shell - "" = AutoRun
O33 - MountPoints2\{f6d839e7-f149-11df-9bb7-001e101f305e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f6d839f0-f149-11df-9bb7-001e101f9d8c}\Shell - "" = AutoRun
O33 - MountPoints2\{f6d839f0-f149-11df-9bb7-001e101f9d8c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f6d839fa-f149-11df-9bb7-001e101f648e}\Shell - "" = AutoRun
O33 - MountPoints2\{f6d839fa-f149-11df-9bb7-001e101f648e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.07 19:50:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2013.05.07 13:31:10 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\Age of Empires II
[2013.05.05 13:34:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.05.05 13:29:49 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.05.05 13:29:49 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.05.05 13:29:49 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.05.02 16:32:26 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Avira
[2013.05.02 16:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.05.02 16:26:39 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.05.02 16:26:37 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.05.02 16:26:37 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.05.02 16:26:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.05.02 16:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.04.30 09:15:54 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Xoilq
[2013.04.30 09:15:54 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Tagy
[2013.04.30 09:15:54 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Rizur
[2013.04.27 23:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.04.26 13:51:36 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Spotify
[2013.04.26 13:51:15 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Spotify
[2013.04.21 11:30:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2013.04.12 15:18:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.04.10 20:46:45 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.04.10 20:46:44 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.04.10 20:46:44 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.04.10 20:46:02 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.04.10 20:46:01 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.04.10 20:46:01 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2013.04.10 20:46:01 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.04.10 20:46:00 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.04.10 20:46:00 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.04.10 20:46:00 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.04.10 20:46:00 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.04.10 20:46:00 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.04.10 20:46:00 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.04.10 20:46:00 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.04.10 20:46:00 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.04.10 20:46:00 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.04.10 20:46:00 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.04.10 20:46:00 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.04.10 20:46:00 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.04.10 20:46:00 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.04.10 20:45:59 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.10 20:44:57 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.04.10 20:44:55 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.07 20:17:27 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.07 20:17:27 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.07 19:54:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.07 19:50:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2013.05.07 19:49:36 | 000,000,000 | ---- | M] () -- C:\Users\Christian\defogger_reenable
[2013.05.07 19:48:36 | 000,050,477 | ---- | M] () -- C:\Users\Christian\Desktop\Defogger.exe
[2013.05.07 13:33:59 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.07 13:33:59 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.07 13:33:59 | 000,126,704 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.07 13:33:59 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.07 11:16:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.06 22:30:47 | 000,110,592 | ---- | M] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.05.06 12:30:30 | 000,013,004 | ---- | M] () -- C:\Users\Christian\Desktop\Unbenannt 1.odg
[2013.05.05 23:30:57 | 3218,104,320 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.05 16:35:35 | 000,004,268 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.05.02 16:16:19 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.05.02 16:16:18 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.05.02 16:16:18 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.05.02 16:16:18 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.05.02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013.04.26 13:51:35 | 000,001,775 | ---- | M] () -- C:\Users\Christian\Desktop\Spotify.lnk
[2013.04.21 11:42:57 | 000,000,000 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\sversion.ini
[2013.04.21 11:29:29 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.04.21 11:29:29 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.04.20 19:54:22 | 000,000,680 | ---- | M] () -- C:\Users\Christian\AppData\Local\d3d9caps.dat
[2013.04.11 03:27:56 | 000,452,160 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.05.07 19:49:36 | 000,000,000 | ---- | C] () -- C:\Users\Christian\defogger_reenable
[2013.05.07 19:48:34 | 000,050,477 | ---- | C] () -- C:\Users\Christian\Desktop\Defogger.exe
[2013.04.26 13:51:35 | 000,001,775 | ---- | C] () -- C:\Users\Christian\Desktop\Spotify.lnk
[2013.04.26 13:51:35 | 000,001,761 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2013.04.12 12:44:37 | 000,013,004 | ---- | C] () -- C:\Users\Christian\Desktop\Unbenannt 1.odg
[2011.09.17 22:13:48 | 000,011,264 | ---- | C] () -- C:\Windows\System32\atimuixx.dll
[2011.09.11 12:41:54 | 000,000,282 | ---- | C] () -- C:\Windows\Config.ini
[2011.09.11 12:41:54 | 000,000,225 | ---- | C] () -- C:\Windows\Config.ini.bak
[2011.09.11 12:41:52 | 054,601,633 | ---- | C] () -- C:\Windows\BIOSROM.DAT
[2010.06.11 22:57:29 | 000,000,680 | ---- | C] () -- C:\Users\Christian\AppData\Local\d3d9caps.dat
[2010.04.10 08:28:41 | 000,000,760 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\setup_ldm.iss
[2009.08.22 19:29:36 | 000,000,000 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\sversion.ini
[2009.08.16 18:10:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.08.09 04:58:38 | 000,024,064 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\UserTile.png
[2009.08.05 19:27:26 | 000,110,592 | ---- | C] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.02.10 16:34:24 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Atari
[2013.01.03 22:39:33 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoft
[2012.09.20 22:12:18 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.05.06 16:17:10 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Epson
[2010.07.15 11:46:00 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\GetRightToGo
[2012.06.08 19:05:56 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\go
[2012.09.12 00:09:43 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ICQ
[2011.07.02 21:06:20 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\InterVideo
[2009.08.29 03:47:49 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Leadertech
[2010.02.16 21:20:07 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\LG Electronics
[2011.01.21 20:53:17 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenOffice.org
[2013.04.03 11:36:17 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Origin
[2009.08.09 04:58:37 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PeerNetworking
[2013.04.30 09:15:54 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Rizur
[2013.04.29 18:30:41 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Spotify
[2013.04.30 09:15:54 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Tagy
[2011.12.25 17:17:10 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Ubisoft
[2013.05.07 16:36:49 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Xoilq
 
========== Purity Check ==========
 
 

< End of report >
         

Extras.txt

Code:
ATTFilter
OTL Extras logfile created on: 07.05.2013 20:47:26 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Christian\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19412)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 44,75% Memory free
6,19 Gb Paging File | 4,27 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,20 Gb Total Space | 129,22 Gb Free Space | 45,31% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTIAN-VAIO | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-1033429082-2119218386-936885420-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B5FBFDE-9A81-49AF-8B2D-4F2B4F7704E7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{0E1276B1-0311-43C2-B812-F6DE4F3656A3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{1074E664-9F32-4CCA-AB0D-9B07ACDD869E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{122ECF6F-21AE-471B-B235-367597FBFF6A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{17139A5A-05AA-46FE-BB57-0A481BC7A557}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1BAAC31F-EA4C-4BF3-8BA8-86903FD896DA}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{1CBAB161-B794-40A3-9E96-B6C6882B74E7}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{23EACC63-AE5A-4687-8B39-B951694C5624}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2EEA3600-4F69-48F7-ADBF-4ED966F6D5CD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{2F24B054-7378-4E0B-833E-6C8881C00134}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3120E0DD-F561-433F-9158-5BE7CF20C8A0}" = lport=137 | protocol=17 | dir=in | app=system | 
"{319D9108-B986-4698-B94B-11C3EE57F26F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{36C2CCCD-D45D-4A92-9CB6-A14A149AE6E8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{4794FD15-DD6B-47B3-B10E-A90502245811}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{49A204E2-0AD2-496C-BE55-0A6528DC0E67}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{593CAB15-F0B3-456C-94DF-347E140DC6E6}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5A60E279-716A-4D12-AE4E-9E9A91BB68C4}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{6042E77A-198F-4796-BBB6-65CE6FD091B8}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{72D4E8EC-E3AA-4B8C-AFF9-37354B52F660}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8797EA83-7218-4935-BBF6-82A93A942188}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8E7EB605-ECBA-4A2F-A2E7-096C5FFD187D}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{9430473A-CA16-4261-8BFF-61931C5A6919}" = lport=139 | protocol=6 | dir=in | app=system | 
"{991AA5F0-F354-43C8-AF0A-0BD168E85D21}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9A9B65F3-9055-4D4E-8D81-9067601B5D20}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B0056FEE-5173-4629-8063-8A7925482FB8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C1B0EBB1-F027-4015-91E3-2D1FA95C3F3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C2356B44-AC7C-4AE1-A515-9E8DA8F41D8C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D4A02098-4A45-4153-90C2-E0F448D87BF1}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{D839420C-DF76-4B05-B6E4-E1A4FDFA9AF8}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{DC62D110-9105-4A53-AD9D-8C30A80A3BFD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{EFD0E59E-3A0D-4DEB-A5C0-D48ABF161D9F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{F0E7EE21-CDE2-48F4-8E8A-1F9A7D506AEE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FBEC581B-8C15-401D-A215-A7B0508D9AA3}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A58DB22-B32C-49E6-9B23-2CC1A790693D}" = protocol=6 | dir=in | app=c:\program files\common files\sony shared\sohlib\sohdms.exe | 
"{0C765B7B-0EDB-4F23-9355-66A8FAF37720}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{21CB2DC0-8CD1-4823-A487-3294FF3D5DC6}" = protocol=6 | dir=in | app=c:\program files\common files\sony shared\sohlib\sohcimp.exe | 
"{21D7054F-F3DE-4795-ADCB-CF2F54A38208}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{21D9BCB9-B7D5-4888-8780-75EF7CC3E829}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{24442338-2E05-4B8E-8245-17546574EDCC}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{264E55F1-A5EA-4174-BDC5-3170DF5D8D7D}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{4E5AC57A-B2A6-4304-804E-267B975C1BD1}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{4EC19C25-6A4A-4A24-BBFA-4BBB86AD9F0D}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{5551ACED-DAF7-409C-AED8-668C1FFAA6EE}" = protocol=17 | dir=in | app=c:\program files\sony\vaio media plus\vmp.exe | 
"{56E4A717-17FE-4628-B974-F3A6EABFBF90}" = protocol=17 | dir=in | app=c:\program files\common files\sony shared\sohlib\sohdms.exe | 
"{5EECCAAC-9EF7-4B32-8CB2-E597535B3AD8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5F974FEB-7894-42EA-92E2-E3EBB8ABCA91}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{67F6625C-18B8-4232-BBC6-BE2F1B8EBE7D}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\initengine.exe | 
"{6CFB0022-FBD5-43B8-9613-A97FCC8F5B69}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{6FA321F1-4335-4178-8440-265E02E28ADC}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{6FBC28F1-7917-49A0-AAF2-4D71F7453130}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\autopatcher.exe | 
"{7D4F814D-B9F2-4B3A-AA1D-9B366CBFFE4B}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\anno5.exe | 
"{8044E6A0-FB64-4CCE-BEDB-9862E31139F5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{814BC493-9807-4225-BD13-3FE818683C43}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{89CBD9BF-9B44-4B17-BC3F-5935FC0CD826}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{8B2A9FFC-CB0A-4BFF-B98B-13E16D917150}" = protocol=6 | dir=in | app=c:\program files\sony\vaio media plus\vmp.exe | 
"{93458ED9-784C-467C-9BCE-9AEBF85214E3}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{967DB318-6032-4A13-A78E-C7D54F09630D}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{A1742D28-E4B0-4ADA-94F7-9FEF73FC9266}" = protocol=17 | dir=in | app=c:\program files\common files\sony shared\sohlib\sohcimp.exe | 
"{A69597A4-1F65-4B54-8B7F-170530B8D197}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{A8429FEF-2BE7-433A-A9F2-927D565213E7}" = protocol=17 | dir=in | app=c:\program files\common files\sony shared\sohlib\sohds.exe | 
"{ADC37CB2-8AD5-472F-BF84-A631D158E0B5}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\initengine.exe | 
"{B5140B72-01E4-43B9-8378-E951A9ED14D3}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\autopatcher.exe | 
"{B5EFA606-C888-4CBE-B8BC-77F7F835F3DF}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{C11BFB45-5695-417A-B5C1-75CDB5F84720}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{D0043BC0-70E4-484B-BCB3-DD2CF45EEED2}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{D17B0934-05B5-44B4-A263-57E473EA85DC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{E35852A0-F31E-450D-A282-8897553401AD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E46CB965-4FE2-4959-A0D0-77235B34DED2}" = protocol=6 | dir=in | app=c:\program files\common files\sony shared\sohlib\sohds.exe | 
"{E5385247-2B04-4A97-A6A7-13EDAA17693C}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{EBD2DEA3-1FD5-4AD3-88B1-91393B612B9A}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{EE90FBA4-5511-4718-84A9-6237127674E2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F27F0F48-82F1-44FE-8F73-9729F070102C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F82DE2A1-FE7C-4671-9ECF-D57470B03EB6}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{FDE5A5D3-A7A4-49B9-84EC-0C4AE8136F98}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\anno5.exe | 
"{FF4769E5-83CF-4E4B-BE18-A024EF427A09}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{10A31E8E-E4FA-4257-9DB8-A5664A607D29}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{13BD7203-6C18-467B-9C8B-04D965463E4C}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{19577B63-798D-4DC5-B214-6752E8859637}C:\users\christian\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\users\christian\anno 1701\anno1701.exe | 
"TCP Query User{2C8306EC-6B51-4B82-90EC-9BBBB68B6F5D}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{3295802C-B4EC-4765-BBBA-5E026DBD2786}C:\users\christian\desktop\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\christian\desktop\age of empires ii\age2_x1\age2_x1.exe | 
"TCP Query User{3739C260-992C-45C0-959B-7F938D72B529}C:\users\christian\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\christian\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{4123F8C2-98D2-4337-A05E-C115A3578593}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{48DE48BF-CE13-4756-B1F8-FF935E027C74}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{543051C0-1C1E-4275-BEEE-164ACCB66553}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{7221B613-5089-4711-869F-5DB78C0E6917}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{84F2F03B-AD03-4021-8362-51162CACFDB3}C:\users\christian\desktop\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\users\christian\desktop\anno 1701\anno1701.exe | 
"TCP Query User{8C9AADF0-1052-4425-96EB-12DC75B0F6B8}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{8E2D6474-F06A-4FF7-AC62-D01D87E59874}C:\users\christian\desktop\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\users\christian\desktop\age of empires ii\empires2.exe | 
"TCP Query User{9791F87A-BDED-4219-BB30-5B37E07B4E45}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{99A7D3E6-B2CB-4CD0-BD41-765C98B1B0A8}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{9F900524-530A-4608-BA4C-45EF976E9957}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{ABF77450-8B0E-463F-AB9E-AC283601A1C0}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{BDB2A6E5-DEE9-4EA4-B67C-DFAFDA0E0677}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{C964FE4F-F53B-4B03-98BB-6E32BC6669A7}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{D005C666-D616-4E09-B9DB-1B3E56307ABB}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{D63D42D6-0E46-4DE8-8647-8AAB4C695BFE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{020D9395-8F12-4E63-9872-5822AFE4BF73}C:\users\christian\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\users\christian\anno 1701\anno1701.exe | 
"UDP Query User{055D9C1B-00D0-40AA-9953-6203FE2C9859}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{318B0F47-291B-41FA-AD72-C3109ED0798F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{364F1FBA-704E-4E49-992D-3843636CCA4F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{3C71CD0A-3088-4973-891B-7B2758C6756F}C:\users\christian\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\christian\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{4CF9ED12-BF6B-4781-907B-3B73120FEDD7}C:\users\christian\desktop\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\users\christian\desktop\age of empires ii\empires2.exe | 
"UDP Query User{569DFC57-F501-4709-AAAF-5CBE91AFDE16}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{56D20EFD-E3D0-41AA-84AF-A8C195ABF3E1}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{61334277-6D54-473B-81D5-34FCA5D4B7C2}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{61A1FE17-150E-4E7F-A2DB-DD117F530A54}C:\users\christian\desktop\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\christian\desktop\age of empires ii\age2_x1\age2_x1.exe | 
"UDP Query User{804FF513-71BD-4C45-A652-AC27C06DFC36}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{80FEE8A3-DB4E-4A25-89E3-900B7CFE7A48}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{85B37A68-908B-4CB3-9943-26308D4B8015}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{B7FC3B21-3B7C-47B4-B034-9D535B763CA4}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{BAB0407B-87B1-41D1-A117-886CC4C25B48}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{BFC07C14-6B83-4AF0-92DA-3AB83195903A}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{C0B2A5A5-413A-4257-9E27-6CF8595120C2}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{C64ABD8A-7E5A-46E2-9827-B7831B84616F}C:\users\christian\desktop\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\users\christian\desktop\anno 1701\anno1701.exe | 
"UDP Query User{CE4BD4BE-81ED-4428-AED8-66876B6A79F1}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{DFDDFDF5-4AF2-4EDA-9AC1-6219DEDF4A55}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{FE4D295C-A56D-4B7F-9358-5065A560E181}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0B9B76C9-4967-59FC-C994-191AEA152F04}" = ATI Catalyst Install Manager
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6100_series" = Canon MG6100 series MP Drivers
"{12D0BE8D-538C-4AB1-86DE-C540308F50DA}" = VAIO Content Metadata Manager Settings
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{18510937-0146-417B-95D8-14706649C384}" = VAIO Content Metadata Manager Settings
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation
"{202F2838-156B-FC76-013F-9241B9673F39}" = CCC Help Thai
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2878C3C9-9D91-430F-8F50-885BB23DB001}" = VAIO Content Folder Watcher
"{291FB4BF-EEC7-4CF9-8469-F39ED1DBC4D8}" = VAIO Content Metadata XML Interface Library
"{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1" = Pokemon Online 2.0.1
"{2C3CE8F0-F4AD-4D54-A520-975309C617E2}" = LG PC Suite III
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{325ED81A-EC15-7CE8-729B-0392A1DD3854}" = CCC Help Czech
"{327B75F0-92AF-420A-988F-FA596A218E0B}" = VAIO Content Folder Watcher
"{36BDB1C2-CC66-41EB-B7DD-76339A7BB046}" = VAIO Edit Components
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCA23DD-CEDA-CC7F-C74C-4D1EDAE919AA}" = Catalyst Control Center Graphics Full New
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{42DD2173-B7CA-8AB3-8AC2-40DFE2CA6FBC}" = CCC Help German
"{430DD2C5-65FD-9781-F9F2-693CAF05CD10}" = Catalyst Control Center InstallProxy
"{4882EBF5-CA37-4EF4-BCB8-9B0E78B907D0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{49B8916D-1DEA-F18A-731F-BF0FE209C63B}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4EEAF8D8-CB79-06CA-A566-EAC1726DAABB}" = CCC Help Finnish
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{540DB82A-EE11-BBC1-8BD8-BB7D937A53A4}" = CCC Help Hungarian
"{547FD64B-98D9-1D8F-9001-BE027E3A7BD8}" = Catalyst Control Center InstallProxy
"{5511C07D-A83C-45AD-92B6-42DF99729A3C}" = Adobe Photoshop Elements 7.0
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5882396B-9FB3-37AC-1AE1-5EA344BD7705}" = Catalyst Control Center Graphics Previews Vista
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5BA149D9-D5FA-5AB3-400B-9F1BF424B7CE}" = CCC Help Chinese Traditional
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{642F96CC-1D3B-20DE-8673-44EE15B3DC2F}" = CCC Help Portuguese
"{64DBE9FE-A07D-41A0-B81A-8D416D9647FF}" = VAIO Content Folder Watcher
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69C8B1E3-2665-4A0F-B049-67746E5C4CE3}" = Software Info for Me&My VAIO
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D26ACF9-4919-0744-C509-28EAF53112D4}" = CCC Help Dutch
"{6EB6A82E-4918-481F-9AF8-3129E6D29B7E}" = Sony Home Network Library
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71256374-2053-CF0F-BD54-20082980B95C}" = Catalyst Control Center Graphics Full Existing
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{72EEB695-388B-4835-8EA6-0C04545B06B9}" = Intel(R) PROSet/Wireless WiFi-Software
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{737D8F4D-24D4-D626-DEC0-9E39A6166890}" = CCC Help Danish
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{74B705C2-173A-FFD1-98BC-AD5FB647AB38}" = CCC Help Polish
"{76D7CCD6-8369-405C-B494-5F34FAE67249}" = Me&My VAIO
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{784BDC03-2D22-BCAE-5CAC-84AFA799FBDE}" = CCC Help Turkish
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{7B79CD75-F848-4B33-83E3-0EE1A1805A8C}" = VAIO Movie Story
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8572CE7D-46B0-70B3-96CD-534F07B35F5D}" = CCC Help Italian
"{85AF94EC-55DE-452A-8FD7-C34E598B3F1F}" = Adobe Premiere Elements 7.0 Templates
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87544F2E-CCA5-01BC-AEBC-D8C1D759EE61}" = CCC Help English
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PROR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_PROR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_PROR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90B38901-52C8-85A7-D6C8-9A5592C9FCAA}" = CCC Help Greek
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9648D00F-0589-619B-6114-BF2A0620168B}" = CCC Help Korean
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = 
"{9805E4EE-9B66-CABD-AF6B-4B84F2A8EF46}" = Skins
"{989ED050-E296-4FDC-9E4E-C48B4AF76E32}" = VAIO Content Metadata Intelligent Analyzing Manager
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AC34FA1-BCDE-1D09-5DB7-EB6A064FDEA9}" = CCC Help Spanish
"{9B973FC0-E71F-6F89-10D6-1BFD063D1707}" = CCC Help Swedish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9EAC0E21-510E-4259-A9C6-F5D5B8969036}" = Catalyst Control Center - Branding
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{A3563827-B0DB-44DC-B037-15CC4E5E692F}" = VAIO Content Metadata XML Interface Library
"{A3979A05-6834-D0A7-75CD-71B5A9E5F4C0}" = Catalyst Control Center Localization All
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A6F21795-E629-35B2-9487-00A8363B28AA}" = Catalyst Control Center Graphics Light
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{AEA6A4C2-7C4E-48F9-A770-879DE2EDEE1B}" = OpenMG Secure Module 5.4.00
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1991F22-4F93-4D11-9866-A7DFE551DF9E}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B3668C08-EBB1-40F4-B4F9-4F8E13501A7D}" = VAIO Entertainment Platform
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.5
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C0AD2831-3398-A078-CBEB-39A6B381BB56}" = CCC Help Japanese
"{C0E18DC4-C74A-4889-AE3A-933471023787}" = LG PC Suite III
"{C18A02EC-966B-E7A7-9AC9-082F770ABF9B}" = CCC Help Russian
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup aktivieren
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C9C390CC-F9B9-EFE8-27DF-6EB7FF8F8760}" = CCC Help Norwegian
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CD431A7B-88D8-0823-E66F-CCFAEA6DA7B4}" = ccc-core-static
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF0F8D1B-5FB9-468D-BD88-E6239906D2B7}" = Click to Disc
"{D035FBF6-FDEF-487D-89CA-6F9DD07B783F}" = Dolby Control Center
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D239B547-8B20-4BDE-888D-C9CCA823FFD8}" = WIDCOMM Bluetooth Software
"{D47E6B9C-F5A5-23B7-AB6A-3806AD4C9529}" = ccc-utility
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D564B5E2-CCB5-4A5C-B35E-2FC30BBC9336}" = Adobe Premiere Elements 7.0
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D613E659-6503-42A8-9617-4F599061EAD5}" = VAIO MusicBox
"{D6DA6836-77C2-5338-10E3-D7A6CD65681D}" = Catalyst Control Center Core Implementation
"{DA8F979E-43B9-3EEC-721C-F297D9509992}" = Catalyst Control Center Graphics Previews Common
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" = 
"{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FE0782BC-7AB0-CF6A-6E38-D3040462C7EC}" = CCC Help French
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"7-Zip" = 7-Zip 9.20
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"dt icon module" = 
"EPSON Scanner" = EPSON Scan
"EPSON SX110 Series" = Druckerdeinstallation für EPSON SX110 Series
"EPSON SX218 Series" = EPSON SX218 Series Printer Uninstall
"EPSON SX218 Series Manual" = EPSON SX218 Series Handbuch
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.21.1212
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Free YouTube Download_is1" = Free YouTube Download version 3.1.42.1212
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{AEA6A4C2-7C4E-48F9-A770-879DE2EDEE1B}" = OpenMG Secure Module 5.4.00
"InstallShield_{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"MarketingTools" = VAIO Marketing Tools
"MFU Module" = 
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NimoCorp" = Nimo Codecs Pack v5.0 (Remove Only)
"PremElem70" = Adobe Premiere Elements 7.0
"PremElem70Templates" = Adobe Premiere Elements 7.0 Templates
"ProInst" = Intel PROSet Wireless
"PROR" = Microsoft Office Professional 2007-Testversion
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"SUPER ©" = SUPER © Version 2010.bld.42 (Nov 7, 2010)
"Uninstall_is1" = Uninstall 1.0.0.1
"VAIO Help and Support" = 
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"YTdetect" = Yahoo! Detect
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1033429082-2119218386-936885420-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"Spotify" = Spotify
"STANLY Track" = STANLY Track
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.05.2013 11:06:52 | Computer Name = Christian-Vaio | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 04.05.2013 06:23:51 | Computer Name = Christian-Vaio | Source = Perflib | ID = 1010
Description = 
 
Error - 04.05.2013 06:23:52 | Computer Name = Christian-Vaio | Source = Perflib | ID = 1008
Description = 
 
Error - 05.05.2013 17:31:58 | Computer Name = Christian-Vaio | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.05.2013 17:32:15 | Computer Name = Christian-Vaio | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
Error - 06.05.2013 07:01:40 | Computer Name = Christian-Vaio | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 06.05.2013 07:01:55 | Computer Name = Christian-Vaio | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 06.05.2013 07:35:58 | Computer Name = Christian-Vaio | Source = Application Hang | ID = 1002
Description = Programm soffice.bin, Version 3.2.9498.500 arbeitet nicht mehr mit
 Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 121c  Anfangszeit: 01ce4a4d88cf5770  Zeitpunkt
 der Beendigung: 29
 
Error - 06.05.2013 07:37:22 | Computer Name = Christian-Vaio | Source = Application Hang | ID = 1002
Description = Programm soffice.bin, Version 3.2.9498.500 arbeitet nicht mehr mit
 Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 1168  Anfangszeit: 01ce4a4de3e7a770  Zeitpunkt
 der Beendigung: 7
 
Error - 07.05.2013 06:14:27 | Computer Name = Christian-Vaio | Source = Windows Search Service | ID = 3013
Description = 
 
[ OSession Events ]
Error - 15.07.2010 17:51:24 | Computer Name = Christian-Vaio | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 15.07.2010 17:52:00 | Computer Name = Christian-Vaio | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 15.07.2010 17:59:46 | Computer Name = Christian-Vaio | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 07.12.2010 14:41:31 | Computer Name = Christian-Vaio | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 8 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 07.12.2010 14:53:46 | Computer Name = Christian-Vaio | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 27.01.2011 05:16:48 | Computer Name = Christian-Vaio | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 12.04.2011 09:46:07 | Computer Name = Christian-Vaio | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.05.2011 13:57:06 | Computer Name = Christian-Vaio | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 2861 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 02.05.2013 11:03:34 | Computer Name = Christian-Vaio | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 02.05.2013 11:03:42 | Computer Name = Christian-Vaio | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 02.05.2013 11:05:31 | Computer Name = Christian-Vaio | Source = DCOM | ID = 10010
Description = 
 
Error - 02.05.2013 11:05:32 | Computer Name = Christian-Vaio | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 04.05.2013 05:40:21 | Computer Name = Christian-Vaio | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.12 für die Netzwerkkarte mit der Netzwerkadresse
 0022FB80BD4C wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 05.05.2013 17:31:59 | Computer Name = Christian-Vaio | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 05.05.2013 17:32:19 | Computer Name = Christian-Vaio | Source = DCOM | ID = 10016
Description = 
 
Error - 05.05.2013 17:32:42 | Computer Name = Christian-Vaio | Source = DCOM | ID = 10016
Description = 
 
Error - 05.05.2013 17:37:43 | Computer Name = Christian-Vaio | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.3 für die Netzwerkkarte mit der Netzwerkadresse
 0022FB80BD4C wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 06.05.2013 14:02:28 | Computer Name = Christian-Vaio | Source = BROWSER | ID = 8032
Description = 
 
 
< End of report >
         

Hoffe das ist alles so richtig. Bei Gmer.txt bin ich nicht sicher gewesen, ob ich die richtigen Haken weggelassen habe. Ich habe Haken bei IAT/EAT, Show all und bei File weggelassen. Bei C habe ich den Haken gelassen.
Sollte das falsch sein, mache ich es schnell nochmal neu mit den richtigen Haken.

Wie gesagt, wäre sehr dankbar für jede Hilfe!

In jedem Fall wünsche ich allen einen schönen Restabend!
LG KlausKlaus

Alt 07.05.2013, 21:50   #2
KlausKlaus
 
Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F  sowie  TR/Agent.385024.338 - Standard

Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F sowie TR/Agent.385024.338



ah sorry, ich komm nich zurecht hier...
__________________


Geändert von KlausKlaus (07.05.2013 um 22:02 Uhr)

Alt 07.05.2013, 21:52   #3
KlausKlaus
 
Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F  sowie  TR/Agent.385024.338 - Standard

Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F sowie TR/Agent.385024.338



hier noch Gmer.txt , leider zweigeteilt

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-07 21:57:48
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FB4O 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\fglyiuog.sys


---- System - GMER 2.1 ----

SSDT   8DB6F5F6                                                                                                           ZwCreateSection
SSDT   8DB6F600                                                                                                           ZwRequestWaitReplyPort
SSDT   8DB6F5FB                                                                                                           ZwSetContextThread
SSDT   8DB6F605                                                                                                           ZwSetSecurityObject
SSDT   8DB6F60A                                                                                                           ZwSystemDebugControl
SSDT   8DB6F597                                                                                                           ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text  ntkrnlpa.exe!KeSetEvent + 215                                                                                      836EF958 4 Bytes  [F6, F5, B6, 8D] {DIV CH; MOV DH, 0x8d}
.text  ntkrnlpa.exe!KeSetEvent + 539                                                                                      836EFC7C 4 Bytes  [00, F6, B6, 8D] {ADD DH, DH; MOV DH, 0x8d}
.text  ntkrnlpa.exe!KeSetEvent + 56D                                                                                      836EFCB0 4 Bytes  [FB, F5, B6, 8D] {STI ; CMC ; MOV DH, 0x8d}
.text  ntkrnlpa.exe!KeSetEvent + 5D1                                                                                      836EFD14 4 Bytes  [05, F6, B6, 8D]
.text  ntkrnlpa.exe!KeSetEvent + 619                                                                                      836EFD5C 4 Bytes  [0A, F6, B6, 8D] {OR DH, DH; MOV DH, 0x8d}
.text  ...                                                                                                                
.text  C:\Windows\system32\DRIVERS\atikmdag.sys                                                                           section is writeable [0x8F80A000, 0x24DFB2, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] ntdll.dll!LdrLoadDll + 1                                   77329379 3 Bytes  [E1, 39, 3C]
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] ntdll.dll!LdrLoadDll + 5                                   7732937D 1 Byte  [C3]
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] ntdll.dll!NtCreateUserProcess                              77365674 4 Bytes  [68, BC, 38, 3C]
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] ntdll.dll!NtCreateUserProcess + 5                          77365679 1 Byte  [C3]
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] kernel32.dll!GetFileAttributesExW                          77189C45 6 Bytes  PUSH 003C3C4A; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] kernel32.dll!ExitProcess                                   771B43B4 6 Bytes  PUSH 003C3C09; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] ADVAPI32.dll!CreateProcessAsUserA                          759ACEB9 6 Bytes  PUSH 003C3CB0; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] ADVAPI32.dll!CreateProcessAsUserW                          759C1EE9 6 Bytes  PUSH 003C3CC7; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] WS2_32.dll!closesocket                                     75CC330C 6 Bytes  PUSH 003BF57B; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] WS2_32.dll!getaddrinfo                                     75CC418A 6 Bytes  PUSH 003BF18C; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] WS2_32.dll!WSASend                                         75CC4496 6 Bytes  PUSH 003BF5D4; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] WS2_32.dll!send                                            75CC659B 6 Bytes  PUSH 003BF5B3; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] WS2_32.dll!gethostbyname                                   75CD62D4 6 Bytes  PUSH 003BF11C; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] CRYPT32.dll!PFXImportCertStore                             7534989D 6 Bytes  PUSH 003D1D51; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!RegisterClassExA                                770D61E1 6 Bytes  PUSH 003C6CF4; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!GetUpdateRgn                                    770D85E4 6 Bytes  PUSH 003CFAD5; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!GetMessagePos                                   770D9071 6 Bytes  PUSH 003BFE2F; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!GetCapture                                      770DA986 6 Bytes  PUSH 003BFF8F; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!SwitchDesktop                                   770DB8D2 6 Bytes  PUSH 003C68E6; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!OpenInputDesktop                                770DBCE6 4 Bytes  [68, 96, 68, 3C]
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!OpenInputDesktop + 5                            770DBCEB 1 Byte  [C3]
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!GetUpdateRect                                   770DD3E0 6 Bytes  PUSH 003CFA42; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!RegisterClassExW                                770DDA30 6 Bytes  PUSH 003C6CA2; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!DefWindowProcA                                  770DDB88 6 Bytes  PUSH 003C694A; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!RegisterClassA                                  770DDF42 6 Bytes  PUSH 003C6C55; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!RegisterClassW                                  770DE1AB 6 Bytes  PUSH 003C6C08; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!GetWindowDC                                     770E3BA7 4 Bytes  [68, C3, F9, 3C]
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!GetWindowDC + 5                                 770E3BAC 1 Byte  [C3]
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!DefDlgProcW                                     770E4A11 6 Bytes  PUSH 003C6990; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!GetDCEx                                         770E4D22 4 Bytes  [68, 29, F9, 3C]
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!GetDCEx + 5                                     770E4D27 1 Byte  [C3]
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!PeekMessageA                                    770E8343 6 Bytes  PUSH 003C00A9; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!GetMessageA                                     770E8AB3 6 Bytes  PUSH 003C0056; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!GetDC                                           770E9C31 4 Bytes  [68, 84, F9, 3C]
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!GetDC + 5                                       770E9C36 1 Byte  [C3]
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!ReleaseDC                                       770E9CED 6 Bytes  PUSH 003CFA02; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!EndPaint                                        770EA28F 4 Bytes  JMP 3A0EDF8C 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!EndPaint + 5                                    770EA294 1 Byte  [C3]
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!BeginPaint                                      770EA2A3 4 Bytes  [68, 79, F8, 3C]
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!BeginPaint + 5                                  770EA2A8 1 Byte  [C3]
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!GetMessageW                                     770EFEF7 6 Bytes  PUSH 003C002E; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!TranslateMessage                                770F01AD 6 Bytes  PUSH 003CA41D; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!DefWindowProcW                                  770F03B4 6 Bytes  PUSH 003C6904; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!PeekMessageW                                    770F045A 6 Bytes  PUSH 003C007E; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!CallWindowProcW                                 770F095E 6 Bytes  PUSH 003C6B3A; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!GetCursorPos                                    770F0B88 6 Bytes  PUSH 003BFE61; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!DefDlgProcA                                     770F26B8 6 Bytes  PUSH 003C69D6; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!DefMDIChildProcA                                770FB031 6 Bytes  PUSH 003C6AF4; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!DefFrameProcA                                   770FB24F 6 Bytes  PUSH 003C6A65; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!CallWindowProcA                                 770FB73E 6 Bytes  PUSH 003C6B83; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!DefFrameProcW                                   770FD1F9 6 Bytes  PUSH 003C6A1C; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!DefMDIChildProcW                                770FD4F6 6 Bytes  PUSH 003C6AAE; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!ReleaseCapture                                  771030A2 6 Bytes  PUSH 003BFF3F; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!SetCapture                                      771030AF 4 Bytes  [68, E5, FE, 3B]
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!SetCapture + 5                                  771030B4 1 Byte  [C3]
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!SetCursorPos                                    77116FB2 6 Bytes  PUSH 003BFEA8; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] USER32.dll!GetClipboardData                                7711715A 6 Bytes  PUSH 003CA5CC; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] WININET.dll!InternetReadFile                               75A8655B 6 Bytes  PUSH 003D19A3; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] WININET.dll!HttpQueryInfoA                                 75A8879D 6 Bytes  PUSH 003D1AD6; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] WININET.dll!InternetCloseHandle                            75A89098 6 Bytes  PUSH 003D1936; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] WININET.dll!InternetQueryDataAvailable                     75A8BF93 6 Bytes  PUSH 003D1AAA; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] WININET.dll!HttpOpenRequestA                               75A8D518 6 Bytes  PUSH 003D1678; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] WININET.dll!HttpSendRequestW                               75A8FACE 6 Bytes  PUSH 003D16BC; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] WININET.dll!HttpOpenRequestW                               75A8FC0B 6 Bytes  PUSH 003D1634; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] WININET.dll!HttpSendRequestA                               75A9EEA1 6 Bytes  PUSH 003D1711; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] WININET.dll!InternetReadFileExA                            75AA3271 6 Bytes  PUSH 003D19D1; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] WININET.dll!InternetSetFilePointer                         75AE5A11 6 Bytes  PUSH 003D1A50; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] WININET.dll!HttpSendRequestExA                             75AFA6DA 6 Bytes  PUSH 003D1803; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] WININET.dll!HttpSendRequestExW                             75AFA733 6 Bytes  PUSH 003D1766; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] WININET.dll!HttpEndRequestA                                75AFA7E2 6 Bytes  PUSH 003D18A0; RET 
.text  C:\Program Files\sony\Network Utility\LANUtil.exe[1596] WININET.dll!HttpEndRequestW                                75AFA814 6 Bytes  PUSH 003D18EB; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] ntdll.dll!LdrLoadDll + 1                          77329379 3 Bytes  [E1, 39, 51] {LOOPZ 0x3b; PUSH ECX}
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] ntdll.dll!LdrLoadDll + 5                          7732937D 1 Byte  [C3]
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] ntdll.dll!NtCreateUserProcess                     77365674 4 Bytes  [68, BC, 38, 51]
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] ntdll.dll!NtCreateUserProcess + 5                 77365679 1 Byte  [C3]
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] kernel32.dll!GetFileAttributesExW                 77189C45 6 Bytes  PUSH 00513C4A; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] kernel32.dll!ExitProcess                          771B43B4 6 Bytes  PUSH 00513C09; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] ADVAPI32.dll!CreateProcessAsUserA                 759ACEB9 6 Bytes  PUSH 00513CB0; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] ADVAPI32.dll!CreateProcessAsUserW                 759C1EE9 6 Bytes  PUSH 00513CC7; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!RegisterClassExA                       770D61E1 6 Bytes  PUSH 00516CF4; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!GetUpdateRgn                           770D85E4 6 Bytes  PUSH 0051FAD5; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!GetMessagePos                          770D9071 6 Bytes  PUSH 0050FE2F; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!GetCapture                             770DA986 6 Bytes  PUSH 0050FF8F; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!SwitchDesktop                          770DB8D2 6 Bytes  PUSH 005168E6; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!OpenInputDesktop                       770DBCE6 4 Bytes  [68, 96, 68, 51]
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!OpenInputDesktop + 5                   770DBCEB 1 Byte  [C3]
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!GetUpdateRect                          770DD3E0 6 Bytes  PUSH 0051FA42; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!RegisterClassExW                       770DDA30 6 Bytes  PUSH 00516CA2; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!DefWindowProcA                         770DDB88 6 Bytes  PUSH 0051694A; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!RegisterClassA                         770DDF42 6 Bytes  PUSH 00516C55; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!RegisterClassW                         770DE1AB 6 Bytes  PUSH 00516C08; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!GetWindowDC                            770E3BA7 4 Bytes  [68, C3, F9, 51]
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!GetWindowDC + 5                        770E3BAC 1 Byte  [C3]
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!DefDlgProcW                            770E4A11 6 Bytes  PUSH 00516990; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!GetDCEx                                770E4D22 4 Bytes  [68, 29, F9, 51]
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!GetDCEx + 5                            770E4D27 1 Byte  [C3]
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!PeekMessageA                           770E8343 6 Bytes  PUSH 005100A9; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!GetMessageA                            770E8AB3 6 Bytes  PUSH 00510056; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!GetDC                                  770E9C31 4 Bytes  [68, 84, F9, 51]
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!GetDC + 5                              770E9C36 1 Byte  [C3]
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!ReleaseDC                              770E9CED 6 Bytes  PUSH 0051FA02; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!EndPaint                               770EA28F 4 Bytes  JMP 3A0EF48C 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!EndPaint + 5                           770EA294 1 Byte  [C3]
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!BeginPaint                             770EA2A3 4 Bytes  [68, 79, F8, 51]
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!BeginPaint + 5                         770EA2A8 1 Byte  [C3]
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!GetMessageW                            770EFEF7 6 Bytes  PUSH 0051002E; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!TranslateMessage                       770F01AD 6 Bytes  PUSH 0051A41D; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!DefWindowProcW                         770F03B4 6 Bytes  PUSH 00516904; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!PeekMessageW                           770F045A 6 Bytes  PUSH 0051007E; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!CallWindowProcW                        770F095E 6 Bytes  PUSH 00516B3A; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!GetCursorPos                           770F0B88 6 Bytes  PUSH 0050FE61; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!DefDlgProcA                            770F26B8 6 Bytes  PUSH 005169D6; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!DefMDIChildProcA                       770FB031 6 Bytes  PUSH 00516AF4; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!DefFrameProcA                          770FB24F 6 Bytes  PUSH 00516A65; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!CallWindowProcA                        770FB73E 6 Bytes  PUSH 00516B83; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!DefFrameProcW                          770FD1F9 6 Bytes  PUSH 00516A1C; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!DefMDIChildProcW                       770FD4F6 6 Bytes  PUSH 00516AAE; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!ReleaseCapture                         771030A2 6 Bytes  PUSH 0050FF3F; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!SetCapture                             771030AF 4 Bytes  [68, E5, FE, 50]
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!SetCapture + 5                         771030B4 1 Byte  [C3]
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!SetCursorPos                           77116FB2 6 Bytes  PUSH 0050FEA8; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] USER32.dll!GetClipboardData                       7711715A 6 Bytes  PUSH 0051A5CC; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] WININET.dll!InternetReadFile                      75A8655B 6 Bytes  PUSH 005219A3; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] WININET.dll!HttpQueryInfoA                        75A8879D 6 Bytes  PUSH 00521AD6; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] WININET.dll!InternetCloseHandle                   75A89098 6 Bytes  PUSH 00521936; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] WININET.dll!InternetQueryDataAvailable            75A8BF93 6 Bytes  PUSH 00521AAA; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] WININET.dll!HttpOpenRequestA                      75A8D518 6 Bytes  PUSH 00521678; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] WININET.dll!HttpSendRequestW                      75A8FACE 6 Bytes  PUSH 005216BC; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] WININET.dll!HttpOpenRequestW                      75A8FC0B 6 Bytes  PUSH 00521634; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] WININET.dll!HttpSendRequestA                      75A9EEA1 6 Bytes  PUSH 00521711; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] WININET.dll!InternetReadFileExA                   75AA3271 6 Bytes  PUSH 005219D1; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] WININET.dll!InternetSetFilePointer                75AE5A11 6 Bytes  PUSH 00521A50; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] WININET.dll!HttpSendRequestExA                    75AFA6DA 6 Bytes  PUSH 00521803; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] WININET.dll!HttpSendRequestExW                    75AFA733 6 Bytes  PUSH 00521766; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] WININET.dll!HttpEndRequestA                       75AFA7E2 6 Bytes  PUSH 005218A0; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] WININET.dll!HttpEndRequestW                       75AFA814 6 Bytes  PUSH 005218EB; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] WS2_32.dll!closesocket                            75CC330C 6 Bytes  PUSH 0050F57B; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] WS2_32.dll!getaddrinfo                            75CC418A 6 Bytes  PUSH 0050F18C; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] WS2_32.dll!WSASend                                75CC4496 6 Bytes  PUSH 0050F5D4; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] WS2_32.dll!send                                   75CC659B 6 Bytes  PUSH 0050F5B3; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] WS2_32.dll!gethostbyname                          75CD62D4 6 Bytes  PUSH 0050F11C; RET 
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[2320] CRYPT32.dll!PFXImportCertStore                    7534989D 6 Bytes  PUSH 00521D51; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] ntdll.dll!LdrLoadDll + 1                                                         77329379 3 Bytes  [E1, 39, 89]
.text  C:\Windows\ehome\ehtray.exe[2416] ntdll.dll!LdrLoadDll + 5                                                         7732937D 1 Byte  [C3]
.text  C:\Windows\ehome\ehtray.exe[2416] ntdll.dll!NtCreateUserProcess                                                    77365674 4 Bytes  [68, BC, 38, 89]
.text  C:\Windows\ehome\ehtray.exe[2416] ntdll.dll!NtCreateUserProcess + 5                                                77365679 1 Byte  [C3]
.text  C:\Windows\ehome\ehtray.exe[2416] kernel32.dll!GetFileAttributesExW                                                77189C45 6 Bytes  PUSH 00893C4A; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] kernel32.dll!ExitProcess                                                         771B43B4 6 Bytes  PUSH 00893C09; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] ADVAPI32.dll!CreateProcessAsUserA                                                759ACEB9 6 Bytes  PUSH 00893CB0; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] ADVAPI32.dll!CreateProcessAsUserW                                                759C1EE9 6 Bytes  PUSH 00893CC7; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] USER32.dll!RegisterClassExA                                                      770D61E1 6 Bytes  PUSH 00896CF4; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] USER32.dll!GetUpdateRgn                                                          770D85E4 6 Bytes  PUSH 0089FAD5; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] USER32.dll!GetMessagePos                                                         770D9071 6 Bytes  PUSH 0088FE2F; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] USER32.dll!GetCapture                                                            770DA986 6 Bytes  PUSH 0088FF8F; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] USER32.dll!SwitchDesktop                                                         770DB8D2 6 Bytes  PUSH 008968E6; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] USER32.dll!OpenInputDesktop                                                      770DBCE6 4 Bytes  [68, 96, 68, 89]
.text  C:\Windows\ehome\ehtray.exe[2416] USER32.dll!OpenInputDesktop + 5                                                  770DBCEB 1 Byte  [C3]
.text  C:\Windows\ehome\ehtray.exe[2416] USER32.dll!GetUpdateRect                                                         770DD3E0 6 Bytes  PUSH 0089FA42; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] USER32.dll!RegisterClassExW                                                      770DDA30 6 Bytes  PUSH 00896CA2; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] USER32.dll!DefWindowProcA                                                        770DDB88 6 Bytes  PUSH 0089694A; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] USER32.dll!RegisterClassA                                                        770DDF42 6 Bytes  PUSH 00896C55; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] USER32.dll!RegisterClassW                                                        770DE1AB 6 Bytes  PUSH 00896C08; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] USER32.dll!GetWindowDC                                                           770E3BA7 4 Bytes  [68, C3, F9, 89]
.text  C:\Windows\ehome\ehtray.exe[2416] USER32.dll!GetWindowDC + 5                                                       770E3BAC 1 Byte  [C3]
.text  C:\Windows\ehome\ehtray.exe[2416] USER32.dll!DefDlgProcW                                                           770E4A11 6 Bytes  PUSH 00896990; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] USER32.dll!GetDCEx                                                               770E4D22 4 Bytes  [68, 29, F9, 89]
.text  C:\Windows\ehome\ehtray.exe[2416] USER32.dll!GetDCEx + 5                                                           770E4D27 1 Byte  [C3]
.text  C:\Windows\ehome\ehtray.exe[2416] USER32.dll!PeekMessageA                                                          770E8343 6 Bytes  PUSH 008900A9; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] USER32.dll!GetMessageA                                                           770E8AB3 6 Bytes  PUSH 00890056; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] USER32.dll!GetDC                                                                 770E9C31 4 Bytes  [68, 84, F9, 89]
.text  C:\Windows\ehome\ehtray.exe[2416] USER32.dll!GetDC + 5                                                             770E9C36 1 Byte  [C3]
.text  C:\Windows\ehome\ehtray.exe[2416] USER32.dll!ReleaseDC                                                             770E9CED 6 Bytes  PUSH 0089FA02; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] USER32.dll!EndPaint                                                              770EA28F 4 Bytes  JMP 3A0F2C8C 
.text  C:\Windows\ehome\ehtray.exe[2416] USER32.dll!EndPaint + 5                                                          770EA294 1 Byte  [C3]
.text  C:\Windows\ehome\ehtray.exe[2416] USER32.dll!BeginPaint                                                            770EA2A3 4 Bytes  [68, 79, F8, 89]
.text  C:\Windows\ehome\ehtray.exe[2416] USER32.dll!BeginPaint + 5                                                        770EA2A8 1 Byte  [C3]
.text  C:\Windows\ehome\ehtray.exe[2416] USER32.dll!GetMessageW                                                           770EFEF7 6 Bytes  PUSH 0089002E; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] USER32.dll!TranslateMessage                                                      770F01AD 6 Bytes  PUSH 0089A41D; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] USER32.dll!DefWindowProcW                                                        770F03B4 6 Bytes  PUSH 00896904; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] USER32.dll!PeekMessageW                                                          770F045A 6 Bytes  PUSH 0089007E; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] USER32.dll!CallWindowProcW                                                       770F095E 6 Bytes  PUSH 00896B3A; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] USER32.dll!GetCursorPos                                                          770F0B88 6 Bytes  PUSH 0088FE61; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] USER32.dll!DefDlgProcA                                                           770F26B8 6 Bytes  PUSH 008969D6; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] USER32.dll!DefMDIChildProcA                                                      770FB031 6 Bytes  PUSH 00896AF4; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] USER32.dll!DefFrameProcA                                                         770FB24F 6 Bytes  PUSH 00896A65; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] USER32.dll!CallWindowProcA                                                       770FB73E 6 Bytes  PUSH 00896B83; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] USER32.dll!DefFrameProcW                                                         770FD1F9 6 Bytes  PUSH 00896A1C; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] USER32.dll!DefMDIChildProcW                                                      770FD4F6 6 Bytes  PUSH 00896AAE; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] USER32.dll!ReleaseCapture                                                        771030A2 6 Bytes  PUSH 0088FF3F; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] USER32.dll!SetCapture                                                            771030AF 4 Bytes  [68, E5, FE, 88]
.text  C:\Windows\ehome\ehtray.exe[2416] USER32.dll!SetCapture + 5                                                        771030B4 1 Byte  [C3]
.text  C:\Windows\ehome\ehtray.exe[2416] USER32.dll!SetCursorPos                                                          77116FB2 6 Bytes  PUSH 0088FEA8; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] USER32.dll!GetClipboardData                                                      7711715A 6 Bytes  PUSH 0089A5CC; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] WS2_32.dll!closesocket                                                           75CC330C 6 Bytes  PUSH 0088F57B; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] WS2_32.dll!getaddrinfo                                                           75CC418A 6 Bytes  PUSH 0088F18C; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] WS2_32.dll!WSASend                                                               75CC4496 6 Bytes  PUSH 0088F5D4; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] WS2_32.dll!send                                                                  75CC659B 6 Bytes  PUSH 0088F5B3; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] WS2_32.dll!gethostbyname                                                         75CD62D4 6 Bytes  PUSH 0088F11C; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] CRYPT32.dll!PFXImportCertStore                                                   7534989D 6 Bytes  PUSH 008A1D51; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] WININET.dll!InternetReadFile                                                     75A8655B 6 Bytes  PUSH 008A19A3; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] WININET.dll!HttpQueryInfoA                                                       75A8879D 6 Bytes  PUSH 008A1AD6; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] WININET.dll!InternetCloseHandle                                                  75A89098 6 Bytes  PUSH 008A1936; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] WININET.dll!InternetQueryDataAvailable                                           75A8BF93 6 Bytes  PUSH 008A1AAA; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] WININET.dll!HttpOpenRequestA                                                     75A8D518 6 Bytes  PUSH 008A1678; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] WININET.dll!HttpSendRequestW                                                     75A8FACE 6 Bytes  PUSH 008A16BC; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] WININET.dll!HttpOpenRequestW                                                     75A8FC0B 6 Bytes  PUSH 008A1634; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] WININET.dll!HttpSendRequestA                                                     75A9EEA1 6 Bytes  PUSH 008A1711; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] WININET.dll!InternetReadFileExA                                                  75AA3271 6 Bytes  PUSH 008A19D1; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] WININET.dll!InternetSetFilePointer                                               75AE5A11 6 Bytes  PUSH 008A1A50; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] WININET.dll!HttpSendRequestExA                                                   75AFA6DA 6 Bytes  PUSH 008A1803; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] WININET.dll!HttpSendRequestExW                                                   75AFA733 6 Bytes  PUSH 008A1766; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] WININET.dll!HttpEndRequestA                                                      75AFA7E2 6 Bytes  PUSH 008A18A0; RET 
.text  C:\Windows\ehome\ehtray.exe[2416] WININET.dll!HttpEndRequestW                                                      75AFA814 6 Bytes  PUSH 008A18EB; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] ntdll.dll!LdrLoadDll + 1                                  77329379 3 Bytes  [E1, 39, 3D]
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] ntdll.dll!LdrLoadDll + 5                                  7732937D 1 Byte  [C3]
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] ntdll.dll!NtCreateUserProcess                             77365674 4 Bytes  [68, BC, 38, 3D]
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] ntdll.dll!NtCreateUserProcess + 5                         77365679 1 Byte  [C3]
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] kernel32.dll!GetFileAttributesExW                         77189C45 6 Bytes  PUSH 003D3C4A; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] kernel32.dll!ExitProcess                                  771B43B4 6 Bytes  PUSH 003D3C09; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!RegisterClassExA                               770D61E1 6 Bytes  PUSH 003D6CF4; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!GetUpdateRgn                                   770D85E4 6 Bytes  PUSH 003DFAD5; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!GetMessagePos                                  770D9071 6 Bytes  PUSH 003CFE2F; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!GetCapture                                     770DA986 6 Bytes  PUSH 003CFF8F; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!SwitchDesktop                                  770DB8D2 6 Bytes  PUSH 003D68E6; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!OpenInputDesktop                               770DBCE6 4 Bytes  [68, 96, 68, 3D]
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!OpenInputDesktop + 5                           770DBCEB 1 Byte  [C3]
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!GetUpdateRect                                  770DD3E0 6 Bytes  PUSH 003DFA42; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!RegisterClassExW                               770DDA30 6 Bytes  PUSH 003D6CA2; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!DefWindowProcA                                 770DDB88 6 Bytes  PUSH 003D694A; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!RegisterClassA                                 770DDF42 6 Bytes  PUSH 003D6C55; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!RegisterClassW                                 770DE1AB 6 Bytes  PUSH 003D6C08; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!GetWindowDC                                    770E3BA7 4 Bytes  [68, C3, F9, 3D]
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!GetWindowDC + 5                                770E3BAC 1 Byte  [C3]
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!DefDlgProcW                                    770E4A11 6 Bytes  PUSH 003D6990; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!GetDCEx                                        770E4D22 4 Bytes  [68, 29, F9, 3D]
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!GetDCEx + 5                                    770E4D27 1 Byte  [C3]
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!PeekMessageA                                   770E8343 6 Bytes  PUSH 003D00A9; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!GetMessageA                                    770E8AB3 6 Bytes  PUSH 003D0056; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!GetDC                                          770E9C31 4 Bytes  [68, 84, F9, 3D]
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!GetDC + 5                                      770E9C36 1 Byte  [C3]
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!ReleaseDC                                      770E9CED 6 Bytes  PUSH 003DFA02; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!EndPaint                                       770EA28F 4 Bytes  JMP 3A0EE08C 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!EndPaint + 5                                   770EA294 1 Byte  [C3]
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!BeginPaint                                     770EA2A3 4 Bytes  [68, 79, F8, 3D]
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!BeginPaint + 5                                 770EA2A8 1 Byte  [C3]
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!GetMessageW                                    770EFEF7 6 Bytes  PUSH 003D002E; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!TranslateMessage                               770F01AD 6 Bytes  PUSH 003DA41D; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!DefWindowProcW                                 770F03B4 6 Bytes  PUSH 003D6904; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!PeekMessageW                                   770F045A 6 Bytes  PUSH 003D007E; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!CallWindowProcW                                770F095E 6 Bytes  PUSH 003D6B3A; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!GetCursorPos                                   770F0B88 6 Bytes  PUSH 003CFE61; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!DefDlgProcA                                    770F26B8 6 Bytes  PUSH 003D69D6; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!DefMDIChildProcA                               770FB031 6 Bytes  PUSH 003D6AF4; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!DefFrameProcA                                  770FB24F 6 Bytes  PUSH 003D6A65; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!CallWindowProcA                                770FB73E 6 Bytes  PUSH 003D6B83; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!DefFrameProcW                                  770FD1F9 6 Bytes  PUSH 003D6A1C; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!DefMDIChildProcW                               770FD4F6 6 Bytes  PUSH 003D6AAE; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!ReleaseCapture                                 771030A2 6 Bytes  PUSH 003CFF3F; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!SetCapture                                     771030AF 4 Bytes  [68, E5, FE, 3C]
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!SetCapture + 5                                 771030B4 1 Byte  [C3]
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!SetCursorPos                                   77116FB2 6 Bytes  PUSH 003CFEA8; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] USER32.dll!GetClipboardData                               7711715A 6 Bytes  PUSH 003DA5CC; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] ADVAPI32.dll!CreateProcessAsUserA                         759ACEB9 6 Bytes  PUSH 003D3CB0; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] ADVAPI32.dll!CreateProcessAsUserW                         759C1EE9 6 Bytes  PUSH 003D3CC7; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] WS2_32.dll!closesocket                                    75CC330C 6 Bytes  PUSH 003CF57B; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] WS2_32.dll!getaddrinfo                                    75CC418A 6 Bytes  PUSH 003CF18C; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] WS2_32.dll!WSASend                                        75CC4496 6 Bytes  PUSH 003CF5D4; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] WS2_32.dll!send                                           75CC659B 6 Bytes  PUSH 003CF5B3; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] WS2_32.dll!gethostbyname                                  75CD62D4 6 Bytes  PUSH 003CF11C; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] CRYPT32.dll!PFXImportCertStore                            7534989D 6 Bytes  PUSH 003E1D51; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] WININET.dll!InternetReadFile                              75A8655B 6 Bytes  PUSH 003E19A3; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] WININET.dll!HttpQueryInfoA                                75A8879D 6 Bytes  PUSH 003E1AD6; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] WININET.dll!InternetCloseHandle                           75A89098 6 Bytes  PUSH 003E1936; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] WININET.dll!InternetQueryDataAvailable                    75A8BF93 6 Bytes  PUSH 003E1AAA; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] WININET.dll!HttpOpenRequestA                              75A8D518 6 Bytes  PUSH 003E1678; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] WININET.dll!HttpSendRequestW                              75A8FACE 6 Bytes  PUSH 003E16BC; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] WININET.dll!HttpOpenRequestW                              75A8FC0B 6 Bytes  PUSH 003E1634; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] WININET.dll!HttpSendRequestA                              75A9EEA1 6 Bytes  PUSH 003E1711; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] WININET.dll!InternetReadFileExA                           75AA3271 6 Bytes  PUSH 003E19D1; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] WININET.dll!InternetSetFilePointer                        75AE5A11 6 Bytes  PUSH 003E1A50; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] WININET.dll!HttpSendRequestExA                            75AFA6DA 6 Bytes  PUSH 003E1803; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] WININET.dll!HttpSendRequestExW                            75AFA733 6 Bytes  PUSH 003E1766; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] WININET.dll!HttpEndRequestA                               75AFA7E2 6 Bytes  PUSH 003E18A0; RET 
.text  C:\Program Files\sony\VAIO Media plus\VMpTtray.exe[2500] WININET.dll!HttpEndRequestW                               75AFA814 6 Bytes  PUSH 003E18EB; RET 
.text  C:\Windows\system32\Dwm.exe[2548] ntdll.dll!LdrLoadDll + 1                                                         77329379 5 Bytes  [E1, 39, F9, 01, C3] {LOOPZ 0x3b; STC ; ADD EBX, EAX}
.text  C:\Windows\system32\Dwm.exe[2548] ntdll.dll!NtCreateUserProcess                                                    77365674 6 Bytes  PUSH 01F938BC; RET 
.text  C:\Windows\system32\Dwm.exe[2548] kernel32.dll!GetFileAttributesExW                                                77189C45 6 Bytes  PUSH 01F93C4A; RET 
.text  C:\Windows\system32\Dwm.exe[2548] kernel32.dll!ExitProcess                                                         771B43B4 6 Bytes  PUSH 01F93C09; RET 
.text  C:\Windows\system32\Dwm.exe[2548] ADVAPI32.dll!CreateProcessAsUserA                                                759ACEB9 6 Bytes  PUSH 01F93CB0; RET 
.text  C:\Windows\system32\Dwm.exe[2548] ADVAPI32.dll!CreateProcessAsUserW                                                759C1EE9 6 Bytes  PUSH 01F93CC7; RET 
.text  C:\Windows\system32\Dwm.exe[2548] USER32.dll!RegisterClassExA                                                      770D61E1 6 Bytes  PUSH 01F96CF4; RET 
.text  C:\Windows\system32\Dwm.exe[2548] USER32.dll!GetUpdateRgn                                                          770D85E4 6 Bytes  PUSH 01F9FAD5; RET 
.text  C:\Windows\system32\Dwm.exe[2548] USER32.dll!GetMessagePos                                                         770D9071 6 Bytes  PUSH 01F8FE2F; RET 
.text  C:\Windows\system32\Dwm.exe[2548] USER32.dll!GetCapture                                                            770DA986 6 Bytes  PUSH 01F8FF8F; RET 
.text  C:\Windows\system32\Dwm.exe[2548] USER32.dll!SwitchDesktop                                                         770DB8D2 6 Bytes  PUSH 01F968E6; RET 
.text  C:\Windows\system32\Dwm.exe[2548] USER32.dll!OpenInputDesktop                                                      770DBCE6 6 Bytes  PUSH 01F96896; RET 
.text  C:\Windows\system32\Dwm.exe[2548] USER32.dll!GetUpdateRect                                                         770DD3E0 6 Bytes  PUSH 01F9FA42; RET 
.text  C:\Windows\system32\Dwm.exe[2548] USER32.dll!RegisterClassExW                                                      770DDA30 6 Bytes  PUSH 01F96CA2; RET 
.text  C:\Windows\system32\Dwm.exe[2548] USER32.dll!DefWindowProcA                                                        770DDB88 6 Bytes  PUSH 01F9694A; RET 
.text  C:\Windows\system32\Dwm.exe[2548] USER32.dll!RegisterClassA                                                        770DDF42 6 Bytes  PUSH 01F96C55; RET 
.text  C:\Windows\system32\Dwm.exe[2548] USER32.dll!RegisterClassW                                                        770DE1AB 6 Bytes  PUSH 01F96C08; RET 
.text  C:\Windows\system32\Dwm.exe[2548] USER32.dll!GetWindowDC                                                           770E3BA7 6 Bytes  PUSH 01F9F9C3; RET 
.text  C:\Windows\system32\Dwm.exe[2548] USER32.dll!DefDlgProcW                                                           770E4A11 6 Bytes  PUSH 01F96990; RET 
.text  C:\Windows\system32\Dwm.exe[2548] USER32.dll!GetDCEx                                                               770E4D22 6 Bytes  PUSH 01F9F929; RET 
.text  C:\Windows\system32\Dwm.exe[2548] USER32.dll!PeekMessageA                                                          770E8343 6 Bytes  PUSH 01F900A9; RET 
.text  C:\Windows\system32\Dwm.exe[2548] USER32.dll!GetMessageA                                                           770E8AB3 6 Bytes  PUSH 01F90056; RET 
.text  C:\Windows\system32\Dwm.exe[2548] USER32.dll!GetDC                                                                 770E9C31 6 Bytes  PUSH 01F9F984; RET 
.text  C:\Windows\system32\Dwm.exe[2548] USER32.dll!ReleaseDC                                                             770E9CED 6 Bytes  PUSH 01F9FA02; RET 
.text  C:\Windows\system32\Dwm.exe[2548] USER32.dll!EndPaint                                                              770EA28F 6 Bytes  JMP 3A109C8C 
.text  C:\Windows\system32\Dwm.exe[2548] USER32.dll!BeginPaint                                                            770EA2A3 6 Bytes  PUSH 01F9F879; RET 
.text  C:\Windows\system32\Dwm.exe[2548] USER32.dll!GetMessageW                                                           770EFEF7 6 Bytes  PUSH 01F9002E; RET 
.text  C:\Windows\system32\Dwm.exe[2548] USER32.dll!TranslateMessage                                                      770F01AD 6 Bytes  PUSH 01F9A41D; RET 
.text  C:\Windows\system32\Dwm.exe[2548] USER32.dll!DefWindowProcW                                                        770F03B4 6 Bytes  PUSH 01F96904; RET 
.text  C:\Windows\system32\Dwm.exe[2548] USER32.dll!PeekMessageW                                                          770F045A 6 Bytes  PUSH 01F9007E; RET 
.text  C:\Windows\system32\Dwm.exe[2548] USER32.dll!CallWindowProcW                                                       770F095E 6 Bytes  PUSH 01F96B3A; RET 
.text  C:\Windows\system32\Dwm.exe[2548] USER32.dll!GetCursorPos                                                          770F0B88 6 Bytes  PUSH 01F8FE61; RET 
.text  C:\Windows\system32\Dwm.exe[2548] USER32.dll!DefDlgProcA                                                           770F26B8 6 Bytes  PUSH 01F969D6; RET 
.text  C:\Windows\system32\Dwm.exe[2548] USER32.dll!DefMDIChildProcA                                                      770FB031 6 Bytes  PUSH 01F96AF4; RET 
.text  C:\Windows\system32\Dwm.exe[2548] USER32.dll!DefFrameProcA                                                         770FB24F 6 Bytes  PUSH 01F96A65; RET 
.text  C:\Windows\system32\Dwm.exe[2548] USER32.dll!CallWindowProcA                                                       770FB73E 6 Bytes  PUSH 01F96B83; RET 
.text  C:\Windows\system32\Dwm.exe[2548] USER32.dll!DefFrameProcW                                                         770FD1F9 6 Bytes  PUSH 01F96A1C; RET 
.text  C:\Windows\system32\Dwm.exe[2548] USER32.dll!DefMDIChildProcW                                                      770FD4F6 6 Bytes  PUSH 01F96AAE; RET 
.text  C:\Windows\system32\Dwm.exe[2548] USER32.dll!ReleaseCapture                                                        771030A2 6 Bytes  PUSH 01F8FF3F; RET 
.text  C:\Windows\system32\Dwm.exe[2548] USER32.dll!SetCapture                                                            771030AF 6 Bytes  PUSH 01F8FEE5; RET 
.text  C:\Windows\system32\Dwm.exe[2548] USER32.dll!SetCursorPos                                                          77116FB2 6 Bytes  PUSH 01F8FEA8; RET 
.text  C:\Windows\system32\Dwm.exe[2548] USER32.dll!GetClipboardData                                                      7711715A 6 Bytes  PUSH 01F9A5CC; RET 
.text  C:\Windows\system32\Dwm.exe[2548] WS2_32.dll!closesocket                                                           75CC330C 6 Bytes  PUSH 01F8F57B; RET 
.text  C:\Windows\system32\Dwm.exe[2548] WS2_32.dll!getaddrinfo                                                           75CC418A 6 Bytes  PUSH 01F8F18C; RET 
.text  C:\Windows\system32\Dwm.exe[2548] WS2_32.dll!WSASend                                                               75CC4496 6 Bytes  PUSH 01F8F5D4; RET 
.text  C:\Windows\system32\Dwm.exe[2548] WS2_32.dll!send                                                                  75CC659B 6 Bytes  PUSH 01F8F5B3; RET 
.text  C:\Windows\system32\Dwm.exe[2548] WS2_32.dll!gethostbyname                                                         75CD62D4 6 Bytes  PUSH 01F8F11C; RET 
.text  C:\Windows\system32\Dwm.exe[2548] CRYPT32.dll!PFXImportCertStore                                                   7534989D 6 Bytes  PUSH 01FA1D51; RET 
.text  C:\Windows\system32\Dwm.exe[2548] WININET.dll!InternetReadFile                                                     75A8655B 6 Bytes  PUSH 01FA19A3; RET 
.text  C:\Windows\system32\Dwm.exe[2548] WININET.dll!HttpQueryInfoA                                                       75A8879D 6 Bytes  PUSH 01FA1AD6; RET 
.text  C:\Windows\system32\Dwm.exe[2548] WININET.dll!InternetCloseHandle                                                  75A89098 6 Bytes  PUSH 01FA1936; RET 
.text  C:\Windows\system32\Dwm.exe[2548] WININET.dll!InternetQueryDataAvailable                                           75A8BF93 6 Bytes  PUSH 01FA1AAA; RET 
.text  C:\Windows\system32\Dwm.exe[2548] WININET.dll!HttpOpenRequestA                                                     75A8D518 6 Bytes  PUSH 01FA1678; RET 
.text  C:\Windows\system32\Dwm.exe[2548] WININET.dll!HttpSendRequestW                                                     75A8FACE 6 Bytes  PUSH 01FA16BC; RET 
.text  C:\Windows\system32\Dwm.exe[2548] WININET.dll!HttpOpenRequestW                                                     75A8FC0B 6 Bytes  PUSH 01FA1634; RET 
.text  C:\Windows\system32\Dwm.exe[2548] WININET.dll!HttpSendRequestA                                                     75A9EEA1 6 Bytes  PUSH 01FA1711; RET 
.text  C:\Windows\system32\Dwm.exe[2548] WININET.dll!InternetReadFileExA                                                  75AA3271 6 Bytes  PUSH 01FA19D1; RET 
.text  C:\Windows\system32\Dwm.exe[2548] WININET.dll!InternetSetFilePointer                                               75AE5A11 6 Bytes  PUSH 01FA1A50; RET 
.text  C:\Windows\system32\Dwm.exe[2548] WININET.dll!HttpSendRequestExA                                                   75AFA6DA 6 Bytes  PUSH 01FA1803; RET 
.text  C:\Windows\system32\Dwm.exe[2548] WININET.dll!HttpSendRequestExW                                                   75AFA733 6 Bytes  PUSH 01FA1766; RET 
.text  C:\Windows\system32\Dwm.exe[2548] WININET.dll!HttpEndRequestA                                                      75AFA7E2 6 Bytes  PUSH 01FA18A0; RET 
.text  C:\Windows\system32\Dwm.exe[2548] WININET.dll!HttpEndRequestW                                                      75AFA814 6 Bytes  PUSH 01FA18EB; RET 
.text  C:\Windows\system32\taskeng.exe[2596] ntdll.dll!LdrLoadDll + 1                                                     77329379 5 Bytes  [E1, 39, 77, 02, C3] {LOOPZ 0x3b; JA 0x6; RET }
.text  C:\Windows\system32\taskeng.exe[2596] ntdll.dll!NtCreateUserProcess                                                77365674 6 Bytes  PUSH 027738BC; RET 
.text  C:\Windows\system32\taskeng.exe[2596] kernel32.dll!GetFileAttributesExW                                            77189C45 6 Bytes  PUSH 02773C4A; RET 
.text  C:\Windows\system32\taskeng.exe[2596] kernel32.dll!ExitProcess                                                     771B43B4 6 Bytes  PUSH 02773C09; RET 
.text  C:\Windows\system32\taskeng.exe[2596] ADVAPI32.dll!CreateProcessAsUserA                                            759ACEB9 6 Bytes  PUSH 02773CB0; RET 
.text  C:\Windows\system32\taskeng.exe[2596] ADVAPI32.dll!CreateProcessAsUserW                                            759C1EE9 6 Bytes  PUSH 02773CC7; RET 
.text  C:\Windows\system32\taskeng.exe[2596] USER32.dll!RegisterClassExA                                                  770D61E1 6 Bytes  PUSH 02776CF4; RET 
.text  C:\Windows\system32\taskeng.exe[2596] USER32.dll!GetUpdateRgn                                                      770D85E4 6 Bytes  PUSH 0277FAD5; RET 
.text  C:\Windows\system32\taskeng.exe[2596] USER32.dll!GetMessagePos                                                     770D9071 6 Bytes  PUSH 0276FE2F; RET 
.text  C:\Windows\system32\taskeng.exe[2596] USER32.dll!GetCapture                                                        770DA986 6 Bytes  PUSH 0276FF8F; RET 
.text  C:\Windows\system32\taskeng.exe[2596] USER32.dll!SwitchDesktop                                                     770DB8D2 6 Bytes  PUSH 027768E6; RET 
.text  C:\Windows\system32\taskeng.exe[2596] USER32.dll!OpenInputDesktop                                                  770DBCE6 6 Bytes  PUSH 02776896; RET 
.text  C:\Windows\system32\taskeng.exe[2596] USER32.dll!GetUpdateRect                                                     770DD3E0 6 Bytes  PUSH 0277FA42; RET 
.text  C:\Windows\system32\taskeng.exe[2596] USER32.dll!RegisterClassExW                                                  770DDA30 6 Bytes  PUSH 02776CA2; RET 
.text  C:\Windows\system32\taskeng.exe[2596] USER32.dll!DefWindowProcA                                                    770DDB88 6 Bytes  PUSH 0277694A; RET 
.text  C:\Windows\system32\taskeng.exe[2596] USER32.dll!RegisterClassA                                                    770DDF42 6 Bytes  PUSH 02776C55; RET 
.text  C:\Windows\system32\taskeng.exe[2596] USER32.dll!RegisterClassW                                                    770DE1AB 6 Bytes  PUSH 02776C08; RET 
.text  C:\Windows\system32\taskeng.exe[2596] USER32.dll!GetWindowDC                                                       770E3BA7 6 Bytes  PUSH 0277F9C3; RET 
.text  C:\Windows\system32\taskeng.exe[2596] USER32.dll!DefDlgProcW                                                       770E4A11 6 Bytes  PUSH 02776990; RET 
.text  C:\Windows\system32\taskeng.exe[2596] USER32.dll!GetDCEx                                                           770E4D22 6 Bytes  PUSH 0277F929; RET 
.text  C:\Windows\system32\taskeng.exe[2596] USER32.dll!PeekMessageA                                                      770E8343 6 Bytes  PUSH 027700A9; RET 
.text  C:\Windows\system32\taskeng.exe[2596] USER32.dll!GetMessageA                                                       770E8AB3 6 Bytes  PUSH 02770056; RET 
.text  C:\Windows\system32\taskeng.exe[2596] USER32.dll!GetDC                                                             770E9C31 6 Bytes  PUSH 0277F984; RET 
.text  C:\Windows\system32\taskeng.exe[2596] USER32.dll!ReleaseDC                                                         770E9CED 6 Bytes  PUSH 0277FA02; RET 
.text  C:\Windows\system32\taskeng.exe[2596] USER32.dll!EndPaint                                                          770EA28F 6 Bytes  JMP 3A111A8C 
.text  C:\Windows\system32\taskeng.exe[2596] USER32.dll!BeginPaint                                                        770EA2A3 6 Bytes  PUSH 0277F879; RET 
.text  C:\Windows\system32\taskeng.exe[2596] USER32.dll!GetMessageW                                                       770EFEF7 6 Bytes  PUSH 0277002E; RET 
.text  C:\Windows\system32\taskeng.exe[2596] USER32.dll!TranslateMessage                                                  770F01AD 6 Bytes  PUSH 0277A41D; RET 
.text  C:\Windows\system32\taskeng.exe[2596] USER32.dll!DefWindowProcW                                                    770F03B4 6 Bytes  PUSH 02776904; RET 
.text  C:\Windows\system32\taskeng.exe[2596] USER32.dll!PeekMessageW                                                      770F045A 6 Bytes  PUSH 0277007E; RET 
.text  C:\Windows\system32\taskeng.exe[2596] USER32.dll!CallWindowProcW                                                   770F095E 6 Bytes  PUSH 02776B3A; RET 
.text  C:\Windows\system32\taskeng.exe[2596] USER32.dll!GetCursorPos                                                      770F0B88 6 Bytes  PUSH 0276FE61; RET 
.text  C:\Windows\system32\taskeng.exe[2596] USER32.dll!DefDlgProcA                                                       770F26B8 6 Bytes  PUSH 027769D6; RET 
.text  C:\Windows\system32\taskeng.exe[2596] USER32.dll!DefMDIChildProcA                                                  770FB031 6 Bytes  PUSH 02776AF4; RET 
.text  C:\Windows\system32\taskeng.exe[2596] USER32.dll!DefFrameProcA                                                     770FB24F 6 Bytes  PUSH 02776A65; RET 
.text  C:\Windows\system32\taskeng.exe[2596] USER32.dll!CallWindowProcA                                                   770FB73E 6 Bytes  PUSH 02776B83; RET 
.text  C:\Windows\system32\taskeng.exe[2596] USER32.dll!DefFrameProcW                                                     770FD1F9 6 Bytes  PUSH 02776A1C; RET 
.text  C:\Windows\system32\taskeng.exe[2596] USER32.dll!DefMDIChildProcW                                                  770FD4F6 6 Bytes  PUSH 02776AAE; RET 
.text  C:\Windows\system32\taskeng.exe[2596] USER32.dll!ReleaseCapture                                                    771030A2 6 Bytes  PUSH 0276FF3F; RET 
.text  C:\Windows\system32\taskeng.exe[2596] USER32.dll!SetCapture                                                        771030AF 6 Bytes  PUSH 0276FEE5; RET 
.text  C:\Windows\system32\taskeng.exe[2596] USER32.dll!SetCursorPos                                                      77116FB2 6 Bytes  PUSH 0276FEA8; RET 
.text  C:\Windows\system32\taskeng.exe[2596] USER32.dll!GetClipboardData                                                  7711715A 6 Bytes  PUSH 0277A5CC; RET 
.text  C:\Windows\system32\taskeng.exe[2596] CRYPT32.dll!PFXImportCertStore                                               7534989D 6 Bytes  PUSH 02781D51; RET 
.text  C:\Windows\system32\taskeng.exe[2596] WS2_32.dll!closesocket                                                       75CC330C 6 Bytes  PUSH 0276F57B; RET 
.text  C:\Windows\system32\taskeng.exe[2596] WS2_32.dll!getaddrinfo                                                       75CC418A 6 Bytes  PUSH 0276F18C; RET 
.text  C:\Windows\system32\taskeng.exe[2596] WS2_32.dll!WSASend                                                           75CC4496 6 Bytes  PUSH 0276F5D4; RET 
.text  C:\Windows\system32\taskeng.exe[2596] WS2_32.dll!send                                                              75CC659B 6 Bytes  PUSH 0276F5B3; RET 
.text  C:\Windows\system32\taskeng.exe[2596] WS2_32.dll!gethostbyname                                                     75CD62D4 6 Bytes  PUSH 0276F11C; RET 
.text  C:\Windows\system32\taskeng.exe[2596] WININET.dll!InternetReadFile                                                 75A8655B 6 Bytes  PUSH 027819A3; RET 
.text  C:\Windows\system32\taskeng.exe[2596] WININET.dll!HttpQueryInfoA                                                   75A8879D 6 Bytes  PUSH 02781AD6; RET 
.text  C:\Windows\system32\taskeng.exe[2596] WININET.dll!InternetCloseHandle                                              75A89098 6 Bytes  PUSH 02781936; RET 
.text  C:\Windows\system32\taskeng.exe[2596] WININET.dll!InternetQueryDataAvailable                                       75A8BF93 6 Bytes  PUSH 02781AAA; RET 
.text  C:\Windows\system32\taskeng.exe[2596] WININET.dll!HttpOpenRequestA                                                 75A8D518 6 Bytes  PUSH 02781678; RET 
.text  C:\Windows\system32\taskeng.exe[2596] WININET.dll!HttpSendRequestW                                                 75A8FACE 6 Bytes  PUSH 027816BC; RET 
.text  C:\Windows\system32\taskeng.exe[2596] WININET.dll!HttpOpenRequestW                                                 75A8FC0B 6 Bytes  PUSH 02781634; RET 
.text  C:\Windows\system32\taskeng.exe[2596] WININET.dll!HttpSendRequestA                                                 75A9EEA1 6 Bytes  PUSH 02781711; RET 
.text  C:\Windows\system32\taskeng.exe[2596] WININET.dll!InternetReadFileExA                                              75AA3271 6 Bytes  PUSH 027819D1; RET 
.text  C:\Windows\system32\taskeng.exe[2596] WININET.dll!InternetSetFilePointer                                           75AE5A11 6 Bytes  PUSH 02781A50; RET 
.text  C:\Windows\system32\taskeng.exe[2596] WININET.dll!HttpSendRequestExA                                               75AFA6DA 6 Bytes  PUSH 02781803; RET 
.text  C:\Windows\system32\taskeng.exe[2596] WININET.dll!HttpSendRequestExW                                               75AFA733 6 Bytes  PUSH 02781766; RET 
.text  C:\Windows\system32\taskeng.exe[2596] WININET.dll!HttpEndRequestA                                                  75AFA7E2 6 Bytes  PUSH 027818A0; RET 
.text  C:\Windows\system32\taskeng.exe[2596] WININET.dll!HttpEndRequestW                                                  75AFA814 6 Bytes  PUSH 027818EB; RET 
.text  C:\Windows\Explorer.EXE[2700] ntdll.dll!LdrLoadDll + 1                                                             77329379 5 Bytes  [E1, 39, B0, 03, C3] {LOOPZ 0x3b; MOV AL, 0x3; RET }
.text  C:\Windows\Explorer.EXE[2700] ntdll.dll!NtCreateUserProcess                                                        77365674 6 Bytes  PUSH 03B038BC; RET 
.text  C:\Windows\Explorer.EXE[2700] kernel32.dll!GetFileAttributesExW                                                    77189C45 6 Bytes  PUSH 03B03C4A; RET 
.text  C:\Windows\Explorer.EXE[2700] kernel32.dll!ExitProcess                                                             771B43B4 6 Bytes  PUSH 03B03C09; RET 
.text  C:\Windows\Explorer.EXE[2700] ADVAPI32.dll!CreateProcessAsUserA                                                    759ACEB9 6 Bytes  PUSH 03B03CB0; RET 
.text  C:\Windows\Explorer.EXE[2700] ADVAPI32.dll!CreateProcessAsUserW                                                    759C1EE9 6 Bytes  PUSH 03B03CC7; RET 
.text  C:\Windows\Explorer.EXE[2700] USER32.dll!RegisterClassExA                                                          770D61E1 6 Bytes  PUSH 03B06CF4; RET 
.text  C:\Windows\Explorer.EXE[2700] USER32.dll!GetUpdateRgn                                                              770D85E4 6 Bytes  PUSH 03B0FAD5; RET 
.text  C:\Windows\Explorer.EXE[2700] USER32.dll!GetMessagePos                                                             770D9071 6 Bytes  PUSH 03AFFE2F; RET 
.text  C:\Windows\Explorer.EXE[2700] USER32.dll!GetCapture                                                                770DA986 6 Bytes  PUSH 03AFFF8F; RET 
.text  C:\Windows\Explorer.EXE[2700] USER32.dll!SwitchDesktop                                                             770DB8D2 6 Bytes  PUSH 03B068E6; RET 
.text  C:\Windows\Explorer.EXE[2700] USER32.dll!OpenInputDesktop                                                          770DBCE6 6 Bytes  PUSH 03B06896; RET 
.text  C:\Windows\Explorer.EXE[2700] USER32.dll!GetUpdateRect                                                             770DD3E0 6 Bytes  PUSH 03B0FA42; RET 
.text  C:\Windows\Explorer.EXE[2700] USER32.dll!RegisterClassExW                                                          770DDA30 6 Bytes  PUSH 03B06CA2; RET 
.text  C:\Windows\Explorer.EXE[2700] USER32.dll!DefWindowProcA                                                            770DDB88 6 Bytes  PUSH 03B0694A; RET 
.text  C:\Windows\Explorer.EXE[2700] USER32.dll!RegisterClassA                                                            770DDF42 6 Bytes  PUSH 03B06C55; RET 
.text  C:\Windows\Explorer.EXE[2700] USER32.dll!RegisterClassW                                                            770DE1AB 6 Bytes  PUSH 03B06C08; RET 
.text  C:\Windows\Explorer.EXE[2700] USER32.dll!GetWindowDC                                                               770E3BA7 6 Bytes  PUSH 03B0F9C3; RET 
.text  C:\Windows\Explorer.EXE[2700] USER32.dll!DefDlgProcW                                                               770E4A11 6 Bytes  PUSH 03B06990; RET 
.text  C:\Windows\Explorer.EXE[2700] USER32.dll!GetDCEx                                                                   770E4D22 6 Bytes  PUSH 03B0F929; RET 
.text  C:\Windows\Explorer.EXE[2700] USER32.dll!PeekMessageA                                                              770E8343 6 Bytes  PUSH 03B000A9; RET 
.text  C:\Windows\Explorer.EXE[2700] USER32.dll!GetMessageA                                                               770E8AB3 6 Bytes  PUSH 03B00056; RET 
.text  C:\Windows\Explorer.EXE[2700] USER32.dll!GetDC                                                                     770E9C31 6 Bytes  PUSH 03B0F984; RET 
.text  C:\Windows\Explorer.EXE[2700] USER32.dll!ReleaseDC                                                                 770E9CED 6 Bytes  PUSH 03B0FA02; RET 
.text  C:\Windows\Explorer.EXE[2700] USER32.dll!EndPaint                                                                  770EA28F 6 Bytes  JMP 3A12538C 
.text  C:\Windows\Explorer.EXE[2700] USER32.dll!BeginPaint                                                                770EA2A3 6 Bytes  PUSH 03B0F879; RET 
.text  C:\Windows\Explorer.EXE[2700] USER32.dll!GetMessageW                                                               770EFEF7 6 Bytes  PUSH 03B0002E; RET 
.text  C:\Windows\Explorer.EXE[2700] USER32.dll!TranslateMessage                                                          770F01AD 6 Bytes  PUSH 03B0A41D; RET 
.text  C:\Windows\Explorer.EXE[2700] USER32.dll!DefWindowProcW                                                            770F03B4 6 Bytes  PUSH 03B06904; RET 
.text  C:\Windows\Explorer.EXE[2700] USER32.dll!PeekMessageW                                                              770F045A 6 Bytes  PUSH 03B0007E; RET 
.text  C:\Windows\Explorer.EXE[2700] USER32.dll!CallWindowProcW                                                           770F095E 6 Bytes  PUSH 03B06B3A; RET 
.text  C:\Windows\Explorer.EXE[2700] USER32.dll!GetCursorPos                                                              770F0B88 6 Bytes  PUSH 03AFFE61; RET 
.text  C:\Windows\Explorer.EXE[2700] USER32.dll!DefDlgProcA                                                               770F26B8 6 Bytes  PUSH 03B069D6; RET 
.text  C:\Windows\Explorer.EXE[2700] USER32.dll!DefMDIChildProcA                                                          770FB031 6 Bytes  PUSH 03B06AF4; RET 
.text  C:\Windows\Explorer.EXE[2700] USER32.dll!DefFrameProcA                                                             770FB24F 6 Bytes  PUSH 03B06A65; RET 
.text  C:\Windows\Explorer.EXE[2700] USER32.dll!CallWindowProcA                                                           770FB73E 6 Bytes  PUSH 03B06B83; RET 
.text  C:\Windows\Explorer.EXE[2700] USER32.dll!DefFrameProcW                                                             770FD1F9 6 Bytes  PUSH 03B06A1C; RET 
.text  C:\Windows\Explorer.EXE[2700] USER32.dll!DefMDIChildProcW                                                          770FD4F6 6 Bytes  PUSH 03B06AAE; RET 
.text  C:\Windows\Explorer.EXE[2700] USER32.dll!ReleaseCapture                                                            771030A2 6 Bytes  PUSH 03AFFF3F; RET 
.text  C:\Windows\Explorer.EXE[2700] USER32.dll!SetCapture                                                                771030AF 6 Bytes  PUSH 03AFFEE5; RET 
.text  C:\Windows\Explorer.EXE[2700] USER32.dll!SetCursorPos                                                              77116FB2 6 Bytes  PUSH 03AFFEA8; RET 
.text  C:\Windows\Explorer.EXE[2700] USER32.dll!GetClipboardData                                                          7711715A 6 Bytes  PUSH 03B0A5CC; RET 
.text  C:\Windows\Explorer.EXE[2700] CRYPT32.dll!PFXImportCertStore                                                       7534989D 6 Bytes  PUSH 03B11D51; RET 
.text  C:\Windows\Explorer.EXE[2700] WS2_32.dll!closesocket                                                               75CC330C 6 Bytes  PUSH 03AFF57B; RET 
.text  C:\Windows\Explorer.EXE[2700] WS2_32.dll!getaddrinfo                                                               75CC418A 6 Bytes  PUSH 03AFF18C; RET 
.text  C:\Windows\Explorer.EXE[2700] WS2_32.dll!WSASend                                                                   75CC4496 6 Bytes  PUSH 03AFF5D4; RET 
.text  C:\Windows\Explorer.EXE[2700] WS2_32.dll!send                                                                      75CC659B 6 Bytes  PUSH 03AFF5B3; RET 
.text  C:\Windows\Explorer.EXE[2700] WS2_32.dll!gethostbyname                                                             75CD62D4 6 Bytes  PUSH 03AFF11C; RET 
.text  C:\Windows\Explorer.EXE[2700] WININET.dll!InternetReadFile                                                         75A8655B 6 Bytes  PUSH 03B119A3; RET 
.text  C:\Windows\Explorer.EXE[2700] WININET.dll!HttpQueryInfoA                                                           75A8879D 6 Bytes  PUSH 03B11AD6; RET 
.text  C:\Windows\Explorer.EXE[2700] WININET.dll!InternetCloseHandle                                                      75A89098 6 Bytes  PUSH 03B11936; RET 
.text  C:\Windows\Explorer.EXE[2700] WININET.dll!InternetQueryDataAvailable                                               75A8BF93 6 Bytes  PUSH 03B11AAA; RET 
.text  C:\Windows\Explorer.EXE[2700] WININET.dll!HttpOpenRequestA                                                         75A8D518 6 Bytes  PUSH 03B11678; RET 
.text  C:\Windows\Explorer.EXE[2700] WININET.dll!HttpSendRequestW                                                         75A8FACE 6 Bytes  PUSH 03B116BC; RET 
.text  C:\Windows\Explorer.EXE[2700] WININET.dll!HttpOpenRequestW                                                         75A8FC0B 6 Bytes  PUSH 03B11634; RET 
.text  C:\Windows\Explorer.EXE[2700] WININET.dll!HttpSendRequestA                                                         75A9EEA1 6 Bytes  PUSH 03B11711; RET 
.text  C:\Windows\Explorer.EXE[2700] WININET.dll!InternetReadFileExA                                                      75AA3271 6 Bytes  PUSH 03B119D1; RET 
.text  C:\Windows\Explorer.EXE[2700] WININET.dll!InternetSetFilePointer                                                   75AE5A11 6 Bytes  PUSH 03B11A50; RET 
.text  C:\Windows\Explorer.EXE[2700] WININET.dll!HttpSendRequestExA                                                       75AFA6DA 6 Bytes  PUSH 03B11803; RET 
.text  C:\Windows\Explorer.EXE[2700] WININET.dll!HttpSendRequestExW                                                       75AFA733 6 Bytes  PUSH 03B11766; RET 
.text  C:\Windows\Explorer.EXE[2700] WININET.dll!HttpEndRequestA                                                          75AFA7E2 6 Bytes  PUSH 03B118A0; RET 
.text  C:\Windows\Explorer.EXE[2700] WININET.dll!HttpEndRequestW                                                          75AFA814 6 Bytes  PUSH 03B118EB; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] ntdll.dll!LdrLoadDll + 1                                  77329379 3 Bytes  [E1, 39, 0D]
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] ntdll.dll!LdrLoadDll + 5                                  7732937D 1 Byte  [C3]
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] ntdll.dll!NtCreateUserProcess                             77365674 4 Bytes  [68, BC, 38, 0D]
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] ntdll.dll!NtCreateUserProcess + 5                         77365679 1 Byte  [C3]
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] kernel32.dll!GetFileAttributesExW                         77189C45 6 Bytes  PUSH 000D3C4A; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] kernel32.dll!ExitProcess                                  771B43B4 6 Bytes  PUSH 000D3C09; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] ADVAPI32.dll!CreateProcessAsUserA                         759ACEB9 6 Bytes  PUSH 000D3CB0; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] ADVAPI32.dll!CreateProcessAsUserW                         759C1EE9 6 Bytes  PUSH 000D3CC7; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!RegisterClassExA                               770D61E1 6 Bytes  PUSH 000D6CF4; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!GetUpdateRgn                                   770D85E4 6 Bytes  PUSH 000DFAD5; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!GetMessagePos                                  770D9071 6 Bytes  PUSH 000CFE2F; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!GetCapture                                     770DA986 6 Bytes  PUSH 000CFF8F; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!SwitchDesktop                                  770DB8D2 6 Bytes  PUSH 000D68E6; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!OpenInputDesktop                               770DBCE6 4 Bytes  [68, 96, 68, 0D]
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!OpenInputDesktop + 5                           770DBCEB 1 Byte  [C3]
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!GetUpdateRect                                  770DD3E0 6 Bytes  PUSH 000DFA42; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!RegisterClassExW                               770DDA30 6 Bytes  PUSH 000D6CA2; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!DefWindowProcA                                 770DDB88 6 Bytes  PUSH 000D694A; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!RegisterClassA                                 770DDF42 6 Bytes  PUSH 000D6C55; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!RegisterClassW                                 770DE1AB 6 Bytes  PUSH 000D6C08; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!GetWindowDC                                    770E3BA7 4 Bytes  [68, C3, F9, 0D]
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!GetWindowDC + 5                                770E3BAC 1 Byte  [C3]
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!DefDlgProcW                                    770E4A11 6 Bytes  PUSH 000D6990; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!GetDCEx                                        770E4D22 4 Bytes  [68, 29, F9, 0D]
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!GetDCEx + 5                                    770E4D27 1 Byte  [C3]
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!PeekMessageA                                   770E8343 6 Bytes  PUSH 000D00A9; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!GetMessageA                                    770E8AB3 6 Bytes  PUSH 000D0056; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!GetDC                                          770E9C31 4 Bytes  [68, 84, F9, 0D]
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!GetDC + 5                                      770E9C36 1 Byte  [C3]
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!ReleaseDC                                      770E9CED 6 Bytes  PUSH 000DFA02; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!EndPaint                                       770EA28F 4 Bytes  JMP 3A0EB08C 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!EndPaint + 5                                   770EA294 1 Byte  [C3]
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!BeginPaint                                     770EA2A3 4 Bytes  [68, 79, F8, 0D]
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!BeginPaint + 5                                 770EA2A8 1 Byte  [C3]
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!GetMessageW                                    770EFEF7 6 Bytes  PUSH 000D002E; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!TranslateMessage                               770F01AD 6 Bytes  PUSH 000DA41D; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!DefWindowProcW                                 770F03B4 6 Bytes  PUSH 000D6904; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!PeekMessageW                                   770F045A 6 Bytes  PUSH 000D007E; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!CallWindowProcW                                770F095E 6 Bytes  PUSH 000D6B3A; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!GetCursorPos                                   770F0B88 6 Bytes  PUSH 000CFE61; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!DefDlgProcA                                    770F26B8 6 Bytes  PUSH 000D69D6; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!DefMDIChildProcA                               770FB031 6 Bytes  PUSH 000D6AF4; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!DefFrameProcA                                  770FB24F 6 Bytes  PUSH 000D6A65; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!CallWindowProcA                                770FB73E 6 Bytes  PUSH 000D6B83; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!DefFrameProcW                                  770FD1F9 6 Bytes  PUSH 000D6A1C; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!DefMDIChildProcW                               770FD4F6 6 Bytes  PUSH 000D6AAE; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!ReleaseCapture                                 771030A2 6 Bytes  PUSH 000CFF3F; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!SetCapture                                     771030AF 4 Bytes  [68, E5, FE, 0C]
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!SetCapture + 5                                 771030B4 1 Byte  [C3]
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!SetCursorPos                                   77116FB2 6 Bytes  PUSH 000CFEA8; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] USER32.dll!GetClipboardData                               7711715A 6 Bytes  PUSH 000DA5CC; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] WS2_32.dll!closesocket                                    75CC330C 6 Bytes  PUSH 000CF57B; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] WS2_32.dll!getaddrinfo                                    75CC418A 6 Bytes  PUSH 000CF18C; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] WS2_32.dll!WSASend                                        75CC4496 6 Bytes  PUSH 000CF5D4; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] WS2_32.dll!send                                           75CC659B 6 Bytes  PUSH 000CF5B3; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] WS2_32.dll!gethostbyname                                  75CD62D4 6 Bytes  PUSH 000CF11C; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] CRYPT32.dll!PFXImportCertStore                            7534989D 6 Bytes  PUSH 000E1D51; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] WININET.dll!InternetReadFile                              75A8655B 6 Bytes  PUSH 000E19A3; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] WININET.dll!HttpQueryInfoA                                75A8879D 6 Bytes  PUSH 000E1AD6; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] WININET.dll!InternetCloseHandle                           75A89098 6 Bytes  PUSH 000E1936; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] WININET.dll!InternetQueryDataAvailable                    75A8BF93 6 Bytes  PUSH 000E1AAA; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] WININET.dll!HttpOpenRequestA                              75A8D518 6 Bytes  PUSH 000E1678; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] WININET.dll!HttpSendRequestW                              75A8FACE 6 Bytes  PUSH 000E16BC; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] WININET.dll!HttpOpenRequestW                              75A8FC0B 6 Bytes  PUSH 000E1634; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] WININET.dll!HttpSendRequestA                              75A9EEA1 6 Bytes  PUSH 000E1711; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] WININET.dll!InternetReadFileExA                           75AA3271 6 Bytes  PUSH 000E19D1; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] WININET.dll!InternetSetFilePointer                        75AE5A11 6 Bytes  PUSH 000E1A50; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] WININET.dll!HttpSendRequestExA                            75AFA6DA 6 Bytes  PUSH 000E1803; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] WININET.dll!HttpSendRequestExW                            75AFA733 6 Bytes  PUSH 000E1766; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] WININET.dll!HttpEndRequestA                               75AFA7E2 6 Bytes  PUSH 000E18A0; RET 
.text  C:\Program Files\Windows Media Player\wmpnscfg.exe[2768] WININET.dll!HttpEndRequestW                               75AFA814 6 Bytes  PUSH 000E18EB; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] ntdll.dll!LdrLoadDll + 1                77329379 3 Bytes  [E1, 39, 1C]
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] ntdll.dll!LdrLoadDll + 5                7732937D 1 Byte  [C3]
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] ntdll.dll!NtCreateUserProcess           77365674 4 Bytes  [68, BC, 38, 1C]
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] ntdll.dll!NtCreateUserProcess + 5       77365679 1 Byte  [C3]
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] kernel32.dll!GetFileAttributesExW       77189C45 6 Bytes  PUSH 001C3C4A; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] kernel32.dll!ExitProcess                771B43B4 6 Bytes  PUSH 001C3C09; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!RegisterClassExA             770D61E1 6 Bytes  PUSH 001C6CF4; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!GetUpdateRgn                 770D85E4 6 Bytes  PUSH 001CFAD5; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!GetMessagePos                770D9071 6 Bytes  PUSH 001BFE2F; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!GetCapture                   770DA986 6 Bytes  PUSH 001BFF8F; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!SwitchDesktop                770DB8D2 6 Bytes  PUSH 001C68E6; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!OpenInputDesktop             770DBCE6 4 Bytes  [68, 96, 68, 1C]
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!OpenInputDesktop + 5         770DBCEB 1 Byte  [C3]
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!GetUpdateRect                770DD3E0 6 Bytes  PUSH 001CFA42; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!RegisterClassExW             770DDA30 6 Bytes  PUSH 001C6CA2; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!DefWindowProcA               770DDB88 6 Bytes  PUSH 001C694A; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!RegisterClassA               770DDF42 6 Bytes  PUSH 001C6C55; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!RegisterClassW               770DE1AB 6 Bytes  PUSH 001C6C08; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!GetWindowDC                  770E3BA7 4 Bytes  [68, C3, F9, 1C]
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!GetWindowDC + 5              770E3BAC 1 Byte  [C3]
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!DefDlgProcW                  770E4A11 6 Bytes  PUSH 001C6990; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!GetDCEx                      770E4D22 4 Bytes  [68, 29, F9, 1C]
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!GetDCEx + 5                  770E4D27 1 Byte  [C3]
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!PeekMessageA                 770E8343 6 Bytes  PUSH 001C00A9; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!GetMessageA                  770E8AB3 6 Bytes  PUSH 001C0056; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!GetDC                        770E9C31 4 Bytes  [68, 84, F9, 1C]
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!GetDC + 5                    770E9C36 1 Byte  [C3]
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!ReleaseDC                    770E9CED 6 Bytes  PUSH 001CFA02; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!EndPaint                     770EA28F 4 Bytes  JMP 3A0EBF8C 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!EndPaint + 5                 770EA294 1 Byte  [C3]
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!BeginPaint                   770EA2A3 4 Bytes  [68, 79, F8, 1C]
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!BeginPaint + 5               770EA2A8 1 Byte  [C3]
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!GetMessageW                  770EFEF7 6 Bytes  PUSH 001C002E; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!TranslateMessage             770F01AD 6 Bytes  PUSH 001CA41D; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!DefWindowProcW               770F03B4 6 Bytes  PUSH 001C6904; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!PeekMessageW                 770F045A 6 Bytes  PUSH 001C007E; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!CallWindowProcW              770F095E 6 Bytes  PUSH 001C6B3A; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!GetCursorPos                 770F0B88 6 Bytes  PUSH 001BFE61; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!DefDlgProcA                  770F26B8 6 Bytes  PUSH 001C69D6; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!DefMDIChildProcA             770FB031 6 Bytes  PUSH 001C6AF4; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!DefFrameProcA                770FB24F 6 Bytes  PUSH 001C6A65; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!CallWindowProcA              770FB73E 6 Bytes  PUSH 001C6B83; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!DefFrameProcW                770FD1F9 6 Bytes  PUSH 001C6A1C; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!DefMDIChildProcW             770FD4F6 6 Bytes  PUSH 001C6AAE; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!ReleaseCapture               771030A2 6 Bytes  PUSH 001BFF3F; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!SetCapture                   771030AF 4 Bytes  [68, E5, FE, 1B]
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!SetCapture + 5               771030B4 1 Byte  [C3]
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!SetCursorPos                 77116FB2 6 Bytes  PUSH 001BFEA8; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] USER32.dll!GetClipboardData             7711715A 6 Bytes  PUSH 001CA5CC; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] ADVAPI32.dll!CreateProcessAsUserA       759ACEB9 6 Bytes  PUSH 001C3CB0; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] ADVAPI32.dll!CreateProcessAsUserW       759C1EE9 6 Bytes  PUSH 001C3CC7; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] CRYPT32.dll!PFXImportCertStore          7534989D 6 Bytes  PUSH 001D1D51; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] WININET.dll!InternetReadFile            75A8655B 6 Bytes  PUSH 001D19A3; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] WININET.dll!HttpQueryInfoA              75A8879D 6 Bytes  PUSH 001D1AD6; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] WININET.dll!InternetCloseHandle         75A89098 6 Bytes  PUSH 001D1936; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] WININET.dll!InternetQueryDataAvailable  75A8BF93 6 Bytes  PUSH 001D1AAA; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] WININET.dll!HttpOpenRequestA            75A8D518 6 Bytes  PUSH 001D1678; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] WININET.dll!HttpSendRequestW            75A8FACE 6 Bytes  PUSH 001D16BC; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] WININET.dll!HttpOpenRequestW            75A8FC0B 6 Bytes  PUSH 001D1634; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] WININET.dll!HttpSendRequestA            75A9EEA1 6 Bytes  PUSH 001D1711; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] WININET.dll!InternetReadFileExA         75AA3271 6 Bytes  PUSH 001D19D1; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] WININET.dll!InternetSetFilePointer      75AE5A11 6 Bytes  PUSH 001D1A50; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] WININET.dll!HttpSendRequestExA          75AFA6DA 6 Bytes  PUSH 001D1803; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] WININET.dll!HttpSendRequestExW          75AFA733 6 Bytes  PUSH 001D1766; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] WININET.dll!HttpEndRequestA             75AFA7E2 6 Bytes  PUSH 001D18A0; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] WININET.dll!HttpEndRequestW             75AFA814 6 Bytes  PUSH 001D18EB; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] WS2_32.dll!closesocket                  75CC330C 6 Bytes  PUSH 001BF57B; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] WS2_32.dll!getaddrinfo                  75CC418A 6 Bytes  PUSH 001BF18C; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] WS2_32.dll!WSASend                      75CC4496 6 Bytes  PUSH 001BF5D4; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] WS2_32.dll!send                         75CC659B 6 Bytes  PUSH 001BF5B3; RET 
.text  C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2880] WS2_32.dll!gethostbyname                75CD62D4 6 Bytes  PUSH 001BF11C; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] ntdll.dll!LdrLoadDll + 1                              77329379 5 Bytes  [E1, 39, 21, 02, C3] {LOOPZ 0x3b; AND [EDX], EAX; RET }
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] ntdll.dll!NtCreateUserProcess                         77365674 6 Bytes  PUSH 022138BC; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] kernel32.dll!GetFileAttributesExW                     77189C45 6 Bytes  PUSH 02213C4A; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] kernel32.dll!ExitProcess                              771B43B4 6 Bytes  PUSH 02213C09; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] ADVAPI32.dll!CreateProcessAsUserA                     759ACEB9 6 Bytes  PUSH 02213CB0; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] ADVAPI32.dll!CreateProcessAsUserW                     759C1EE9 6 Bytes  PUSH 02213CC7; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!RegisterClassExA                           770D61E1 6 Bytes  PUSH 02216CF4; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!GetUpdateRgn                               770D85E4 6 Bytes  PUSH 0221FAD5; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!GetMessagePos                              770D9071 6 Bytes  PUSH 0220FE2F; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!GetCapture                                 770DA986 6 Bytes  PUSH 0220FF8F; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!SwitchDesktop                              770DB8D2 6 Bytes  PUSH 022168E6; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!OpenInputDesktop                           770DBCE6 6 Bytes  PUSH 02216896; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!GetUpdateRect                              770DD3E0 6 Bytes  PUSH 0221FA42; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!RegisterClassExW                           770DDA30 6 Bytes  PUSH 02216CA2; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!DefWindowProcA                             770DDB88 6 Bytes  PUSH 0221694A; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!RegisterClassA                             770DDF42 6 Bytes  PUSH 02216C55; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!RegisterClassW                             770DE1AB 6 Bytes  PUSH 02216C08; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!GetWindowDC                                770E3BA7 6 Bytes  PUSH 0221F9C3; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!DefDlgProcW                                770E4A11 6 Bytes  PUSH 02216990; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!GetDCEx                                    770E4D22 6 Bytes  PUSH 0221F929; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!PeekMessageA                               770E8343 6 Bytes  PUSH 022100A9; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!GetMessageA                                770E8AB3 6 Bytes  PUSH 02210056; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!GetDC                                      770E9C31 6 Bytes  PUSH 0221F984; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!ReleaseDC                                  770E9CED 6 Bytes  PUSH 0221FA02; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!EndPaint                                   770EA28F 6 Bytes  JMP 3A10C48C 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!BeginPaint                                 770EA2A3 6 Bytes  PUSH 0221F879; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!GetMessageW                                770EFEF7 6 Bytes  PUSH 0221002E; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!TranslateMessage                           770F01AD 6 Bytes  PUSH 0221A41D; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!DefWindowProcW                             770F03B4 6 Bytes  PUSH 02216904; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!PeekMessageW                               770F045A 6 Bytes  PUSH 0221007E; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!CallWindowProcW                            770F095E 6 Bytes  PUSH 02216B3A; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!GetCursorPos                               770F0B88 6 Bytes  PUSH 0220FE61; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!DefDlgProcA                                770F26B8 6 Bytes  PUSH 022169D6; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!DefMDIChildProcA                           770FB031 6 Bytes  PUSH 02216AF4; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!DefFrameProcA                              770FB24F 6 Bytes  PUSH 02216A65; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!CallWindowProcA                            770FB73E 6 Bytes  PUSH 02216B83; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!DefFrameProcW                              770FD1F9 6 Bytes  PUSH 02216A1C; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!DefMDIChildProcW                           770FD4F6 6 Bytes  PUSH 02216AAE; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!ReleaseCapture                             771030A2 6 Bytes  PUSH 0220FF3F; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!SetCapture                                 771030AF 6 Bytes  PUSH 0220FEE5; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!SetCursorPos                               77116FB2 6 Bytes  PUSH 0220FEA8; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] USER32.dll!GetClipboardData                           7711715A 6 Bytes  PUSH 0221A5CC; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] WS2_32.dll!closesocket                                75CC330C 6 Bytes  PUSH 0220F57B; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] WS2_32.dll!getaddrinfo                                75CC418A 6 Bytes  PUSH 0220F18C; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] WS2_32.dll!WSASend                                    75CC4496 6 Bytes  PUSH 0220F5D4; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] WS2_32.dll!send                                       75CC659B 6 Bytes  PUSH 0220F5B3; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] WS2_32.dll!gethostbyname                              75CD62D4 6 Bytes  PUSH 0220F11C; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] CRYPT32.dll!PFXImportCertStore                        7534989D 6 Bytes  PUSH 02221D51; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] WININET.dll!InternetReadFile                          75A8655B 6 Bytes  PUSH 022219A3; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] WININET.dll!HttpQueryInfoA                            75A8879D 6 Bytes  PUSH 02221AD6; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] WININET.dll!InternetCloseHandle                       75A89098 6 Bytes  PUSH 02221936; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] WININET.dll!InternetQueryDataAvailable                75A8BF93 6 Bytes  PUSH 02221AAA; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] WININET.dll!HttpOpenRequestA                          75A8D518 6 Bytes  PUSH 02221678; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] WININET.dll!HttpSendRequestW                          75A8FACE 6 Bytes  PUSH 022216BC; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] WININET.dll!HttpOpenRequestW                          75A8FC0B 6 Bytes  PUSH 02221634; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] WININET.dll!HttpSendRequestA                          75A9EEA1 6 Bytes  PUSH 02221711; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] WININET.dll!InternetReadFileExA                       75AA3271 6 Bytes  PUSH 022219D1; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] WININET.dll!InternetSetFilePointer                    75AE5A11 6 Bytes  PUSH 02221A50; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] WININET.dll!HttpSendRequestExA                        75AFA6DA 6 Bytes  PUSH 02221803; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] WININET.dll!HttpSendRequestExW                        75AFA733 6 Bytes  PUSH 02221766; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] WININET.dll!HttpEndRequestA                           75AFA7E2 6 Bytes  PUSH 022218A0; RET 
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2940] WININET.dll!HttpEndRequestW                           75AFA814 6 Bytes  PUSH 022218EB; RET
         
__________________

Alt 07.05.2013, 22:03   #4
KlausKlaus
 
Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F  sowie  TR/Agent.385024.338 - Standard

Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F sowie TR/Agent.385024.338



Code:
ATTFilter
TEM.EXE[3000] ntdll.dll!LdrLoadDll + 1                             77329379 5 Bytes  [E1, 39, 42, 01, C3] {LOOPZ 0x3b; INC EDX; ADD EBX, EAX}
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] ntdll.dll!NtCreateUserProcess                        77365674 6 Bytes  PUSH 014238BC; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] kernel32.dll!GetFileAttributesExW                    77189C45 6 Bytes  PUSH 01423C4A; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] kernel32.dll!ExitProcess                             771B43B4 6 Bytes  PUSH 01423C09; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!RegisterClassExA                          770D61E1 6 Bytes  PUSH 01426CF4; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!GetUpdateRgn                              770D85E4 6 Bytes  PUSH 0142FAD5; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!GetMessagePos                             770D9071 6 Bytes  PUSH 0141FE2F; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!GetCapture                                770DA986 6 Bytes  PUSH 0141FF8F; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!SwitchDesktop                             770DB8D2 6 Bytes  PUSH 014268E6; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!OpenInputDesktop                          770DBCE6 6 Bytes  PUSH 01426896; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!GetUpdateRect                             770DD3E0 6 Bytes  PUSH 0142FA42; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!RegisterClassExW                          770DDA30 6 Bytes  PUSH 01426CA2; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!DefWindowProcA                            770DDB88 6 Bytes  PUSH 0142694A; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!RegisterClassA                            770DDF42 6 Bytes  PUSH 01426C55; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!RegisterClassW                            770DE1AB 6 Bytes  PUSH 01426C08; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!GetWindowDC                               770E3BA7 6 Bytes  PUSH 0142F9C3; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!DefDlgProcW                               770E4A11 6 Bytes  PUSH 01426990; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!GetDCEx                                   770E4D22 6 Bytes  PUSH 0142F929; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!PeekMessageA                              770E8343 6 Bytes  PUSH 014200A9; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!GetMessageA                               770E8AB3 6 Bytes  PUSH 01420056; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!GetDC                                     770E9C31 6 Bytes  PUSH 0142F984; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!ReleaseDC                                 770E9CED 6 Bytes  PUSH 0142FA02; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!EndPaint                                  770EA28F 6 Bytes  JMP 3A0FE58C 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!BeginPaint                                770EA2A3 6 Bytes  PUSH 0142F879; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!GetMessageW                               770EFEF7 6 Bytes  PUSH 0142002E; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!TranslateMessage                          770F01AD 6 Bytes  PUSH 0142A41D; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!DefWindowProcW                            770F03B4 6 Bytes  PUSH 01426904; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!PeekMessageW                              770F045A 6 Bytes  PUSH 0142007E; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!CallWindowProcW                           770F095E 6 Bytes  PUSH 01426B3A; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!GetCursorPos                              770F0B88 6 Bytes  PUSH 0141FE61; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!DefDlgProcA                               770F26B8 6 Bytes  PUSH 014269D6; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!DefMDIChildProcA                          770FB031 6 Bytes  PUSH 01426AF4; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!DefFrameProcA                             770FB24F 6 Bytes  PUSH 01426A65; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!CallWindowProcA                           770FB73E 6 Bytes  PUSH 01426B83; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!DefFrameProcW                             770FD1F9 6 Bytes  PUSH 01426A1C; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!DefMDIChildProcW                          770FD4F6 6 Bytes  PUSH 01426AAE; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!ReleaseCapture                            771030A2 6 Bytes  PUSH 0141FF3F; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!SetCapture                                771030AF 6 Bytes  PUSH 0141FEE5; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!SetCursorPos                              77116FB2 6 Bytes  PUSH 0141FEA8; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] USER32.dll!GetClipboardData                          7711715A 6 Bytes  PUSH 0142A5CC; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] ADVAPI32.dll!CreateProcessAsUserA                    759ACEB9 6 Bytes  PUSH 01423CB0; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] ADVAPI32.dll!CreateProcessAsUserW                    759C1EE9 6 Bytes  PUSH 01423CC7; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] WS2_32.dll!closesocket                               75CC330C 6 Bytes  PUSH 0141F57B; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] WS2_32.dll!getaddrinfo                               75CC418A 6 Bytes  PUSH 0141F18C; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] WS2_32.dll!WSASend                                   75CC4496 6 Bytes  PUSH 0141F5D4; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] WS2_32.dll!send                                      75CC659B 6 Bytes  PUSH 0141F5B3; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] WS2_32.dll!gethostbyname                             75CD62D4 6 Bytes  PUSH 0141F11C; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] CRYPT32.dll!PFXImportCertStore                       7534989D 6 Bytes  PUSH 01431D51; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] WININET.dll!InternetReadFile                         75A8655B 6 Bytes  PUSH 014319A3; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] WININET.dll!HttpQueryInfoA                           75A8879D 6 Bytes  PUSH 01431AD6; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] WININET.dll!InternetCloseHandle                      75A89098 6 Bytes  PUSH 01431936; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] WININET.dll!InternetQueryDataAvailable               75A8BF93 6 Bytes  PUSH 01431AAA; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] WININET.dll!HttpOpenRequestA                         75A8D518 6 Bytes  PUSH 01431678; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] WININET.dll!HttpSendRequestW                         75A8FACE 6 Bytes  PUSH 014316BC; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] WININET.dll!HttpOpenRequestW                         75A8FC0B 6 Bytes  PUSH 01431634; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] WININET.dll!HttpSendRequestA                         75A9EEA1 6 Bytes  PUSH 01431711; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] WININET.dll!InternetReadFileExA                      75AA3271 6 Bytes  PUSH 014319D1; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] WININET.dll!InternetSetFilePointer                   75AE5A11 6 Bytes  PUSH 01431A50; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] WININET.dll!HttpSendRequestExA                       75AFA6DA 6 Bytes  PUSH 01431803; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] WININET.dll!HttpSendRequestExW                       75AFA733 6 Bytes  PUSH 01431766; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] WININET.dll!HttpEndRequestA                          75AFA7E2 6 Bytes  PUSH 014318A0; RET 
.text  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3000] WININET.dll!HttpEndRequestW                          75AFA814 6 Bytes  PUSH 014318EB; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] ntdll.dll!LdrLoadDll + 1                       77329379 5 Bytes  [E1, 39, EF, 03, C3] {LOOPZ 0x3b; OUT DX, EAX; ADD EAX, EBX}
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] ntdll.dll!NtCreateUserProcess                  77365674 6 Bytes  PUSH 03EF38BC; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] KERNEL32.dll!GetFileAttributesExW              77189C45 6 Bytes  PUSH 03EF3C4A; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] KERNEL32.dll!ExitProcess                       771B43B4 6 Bytes  PUSH 03EF3C09; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] ADVAPI32.dll!CreateProcessAsUserA              759ACEB9 6 Bytes  PUSH 03EF3CB0; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] ADVAPI32.dll!CreateProcessAsUserW              759C1EE9 6 Bytes  PUSH 03EF3CC7; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!RegisterClassExA                    770D61E1 6 Bytes  PUSH 03EF6CF4; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!GetUpdateRgn                        770D85E4 6 Bytes  PUSH 03EFFAD5; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!GetMessagePos                       770D9071 6 Bytes  PUSH 03EEFE2F; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!GetCapture                          770DA986 6 Bytes  PUSH 03EEFF8F; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!SwitchDesktop                       770DB8D2 6 Bytes  PUSH 03EF68E6; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!OpenInputDesktop                    770DBCE6 6 Bytes  PUSH 03EF6896; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!GetUpdateRect                       770DD3E0 6 Bytes  PUSH 03EFFA42; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!RegisterClassExW                    770DDA30 6 Bytes  PUSH 03EF6CA2; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!DefWindowProcA                      770DDB88 6 Bytes  PUSH 03EF694A; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!RegisterClassA                      770DDF42 6 Bytes  PUSH 03EF6C55; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!RegisterClassW                      770DE1AB 6 Bytes  PUSH 03EF6C08; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!GetWindowDC                         770E3BA7 6 Bytes  PUSH 03EFF9C3; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!DefDlgProcW                         770E4A11 6 Bytes  PUSH 03EF6990; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!GetDCEx                             770E4D22 6 Bytes  PUSH 03EFF929; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!PeekMessageA                        770E8343 6 Bytes  PUSH 03EF00A9; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!GetMessageA                         770E8AB3 6 Bytes  PUSH 03EF0056; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!GetDC                               770E9C31 6 Bytes  PUSH 03EFF984; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!ReleaseDC                           770E9CED 6 Bytes  PUSH 03EFFA02; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!EndPaint                            770EA28F 6 Bytes  JMP 3A12928C 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!BeginPaint                          770EA2A3 6 Bytes  PUSH 03EFF879; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!GetMessageW                         770EFEF7 6 Bytes  PUSH 03EF002E; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!TranslateMessage                    770F01AD 6 Bytes  PUSH 03EFA41D; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!DefWindowProcW                      770F03B4 6 Bytes  PUSH 03EF6904; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!PeekMessageW                        770F045A 6 Bytes  PUSH 03EF007E; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!CallWindowProcW                     770F095E 6 Bytes  PUSH 03EF6B3A; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!GetCursorPos                        770F0B88 6 Bytes  PUSH 03EEFE61; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!DefDlgProcA                         770F26B8 6 Bytes  PUSH 03EF69D6; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!DefMDIChildProcA                    770FB031 6 Bytes  PUSH 03EF6AF4; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!DefFrameProcA                       770FB24F 6 Bytes  PUSH 03EF6A65; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!CallWindowProcA                     770FB73E 6 Bytes  PUSH 03EF6B83; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!DefFrameProcW                       770FD1F9 6 Bytes  PUSH 03EF6A1C; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!DefMDIChildProcW                    770FD4F6 6 Bytes  PUSH 03EF6AAE; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!ReleaseCapture                      771030A2 6 Bytes  PUSH 03EEFF3F; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!SetCapture                          771030AF 6 Bytes  PUSH 03EEFEE5; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!SetCursorPos                        77116FB2 6 Bytes  PUSH 03EEFEA8; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] USER32.dll!GetClipboardData                    7711715A 6 Bytes  PUSH 03EFA5CC; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] WS2_32.dll!closesocket                         75CC330C 6 Bytes  PUSH 03EEF57B; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] WS2_32.dll!getaddrinfo                         75CC418A 6 Bytes  PUSH 03EEF18C; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] WS2_32.dll!WSASend                             75CC4496 6 Bytes  PUSH 03EEF5D4; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] WS2_32.dll!send                                75CC659B 6 Bytes  PUSH 03EEF5B3; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] WS2_32.dll!gethostbyname                       75CD62D4 6 Bytes  PUSH 03EEF11C; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] CRYPT32.dll!PFXImportCertStore                 7534989D 6 Bytes  PUSH 03F01D51; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] WININET.dll!InternetReadFile                   75A8655B 6 Bytes  PUSH 03F019A3; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] WININET.dll!HttpQueryInfoA                     75A8879D 6 Bytes  PUSH 03F01AD6; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] WININET.dll!InternetCloseHandle                75A89098 6 Bytes  PUSH 03F01936; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] WININET.dll!InternetQueryDataAvailable         75A8BF93 6 Bytes  PUSH 03F01AAA; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] WININET.dll!HttpOpenRequestA                   75A8D518 6 Bytes  PUSH 03F01678; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] WININET.dll!HttpSendRequestW                   75A8FACE 6 Bytes  PUSH 03F016BC; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] WININET.dll!HttpOpenRequestW                   75A8FC0B 6 Bytes  PUSH 03F01634; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] WININET.dll!HttpSendRequestA                   75A9EEA1 6 Bytes  PUSH 03F01711; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] WININET.dll!InternetReadFileExA                75AA3271 6 Bytes  PUSH 03F019D1; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] WININET.dll!InternetSetFilePointer             75AE5A11 6 Bytes  PUSH 03F01A50; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] WININET.dll!HttpSendRequestExA                 75AFA6DA 6 Bytes  PUSH 03F01803; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] WININET.dll!HttpSendRequestExW                 75AFA733 6 Bytes  PUSH 03F01766; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] WININET.dll!HttpEndRequestA                    75AFA7E2 6 Bytes  PUSH 03F018A0; RET 
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3308] WININET.dll!HttpEndRequestW                    75AFA814 6 Bytes  PUSH 03F018EB; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] ntdll.dll!LdrLoadDll + 1                                       77329379 3 Bytes  [E1, 39, 7A]
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] ntdll.dll!LdrLoadDll + 5                                       7732937D 1 Byte  [C3]
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] ntdll.dll!NtCreateUserProcess                                  77365674 4 Bytes  [68, BC, 38, 7A]
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] ntdll.dll!NtCreateUserProcess + 5                              77365679 1 Byte  [C3]
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] kernel32.dll!GetFileAttributesExW                              77189C45 6 Bytes  PUSH 007A3C4A; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] kernel32.dll!ExitProcess                                       771B43B4 6 Bytes  PUSH 007A3C09; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] ADVAPI32.dll!CreateProcessAsUserA                              759ACEB9 6 Bytes  PUSH 007A3CB0; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] ADVAPI32.dll!CreateProcessAsUserW                              759C1EE9 6 Bytes  PUSH 007A3CC7; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!RegisterClassExA                                    770D61E1 6 Bytes  PUSH 007A6CF4; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!GetUpdateRgn                                        770D85E4 6 Bytes  PUSH 007AFAD5; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!GetMessagePos                                       770D9071 6 Bytes  PUSH 0079FE2F; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!GetCapture                                          770DA986 6 Bytes  PUSH 0079FF8F; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!SwitchDesktop                                       770DB8D2 6 Bytes  PUSH 007A68E6; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!OpenInputDesktop                                    770DBCE6 4 Bytes  [68, 96, 68, 7A]
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!OpenInputDesktop + 5                                770DBCEB 1 Byte  [C3]
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!GetUpdateRect                                       770DD3E0 6 Bytes  PUSH 007AFA42; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!RegisterClassExW                                    770DDA30 6 Bytes  PUSH 007A6CA2; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!DefWindowProcA                                      770DDB88 6 Bytes  PUSH 007A694A; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!RegisterClassA                                      770DDF42 6 Bytes  PUSH 007A6C55; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!RegisterClassW                                      770DE1AB 6 Bytes  PUSH 007A6C08; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!GetWindowDC                                         770E3BA7 4 Bytes  [68, C3, F9, 7A]
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!GetWindowDC + 5                                     770E3BAC 1 Byte  [C3]
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!DefDlgProcW                                         770E4A11 6 Bytes  PUSH 007A6990; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!GetDCEx                                             770E4D22 4 Bytes  [68, 29, F9, 7A]
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!GetDCEx + 5                                         770E4D27 1 Byte  [C3]
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!PeekMessageA                                        770E8343 6 Bytes  PUSH 007A00A9; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!GetMessageA                                         770E8AB3 6 Bytes  PUSH 007A0056; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!GetDC                                               770E9C31 4 Bytes  [68, 84, F9, 7A]
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!GetDC + 5                                           770E9C36 1 Byte  [C3]
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!ReleaseDC                                           770E9CED 6 Bytes  PUSH 007AFA02; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!EndPaint                                            770EA28F 4 Bytes  JMP 3A0F1D8C 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!EndPaint + 5                                        770EA294 1 Byte  [C3]
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!BeginPaint                                          770EA2A3 4 Bytes  [68, 79, F8, 7A]
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!BeginPaint + 5                                      770EA2A8 1 Byte  [C3]
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!GetMessageW                                         770EFEF7 6 Bytes  PUSH 007A002E; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!TranslateMessage                                    770F01AD 6 Bytes  PUSH 007AA41D; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!DefWindowProcW                                      770F03B4 6 Bytes  PUSH 007A6904; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!PeekMessageW                                        770F045A 6 Bytes  PUSH 007A007E; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!CallWindowProcW                                     770F095E 6 Bytes  PUSH 007A6B3A; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!GetCursorPos                                        770F0B88 6 Bytes  PUSH 0079FE61; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!DefDlgProcA                                         770F26B8 6 Bytes  PUSH 007A69D6; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!DefMDIChildProcA                                    770FB031 6 Bytes  PUSH 007A6AF4; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!DefFrameProcA                                       770FB24F 6 Bytes  PUSH 007A6A65; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!CallWindowProcA                                     770FB73E 6 Bytes  PUSH 007A6B83; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!DefFrameProcW                                       770FD1F9 6 Bytes  PUSH 007A6A1C; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!DefMDIChildProcW                                    770FD4F6 6 Bytes  PUSH 007A6AAE; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!ReleaseCapture                                      771030A2 6 Bytes  PUSH 0079FF3F; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!SetCapture                                          771030AF 4 Bytes  [68, E5, FE, 79]
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!SetCapture + 5                                      771030B4 1 Byte  [C3]
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!SetCursorPos                                        77116FB2 6 Bytes  PUSH 0079FEA8; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] USER32.dll!GetClipboardData                                    7711715A 6 Bytes  PUSH 007AA5CC; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] WS2_32.dll!closesocket                                         75CC330C 6 Bytes  PUSH 0079F57B; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] WS2_32.dll!getaddrinfo                                         75CC418A 6 Bytes  PUSH 0079F18C; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] WS2_32.dll!WSASend                                             75CC4496 6 Bytes  PUSH 0079F5D4; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] WS2_32.dll!send                                                75CC659B 6 Bytes  PUSH 0079F5B3; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] WS2_32.dll!gethostbyname                                       75CD62D4 6 Bytes  PUSH 0079F11C; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] CRYPT32.dll!PFXImportCertStore                                 7534989D 6 Bytes  PUSH 007B1D51; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] WININET.dll!InternetReadFile                                   75A8655B 6 Bytes  PUSH 007B19A3; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] WININET.dll!HttpQueryInfoA                                     75A8879D 6 Bytes  PUSH 007B1AD6; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] WININET.dll!InternetCloseHandle                                75A89098 6 Bytes  PUSH 007B1936; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] WININET.dll!InternetQueryDataAvailable                         75A8BF93 6 Bytes  PUSH 007B1AAA; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] WININET.dll!HttpOpenRequestA                                   75A8D518 6 Bytes  PUSH 007B1678; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] WININET.dll!HttpSendRequestW                                   75A8FACE 6 Bytes  PUSH 007B16BC; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] WININET.dll!HttpOpenRequestW                                   75A8FC0B 6 Bytes  PUSH 007B1634; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] WININET.dll!HttpSendRequestA                                   75A9EEA1 6 Bytes  PUSH 007B1711; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] WININET.dll!InternetReadFileExA                                75AA3271 6 Bytes  PUSH 007B19D1; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] WININET.dll!InternetSetFilePointer                             75AE5A11 6 Bytes  PUSH 007B1A50; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] WININET.dll!HttpSendRequestExA                                 75AFA6DA 6 Bytes  PUSH 007B1803; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] WININET.dll!HttpSendRequestExW                                 75AFA733 6 Bytes  PUSH 007B1766; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] WININET.dll!HttpEndRequestA                                    75AFA7E2 6 Bytes  PUSH 007B18A0; RET 
.text  C:\Program Files\Windows Defender\MSASCui.exe[3844] WININET.dll!HttpEndRequestW                                    75AFA814 6 Bytes  PUSH 007B18EB; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] ntdll.dll!LdrLoadDll + 1                                                  77329379 5 Bytes  [E1, 39, 58, 01, C3] {LOOPZ 0x3b; POP EAX; ADD EBX, EAX}
.text  C:\Program Files\Apoint\Apoint.exe[3864] ntdll.dll!NtCreateUserProcess                                             77365674 6 Bytes  PUSH 015838BC; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] kernel32.dll!GetFileAttributesExW                                         77189C45 6 Bytes  PUSH 01583C4A; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] kernel32.dll!ExitProcess                                                  771B43B4 6 Bytes  PUSH 01583C09; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!RegisterClassExA                                               770D61E1 6 Bytes  PUSH 01586CF4; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!GetUpdateRgn                                                   770D85E4 6 Bytes  PUSH 0158FAD5; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!GetMessagePos                                                  770D9071 6 Bytes  PUSH 0157FE2F; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!GetCapture                                                     770DA986 6 Bytes  PUSH 0157FF8F; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!SwitchDesktop                                                  770DB8D2 6 Bytes  PUSH 015868E6; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!OpenInputDesktop                                               770DBCE6 6 Bytes  PUSH 01586896; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!GetUpdateRect                                                  770DD3E0 6 Bytes  PUSH 0158FA42; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!RegisterClassExW                                               770DDA30 6 Bytes  PUSH 01586CA2; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!DefWindowProcA                                                 770DDB88 6 Bytes  PUSH 0158694A; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!RegisterClassA                                                 770DDF42 6 Bytes  PUSH 01586C55; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!RegisterClassW                                                 770DE1AB 6 Bytes  PUSH 01586C08; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!GetWindowDC                                                    770E3BA7 6 Bytes  PUSH 0158F9C3; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!DefDlgProcW                                                    770E4A11 6 Bytes  PUSH 01586990; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!GetDCEx                                                        770E4D22 6 Bytes  PUSH 0158F929; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!PeekMessageA                                                   770E8343 6 Bytes  PUSH 015800A9; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!GetMessageA                                                    770E8AB3 6 Bytes  PUSH 01580056; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!GetDC                                                          770E9C31 6 Bytes  PUSH 0158F984; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!ReleaseDC                                                      770E9CED 6 Bytes  PUSH 0158FA02; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!EndPaint                                                       770EA28F 6 Bytes  JMP 3A0FFB8C 
.text  C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!BeginPaint                                                     770EA2A3 6 Bytes  PUSH 0158F879; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!GetMessageW                                                    770EFEF7 6 Bytes  PUSH 0158002E; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!TranslateMessage                                               770F01AD 6 Bytes  PUSH 0158A41D; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!DefWindowProcW                                                 770F03B4 6 Bytes  PUSH 01586904; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!PeekMessageW                                                   770F045A 6 Bytes  PUSH 0158007E; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!CallWindowProcW                                                770F095E 6 Bytes  PUSH 01586B3A; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!GetCursorPos                                                   770F0B88 6 Bytes  PUSH 0157FE61; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!DefDlgProcA                                                    770F26B8 6 Bytes  PUSH 015869D6; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!DefMDIChildProcA                                               770FB031 6 Bytes  PUSH 01586AF4; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!DefFrameProcA                                                  770FB24F 6 Bytes  PUSH 01586A65; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!CallWindowProcA                                                770FB73E 6 Bytes  PUSH 01586B83; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!DefFrameProcW                                                  770FD1F9 6 Bytes  PUSH 01586A1C; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!DefMDIChildProcW                                               770FD4F6 6 Bytes  PUSH 01586AAE; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!ReleaseCapture                                                 771030A2 6 Bytes  PUSH 0157FF3F; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!SetCapture                                                     771030AF 6 Bytes  PUSH 0157FEE5; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!SetCursorPos                                                   77116FB2 6 Bytes  PUSH 0157FEA8; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] USER32.dll!GetClipboardData                                               7711715A 6 Bytes  PUSH 0158A5CC; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] ADVAPI32.dll!CreateProcessAsUserA                                         759ACEB9 6 Bytes  PUSH 01583CB0; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] ADVAPI32.dll!CreateProcessAsUserW                                         759C1EE9 6 Bytes  PUSH 01583CC7; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] WS2_32.dll!closesocket                                                    75CC330C 6 Bytes  PUSH 0157F57B; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] WS2_32.dll!getaddrinfo                                                    75CC418A 6 Bytes  PUSH 0157F18C; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] WS2_32.dll!WSASend                                                        75CC4496 6 Bytes  PUSH 0157F5D4; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] WS2_32.dll!send                                                           75CC659B 6 Bytes  PUSH 0157F5B3; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] WS2_32.dll!gethostbyname                                                  75CD62D4 6 Bytes  PUSH 0157F11C; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] CRYPT32.dll!PFXImportCertStore                                            7534989D 6 Bytes  PUSH 01591D51; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] WININET.dll!InternetReadFile                                              75A8655B 6 Bytes  PUSH 015919A3; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] WININET.dll!HttpQueryInfoA                                                75A8879D 6 Bytes  PUSH 01591AD6; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] WININET.dll!InternetCloseHandle                                           75A89098 6 Bytes  PUSH 01591936; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] WININET.dll!InternetQueryDataAvailable                                    75A8BF93 6 Bytes  PUSH 01591AAA; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] WININET.dll!HttpOpenRequestA                                              75A8D518 6 Bytes  PUSH 01591678; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] WININET.dll!HttpSendRequestW                                              75A8FACE 6 Bytes  PUSH 015916BC; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] WININET.dll!HttpOpenRequestW                                              75A8FC0B 6 Bytes  PUSH 01591634; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] WININET.dll!HttpSendRequestA                                              75A9EEA1 6 Bytes  PUSH 01591711; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] WININET.dll!InternetReadFileExA                                           75AA3271 6 Bytes  PUSH 015919D1; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] WININET.dll!InternetSetFilePointer                                        75AE5A11 6 Bytes  PUSH 01591A50; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] WININET.dll!HttpSendRequestExA                                            75AFA6DA 6 Bytes  PUSH 01591803; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] WININET.dll!HttpSendRequestExW                                            75AFA733 6 Bytes  PUSH 01591766; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] WININET.dll!HttpEndRequestA                                               75AFA7E2 6 Bytes  PUSH 015918A0; RET 
.text  C:\Program Files\Apoint\Apoint.exe[3864] WININET.dll!HttpEndRequestW                                               75AFA814 6 Bytes  PUSH 015918EB; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] ntdll.dll!LdrLoadDll + 1                            77329379 3 Bytes  [E1, 39, B8]
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] ntdll.dll!LdrLoadDll + 5                            7732937D 1 Byte  [C3]
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] ntdll.dll!NtCreateUserProcess                       77365674 4 Bytes  [68, BC, 38, B8]
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] ntdll.dll!NtCreateUserProcess + 5                   77365679 1 Byte  [C3]
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] KERNEL32.dll!GetFileAttributesExW                   77189C45 6 Bytes  PUSH 00B83C4A; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] KERNEL32.dll!ExitProcess                            771B43B4 6 Bytes  PUSH 00B83C09; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] ADVAPI32.dll!CreateProcessAsUserA                   759ACEB9 6 Bytes  PUSH 00B83CB0; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] ADVAPI32.dll!CreateProcessAsUserW                   759C1EE9 6 Bytes  PUSH 00B83CC7; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!RegisterClassExA                         770D61E1 6 Bytes  PUSH 00B86CF4; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!GetUpdateRgn                             770D85E4 6 Bytes  PUSH 00B8FAD5; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!GetMessagePos                            770D9071 6 Bytes  PUSH 00B7FE2F; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!GetCapture                               770DA986 6 Bytes  PUSH 00B7FF8F; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!SwitchDesktop                            770DB8D2 6 Bytes  PUSH 00B868E6; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!OpenInputDesktop                         770DBCE6 4 Bytes  [68, 96, 68, B8]
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!OpenInputDesktop + 5                     770DBCEB 1 Byte  [C3]
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!GetUpdateRect                            770DD3E0 6 Bytes  PUSH 00B8FA42; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!RegisterClassExW                         770DDA30 6 Bytes  PUSH 00B86CA2; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!DefWindowProcA                           770DDB88 6 Bytes  PUSH 00B8694A; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!RegisterClassA                           770DDF42 6 Bytes  PUSH 00B86C55; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!RegisterClassW                           770DE1AB 6 Bytes  PUSH 00B86C08; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!GetWindowDC                              770E3BA7 4 Bytes  [68, C3, F9, B8]
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!GetWindowDC + 5                          770E3BAC 1 Byte  [C3]
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!DefDlgProcW                              770E4A11 6 Bytes  PUSH 00B86990; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!GetDCEx                                  770E4D22 4 Bytes  [68, 29, F9, B8]
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!GetDCEx + 5                              770E4D27 1 Byte  [C3]
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!PeekMessageA                             770E8343 6 Bytes  PUSH 00B800A9; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!GetMessageA                              770E8AB3 6 Bytes  PUSH 00B80056; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!GetDC                                    770E9C31 4 Bytes  [68, 84, F9, B8]
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!GetDC + 5                                770E9C36 1 Byte  [C3]
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!ReleaseDC                                770E9CED 6 Bytes  PUSH 00B8FA02; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!EndPaint                                 770EA28F 4 Bytes  JMP 3A0F5B8C 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!EndPaint + 5                             770EA294 1 Byte  [C3]
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!BeginPaint                               770EA2A3 4 Bytes  [68, 79, F8, B8]
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!BeginPaint + 5                           770EA2A8 1 Byte  [C3]
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!GetMessageW                              770EFEF7 6 Bytes  PUSH 00B8002E; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!TranslateMessage                         770F01AD 6 Bytes  PUSH 00B8A41D; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!DefWindowProcW                           770F03B4 6 Bytes  PUSH 00B86904; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!PeekMessageW                             770F045A 6 Bytes  PUSH 00B8007E; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!CallWindowProcW                          770F095E 6 Bytes  PUSH 00B86B3A; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!GetCursorPos                             770F0B88 6 Bytes  PUSH 00B7FE61; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!DefDlgProcA                              770F26B8 6 Bytes  PUSH 00B869D6; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!DefMDIChildProcA                         770FB031 6 Bytes  PUSH 00B86AF4; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!DefFrameProcA                            770FB24F 6 Bytes  PUSH 00B86A65; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!CallWindowProcA                          770FB73E 6 Bytes  PUSH 00B86B83; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!DefFrameProcW                            770FD1F9 6 Bytes  PUSH 00B86A1C; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!DefMDIChildProcW                         770FD4F6 6 Bytes  PUSH 00B86AAE; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!ReleaseCapture                           771030A2 6 Bytes  PUSH 00B7FF3F; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!SetCapture                               771030AF 4 Bytes  [68, E5, FE, B7]
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!SetCapture + 5                           771030B4 1 Byte  [C3]
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!SetCursorPos                             77116FB2 6 Bytes  PUSH 00B7FEA8; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] USER32.dll!GetClipboardData                         7711715A 6 Bytes  PUSH 00B8A5CC; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] WS2_32.dll!closesocket                              75CC330C 6 Bytes  PUSH 00B7F57B; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] WS2_32.dll!getaddrinfo                              75CC418A 6 Bytes  PUSH 00B7F18C; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] WS2_32.dll!WSASend                                  75CC4496 6 Bytes  PUSH 00B7F5D4; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] WS2_32.dll!send                                     75CC659B 6 Bytes  PUSH 00B7F5B3; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] WS2_32.dll!gethostbyname                            75CD62D4 6 Bytes  PUSH 00B7F11C; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] CRYPT32.dll!PFXImportCertStore                      7534989D 6 Bytes  PUSH 00B91D51; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] WININET.dll!InternetReadFile                        75A8655B 6 Bytes  PUSH 00B919A3; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] WININET.dll!HttpQueryInfoA                          75A8879D 6 Bytes  PUSH 00B91AD6; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] WININET.dll!InternetCloseHandle                     75A89098 6 Bytes  PUSH 00B91936; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] WININET.dll!InternetQueryDataAvailable              75A8BF93 6 Bytes  PUSH 00B91AAA; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] WININET.dll!HttpOpenRequestA                        75A8D518 6 Bytes  PUSH 00B91678; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] WININET.dll!HttpSendRequestW                        75A8FACE 6 Bytes  PUSH 00B916BC; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] WININET.dll!HttpOpenRequestW                        75A8FC0B 6 Bytes  PUSH 00B91634; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] WININET.dll!HttpSendRequestA                        75A9EEA1 6 Bytes  PUSH 00B91711; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] WININET.dll!InternetReadFileExA                     75AA3271 6 Bytes  PUSH 00B919D1; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] WININET.dll!InternetSetFilePointer                  75AE5A11 6 Bytes  PUSH 00B91A50; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] WININET.dll!HttpSendRequestExA                      75AFA6DA 6 Bytes  PUSH 00B91803; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] WININET.dll!HttpSendRequestExW                      75AFA733 6 Bytes  PUSH 00B91766; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] WININET.dll!HttpEndRequestA                         75AFA7E2 6 Bytes  PUSH 00B918A0; RET 
.text  C:\Program Files\sony\Marketing Tools\MarketingTools.exe[3880] WININET.dll!HttpEndRequestW                         75AFA814 6 Bytes  PUSH 00B918EB; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] ntdll.dll!LdrLoadDll + 1                                       77329379 3 Bytes  [E1, 39, 31]
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] ntdll.dll!LdrLoadDll + 5                                       7732937D 1 Byte  [C3]
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] ntdll.dll!NtCreateUserProcess                                  77365674 4 Bytes  [68, BC, 38, 31]
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] ntdll.dll!NtCreateUserProcess + 5                              77365679 1 Byte  [C3]
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] kernel32.dll!GetFileAttributesExW                              77189C45 6 Bytes  PUSH 00313C4A; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] kernel32.dll!ExitProcess                                       771B43B4 6 Bytes  PUSH 00313C09; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] ADVAPI32.dll!CreateProcessAsUserA                              759ACEB9 6 Bytes  PUSH 00313CB0; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] ADVAPI32.dll!CreateProcessAsUserW                              759C1EE9 6 Bytes  PUSH 00313CC7; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!RegisterClassExA                                    770D61E1 6 Bytes  PUSH 00316CF4; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!GetUpdateRgn                                        770D85E4 6 Bytes  PUSH 0031FAD5; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!GetMessagePos                                       770D9071 6 Bytes  PUSH 0030FE2F; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!GetCapture                                          770DA986 6 Bytes  PUSH 0030FF8F; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!SwitchDesktop                                       770DB8D2 6 Bytes  PUSH 003168E6; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!OpenInputDesktop                                    770DBCE6 4 Bytes  [68, 96, 68, 31]
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!OpenInputDesktop + 5                                770DBCEB 1 Byte  [C3]
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!GetUpdateRect                                       770DD3E0 6 Bytes  PUSH 0031FA42; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!RegisterClassExW                                    770DDA30 6 Bytes  PUSH 00316CA2; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!DefWindowProcA                                      770DDB88 6 Bytes  PUSH 0031694A; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!RegisterClassA                                      770DDF42 6 Bytes  PUSH 00316C55; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!RegisterClassW                                      770DE1AB 6 Bytes  PUSH 00316C08; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!GetWindowDC                                         770E3BA7 4 Bytes  [68, C3, F9, 31]
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!GetWindowDC + 5                                     770E3BAC 1 Byte  [C3]
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!DefDlgProcW                                         770E4A11 6 Bytes  PUSH 00316990; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!GetDCEx                                             770E4D22 4 Bytes  [68, 29, F9, 31]
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!GetDCEx + 5                                         770E4D27 1 Byte  [C3]
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!PeekMessageA                                        770E8343 6 Bytes  PUSH 003100A9; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!GetMessageA                                         770E8AB3 6 Bytes  PUSH 00310056; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!GetDC                                               770E9C31 4 Bytes  [68, 84, F9, 31]
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!GetDC + 5                                           770E9C36 1 Byte  [C3]
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!ReleaseDC                                           770E9CED 6 Bytes  PUSH 0031FA02; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!EndPaint                                            770EA28F 4 Bytes  JMP 3A0ED48C 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!EndPaint + 5                                        770EA294 1 Byte  [C3]
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!BeginPaint                                          770EA2A3 4 Bytes  [68, 79, F8, 31]
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!BeginPaint + 5                                      770EA2A8 1 Byte  [C3]
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!GetMessageW                                         770EFEF7 6 Bytes  PUSH 0031002E; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!TranslateMessage                                    770F01AD 6 Bytes  PUSH 0031A41D; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!DefWindowProcW                                      770F03B4 6 Bytes  PUSH 00316904; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!PeekMessageW                                        770F045A 6 Bytes  PUSH 0031007E; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!CallWindowProcW                                     770F095E 6 Bytes  PUSH 00316B3A; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!GetCursorPos                                        770F0B88 6 Bytes  PUSH 0030FE61; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!DefDlgProcA                                         770F26B8 6 Bytes  PUSH 003169D6; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!DefMDIChildProcA                                    770FB031 6 Bytes  PUSH 00316AF4; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!DefFrameProcA                                       770FB24F 6 Bytes  PUSH 00316A65; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!CallWindowProcA                                     770FB73E 6 Bytes  PUSH 00316B83; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!DefFrameProcW                                       770FD1F9 6 Bytes  PUSH 00316A1C; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!DefMDIChildProcW                                    770FD4F6 6 Bytes  PUSH 00316AAE; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!ReleaseCapture                                      771030A2 6 Bytes  PUSH 0030FF3F; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!SetCapture                                          771030AF 4 Bytes  [68, E5, FE, 30]
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!SetCapture + 5                                      771030B4 1 Byte  [C3]
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!SetCursorPos                                        77116FB2 6 Bytes  PUSH 0030FEA8; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] USER32.dll!GetClipboardData                                    7711715A 6 Bytes  PUSH 0031A5CC; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] WS2_32.dll!closesocket                                         75CC330C 6 Bytes  PUSH 0030F57B; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] WS2_32.dll!getaddrinfo                                         75CC418A 6 Bytes  PUSH 0030F18C; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] WS2_32.dll!WSASend                                             75CC4496 6 Bytes  PUSH 0030F5D4; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] WS2_32.dll!send                                                75CC659B 6 Bytes  PUSH 0030F5B3; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] WS2_32.dll!gethostbyname                                       75CD62D4 6 Bytes  PUSH 0030F11C; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] CRYPT32.dll!PFXImportCertStore                                 7534989D 6 Bytes  PUSH 00321D51; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] WININET.dll!InternetReadFile                                   75A8655B 6 Bytes  PUSH 003219A3; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] WININET.dll!HttpQueryInfoA                                     75A8879D 6 Bytes  PUSH 00321AD6; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] WININET.dll!InternetCloseHandle                                75A89098 6 Bytes  PUSH 00321936; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] WININET.dll!InternetQueryDataAvailable                         75A8BF93 6 Bytes  PUSH 00321AAA; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] WININET.dll!HttpOpenRequestA                                   75A8D518 6 Bytes  PUSH 00321678; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] WININET.dll!HttpSendRequestW                                   75A8FACE 6 Bytes  PUSH 003216BC; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] WININET.dll!HttpOpenRequestW                                   75A8FC0B 6 Bytes  PUSH 00321634; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] WININET.dll!HttpSendRequestA                                   75A9EEA1 6 Bytes  PUSH 00321711; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] WININET.dll!InternetReadFileExA                                75AA3271 6 Bytes  PUSH 003219D1; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] WININET.dll!InternetSetFilePointer                             75AE5A11 6 Bytes  PUSH 00321A50; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] WININET.dll!HttpSendRequestExA                                 75AFA6DA 6 Bytes  PUSH 00321803; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] WININET.dll!HttpSendRequestExW                                 75AFA733 6 Bytes  PUSH 00321766; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] WININET.dll!HttpEndRequestA                                    75AFA7E2 6 Bytes  PUSH 003218A0; RET 
.text  C:\Program Files\Logitech\SetPoint\LBTWiz.exe[3896] WININET.dll!HttpEndRequestW                                    75AFA814 6 Bytes  PUSH 003218EB; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] ntdll.dll!LdrLoadDll + 1                     77329379 3 Bytes  [E1, 39, 22]
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] ntdll.dll!LdrLoadDll + 5                     7732937D 1 Byte  [C3]
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] ntdll.dll!NtCreateUserProcess                77365674 4 Bytes  [68, BC, 38, 22]
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] ntdll.dll!NtCreateUserProcess + 5            77365679 1 Byte  [C3]
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] kernel32.dll!GetFileAttributesExW            77189C45 6 Bytes  PUSH 00223C4A; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] kernel32.dll!ExitProcess                     771B43B4 6 Bytes  PUSH 00223C09; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!RegisterClassExA                  770D61E1 6 Bytes  PUSH 00226CF4; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!GetUpdateRgn                      770D85E4 6 Bytes  PUSH 0022FAD5; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!GetMessagePos                     770D9071 6 Bytes  PUSH 0021FE2F; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!GetCapture                        770DA986 6 Bytes  PUSH 0021FF8F; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!SwitchDesktop                     770DB8D2 6 Bytes  PUSH 002268E6; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!OpenInputDesktop                  770DBCE6 4 Bytes  [68, 96, 68, 22]
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!OpenInputDesktop + 5              770DBCEB 1 Byte  [C3]
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!GetUpdateRect                     770DD3E0 6 Bytes  PUSH 0022FA42; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!RegisterClassExW                  770DDA30 6 Bytes  PUSH 00226CA2; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!DefWindowProcA                    770DDB88 6 Bytes  PUSH 0022694A; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!RegisterClassA                    770DDF42 6 Bytes  PUSH 00226C55; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!RegisterClassW                    770DE1AB 6 Bytes  PUSH 00226C08; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!GetWindowDC                       770E3BA7 4 Bytes  [68, C3, F9, 22]
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!GetWindowDC + 5                   770E3BAC 1 Byte  [C3]
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!DefDlgProcW                       770E4A11 6 Bytes  PUSH 00226990; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!GetDCEx                           770E4D22 4 Bytes  [68, 29, F9, 22]
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!GetDCEx + 5                       770E4D27 1 Byte  [C3]
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!PeekMessageA                      770E8343 6 Bytes  PUSH 002200A9; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!GetMessageA                       770E8AB3 6 Bytes  PUSH 00220056; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!GetDC                             770E9C31 4 Bytes  [68, 84, F9, 22]
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!GetDC + 5                         770E9C36 1 Byte  [C3]
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!ReleaseDC                         770E9CED 6 Bytes  PUSH 0022FA02; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!EndPaint                          770EA28F 4 Bytes  JMP 3A0EC58C 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!EndPaint + 5                      770EA294 1 Byte  [C3]
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!BeginPaint                        770EA2A3 4 Bytes  [68, 79, F8, 22]
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!BeginPaint + 5                    770EA2A8 1 Byte  [C3]
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!GetMessageW                       770EFEF7 6 Bytes  PUSH 0022002E; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!TranslateMessage                  770F01AD 6 Bytes  PUSH 0022A41D; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!DefWindowProcW                    770F03B4 6 Bytes  PUSH 00226904; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!PeekMessageW                      770F045A 6 Bytes  PUSH 0022007E; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!CallWindowProcW                   770F095E 6 Bytes  PUSH 00226B3A; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!GetCursorPos                      770F0B88 6 Bytes  PUSH 0021FE61; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!DefDlgProcA                       770F26B8 6 Bytes  PUSH 002269D6; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!DefMDIChildProcA                  770FB031 6 Bytes  PUSH 00226AF4; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!DefFrameProcA                     770FB24F 6 Bytes  PUSH 00226A65; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!CallWindowProcA                   770FB73E 6 Bytes  PUSH 00226B83; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!DefFrameProcW                     770FD1F9 6 Bytes  PUSH 00226A1C; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!DefMDIChildProcW                  770FD4F6 6 Bytes  PUSH 00226AAE; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!ReleaseCapture                    771030A2 6 Bytes  PUSH 0021FF3F; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!SetCapture                        771030AF 4 Bytes  [68, E5, FE, 21]
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!SetCapture + 5                    771030B4 1 Byte  [C3]
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!SetCursorPos                      77116FB2 6 Bytes  PUSH 0021FEA8; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] USER32.dll!GetClipboardData                  7711715A 6 Bytes  PUSH 0022A5CC; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] ADVAPI32.dll!CreateProcessAsUserA            759ACEB9 6 Bytes  PUSH 00223CB0; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] ADVAPI32.dll!CreateProcessAsUserW            759C1EE9 6 Bytes  PUSH 00223CC7; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] WS2_32.dll!closesocket                       75CC330C 6 Bytes  PUSH 0021F57B; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] WS2_32.dll!getaddrinfo                       75CC418A 6 Bytes  PUSH 0021F18C; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] WS2_32.dll!WSASend                           75CC4496 6 Bytes  PUSH 0021F5D4; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] WS2_32.dll!send                              75CC659B 6 Bytes  PUSH 0021F5B3; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] WS2_32.dll!gethostbyname                     75CD62D4 6 Bytes  PUSH 0021F11C; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] CRYPT32.dll!PFXImportCertStore               7534989D 6 Bytes  PUSH 00231D51; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] WININET.dll!InternetReadFile                 75A8655B 6 Bytes  PUSH 002319A3; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] WININET.dll!HttpQueryInfoA                   75A8879D 6 Bytes  PUSH 00231AD6; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] WININET.dll!InternetCloseHandle              75A89098 6 Bytes  PUSH 00231936; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] WININET.dll!InternetQueryDataAvailable       75A8BF93 6 Bytes  PUSH 00231AAA; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] WININET.dll!HttpOpenRequestA                 75A8D518 6 Bytes  PUSH 00231678; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] WININET.dll!HttpSendRequestW                 75A8FACE 6 Bytes  PUSH 002316BC; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] WININET.dll!HttpOpenRequestW                 75A8FC0B 6 Bytes  PUSH 00231634; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] WININET.dll!HttpSendRequestA                 75A9EEA1 6 Bytes  PUSH 00231711; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] WININET.dll!InternetReadFileExA              75AA3271 6 Bytes  PUSH 002319D1; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] WININET.dll!InternetSetFilePointer           75AE5A11 6 Bytes  PUSH 00231A50; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] WININET.dll!HttpSendRequestExA               75AFA6DA 6 Bytes  PUSH 00231803; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] WININET.dll!HttpSendRequestExW               75AFA733 6 Bytes  PUSH 00231766; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] WININET.dll!HttpEndRequestA                  75AFA7E2 6 Bytes  PUSH 002318A0; RET 
.text  C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3952] WININET.dll!HttpEndRequestW                  75AFA814 6 Bytes  PUSH 002318EB; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] ntdll.dll!LdrLoadDll + 1                                                  77329379 3 Bytes  [E1, 39, 14]
.text  C:\Program Files\Apoint\Apntex.exe[4008] ntdll.dll!LdrLoadDll + 5                                                  7732937D 1 Byte  [C3]
.text  C:\Program Files\Apoint\Apntex.exe[4008] ntdll.dll!NtCreateUserProcess                                             77365674 4 Bytes  [68, BC, 38, 14]
.text  C:\Program Files\Apoint\Apntex.exe[4008] ntdll.dll!NtCreateUserProcess + 5                                         77365679 1 Byte  [C3]
.text  C:\Program Files\Apoint\Apntex.exe[4008] kernel32.dll!GetFileAttributesExW                                         77189C45 6 Bytes  PUSH 00143C4A; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] kernel32.dll!ExitProcess                                                  771B43B4 6 Bytes  PUSH 00143C09; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!RegisterClassExA                                               770D61E1 6 Bytes  PUSH 00146CF4; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!GetUpdateRgn                                                   770D85E4 6 Bytes  PUSH 0014FAD5; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!GetMessagePos                                                  770D9071 6 Bytes  PUSH 0013FE2F; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!GetCapture                                                     770DA986 3 Bytes  [68, 8F, FF]
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!GetCapture + 4                                                 770DA98A 2 Bytes  [00, C3] {ADD BL, AL}
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!SwitchDesktop                                                  770DB8D2 6 Bytes  PUSH 001468E6; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!OpenInputDesktop                                               770DBCE6 4 Bytes  [68, 96, 68, 14]
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!OpenInputDesktop + 5                                           770DBCEB 1 Byte  [C3]
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!GetUpdateRect                                                  770DD3E0 6 Bytes  PUSH 0014FA42; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!RegisterClassExW                                               770DDA30 6 Bytes  PUSH 00146CA2; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!DefWindowProcA                                                 770DDB88 6 Bytes  PUSH 0014694A; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!RegisterClassA                                                 770DDF42 6 Bytes  PUSH 00146C55; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!RegisterClassW                                                 770DE1AB 6 Bytes  PUSH 00146C08; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!GetWindowDC                                                    770E3BA7 4 Bytes  [68, C3, F9, 14]
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!GetWindowDC + 5                                                770E3BAC 1 Byte  [C3]
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!DefDlgProcW                                                    770E4A11 6 Bytes  PUSH 00146990; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!GetDCEx                                                        770E4D22 4 Bytes  [68, 29, F9, 14]
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!GetDCEx + 5                                                    770E4D27 1 Byte  [C3]
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!PeekMessageA                                                   770E8343 6 Bytes  PUSH 001400A9; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!GetMessageA                                                    770E8AB3 6 Bytes  PUSH 00140056; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!GetDC                                                          770E9C31 4 Bytes  [68, 84, F9, 14]
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!GetDC + 5                                                      770E9C36 1 Byte  [C3]
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!ReleaseDC                                                      770E9CED 6 Bytes  PUSH 0014FA02; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!EndPaint                                                       770EA28F 4 Bytes  JMP 3A0EB78C 
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!EndPaint + 5                                                   770EA294 1 Byte  [C3]
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!BeginPaint                                                     770EA2A3 4 Bytes  [68, 79, F8, 14]
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!BeginPaint + 5                                                 770EA2A8 1 Byte  [C3]
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!GetMessageW                                                    770EFEF7 6 Bytes  PUSH 0014002E; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!TranslateMessage                                               770F01AD 6 Bytes  PUSH 0014A41D; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!DefWindowProcW                                                 770F03B4 6 Bytes  PUSH 00146904; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!PeekMessageW                                                   770F045A 6 Bytes  PUSH 0014007E; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!CallWindowProcW                                                770F095E 6 Bytes  PUSH 00146B3A; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!GetCursorPos                                                   770F0B88 6 Bytes  PUSH 0013FE61; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!DefDlgProcA                                                    770F26B8 6 Bytes  PUSH 001469D6; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!DefMDIChildProcA                                               770FB031 6 Bytes  PUSH 00146AF4; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!DefFrameProcA                                                  770FB24F 6 Bytes  PUSH 00146A65; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!CallWindowProcA                                                770FB73E 6 Bytes  PUSH 00146B83; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!DefFrameProcW                                                  770FD1F9 6 Bytes  PUSH 00146A1C; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!DefMDIChildProcW                                               770FD4F6 6 Bytes  PUSH 00146AAE; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!ReleaseCapture                                                 771030A2 6 Bytes  PUSH 0013FF3F; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!SetCapture                                                     771030AF 4 Bytes  [68, E5, FE, 13]
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!SetCapture + 5                                                 771030B4 1 Byte  [C3]
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!SetCursorPos                                                   77116FB2 6 Bytes  PUSH 0013FEA8; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] USER32.dll!GetClipboardData                                               7711715A 6 Bytes  PUSH 0014A5CC; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] ADVAPI32.dll!CreateProcessAsUserA                                         759ACEB9 6 Bytes  PUSH 00143CB0; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] ADVAPI32.dll!CreateProcessAsUserW                                         759C1EE9 6 Bytes  PUSH 00143CC7; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] WS2_32.dll!closesocket                                                    75CC330C 6 Bytes  PUSH 0013F57B; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] WS2_32.dll!getaddrinfo                                                    75CC418A 6 Bytes  PUSH 0013F18C; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] WS2_32.dll!WSASend                                                        75CC4496 6 Bytes  PUSH 0013F5D4; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] WS2_32.dll!send                                                           75CC659B 6 Bytes  PUSH 0013F5B3; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] WS2_32.dll!gethostbyname                                                  75CD62D4 6 Bytes  PUSH 0013F11C; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] CRYPT32.dll!PFXImportCertStore                                            7534989D 6 Bytes  PUSH 00151D51; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] WININET.dll!InternetReadFile                                              75A8655B 6 Bytes  PUSH 001519A3; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] WININET.dll!HttpQueryInfoA                                                75A8879D 6 Bytes  PUSH 00151AD6; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] WININET.dll!InternetCloseHandle                                           75A89098 6 Bytes  PUSH 00151936; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] WININET.dll!InternetQueryDataAvailable                                    75A8BF93 6 Bytes  PUSH 00151AAA; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] WININET.dll!HttpOpenRequestA                                              75A8D518 6 Bytes  PUSH 00151678; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] WININET.dll!HttpSendRequestW                                              75A8FACE 6 Bytes  PUSH 001516BC; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] WININET.dll!HttpOpenRequestW                                              75A8FC0B 6 Bytes  PUSH 00151634; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] WININET.dll!HttpSendRequestA                                              75A9EEA1 6 Bytes  PUSH 00151711; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] WININET.dll!InternetReadFileExA                                           75AA3271 6 Bytes  PUSH 001519D1; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] WININET.dll!InternetSetFilePointer                                        75AE5A11 6 Bytes  PUSH 00151A50; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] WININET.dll!HttpSendRequestExA                                            75AFA6DA 6 Bytes  PUSH 00151803; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] WININET.dll!HttpSendRequestExW                                            75AFA733 6 Bytes  PUSH 00151766; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] WININET.dll!HttpEndRequestA                                               75AFA7E2 6 Bytes  PUSH 001518A0; RET 
.text  C:\Program Files\Apoint\Apntex.exe[4008] WININET.dll!HttpEndRequestW                                               75AFA814 6 Bytes  PUSH 001518EB; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] ntdll.dll!LdrLoadDll + 1                                                         77329379 3 Bytes  [E1, 39, 7F]
.text  C:\Windows\ehome\ehmsas.exe[4240] ntdll.dll!LdrLoadDll + 5                                                         7732937D 1 Byte  [C3]
.text  C:\Windows\ehome\ehmsas.exe[4240] ntdll.dll!NtCreateUserProcess                                                    77365674 4 Bytes  [68, BC, 38, 7F]
.text  C:\Windows\ehome\ehmsas.exe[4240] ntdll.dll!NtCreateUserProcess + 5                                                77365679 1 Byte  [C3]
.text  C:\Windows\ehome\ehmsas.exe[4240] kernel32.dll!GetFileAttributesExW                                                77189C45 6 Bytes  PUSH 007F3C4A; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] kernel32.dll!ExitProcess                                                         771B43B4 6 Bytes  PUSH 007F3C09; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] ADVAPI32.dll!CreateProcessAsUserA                                                759ACEB9 6 Bytes  PUSH 007F3CB0; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] ADVAPI32.dll!CreateProcessAsUserW                                                759C1EE9 6 Bytes  PUSH 007F3CC7; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!RegisterClassExA                                                      770D61E1 6 Bytes  PUSH 007F6CF4; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!GetUpdateRgn                                                          770D85E4 6 Bytes  PUSH 007FFAD5; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!GetMessagePos                                                         770D9071 6 Bytes  PUSH 007EFE2F; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!GetCapture                                                            770DA986 6 Bytes  PUSH 007EFF8F; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!SwitchDesktop                                                         770DB8D2 6 Bytes  PUSH 007F68E6; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!OpenInputDesktop                                                      770DBCE6 4 Bytes  [68, 96, 68, 7F]
.text  C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!OpenInputDesktop + 5                                                  770DBCEB 1 Byte  [C3]
.text  C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!GetUpdateRect                                                         770DD3E0 6 Bytes  PUSH 007FFA42; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!RegisterClassExW                                                      770DDA30 6 Bytes  PUSH 007F6CA2; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!DefWindowProcA                                                        770DDB88 6 Bytes  PUSH 007F694A; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!RegisterClassA                                                        770DDF42 6 Bytes  PUSH 007F6C55; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!RegisterClassW                                                        770DE1AB 6 Bytes  PUSH 007F6C08; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!GetWindowDC                                                           770E3BA7 4 Bytes  [68, C3, F9, 7F]
.text  C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!GetWindowDC + 5                                                       770E3BAC 1 Byte  [C3]
.text  C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!DefDlgProcW                                                           770E4A11 6 Bytes  PUSH 007F6990; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!GetDCEx                                                               770E4D22 4 Bytes  [68, 29, F9, 7F]
.text  C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!GetDCEx + 5                                                           770E4D27 1 Byte  [C3]
.text  C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!PeekMessageA                                                          770E8343 6 Bytes  PUSH 007F00A9; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!GetMessageA                                                           770E8AB3 6 Bytes  PUSH 007F0056; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!GetDC                                                                 770E9C31 4 Bytes  [68, 84, F9, 7F]
.text  C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!GetDC + 5                                                             770E9C36 1 Byte  [C3]
.text  C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!ReleaseDC                                                             770E9CED 6 Bytes  PUSH 007FFA02; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!EndPaint                                                              770EA28F 4 Bytes  JMP 3A0F228C 
.text  C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!EndPaint + 5                                                          770EA294 1 Byte  [C3]
.text  C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!BeginPaint                                                            770EA2A3 4 Bytes  [68, 79, F8, 7F]
.text  C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!BeginPaint + 5                                                        770EA2A8 1 Byte  [C3]
.text  C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!GetMessageW                                                           770EFEF7 6 Bytes  PUSH 007F002E; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!TranslateMessage                                                      770F01AD 6 Bytes  PUSH 007FA41D; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!DefWindowProcW                                                        770F03B4 6 Bytes  PUSH 007F6904; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!PeekMessageW                                                          770F045A 6 Bytes  PUSH 007F007E; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!CallWindowProcW                                                       770F095E 6 Bytes  PUSH 007F6B3A; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!GetCursorPos                                                          770F0B88 6 Bytes  PUSH 007EFE61; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!DefDlgProcA                                                           770F26B8 6 Bytes  PUSH 007F69D6; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!DefMDIChildProcA                                                      770FB031 6 Bytes  PUSH 007F6AF4; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!DefFrameProcA                                                         770FB24F 6 Bytes  PUSH 007F6A65; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!CallWindowProcA                                                       770FB73E 6 Bytes  PUSH 007F6B83; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!DefFrameProcW                                                         770FD1F9 6 Bytes  PUSH 007F6A1C; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!DefMDIChildProcW                                                      770FD4F6 6 Bytes  PUSH 007F6AAE; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!ReleaseCapture                                                        771030A2 6 Bytes  PUSH 007EFF3F; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!SetCapture                                                            771030AF 4 Bytes  [68, E5, FE, 7E]
.text  C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!SetCapture + 5                                                        771030B4 1 Byte  [C3]
.text  C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!SetCursorPos                                                          77116FB2 6 Bytes  PUSH 007EFEA8; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] USER32.dll!GetClipboardData                                                      7711715A 6 Bytes  PUSH 007FA5CC; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] WS2_32.dll!closesocket                                                           75CC330C 6 Bytes  PUSH 007EF57B; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] WS2_32.dll!getaddrinfo                                                           75CC418A 6 Bytes  PUSH 007EF18C; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] WS2_32.dll!WSASend                                                               75CC4496 6 Bytes  PUSH 007EF5D4; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] WS2_32.dll!send                                                                  75CC659B 6 Bytes  PUSH 007EF5B3; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] WS2_32.dll!gethostbyname                                                         75CD62D4 6 Bytes  PUSH 007EF11C; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] CRYPT32.dll!PFXImportCertStore                                                   7534989D 6 Bytes  PUSH 00801D51; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] WININET.dll!InternetReadFile                                                     75A8655B 6 Bytes  PUSH 008019A3; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] WININET.dll!HttpQueryInfoA                                                       75A8879D 6 Bytes  PUSH 00801AD6; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] WININET.dll!InternetCloseHandle                                                  75A89098 6 Bytes  PUSH 00801936; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] WININET.dll!InternetQueryDataAvailable                                           75A8BF93 6 Bytes  PUSH 00801AAA; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] WININET.dll!HttpOpenRequestA                                                     75A8D518 6 Bytes  PUSH 00801678; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] WININET.dll!HttpSendRequestW                                                     75A8FACE 6 Bytes  PUSH 008016BC; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] WININET.dll!HttpOpenRequestW                                                     75A8FC0B 6 Bytes  PUSH 00801634; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] WININET.dll!HttpSendRequestA                                                     75A9EEA1 6 Bytes  PUSH 00801711; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] WININET.dll!InternetReadFileExA                                                  75AA3271 6 Bytes  PUSH 008019D1; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] WININET.dll!InternetSetFilePointer                                               75AE5A11 6 Bytes  PUSH 00801A50; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] WININET.dll!HttpSendRequestExA                                                   75AFA6DA 6 Bytes  PUSH 00801803; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] WININET.dll!HttpSendRequestExW                                                   75AFA733 6 Bytes  PUSH 00801766; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] WININET.dll!HttpEndRequestA                                                      75AFA7E2 6 Bytes  PUSH 008018A0; RET 
.text  C:\Windows\ehome\ehmsas.exe[4240] WININET.dll!HttpEndRequestW                                                      75AFA814 6 Bytes  PUSH 008018EB; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] ntdll.dll!LdrLoadDll + 1                               77329379 5 Bytes  [E1, 39, B3, 01, C3] {LOOPZ 0x3b; MOV BL, 0x1; RET }
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] ntdll.dll!NtCreateUserProcess                          77365674 6 Bytes  PUSH 01B338BC; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] KERNEL32.dll!GetFileAttributesExW                      77189C45 6 Bytes  PUSH 01B33C4A; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] KERNEL32.dll!ExitProcess                               771B43B4 6 Bytes  PUSH 01B33C09; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] ADVAPI32.dll!CreateProcessAsUserA                      759ACEB9 6 Bytes  PUSH 01B33CB0; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] ADVAPI32.dll!CreateProcessAsUserW                      759C1EE9 6 Bytes  PUSH 01B33CC7; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!RegisterClassExA                            770D61E1 6 Bytes  PUSH 01B36CF4; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!GetUpdateRgn                                770D85E4 6 Bytes  PUSH 01B3FAD5; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!GetMessagePos                               770D9071 6 Bytes  PUSH 01B2FE2F; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!GetCapture                                  770DA986 6 Bytes  PUSH 01B2FF8F; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!SwitchDesktop                               770DB8D2 6 Bytes  PUSH 01B368E6; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!OpenInputDesktop                            770DBCE6 6 Bytes  PUSH 01B36896; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!GetUpdateRect                               770DD3E0 6 Bytes  PUSH 01B3FA42; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!RegisterClassExW                            770DDA30 6 Bytes  PUSH 01B36CA2; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!DefWindowProcA                              770DDB88 6 Bytes  PUSH 01B3694A; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!RegisterClassA                              770DDF42 6 Bytes  PUSH 01B36C55; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!RegisterClassW                              770DE1AB 6 Bytes  PUSH 01B36C08; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!GetWindowDC                                 770E3BA7 6 Bytes  PUSH 01B3F9C3; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!DefDlgProcW                                 770E4A11 6 Bytes  PUSH 01B36990; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!GetDCEx                                     770E4D22 6 Bytes  PUSH 01B3F929; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!PeekMessageA                                770E8343 6 Bytes  PUSH 01B300A9; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!GetMessageA                                 770E8AB3 6 Bytes  PUSH 01B30056; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!GetDC                                       770E9C31 6 Bytes  PUSH 01B3F984; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!ReleaseDC                                   770E9CED 6 Bytes  PUSH 01B3FA02; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!EndPaint                                    770EA28F 6 Bytes  JMP 3A10568C 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!BeginPaint                                  770EA2A3 6 Bytes  PUSH 01B3F879; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!GetMessageW                                 770EFEF7 6 Bytes  PUSH 01B3002E; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!TranslateMessage                            770F01AD 6 Bytes  PUSH 01B3A41D; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!DefWindowProcW                              770F03B4 6 Bytes  PUSH 01B36904; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!PeekMessageW                                770F045A 6 Bytes  PUSH 01B3007E; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!CallWindowProcW                             770F095E 6 Bytes  PUSH 01B36B3A; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!GetCursorPos                                770F0B88 6 Bytes  PUSH 01B2FE61; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!DefDlgProcA                                 770F26B8 6 Bytes  PUSH 01B369D6; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!DefMDIChildProcA                            770FB031 6 Bytes  PUSH 01B36AF4; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!DefFrameProcA                               770FB24F 6 Bytes  PUSH 01B36A65; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!CallWindowProcA                             770FB73E 6 Bytes  PUSH 01B36B83; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!DefFrameProcW                               770FD1F9 6 Bytes  PUSH 01B36A1C; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!DefMDIChildProcW                            770FD4F6 6 Bytes  PUSH 01B36AAE; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!ReleaseCapture                              771030A2 6 Bytes  PUSH 01B2FF3F; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!SetCapture                                  771030AF 6 Bytes  PUSH 01B2FEE5; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!SetCursorPos                                77116FB2 6 Bytes  PUSH 01B2FEA8; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] USER32.dll!GetClipboardData                            7711715A 6 Bytes  PUSH 01B3A5CC; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] CRYPT32.dll!PFXImportCertStore                         7534989D 6 Bytes  PUSH 01B41D51; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] WS2_32.dll!closesocket                                 75CC330C 6 Bytes  PUSH 01B2F57B; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] WS2_32.dll!getaddrinfo                                 75CC418A 6 Bytes  PUSH 01B2F18C; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] WS2_32.dll!WSASend                                     75CC4496 6 Bytes  PUSH 01B2F5D4; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] WS2_32.dll!send                                        75CC659B 6 Bytes  PUSH 01B2F5B3; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] WS2_32.dll!gethostbyname                               75CD62D4 6 Bytes  PUSH 01B2F11C; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] WININET.dll!InternetReadFile                           75A8655B 6 Bytes  PUSH 01B419A3; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] WININET.dll!HttpQueryInfoA                             75A8879D 6 Bytes  PUSH 01B41AD6; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] WININET.dll!InternetCloseHandle                        75A89098 6 Bytes  PUSH 01B41936; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] WININET.dll!InternetQueryDataAvailable                 75A8BF93 6 Bytes  PUSH 01B41AAA; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] WININET.dll!HttpOpenRequestA                           75A8D518 6 Bytes  PUSH 01B41678; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] WININET.dll!HttpSendRequestW                           75A8FACE 6 Bytes  PUSH 01B416BC; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] WININET.dll!HttpOpenRequestW                           75A8FC0B 6 Bytes  PUSH 01B41634; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] WININET.dll!HttpSendRequestA                           75A9EEA1 6 Bytes  PUSH 01B41711; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] WININET.dll!InternetReadFileExA                        75AA3271 6 Bytes  PUSH 01B419D1; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] WININET.dll!InternetSetFilePointer                     75AE5A11 6 Bytes  PUSH 01B41A50; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] WININET.dll!HttpSendRequestExA                         75AFA6DA 6 Bytes  PUSH 01B41803; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] WININET.dll!HttpSendRequestExW                         75AFA733 6 Bytes  PUSH 01B41766; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] WININET.dll!HttpEndRequestA                            75AFA7E2 6 Bytes  PUSH 01B418A0; RET 
.text  C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[4660] WININET.dll!HttpEndRequestW                            75AFA814 6 Bytes  PUSH 01B418EB; RET 
.text  C:\Windows\system32\conime.exe[5592] ntdll.dll!LdrLoadDll + 1                                                      77329379 3 Bytes  [E1, 39, 04]
.text  C:\Windows\system32\conime.exe[5592] ntdll.dll!LdrLoadDll + 5                                                      7732937D 1 Byte  [C3]
.text  C:\Windows\system32\conime.exe[5592] ntdll.dll!NtCreateUserProcess                                                 77365674 4 Bytes  [68, BC, 38, 04]
.text  C:\Windows\system32\conime.exe[5592] ntdll.dll!NtCreateUserProcess + 5                                             77365679 1 Byte  [C3]
.text  C:\Windows\system32\conime.exe[5592] kernel32.dll!GetFileAttributesExW                                             77189C45 6 Bytes  PUSH 00043C4A; RET 
.text  C:\Windows\system32\conime.exe[5592] kernel32.dll!ExitProcess                                                      771B43B4 6 Bytes  PUSH 00043C09; RET 
.text  C:\Windows\system32\conime.exe[5592] ADVAPI32.dll!CreateProcessAsUserA                                             759ACEB9 6 Bytes  PUSH 00043CB0; RET 
.text  C:\Windows\system32\conime.exe[5592] ADVAPI32.dll!CreateProcessAsUserW                                             759C1EE9 6 Bytes  PUSH 00043CC7; RET 
.text  C:\Windows\system32\conime.exe[5592] USER32.dll!RegisterClassExA                                                   770D61E1 6 Bytes  PUSH 00046CF4; RET 
.text  C:\Windows\system32\conime.exe[5592] USER32.dll!GetUpdateRgn                                                       770D85E4 6 Bytes  PUSH 0004FAD5; RET 
.text  C:\Windows\system32\conime.exe[5592] USER32.dll!GetMessagePos                                                      770D9071 6 Bytes  PUSH 0003FE2F; RET 
.text  C:\Windows\system32\conime.exe[5592] USER32.dll!GetCapture                                                         770DA986 6 Bytes  PUSH 0003FF8F; RET 
.text  C:\Windows\system32\conime.exe[5592] USER32.dll!SwitchDesktop                                                      770DB8D2 6 Bytes  PUSH 000468E6; RET 
.text  C:\Windows\system32\conime.exe[5592] USER32.dll!OpenInputDesktop                                                   770DBCE6 4 Bytes  [68, 96, 68, 04]
.text  C:\Windows\system32\conime.exe[5592] USER32.dll!OpenInputDesktop + 5                                               770DBCEB 1 Byte  [C3]
.text  C:\Windows\system32\conime.exe[5592] USER32.dll!GetUpdateRect                                                      770DD3E0 6 Bytes  PUSH 0004FA42; RET 
.text  C:\Windows\system32\conime.exe[5592] USER32.dll!RegisterClassExW                                                   770DDA30 6 Bytes  PUSH 00046CA2; RET 
.text  C:\Windows\system32\conime.exe[5592] USER32.dll!DefWindowProcA                                                     770DDB88 6 Bytes  PUSH 0004694A; RET 
.text  C:\Windows\system32\conime.exe[5592] USER32.dll!RegisterClassA                                                     770DDF42 6 Bytes  PUSH 00046C55; RET 
.text  C:\Windows\system32\conime.exe[5592] USER32.dll!RegisterClassW                                                     770DE1AB 6 Bytes  PUSH 00046C08; RET 
.text  C:\Windows\system32\conime.exe[5592] USER32.dll!GetWindowDC                                                        770E3BA7 4 Bytes  [68, C3, F9, 04]
.text  C:\Windows\system32\conime.exe[5592] USER32.dll!GetWindowDC + 5                                                    770E3BAC 1 Byte  [C3]
.text  C:\Windows\system32\conime.exe[5592] USER32.dll!DefDlgProcW                                                        770E4A11 6 Bytes  PUSH 00046990; RET 
.text  C:\Windows\system32\conime.exe[5592] USER32.dll!GetDCEx                                                            770E4D22 4 Bytes  [68, 29, F9, 04]
.text  C:\Windows\system32\conime.exe[5592] USER32.dll!GetDCEx + 5                                                        770E4D27 1 Byte  [C3]
.text  C:\Windows\system32\conime.exe[5592] USER32.dll!PeekMessageA                                                       770E8343 6 Bytes  PUSH 000400A9; RET 
.text  C:\Windows\system32\conime.exe[5592] USER32.dll!GetMessageA                                                        770E8AB3 6 Bytes  PUSH 00040056; RET 
.text  C:\Windows\system32\conime.exe[5592] USER32.dll!GetDC                                                              770E9C31 4 Bytes  [68, 84, F9, 04]
.text  C:\Windows\system32\conime.exe[5592] USER32.dll!GetDC + 5                                                          770E9C36 1 Byte  [C3]
.text  C:\Windows\system32\conime.exe[5592] USER32.dll!ReleaseDC                                                          770E9CED 6 Bytes  PUSH 0004FA02; RET 
.text  C:\Windows\system32\conime.exe[5592] USER32.dll!EndPaint                                                           770EA28F 4 Bytes  JMP 3A0EA78C 
.text  C:\Windows\system32\conime.exe[5592] USER32.dll!EndPaint + 5                                                       770EA294 1 Byte  [C3]
.text  C:\Windows\system32\conime.exe[5592] USER32.dll!BeginPaint                                                         770EA2A3 4 Bytes  [68, 79, F8, 04]
.text  C:\Windows\system32\conime.exe[5592] USER32.dll!BeginPaint + 5                                                     770EA2A8 1 Byte  [C3]
.text  C:\Windows\system32\conime.exe[5592] USER32.dll!GetMessageW                                                        770EFEF7 6 Bytes  PUSH 0004002E; RET 
.text  C:\Windows\system32\conime.exe[5592] USER32.dll!TranslateMessage                                                   770F01AD 6 Bytes  PUSH 0004A41D; RET 
.text  C:\Windows\system32\conime.exe[5592] USER32.dll!DefWindowProcW                                                     770F03B4 6 Bytes  PUSH 00046904; RET 
.text  C:\Windows\system32\conime.exe[5592] USER32.dll!PeekMessageW                                                       770F045A 6 Bytes  PUSH 0004007E; RET 
.text  C:\Windows\system32\conime.exe[5592] USER32.dll!CallWindowProcW                                                    770F095E 6 Bytes  PUSH 00046B3A; RET 
.text  C:\Windows\system32\conime.exe[5592] USER32.dll!GetCursorPos                                                       770F0B88 6 Bytes  PUSH 0003FE61; RET 
.text  C:\Windows\system32\conime.exe[5592] USER32.dll!DefDlgProcA                                                        770F26B8 6 Bytes  PUSH 000469D6; RET 
.text  C:\Windows\system32\conime.exe[5592] USER32.dll!DefMDIChildProcA                                                   770FB031 6 Bytes  PUSH 00046AF4; RET 
.text  C:\Windows\system32\conime.exe[5592] USER32.dll!DefFrameProcA                                                      770FB24F 6 Bytes  PUSH 00046A65; RET 
.text  C:\Windows\system32\conime.exe[5592] USER32.dll!CallWindowProcA                                                    770FB73E 6 Bytes  PUSH 00046B83; RET 
.text  C:\Windows\system32\conime.exe[5592] USER32.dll!DefFrameProcW                                                      770FD1F9 6 Bytes  PUSH 00046A1C; RET 
.text  C:\Windows\system32\conime.exe[5592] USER32.dll!DefMDIChildProcW                                                   770FD4F6 6 Bytes  PUSH 00046AAE; RET 
.text  C:\Windows\system32\conime.exe[5592] USER32.dll!ReleaseCapture                                                     771030A2 6 Bytes  PUSH 0003FF3F; RET 
.text  C:\Windows\system32\conime.exe[5592] USER32.dll!SetCapture                                                         771030AF 4 Bytes  [68, E5, FE, 03]
.text  C:\Windows\system32\conime.exe[5592] USER32.dll!SetCapture + 5                                                     771030B4 1 Byte  [C3]
.text  C:\Windows\system32\conime.exe[5592] USER32.dll!SetCursorPos                                                       77116FB2 6 Bytes  PUSH 0003FEA8; RET 
.text  C:\Windows\system32\conime.exe[5592] USER32.dll!GetClipboardData                                                   7711715A 6 Bytes  PUSH 0004A5CC; RET 
.text  C:\Windows\system32\conime.exe[5592] WS2_32.dll!closesocket                                                        75CC330C 6 Bytes  PUSH 0003F57B; RET 
.text  C:\Windows\system32\conime.exe[5592] WS2_32.dll!getaddrinfo                                                        75CC418A 6 Bytes  PUSH 0003F18C; RET 
.text  C:\Windows\system32\conime.exe[5592] WS2_32.dll!WSASend                                                            75CC4496 6 Bytes  PUSH 0003F5D4; RET 
.text  C:\Windows\system32\conime.exe[5592] WS2_32.dll!send                                                               75CC659B 6 Bytes  PUSH 0003F5B3; RET 
.text  C:\Windows\system32\conime.exe[5592] WS2_32.dll!gethostbyname                                                      75CD62D4 6 Bytes  PUSH 0003F11C; RET 
.text  C:\Windows\system32\conime.exe[5592] CRYPT32.dll!PFXImportCertStore                                                7534989D 6 Bytes  PUSH 00051D51; RET 
.text  C:\Windows\system32\conime.exe[5592] WININET.dll!InternetReadFile                                                  75A8655B 6 Bytes  PUSH 000519A3; RET 
.text  C:\Windows\system32\conime.exe[5592] WININET.dll!HttpQueryInfoA                                                    75A8879D 6 Bytes  PUSH 00051AD6; RET 
.text  C:\Windows\system32\conime.exe[5592] WININET.dll!InternetCloseHandle                                               75A89098 6 Bytes  PUSH 00051936; RET 
.text  C:\Windows\system32\conime.exe[5592] WININET.dll!InternetQueryDataAvailable                                        75A8BF93 6 Bytes  PUSH 00051AAA; RET 
.text  C:\Windows\system32\conime.exe[5592] WININET.dll!HttpOpenRequestA                                                  75A8D518 6 Bytes  PUSH 00051678; RET 
.text  C:\Windows\system32\conime.exe[5592] WININET.dll!HttpSendRequestW                                                  75A8FACE 6 Bytes  PUSH 000516BC; RET 
.text  C:\Windows\system32\conime.exe[5592] WININET.dll!HttpOpenRequestW                                                  75A8FC0B 6 Bytes  PUSH 00051634; RET 
.text  C:\Windows\system32\conime.exe[5592] WININET.dll!HttpSendRequestA                                                  75A9EEA1 6 Bytes  PUSH 00051711; RET 
.text  C:\Windows\system32\conime.exe[5592] WININET.dll!InternetReadFileExA                                               75AA3271 6 Bytes  PUSH 000519D1; RET 
.text  C:\Windows\system32\conime.exe[5592] WININET.dll!InternetSetFilePointer                                            75AE5A11 6 Bytes  PUSH 00051A50; RET 
.text  C:\Windows\system32\conime.exe[5592] WININET.dll!HttpSendRequestExA                                                75AFA6DA 6 Bytes  PUSH 00051803; RET 
.text  C:\Windows\system32\conime.exe[5592] WININET.dll!HttpSendRequestExW                                                75AFA733 6 Bytes  PUSH 00051766; RET 
.text  C:\Windows\system32\conime.exe[5592] WININET.dll!HttpEndRequestA                                                   75AFA7E2 6 Bytes  PUSH 000518A0; RET 
.text  C:\Windows\system32\conime.exe[5592] WININET.dll!HttpEndRequestW                                                   75AFA814 6 Bytes  PUSH 000518EB; RET 

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00214fb4849e                                        
Reg    HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002433d141d5                                        
Reg    HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002433d141d5@00236ca08731                           0x70 0x6B 0xD5 0xF3 ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002433d141d5@2021a5623e0f                           0xB9 0xD2 0x81 0x92 ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002433d141d5@28cfdae9871d                           0xDA 0x85 0xF7 0x66 ...
Reg    HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00214fb4849e (not active ControlSet)                    
Reg    HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002433d141d5 (not active ControlSet)                    
Reg    HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002433d141d5@00236ca08731                               0x70 0x6B 0xD5 0xF3 ...
Reg    HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002433d141d5@2021a5623e0f                               0xB9 0xD2 0x81 0x92 ...
Reg    HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002433d141d5@28cfdae9871d                               0xDA 0x85 0xF7 0x66 ...

---- EOF - GMER 2.1 ----
         

Alt 07.05.2013, 22:04   #5
KlausKlaus
 
Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F  sowie  TR/Agent.385024.338 - Standard

Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F sowie TR/Agent.385024.338



Tut mir leid, ich komm nich mit diesem #code zeug nicht zurecht... deswegen die ganzen antworten, bitte sehts mir nach


Geändert von KlausKlaus (07.05.2013 um 22:11 Uhr)

Alt 10.05.2013, 23:07   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F  sowie  TR/Agent.385024.338 - Standard

Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F sowie TR/Agent.385024.338





Zitat:
- ADWARE/Rogue.218624
- TR/Agent.385024.338
- EXP/CVE-2013-2423.F
Diese 3 befinden sich immernoch im Quarantäne-Bereich von Avira Antivir.
Schön und wo sind die Logs dazu? Mit solchen unkonkreten Angaben kann dir niemand helfen!

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520


Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
--> Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F sowie TR/Agent.385024.338

Alt 11.05.2013, 13:31   #7
KlausKlaus
 
Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F  sowie  TR/Agent.385024.338 - Standard

Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F sowie TR/Agent.385024.338



Hallo cosinus!
Erstmal vielen Dank für deine Antwort.

Hier die logs von avira


Code:
ATTFilter
Exportierte Ereignisse:

07.05.2013 14:48 [System-Scanner] Malware gefunden
      Die Datei 
      'C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\17c4880c-5
      a445448'
      enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2013-2423.F' 
      [exploit].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5611566f.qua' 
      verschoben!

04.05.2013 13:10 [System-Scanner] Malware gefunden
      Die Datei 
      'C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\17c4880c-5
      a9a99c7'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Agent.385024.338' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '542c4141.qua' 
      verschoben!

04.05.2013 13:08 [Echtzeit-Scanner] Malware gefunden
      In der Datei 
      'C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\17c4880c-5
      a9a99c7'
      wurde ein Virus oder unerwünschtes Programm 'TR/Agent.385024.338' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

04.05.2013 13:08 [System-Scanner] Malware gefunden
      Die Datei 
      'C:\Users\Christian\AppData\Local\Temp\d2e87d90a31dc6c0e963d2438e1d292f\preinsta
      ller.exe'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Rogue.218624' [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54187ecd.qua' 
      verschoben!

04.05.2013 13:05 [Echtzeit-Scanner] Malware gefunden
      In der Datei 
      'C:\Users\Christian\AppData\Local\Temp\d2e87d90a31dc6c0e963d2438e1d292f\preinsta
      ller.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Rogue.218624' [adware] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern
         
lg KlausKlaus

Alt 12.05.2013, 20:36   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F  sowie  TR/Agent.385024.338 - Standard

Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F sowie TR/Agent.385024.338



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.05.2013, 22:47   #9
KlausKlaus
 
Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F  sowie  TR/Agent.385024.338 - Standard

Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F sowie TR/Agent.385024.338



Hey cosinus!

Hier der combofix-log:

Code:
ATTFilter
ComboFix 13-05-12.01 - Christian 12.05.2013  23:25:50.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3068.1578 [GMT 2:00]
ausgeführt von:: c:\users\Christian\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Christian\AppData\Roaming\Tagy
c:\users\Christian\AppData\Roaming\Tagy\qoer.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-12 bis 2013-05-12  ))))))))))))))))))))))))))))))
.
.
2013-05-12 21:35 . 2013-05-12 21:35	--------	d-----w-	c:\users\Christian\AppData\Local\temp
2013-05-12 21:35 . 2013-05-12 21:35	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-12 10:26 . 2013-05-12 10:26	60872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{84F3982D-550C-445B-A2F1-19E7F13A7470}\offreg.dll
2013-05-10 15:58 . 2013-04-10 03:08	6906960	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{84F3982D-550C-445B-A2F1-19E7F13A7470}\mpengine.dll
2013-05-05 11:34 . 2013-05-05 11:34	--------	d-----w-	c:\program files\Common Files\Java
2013-05-05 11:29 . 2013-04-04 03:35	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-05-02 14:32 . 2013-05-02 14:32	--------	d-----w-	c:\users\Christian\AppData\Roaming\Avira
2013-05-02 14:26 . 2013-05-02 14:16	37352	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-05-02 14:26 . 2013-05-02 14:16	135136	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-05-02 14:26 . 2013-05-02 14:26	--------	d-----w-	c:\programdata\Avira
2013-05-02 14:26 . 2013-05-02 14:26	--------	d-----w-	c:\program files\Avira
2013-04-30 07:15 . 2013-05-12 18:45	--------	d-----w-	c:\users\Christian\AppData\Roaming\Xoilq
2013-04-30 07:15 . 2013-04-30 07:15	--------	d-----w-	c:\users\Christian\AppData\Roaming\Rizur
2013-04-27 21:45 . 2013-04-27 21:45	--------	d-----w-	c:\program files\Common Files\Skype
2013-04-26 11:51 . 2013-05-12 10:07	--------	d-----w-	c:\users\Christian\AppData\Local\Spotify
2013-04-26 11:51 . 2013-05-12 13:11	--------	d-----w-	c:\users\Christian\AppData\Roaming\Spotify
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 14:16 . 2009-10-11 15:42	84744	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-05-02 00:06 . 2009-10-11 16:34	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-04-21 09:29 . 2012-06-26 09:00	691592	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-04-21 09:29 . 2011-09-17 18:02	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-11 13:25 . 2013-04-10 18:46	3603816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-03-11 13:25 . 2013-04-10 18:46	3551080	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-09 03:45 . 2013-04-10 18:46	49152	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-09 01:28 . 2013-04-10 18:46	64000	----a-w-	c:\windows\system32\smss.exe
2013-03-08 11:07 . 2012-06-26 09:07	861088	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-03-08 11:07 . 2010-05-26 10:26	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-03-08 03:53 . 2013-04-10 18:44	376320	----a-w-	c:\windows\system32\winsrv.dll
2013-03-08 03:52 . 2013-04-10 18:45	2067968	----a-w-	c:\windows\system32\mstscax.dll
2013-03-05 01:40 . 2013-04-10 18:44	2049024	----a-w-	c:\windows\system32\win32k.sys
2013-03-03 19:07 . 2013-04-10 18:47	1082232	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-03-01 12:23 . 2013-04-10 18:46	916480	----a-w-	c:\windows\system32\wininet.dll
2013-03-01 12:18 . 2013-04-10 18:46	43520	----a-w-	c:\windows\system32\licmgr10.dll
2013-03-01 12:17 . 2013-04-10 18:46	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2013-03-01 12:17 . 2013-04-10 18:46	71680	----a-w-	c:\windows\system32\iesetup.dll
2013-03-01 12:17 . 2013-04-10 18:46	109056	----a-w-	c:\windows\system32\iesysprep.dll
2013-03-01 10:37 . 2013-04-10 18:46	385024	----a-w-	c:\windows\system32\html.iec
2013-03-01 08:52 . 2013-04-10 18:46	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2013-03-01 08:50 . 2013-04-10 18:45	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2013-02-12 01:57 . 2013-03-20 19:17	15872	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-04-12 13:18 . 2013-04-12 13:18	263064	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06	163328	--sh--r-	c:\windows\System32\flvDX.dll
2007-02-21 11:47	31232	--sh--r-	c:\windows\System32\msfDX.dll
2008-03-16 13:30	216064	--sh--r-	c:\windows\System32\nbDX.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-12-21 274432]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"VMpTtray.exe"="c:\program files\sony\VAIO Media plus\VMpTtray.exe" [2009-01-20 99624]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
"Spotify Web Helper"="c:\users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-05-10 1105408]
"Spotify"="c:\users\Christian\AppData\Roaming\Spotify\Spotify.exe" [2013-05-10 4573184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-06 6703648]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-09-30 122880]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-07-24 30192]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2009-07-24 26112]
"AML"="c:\program files\Sony\VAIO Launcher\AML.exe" [2009-03-09 1101824]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-06 1833504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-14 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 345312]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
Product Registration.lnk - c:\users\Christian\AppData\Local\Temp\is-9PIJN.tmp\ATR1.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-1-24 780840]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-9-2 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-01-19 10:49	98304	----a-w-	c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-26 09:29]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/ig
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\6bykvql9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2009-09-02 13:08; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2013-01-03 21:39; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files\Common Files\DVDVideoSoft\plugins\ff
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-ICQ - c:\program files\ICQ6.5\ICQ.exe
HKCU-Run-Dywoyreven - c:\users\Christian\AppData\Roaming\Tagy\qoer.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Free Audio CD Burner_is1 - c:\program files\DVDVideoSoft\Free Audio CD Burner\unins000.exe
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-STANLY Track - c:\windows\system32\javaws.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-05-12 23:35
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
.
c:\users\CHRIST~1\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000042
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-05-12  23:38:04
ComboFix-quarantined-files.txt  2013-05-12 21:37
.
Vor Suchlauf: 15 Verzeichnis(se), 132.387.643.392 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 144.372.764.672 Bytes frei
.
- - End Of File - - 333C1073985825D4F727AE8B21D75695
         

LG KlausKlaus

Alt 12.05.2013, 22:54   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F  sowie  TR/Agent.385024.338 - Standard

Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F sowie TR/Agent.385024.338



Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.05.2013, 09:16   #11
KlausKlaus
 
Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F  sowie  TR/Agent.385024.338 - Standard

Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F sowie TR/Agent.385024.338



hey cosinus,

hier sind die logs


MBAR:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.12.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19412
Christian :: CHRISTIAN-VAIO [administrator]

13.05.2013 00:44:09
mbar-log-2013-05-13 (00-44-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 27860
Time elapsed: 35 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

aswMBR

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-13 01:29:10
-----------------------------
01:29:10.729    OS Version: Windows 6.0.6002 Service Pack 2
01:29:10.729    Number of processors: 2 586 0x170A
01:29:10.729    ComputerName: CHRISTIAN-VAIO  UserName: Christian
01:29:12.835    Initialize success
01:33:00.914    AVAST engine defs: 13051201
01:33:18.199    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
01:33:18.215    Disk 0 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 3
01:33:18.215    Disk 1  \Device\Harddisk1\DR1 -> \Device\00000065
01:33:18.215    Disk 1 Vendor: RICOH 01 Size: 305245MB BusType: 0
01:33:18.215    Disk 2  \Device\Harddisk2\DR2 -> \Device\00000066
01:33:18.230    Disk 2 Vendor: RICOH 02 Size: 305245MB BusType: 0
01:33:18.371    Disk 0 MBR read successfully
01:33:18.371    Disk 0 MBR scan
01:33:18.449    Disk 0 Windows XP default MBR code
01:33:18.449    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        13201 MB offset 63
01:33:18.480    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       292042 MB offset 27037395
01:33:18.527    Disk 0 scanning sectors +625140400
01:33:18.808    Disk 0 scanning C:\Windows\system32\drivers
01:33:35.125    Service scanning
01:34:15.451    Modules scanning
01:34:40.505    Disk 0 trace - called modules:
01:34:40.536    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys 
01:34:40.536    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87884728]
01:34:40.552    3 CLASSPNP.SYS[8bda98b3] -> nt!IofCallDriver -> [0x872da148]
01:34:40.552    5 acpi.sys[806a06bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x872dd028]
01:34:42.658    AVAST engine scan C:\Windows
01:34:53.890    AVAST engine scan C:\Windows\system32
01:41:52.235    AVAST engine scan C:\Windows\system32\drivers
01:42:36.055    AVAST engine scan C:\Users\Christian
03:08:40.451    AVAST engine scan C:\ProgramData
03:25:02.908    Scan finished successfully
09:49:02.952    Disk 0 MBR has been saved successfully to "C:\Users\Christian\Desktop\MBR.dat"
09:49:02.968    The log file has been saved successfully to "C:\Users\Christian\Desktop\aswMBR.txt"
         

TDSS-Killer:

Code:
ATTFilter
09:58:18.0906 7936  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:58:19.0514 7936  ============================================================
09:58:19.0514 7936  Current date / time: 2013/05/13 09:58:19.0514
09:58:19.0514 7936  SystemInfo:
09:58:19.0514 7936  
09:58:19.0514 7936  OS Version: 6.0.6002 ServicePack: 2.0
09:58:19.0514 7936  Product type: Workstation
09:58:19.0514 7936  ComputerName: CHRISTIAN-VAIO
09:58:19.0514 7936  UserName: Christian
09:58:19.0514 7936  Windows directory: C:\Windows
09:58:19.0514 7936  System windows directory: C:\Windows
09:58:19.0514 7936  Processor architecture: Intel x86
09:58:19.0514 7936  Number of processors: 2
09:58:19.0530 7936  Page size: 0x1000
09:58:19.0530 7936  Boot type: Normal boot
09:58:19.0530 7936  ============================================================
09:58:20.0684 7936  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:58:20.0684 7936  ============================================================
09:58:20.0684 7936  \Device\Harddisk0\DR0:
09:58:20.0684 7936  MBR partitions:
09:58:20.0684 7936  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x19C8ED3, BlocksNum 0x23A653DD
09:58:20.0684 7936  ============================================================
09:58:20.0731 7936  C: <-> \Device\Harddisk0\DR0\Partition1
09:58:20.0731 7936  ============================================================
09:58:20.0731 7936  Initialize success
09:58:20.0731 7936  ============================================================
09:58:33.0102 3888  ============================================================
09:58:33.0102 3888  Scan started
09:58:33.0102 3888  Mode: Manual; SigCheck; TDLFS; 
09:58:33.0102 3888  ============================================================
09:58:33.0757 3888  ================ Scan system memory ========================
09:58:33.0773 3888  System memory - ok
09:58:33.0773 3888  ================ Scan services =============================
09:58:34.0163 3888  [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
09:58:38.0890 3888  ABBYY.Licensing.FineReader.Sprint.9.0 - ok
09:58:39.0046 3888  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
09:58:39.0576 3888  ACDaemon - ok
09:58:39.0872 3888  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
09:58:39.0919 3888  ACPI - ok
09:58:40.0013 3888  [ 6D9FC1E7EA3C548F4D3455F0C3FEEF8C ] AdobeActiveFileMonitor7.0 C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
09:58:40.0060 3888  AdobeActiveFileMonitor7.0 - ok
09:58:40.0184 3888  [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:58:40.0231 3888  AdobeFlashPlayerUpdateSvc - ok
09:58:40.0309 3888  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
09:58:40.0356 3888  adp94xx - ok
09:58:40.0387 3888  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
09:58:40.0434 3888  adpahci - ok
09:58:40.0450 3888  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
09:58:40.0496 3888  adpu160m - ok
09:58:40.0512 3888  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
09:58:40.0543 3888  adpu320 - ok
09:58:40.0606 3888  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
09:58:40.0808 3888  AeLookupSvc - ok
09:58:40.0902 3888  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
09:58:41.0011 3888  AFD - ok
09:58:41.0074 3888  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
09:58:41.0105 3888  agp440 - ok
09:58:41.0120 3888  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
09:58:41.0152 3888  aic78xx - ok
09:58:41.0198 3888  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
09:58:41.0339 3888  ALG - ok
09:58:41.0370 3888  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
09:58:41.0401 3888  aliide - ok
09:58:41.0448 3888  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
09:58:41.0479 3888  amdagp - ok
09:58:41.0495 3888  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
09:58:41.0526 3888  amdide - ok
09:58:41.0542 3888  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
09:58:41.0588 3888  AmdK7 - ok
09:58:41.0620 3888  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
09:58:41.0682 3888  AmdK8 - ok
09:58:41.0776 3888  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
09:58:41.0807 3888  AntiVirSchedulerService - ok
09:58:41.0900 3888  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
09:58:41.0932 3888  AntiVirService - ok
09:58:41.0994 3888  [ 9325E49D555D8F12CE1735227DBB3D80 ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
09:58:42.0072 3888  ApfiltrService - ok
09:58:42.0150 3888  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
09:58:42.0228 3888  Appinfo - ok
09:58:42.0306 3888  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
09:58:42.0353 3888  arc - ok
09:58:42.0415 3888  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
09:58:42.0446 3888  arcsas - ok
09:58:42.0524 3888  [ 857B48965A0503B7AB795D4BFE7CBD8B ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
09:58:42.0540 3888  ArcSoftKsUFilter - ok
09:58:42.0618 3888  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
09:58:42.0774 3888  AsyncMac - ok
09:58:42.0790 3888  [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi           C:\Windows\system32\drivers\atapi.sys
09:58:42.0821 3888  atapi - ok
09:58:42.0899 3888  [ 23344711BF51590B9322CC3AD9681671 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
09:58:43.0039 3888  Ati External Event Utility - ok
09:58:43.0304 3888  [ 71C98AFEF4BF7A5BB54CBAADDB5D7972 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
09:58:43.0616 3888  atikmdag - ok
09:58:43.0694 3888  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:58:43.0804 3888  AudioEndpointBuilder - ok
09:58:43.0819 3888  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
09:58:43.0850 3888  Audiosrv - ok
09:58:43.0913 3888  [ 87425709A251386064C99B684BF96F72 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
09:58:43.0944 3888  avgntflt - ok
09:58:43.0960 3888  [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
09:58:44.0006 3888  avipbb - ok
09:58:44.0038 3888  [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
09:58:44.0069 3888  avkmgr - ok
09:58:44.0147 3888  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
09:58:44.0272 3888  Beep - ok
09:58:44.0381 3888  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
09:58:44.0880 3888  BFE - ok
09:58:45.0005 3888  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\system32\qmgr.dll
09:58:45.0192 3888  BITS - ok
09:58:45.0239 3888  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
09:58:45.0364 3888  blbdrive - ok
09:58:45.0410 3888  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
09:58:45.0551 3888  bowser - ok
09:58:45.0613 3888  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
09:58:45.0722 3888  BrFiltLo - ok
09:58:45.0738 3888  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
09:58:45.0785 3888  BrFiltUp - ok
09:58:45.0816 3888  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
09:58:45.0925 3888  Browser - ok
09:58:46.0003 3888  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
09:58:46.0222 3888  Brserid - ok
09:58:46.0253 3888  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
09:58:46.0378 3888  BrSerWdm - ok
09:58:46.0440 3888  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
09:58:46.0580 3888  BrUsbMdm - ok
09:58:46.0690 3888  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
09:58:46.0799 3888  BrUsbSer - ok
09:58:46.0861 3888  [ 6D39C954799B63BA866910234CF7D726 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
09:58:46.0939 3888  BthEnum - ok
09:58:47.0017 3888  [ 9A966A8E86D1771911AE34A20D11BFF3 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
09:58:47.0111 3888  BTHMODEM - ok
09:58:47.0126 3888  [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
09:58:47.0267 3888  BthPan - ok
09:58:47.0360 3888  [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
09:58:47.0563 3888  BTHPORT - ok
09:58:47.0626 3888  [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ         C:\Windows\System32\bthserv.dll
09:58:47.0750 3888  BthServ - ok
09:58:47.0797 3888  [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
09:58:47.0844 3888  BTHUSB - ok
09:58:47.0906 3888  [ 6E41621E03D91167CEAE555CE2B468B8 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
09:58:47.0953 3888  btwaudio - ok
09:58:48.0000 3888  [ 7E67B295081B33EA22C0FB04798B306C ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
09:58:48.0031 3888  btwavdt - ok
09:58:48.0140 3888  [ 2C50A18375EF2571F09D9DAF83192762 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
09:58:48.0265 3888  btwdins - ok
09:58:48.0296 3888  [ 54C2EE0A3CEC586629035D771AACAE67 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
09:58:48.0328 3888  btwl2cap - ok
09:58:48.0343 3888  [ 4B4F992EE709C40EFD33BA4D2BAFA402 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
09:58:48.0374 3888  btwrchid - ok
09:58:48.0499 3888  catchme - ok
09:58:48.0577 3888  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
09:58:48.0702 3888  cdfs - ok
09:58:48.0764 3888  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
09:58:48.0842 3888  cdrom - ok
09:58:48.0905 3888  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
09:58:48.0983 3888  CertPropSvc - ok
09:58:49.0014 3888  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
09:58:49.0123 3888  circlass - ok
09:58:49.0201 3888  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
09:58:49.0232 3888  CLFS - ok
09:58:49.0388 3888  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:58:49.0420 3888  clr_optimization_v2.0.50727_32 - ok
09:58:49.0576 3888  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:58:49.0747 3888  clr_optimization_v4.0.30319_32 - ok
09:58:49.0810 3888  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
09:58:49.0950 3888  CmBatt - ok
09:58:50.0028 3888  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
09:58:50.0059 3888  cmdide - ok
09:58:50.0075 3888  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
09:58:50.0106 3888  Compbatt - ok
09:58:50.0137 3888  COMSysApp - ok
09:58:50.0153 3888  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
09:58:50.0184 3888  crcdisk - ok
09:58:50.0215 3888  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
09:58:50.0278 3888  Crusoe - ok
09:58:50.0356 3888  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
09:58:50.0418 3888  CryptSvc - ok
09:58:50.0558 3888  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
09:58:50.0730 3888  DcomLaunch - ok
09:58:50.0839 3888  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
09:58:50.0933 3888  DfsC - ok
09:58:51.0214 3888  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
09:58:51.0432 3888  DFSR - ok
09:58:51.0526 3888  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
09:58:51.0666 3888  Dhcp - ok
09:58:51.0728 3888  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
09:58:51.0760 3888  disk - ok
09:58:51.0822 3888  [ F206E28ED74C491FD5D7C0A1119CE37F ] DMICall         C:\Windows\system32\DRIVERS\DMICall.sys
09:58:51.0853 3888  DMICall - ok
09:58:51.0947 3888  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
09:58:52.0087 3888  Dnscache - ok
09:58:52.0150 3888  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
09:58:52.0274 3888  dot3svc - ok
09:58:52.0352 3888  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
09:58:52.0493 3888  DPS - ok
09:58:52.0586 3888  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
09:58:52.0696 3888  drmkaud - ok
09:58:52.0836 3888  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
09:58:53.0086 3888  DXGKrnl - ok
09:58:53.0242 3888  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
09:58:53.0382 3888  E1G60 - ok
09:58:53.0444 3888  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
09:58:53.0554 3888  EapHost - ok
09:58:53.0632 3888  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
09:58:53.0678 3888  Ecache - ok
09:58:53.0725 3888  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
09:58:53.0912 3888  ehRecvr - ok
09:58:53.0944 3888  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
09:58:53.0990 3888  ehSched - ok
09:58:54.0068 3888  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
09:58:54.0131 3888  ehstart - ok
09:58:54.0256 3888  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
09:58:54.0380 3888  elxstor - ok
09:58:54.0490 3888  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
09:58:54.0630 3888  EMDMgmt - ok
09:58:54.0677 3888  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
09:58:54.0802 3888  ErrDev - ok
09:58:54.0895 3888  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
09:58:54.0989 3888  EventSystem - ok
09:58:55.0114 3888  [ 791464A9E9ADE063327A29F1B3F1A86C ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
09:58:55.0207 3888  EvtEng - ok
09:58:55.0238 3888  ewusbnet - ok
09:58:55.0316 3888  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
09:58:55.0441 3888  exfat - ok
09:58:55.0519 3888  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
09:58:55.0613 3888  fastfat - ok
09:58:55.0691 3888  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
09:58:55.0816 3888  fdc - ok
09:58:55.0878 3888  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
09:58:55.0940 3888  fdPHost - ok
09:58:55.0956 3888  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
09:58:56.0159 3888  FDResPub - ok
09:58:56.0237 3888  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
09:58:56.0268 3888  FileInfo - ok
09:58:56.0315 3888  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
09:58:56.0455 3888  Filetrace - ok
09:58:56.0533 3888  [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:58:56.0674 3888  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
09:58:56.0674 3888  FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
09:58:56.0736 3888  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
09:58:56.0861 3888  flpydisk - ok
09:58:56.0939 3888  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
09:58:56.0970 3888  FltMgr - ok
09:58:57.0095 3888  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
09:58:57.0251 3888  FontCache - ok
09:58:57.0344 3888  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:58:57.0438 3888  FontCache3.0.0.0 - ok
09:58:57.0500 3888  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
09:58:57.0563 3888  Fs_Rec - ok
09:58:57.0641 3888  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
09:58:57.0672 3888  gagp30kx - ok
09:58:57.0766 3888  [ 9E37E0C528E1E3A79E215B6A4EEA2143 ] GoogleDesktopManager-092308-165331 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
09:58:57.0922 3888  GoogleDesktopManager-092308-165331 - ok
09:58:58.0015 3888  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
09:58:58.0171 3888  gpsvc - ok
09:58:58.0234 3888  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:58:58.0483 3888  HdAudAddService - ok
09:58:58.0561 3888  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
09:58:58.0655 3888  HDAudBus - ok
09:58:58.0717 3888  [ FCB3F4BE408F72C1BD81BCABA87FC22F ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
09:58:58.0780 3888  HidBth - ok
09:58:58.0811 3888  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
09:58:58.0982 3888  HidIr - ok
09:58:59.0060 3888  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\System32\hidserv.dll
09:58:59.0107 3888  hidserv - ok
09:58:59.0138 3888  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
09:58:59.0185 3888  HidUsb - ok
09:58:59.0263 3888  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
09:58:59.0404 3888  hkmsvc - ok
09:58:59.0466 3888  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
09:58:59.0497 3888  HpCISSs - ok
09:58:59.0560 3888  [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL        C:\Windows\system32\DRIVERS\VSTAZL3.SYS
09:58:59.0638 3888  HSFHWAZL - ok
09:58:59.0716 3888  [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV         C:\Windows\system32\DRIVERS\HSX_DPV.sys
09:58:59.0903 3888  HSF_DPV - ok
09:58:59.0996 3888  [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
09:59:00.0028 3888  HSXHWAZL - ok
09:59:00.0152 3888  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
09:59:00.0262 3888  HTTP - ok
09:59:00.0308 3888  hwdatacard - ok
09:59:00.0324 3888  hwusbdev - ok
09:59:00.0371 3888  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
09:59:00.0402 3888  i2omp - ok
09:59:00.0464 3888  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
09:59:00.0542 3888  i8042prt - ok
09:59:00.0620 3888  [ DB0CC620B27A928D968C1A1E9CD9CB87 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
09:59:00.0761 3888  iaStor - ok
09:59:00.0854 3888  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
09:59:00.0886 3888  iaStorV - ok
09:59:01.0073 3888  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:59:01.0166 3888  idsvc - ok
09:59:01.0198 3888  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
09:59:01.0276 3888  iirsp - ok
09:59:01.0385 3888  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
09:59:01.0541 3888  IKEEXT - ok
09:59:01.0712 3888  [ 3AA1F82EFA2B0454AF163124C9920D16 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
09:59:01.0946 3888  IntcAzAudAddService - ok
09:59:02.0040 3888  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
09:59:02.0071 3888  intelide - ok
09:59:02.0087 3888  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
09:59:02.0227 3888  intelppm - ok
09:59:02.0305 3888  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
09:59:02.0461 3888  IPBusEnum - ok
09:59:02.0524 3888  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:59:02.0602 3888  IpFilterDriver - ok
09:59:02.0664 3888  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
09:59:02.0758 3888  iphlpsvc - ok
09:59:02.0820 3888  IpInIp - ok
09:59:02.0867 3888  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
09:59:03.0007 3888  IPMIDRV - ok
09:59:03.0054 3888  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
09:59:03.0101 3888  IPNAT - ok
09:59:03.0179 3888  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
09:59:03.0226 3888  IRENUM - ok
09:59:03.0288 3888  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
09:59:03.0335 3888  isapnp - ok
09:59:03.0366 3888  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
09:59:03.0397 3888  iScsiPrt - ok
09:59:03.0444 3888  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
09:59:03.0475 3888  iteatapi - ok
09:59:03.0491 3888  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
09:59:03.0522 3888  iteraid - ok
09:59:03.0584 3888  [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr       C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
09:59:03.0616 3888  IviRegMgr - ok
09:59:03.0662 3888  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
09:59:03.0678 3888  kbdclass - ok
09:59:03.0740 3888  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
09:59:03.0850 3888  kbdhid - ok
09:59:03.0928 3888  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
09:59:04.0006 3888  KeyIso - ok
09:59:04.0115 3888  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
09:59:04.0224 3888  KSecDD - ok
09:59:04.0318 3888  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
09:59:04.0458 3888  KtmRm - ok
09:59:04.0536 3888  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\System32\srvsvc.dll
09:59:04.0630 3888  LanmanServer - ok
09:59:04.0723 3888  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:59:04.0817 3888  LanmanWorkstation - ok
09:59:04.0910 3888  [ 3AF6B73A3AD1FC37C5933441F66CEB91 ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
09:59:05.0035 3888  LBTServ - ok
09:59:05.0098 3888  [ 7F9C7B28CF1C859E1C42619EEA946DC8 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
09:59:05.0113 3888  LHidFilt - ok
09:59:05.0176 3888  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
09:59:05.0300 3888  lltdio - ok
09:59:05.0363 3888  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
09:59:05.0534 3888  lltdsvc - ok
09:59:05.0597 3888  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
09:59:05.0800 3888  lmhosts - ok
09:59:05.0862 3888  [ AB33792A87285344F43B5CE23421BAB0 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
09:59:05.0956 3888  LMouFilt - ok
09:59:06.0018 3888  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
09:59:06.0065 3888  LSI_FC - ok
09:59:06.0127 3888  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
09:59:06.0158 3888  LSI_SAS - ok
09:59:06.0221 3888  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
09:59:06.0252 3888  LSI_SCSI - ok
09:59:06.0268 3888  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
09:59:06.0392 3888  luafv - ok
09:59:06.0455 3888  lxcg_device - ok
09:59:06.0502 3888  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
09:59:06.0611 3888  Mcx2Svc - ok
09:59:06.0673 3888  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
09:59:06.0720 3888  mdmxsdk - ok
09:59:06.0782 3888  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
09:59:06.0814 3888  megasas - ok
09:59:06.0845 3888  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
09:59:06.0923 3888  MegaSR - ok
09:59:06.0985 3888  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
09:59:07.0141 3888  MMCSS - ok
09:59:07.0204 3888  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
09:59:07.0250 3888  Modem - ok
09:59:07.0313 3888  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
09:59:07.0375 3888  monitor - ok
09:59:07.0422 3888  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
09:59:07.0500 3888  mouclass - ok
09:59:07.0516 3888  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
09:59:07.0640 3888  mouhid - ok
09:59:07.0718 3888  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
09:59:07.0750 3888  MountMgr - ok
09:59:07.0843 3888  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:59:07.0937 3888  MozillaMaintenance - ok
09:59:08.0030 3888  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
09:59:08.0124 3888  mpio - ok
09:59:08.0140 3888  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
09:59:08.0342 3888  mpsdrv - ok
09:59:08.0498 3888  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
09:59:08.0795 3888  MpsSvc - ok
09:59:08.0935 3888  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
09:59:08.0982 3888  Mraid35x - ok
09:59:09.0076 3888  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
09:59:09.0185 3888  MRxDAV - ok
09:59:09.0310 3888  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
09:59:09.0403 3888  mrxsmb - ok
09:59:09.0466 3888  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:59:09.0528 3888  mrxsmb10 - ok
09:59:09.0606 3888  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:59:09.0653 3888  mrxsmb20 - ok
09:59:09.0715 3888  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
09:59:09.0762 3888  msahci - ok
09:59:09.0856 3888  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
09:59:09.0902 3888  msdsm - ok
09:59:09.0965 3888  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
09:59:10.0152 3888  MSDTC - ok
09:59:10.0246 3888  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
09:59:10.0308 3888  Msfs - ok
09:59:10.0370 3888  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
09:59:10.0402 3888  msisadrv - ok
09:59:10.0433 3888  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
09:59:10.0511 3888  MSiSCSI - ok
09:59:10.0526 3888  msiserver - ok
09:59:10.0573 3888  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
09:59:10.0636 3888  MSKSSRV - ok
09:59:10.0682 3888  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
09:59:10.0729 3888  MSPCLOCK - ok
09:59:10.0760 3888  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
09:59:10.0807 3888  MSPQM - ok
09:59:10.0854 3888  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
09:59:10.0885 3888  MsRPC - ok
09:59:10.0901 3888  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
09:59:10.0916 3888  mssmbios - ok
09:59:10.0963 3888  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
09:59:10.0994 3888  MSTEE - ok
09:59:11.0041 3888  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
09:59:11.0072 3888  Mup - ok
09:59:11.0150 3888  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
09:59:11.0275 3888  napagent - ok
09:59:11.0369 3888  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
09:59:11.0447 3888  NativeWifiP - ok
09:59:11.0509 3888  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
09:59:11.0634 3888  NDIS - ok
09:59:11.0681 3888  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
09:59:11.0759 3888  NdisTapi - ok
09:59:11.0774 3888  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
09:59:11.0884 3888  Ndisuio - ok
09:59:11.0915 3888  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
09:59:11.0977 3888  NdisWan - ok
09:59:12.0024 3888  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
09:59:12.0211 3888  NDProxy - ok
09:59:12.0227 3888  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
09:59:12.0461 3888  NetBIOS - ok
09:59:12.0508 3888  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
09:59:12.0632 3888  netbt - ok
09:59:12.0648 3888  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
09:59:12.0695 3888  Netlogon - ok
09:59:12.0757 3888  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
09:59:12.0882 3888  Netman - ok
09:59:12.0929 3888  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
09:59:13.0007 3888  netprofm - ok
09:59:13.0069 3888  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:59:13.0147 3888  NetTcpPortSharing - ok
09:59:13.0475 3888  [ F0C42E0CDCE558D658FA53A222B4CCB1 ] NETw5v32        C:\Windows\system32\DRIVERS\NETw5v32.sys
09:59:13.0865 3888  NETw5v32 - ok
09:59:13.0927 3888  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
09:59:13.0958 3888  nfrd960 - ok
09:59:13.0990 3888  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
09:59:14.0130 3888  NlaSvc - ok
09:59:14.0208 3888  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
09:59:14.0317 3888  Npfs - ok
09:59:14.0380 3888  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
09:59:14.0442 3888  nsi - ok
09:59:14.0489 3888  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
09:59:14.0551 3888  nsiproxy - ok
09:59:14.0660 3888  [ 276BFF84AD77DD23E1085E191F5A591F ] NSUService      C:\Program Files\sony\Network Utility\NSUService.exe
09:59:14.0723 3888  NSUService ( UnsignedFile.Multi.Generic ) - warning
09:59:14.0723 3888  NSUService - detected UnsignedFile.Multi.Generic (1)
09:59:14.0910 3888  [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
09:59:15.0004 3888  Ntfs - ok
09:59:15.0050 3888  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
09:59:15.0284 3888  ntrigdigi - ok
09:59:15.0331 3888  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
09:59:15.0440 3888  Null - ok
09:59:15.0518 3888  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
09:59:15.0550 3888  nvraid - ok
09:59:15.0565 3888  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
09:59:15.0596 3888  nvstor - ok
09:59:15.0659 3888  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
09:59:15.0706 3888  nv_agp - ok
09:59:15.0768 3888  NwlnkFlt - ok
09:59:15.0768 3888  NwlnkFwd - ok
09:59:15.0924 3888  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:59:15.0986 3888  odserv - ok
09:59:16.0033 3888  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
09:59:16.0158 3888  ohci1394 - ok
09:59:16.0236 3888  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:59:16.0298 3888  ose - ok
09:59:16.0423 3888  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
09:59:16.0564 3888  p2pimsvc - ok
09:59:16.0610 3888  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
09:59:16.0657 3888  p2psvc - ok
09:59:16.0751 3888  [ 5D43D0BA9E0C2F8782077F660DFE916F ] PACSPTISVR      C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
09:59:16.0813 3888  PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning
09:59:16.0813 3888  PACSPTISVR - detected UnsignedFile.Multi.Generic (1)
09:59:16.0891 3888  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
09:59:17.0078 3888  Parport - ok
09:59:17.0156 3888  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
09:59:17.0219 3888  partmgr - ok
09:59:17.0266 3888  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
09:59:17.0515 3888  Parvdm - ok
09:59:17.0593 3888  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
09:59:17.0656 3888  PcaSvc - ok
09:59:17.0718 3888  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
09:59:17.0780 3888  pci - ok
09:59:17.0843 3888  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
09:59:17.0874 3888  pciide - ok
09:59:17.0921 3888  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
09:59:17.0983 3888  pcmcia - ok
09:59:18.0061 3888  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
09:59:18.0342 3888  PEAUTH - ok
09:59:18.0576 3888  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
09:59:18.0779 3888  pla - ok
09:59:18.0888 3888  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
09:59:18.0950 3888  PlugPlay - ok
09:59:19.0013 3888  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
09:59:19.0091 3888  PNRPAutoReg - ok
09:59:19.0169 3888  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
09:59:19.0200 3888  PNRPsvc - ok
09:59:19.0278 3888  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
09:59:19.0450 3888  PolicyAgent - ok
09:59:19.0543 3888  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
09:59:19.0715 3888  PptpMiniport - ok
09:59:19.0777 3888  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
09:59:19.0886 3888  Processor - ok
09:59:19.0980 3888  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
09:59:20.0089 3888  ProfSvc - ok
09:59:20.0136 3888  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
09:59:20.0167 3888  ProtectedStorage - ok
09:59:20.0198 3888  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
09:59:20.0245 3888  PSched - ok
09:59:20.0323 3888  [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
09:59:20.0417 3888  PxHelp20 - ok
09:59:20.0620 3888  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
09:59:20.0698 3888  ql2300 - ok
09:59:20.0729 3888  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
09:59:20.0760 3888  ql40xx - ok
09:59:20.0838 3888  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
09:59:20.0916 3888  QWAVE - ok
09:59:20.0947 3888  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
09:59:20.0978 3888  QWAVEdrv - ok
09:59:20.0994 3888  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
09:59:21.0119 3888  RasAcd - ok
09:59:21.0181 3888  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
09:59:21.0259 3888  RasAuto - ok
09:59:21.0275 3888  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
09:59:21.0446 3888  Rasl2tp - ok
09:59:21.0556 3888  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
09:59:21.0665 3888  RasMan - ok
09:59:21.0696 3888  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
09:59:21.0743 3888  RasPppoe - ok
09:59:21.0821 3888  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
09:59:21.0946 3888  RasSstp - ok
09:59:22.0008 3888  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
09:59:22.0102 3888  rdbss - ok
09:59:22.0133 3888  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
09:59:22.0258 3888  RDPCDD - ok
09:59:22.0351 3888  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
09:59:22.0570 3888  rdpdr - ok
09:59:22.0632 3888  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
09:59:22.0710 3888  RDPENCDD - ok
09:59:22.0819 3888  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
09:59:22.0944 3888  RDPWD - ok
09:59:22.0991 3888  [ 001B4278407F4303EFC902A2B16F2453 ] regi            C:\Windows\system32\drivers\regi.sys
09:59:23.0022 3888  regi - ok
09:59:23.0116 3888  [ 636AAFAD77BEABE192D01E7E74F4A45B ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
09:59:23.0178 3888  RegSrvc - ok
09:59:23.0240 3888  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
09:59:23.0365 3888  RemoteAccess - ok
09:59:23.0428 3888  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
09:59:23.0584 3888  RemoteRegistry - ok
09:59:23.0646 3888  [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
09:59:23.0708 3888  RFCOMM - ok
09:59:23.0771 3888  [ F7D9ECF41EBD3CF6C65944368150F66B ] rimsptsk        C:\Windows\system32\DRIVERS\rimsptsk.sys
09:59:23.0833 3888  rimsptsk - ok
09:59:23.0849 3888  [ 1BE6C42767A7C67BA31AE32B293B37A3 ] risdptsk        C:\Windows\system32\DRIVERS\risdptsk.sys
09:59:23.0942 3888  risdptsk - ok
09:59:24.0020 3888  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
09:59:24.0083 3888  RpcLocator - ok
09:59:24.0161 3888  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
09:59:24.0254 3888  RpcSs - ok
09:59:24.0317 3888  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
09:59:24.0457 3888  rspndr - ok
09:59:24.0535 3888  [ 4A8393F03CB2F40E08126D83916C5633 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys
09:59:24.0582 3888  RTHDMIAzAudService - ok
09:59:24.0660 3888  [ 4B3795EBECAE570DEF38BA7924C2A3DC ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
09:59:24.0691 3888  RtkAudioService - ok
09:59:24.0707 3888  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
09:59:24.0832 3888  SamSs - ok
09:59:24.0894 3888  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
09:59:24.0941 3888  sbp2port - ok
09:59:25.0003 3888  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
09:59:25.0081 3888  SCardSvr - ok
09:59:25.0206 3888  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
09:59:25.0346 3888  Schedule - ok
09:59:25.0362 3888  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
09:59:25.0393 3888  SCPolicySvc - ok
09:59:25.0487 3888  [ 126EA89BCC413EE45E3004FB0764888F ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
09:59:25.0627 3888  sdbus - ok
09:59:25.0705 3888  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
09:59:25.0783 3888  SDRSVC - ok
09:59:25.0846 3888  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
09:59:26.0048 3888  secdrv - ok
09:59:26.0158 3888  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
09:59:26.0360 3888  seclogon - ok
09:59:26.0423 3888  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\system32\sens.dll
09:59:26.0641 3888  SENS - ok
09:59:26.0719 3888  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
09:59:26.0906 3888  Serenum - ok
09:59:26.0984 3888  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
09:59:27.0140 3888  Serial - ok
09:59:27.0187 3888  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
09:59:27.0296 3888  sermouse - ok
09:59:27.0390 3888  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
09:59:27.0452 3888  SessionEnv - ok
09:59:27.0546 3888  [ 8B7C1768D2CDE2E02E09A66563DDFD16 ] SFEP            C:\Windows\system32\DRIVERS\SFEP.sys
09:59:27.0640 3888  SFEP - ok
09:59:27.0686 3888  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
09:59:27.0764 3888  sffdisk - ok
09:59:27.0796 3888  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
09:59:27.0842 3888  sffp_mmc - ok
09:59:27.0874 3888  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
09:59:27.0920 3888  sffp_sd - ok
09:59:27.0967 3888  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
09:59:28.0170 3888  sfloppy - ok
09:59:28.0264 3888  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
09:59:28.0404 3888  SharedAccess - ok
09:59:28.0498 3888  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:59:28.0591 3888  ShellHWDetection - ok
09:59:28.0669 3888  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
09:59:28.0700 3888  sisagp - ok
09:59:28.0747 3888  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
09:59:28.0778 3888  SiSRaid2 - ok
09:59:28.0810 3888  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
09:59:28.0841 3888  SiSRaid4 - ok
09:59:28.0966 3888  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
09:59:29.0075 3888  SkypeUpdate - ok
09:59:29.0496 3888  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
09:59:29.0839 3888  slsvc - ok
09:59:29.0933 3888  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
09:59:29.0980 3888  SLUINotify - ok
09:59:30.0026 3888  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
09:59:30.0120 3888  Smb - ok
09:59:30.0198 3888  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
09:59:30.0307 3888  SNMPTRAP - ok
09:59:30.0338 3888  [ 7B24EFA2A60BA7388FECDA63AB24560A ] SOHCImp         C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe
09:59:30.0370 3888  SOHCImp - ok
09:59:30.0385 3888  [ 140FCF5FFAE4EFBA9740A9FD8B49E0BF ] SOHDBSvr        C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
09:59:30.0401 3888  SOHDBSvr - ok
09:59:30.0432 3888  [ D8C244121A06B581B097D9617D94CFF1 ] SOHDms          C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe
09:59:30.0463 3888  SOHDms - ok
09:59:30.0494 3888  [ 2DB561887EA122B946BBE2821473EDD8 ] SOHDs           C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe
09:59:30.0526 3888  SOHDs - ok
09:59:30.0557 3888  [ AB9EE246A1EB2C3C7C6CB16E0B9462F7 ] SOHPlMgr        C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
09:59:30.0588 3888  SOHPlMgr - ok
09:59:30.0666 3888  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
09:59:30.0697 3888  spldr - ok
09:59:30.0744 3888  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
09:59:30.0822 3888  Spooler - ok
09:59:30.0869 3888  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
09:59:30.0931 3888  srv - ok
09:59:31.0009 3888  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
09:59:31.0087 3888  srv2 - ok
09:59:31.0103 3888  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
09:59:31.0150 3888  srvnet - ok
09:59:31.0228 3888  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
09:59:31.0352 3888  SSDPSRV - ok
09:59:31.0399 3888  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
09:59:31.0430 3888  ssmdrv - ok
09:59:31.0540 3888  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
09:59:31.0618 3888  SstpSvc - ok
09:59:31.0696 3888  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
09:59:31.0836 3888  stisvc - ok
09:59:31.0898 3888  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
09:59:31.0930 3888  swenum - ok
09:59:32.0008 3888  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
09:59:32.0101 3888  swprv - ok
09:59:32.0164 3888  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
09:59:32.0195 3888  Symc8xx - ok
09:59:32.0210 3888  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
09:59:32.0242 3888  Sym_hi - ok
09:59:32.0257 3888  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
09:59:32.0288 3888  Sym_u3 - ok
09:59:32.0382 3888  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
09:59:32.0491 3888  SysMain - ok
09:59:32.0522 3888  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:59:32.0600 3888  TabletInputService - ok
09:59:32.0663 3888  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
09:59:32.0772 3888  TapiSrv - ok
09:59:32.0803 3888  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
09:59:32.0912 3888  TBS - ok
09:59:33.0053 3888  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
09:59:33.0162 3888  Tcpip - ok
09:59:33.0178 3888  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
09:59:33.0240 3888  Tcpip6 - ok
09:59:33.0302 3888  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
09:59:33.0443 3888  tcpipreg - ok
09:59:33.0505 3888  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
09:59:33.0630 3888  TDPIPE - ok
09:59:33.0661 3888  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
09:59:33.0724 3888  TDTCP - ok
09:59:33.0802 3888  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
09:59:33.0880 3888  tdx - ok
09:59:33.0911 3888  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
09:59:33.0942 3888  TermDD - ok
09:59:34.0020 3888  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
09:59:34.0098 3888  TermService - ok
09:59:34.0145 3888  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
09:59:34.0192 3888  Themes - ok
09:59:34.0223 3888  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
09:59:34.0348 3888  THREADORDER - ok
09:59:34.0410 3888  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
09:59:34.0488 3888  TrkWks - ok
09:59:34.0566 3888  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:59:34.0675 3888  TrustedInstaller - ok
09:59:34.0753 3888  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
09:59:34.0909 3888  tssecsrv - ok
09:59:34.0972 3888  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
09:59:35.0034 3888  tunmp - ok
09:59:35.0081 3888  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
09:59:35.0128 3888  tunnel - ok
09:59:35.0190 3888  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
09:59:35.0221 3888  uagp35 - ok
09:59:35.0284 3888  [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor     C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
09:59:35.0330 3888  uCamMonitor - ok
09:59:35.0408 3888  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
09:59:35.0502 3888  udfs - ok
09:59:35.0580 3888  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
09:59:35.0705 3888  UI0Detect - ok
09:59:35.0736 3888  UIUSys - ok
09:59:35.0783 3888  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
09:59:35.0830 3888  uliagpkx - ok
09:59:35.0892 3888  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
09:59:35.0923 3888  uliahci - ok
09:59:35.0954 3888  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
09:59:35.0986 3888  UlSata - ok
09:59:36.0001 3888  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
09:59:36.0032 3888  ulsata2 - ok
09:59:36.0079 3888  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
09:59:36.0142 3888  umbus - ok
09:59:36.0235 3888  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
09:59:36.0438 3888  upnphost - ok
09:59:36.0500 3888  [ 9419FAAC6552A51542DBBA02971C841C ] usbbus          C:\Windows\system32\DRIVERS\lgusbbus.sys
09:59:36.0563 3888  usbbus - ok
09:59:36.0625 3888  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
09:59:36.0734 3888  usbccgp - ok
09:59:36.0781 3888  [ 32C068EAF37C92D7194EEE1FAA1E7853 ] USBCCID         C:\Windows\system32\DRIVERS\usbccid.sys
09:59:36.0844 3888  USBCCID - ok
09:59:36.0906 3888  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
09:59:37.0109 3888  usbcir - ok
09:59:37.0156 3888  [ C0A466FA4FFEC464320E159BC1BBDC0C ] UsbDiag         C:\Windows\system32\DRIVERS\lgusbdiag.sys
09:59:37.0202 3888  UsbDiag - ok
09:59:37.0234 3888  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
09:59:37.0327 3888  usbehci - ok
09:59:37.0358 3888  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
09:59:37.0421 3888  usbhub - ok
09:59:37.0483 3888  [ F74A54774A9B0AFEB3C40ADEC68AA600 ] USBModem        C:\Windows\system32\DRIVERS\lgusbmodem.sys
09:59:37.0530 3888  USBModem - ok
09:59:37.0577 3888  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
09:59:37.0780 3888  usbohci - ok
09:59:37.0811 3888  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
09:59:37.0920 3888  usbprint - ok
09:59:37.0998 3888  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
09:59:38.0076 3888  usbscan - ok
09:59:38.0123 3888  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:59:38.0185 3888  USBSTOR - ok
09:59:38.0201 3888  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
09:59:38.0263 3888  usbuhci - ok
09:59:38.0341 3888  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
09:59:38.0482 3888  usbvideo - ok
09:59:38.0513 3888  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
09:59:38.0575 3888  UxSms - ok
09:59:38.0716 3888  [ 4E7135D6D0127067E4CFEE12259F895D ] VAIO Entertainment TV Device Arbitration Service C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
09:59:38.0747 3888  VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning
09:59:38.0747 3888  VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)
09:59:38.0825 3888  [ 73328C784ECFE7072BD102F370076B50 ] VAIO Event Service C:\Program Files\sony\VAIO Event Service\VESMgr.exe
09:59:38.0856 3888  VAIO Event Service - ok
09:59:38.0950 3888  [ 45A9AE4768840830D0239B52DFDC806A ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
09:59:38.0996 3888  VAIO Power Management - ok
09:59:39.0355 3888  [ 721A1677FD204AB065238504D9268D92 ] VCFw            C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
09:59:39.0667 3888  VCFw - ok
09:59:39.0776 3888  [ FD03AC6CD1571AA8B2FF56D3C600E26E ] VcmIAlzMgr      C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
09:59:39.0839 3888  VcmIAlzMgr - ok
09:59:39.0886 3888  [ B56CD01F36EEF2967EF18D8DF0E5C285 ] VcmXmlIfHelper  C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
09:59:39.0917 3888  VcmXmlIfHelper - ok
09:59:39.0932 3888  Vcsw - ok
09:59:40.0026 3888  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
09:59:40.0166 3888  vds - ok
09:59:40.0244 3888  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
09:59:40.0369 3888  vga - ok
09:59:40.0416 3888  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
09:59:40.0494 3888  VgaSave - ok
09:59:40.0510 3888  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
09:59:40.0556 3888  viaagp - ok
09:59:40.0619 3888  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
09:59:40.0666 3888  ViaC7 - ok
09:59:40.0712 3888  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
09:59:40.0744 3888  viaide - ok
09:59:40.0759 3888  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
09:59:40.0806 3888  volmgr - ok
09:59:40.0884 3888  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
09:59:40.0931 3888  volmgrx - ok
09:59:40.0993 3888  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
09:59:41.0040 3888  volsnap - ok
09:59:41.0071 3888  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
09:59:41.0102 3888  vsmraid - ok
09:59:41.0196 3888  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
09:59:41.0399 3888  VSS - ok
09:59:41.0555 3888  [ 416F115DC1003BB624D03E019C3D563D ] VUAgent         C:\Program Files\sony\VAIO Update\VUAgent.exe
09:59:41.0648 3888  VUAgent - ok
09:59:41.0711 3888  [ 79EB419F4A694B4514249E0D3DB16ECF ] VzCdbSvc        C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
09:59:41.0773 3888  VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning
09:59:41.0773 3888  VzCdbSvc - detected UnsignedFile.Multi.Generic (1)
09:59:41.0836 3888  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
09:59:41.0960 3888  W32Time - ok
09:59:42.0163 3888  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
09:59:42.0616 3888  WacomPen - ok
09:59:42.0678 3888  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
09:59:42.0756 3888  Wanarp - ok
09:59:42.0787 3888  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
09:59:42.0818 3888  Wanarpv6 - ok
09:59:42.0928 3888  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
09:59:42.0990 3888  wcncsvc - ok
09:59:43.0052 3888  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:59:43.0130 3888  WcsPlugInService - ok
09:59:43.0208 3888  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
09:59:43.0224 3888  Wd - ok
09:59:43.0333 3888  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
09:59:43.0427 3888  Wdf01000 - ok
09:59:43.0489 3888  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
09:59:43.0614 3888  WdiServiceHost - ok
09:59:43.0676 3888  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
09:59:43.0708 3888  WdiSystemHost - ok
09:59:43.0786 3888  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
09:59:43.0848 3888  WebClient - ok
09:59:43.0926 3888  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
09:59:44.0020 3888  Wecsvc - ok
09:59:44.0051 3888  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
09:59:44.0144 3888  wercplsupport - ok
09:59:44.0207 3888  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
09:59:44.0269 3888  WerSvc - ok
09:59:44.0332 3888  [ 090A2B8F055343815556A01F725F6C35 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
09:59:44.0363 3888  WimFltr - ok
09:59:44.0410 3888  [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
09:59:44.0503 3888  winachsf - ok
09:59:44.0566 3888  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
09:59:44.0628 3888  WinDefend - ok
09:59:44.0659 3888  WinHttpAutoProxySvc - ok
09:59:44.0753 3888  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
09:59:44.0831 3888  Winmgmt - ok
09:59:44.0940 3888  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
09:59:45.0268 3888  WinRM - ok
09:59:45.0361 3888  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
09:59:45.0533 3888  Wlansvc - ok
09:59:45.0814 3888  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:59:45.0938 3888  wlidsvc - ok
09:59:46.0001 3888  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
09:59:46.0110 3888  WmiAcpi - ok
09:59:46.0188 3888  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
09:59:46.0250 3888  wmiApSrv - ok
09:59:46.0406 3888  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
09:59:46.0594 3888  WMPNetworkSvc - ok
09:59:46.0703 3888  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
09:59:46.0765 3888  WPCSvc - ok
09:59:46.0843 3888  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
09:59:46.0937 3888  WPDBusEnum - ok
09:59:47.0015 3888  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
09:59:47.0093 3888  WpdUsb - ok
09:59:47.0264 3888  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:59:47.0342 3888  WPFFontCache_v0400 - ok
09:59:47.0405 3888  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
09:59:47.0514 3888  ws2ifsl - ok
09:59:47.0686 3888  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\system32\wscsvc.dll
09:59:47.0810 3888  wscsvc - ok
09:59:47.0873 3888  [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
09:59:47.0951 3888  WSDPrintDevice - ok
09:59:48.0013 3888  [ 65D1FF8AAFF4A7D8F787A290E5087816 ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
09:59:48.0091 3888  WSDScan - ok
09:59:48.0107 3888  WSearch - ok
09:59:48.0434 3888  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
09:59:48.0653 3888  wuauserv - ok
09:59:48.0746 3888  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
09:59:48.0902 3888  WudfPf - ok
09:59:48.0949 3888  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
09:59:49.0058 3888  WUDFRd - ok
09:59:49.0168 3888  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
09:59:49.0230 3888  wudfsvc - ok
09:59:49.0277 3888  [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
09:59:49.0324 3888  XAudio - ok
09:59:49.0339 3888  [ 15A317674A08DF26BE65164D959E9203 ] XAudioService   C:\Windows\system32\DRIVERS\xaudio.exe
09:59:49.0386 3888  XAudioService - ok
09:59:49.0495 3888  [ 67E3D2AF24C3873E6A0CAC89DE78D63B ] yukonwlh        C:\Windows\system32\DRIVERS\yk60x86.sys
09:59:49.0620 3888  yukonwlh - ok
09:59:49.0667 3888  ================ Scan global ===============================
09:59:49.0745 3888  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
09:59:49.0854 3888  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
09:59:49.0901 3888  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
09:59:49.0948 3888  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
09:59:49.0963 3888  [Global] - ok
09:59:49.0963 3888  ================ Scan MBR ==================================
09:59:49.0979 3888  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
09:59:52.0319 3888  \Device\Harddisk0\DR0 - ok
09:59:52.0319 3888  ================ Scan VBR ==================================
09:59:52.0350 3888  [ 7CAD3DDFFE95055748F849C62B000DE5 ] \Device\Harddisk0\DR0\Partition1
09:59:52.0350 3888  \Device\Harddisk0\DR0\Partition1 - ok
09:59:52.0350 3888  ============================================================
09:59:52.0350 3888  Scan finished
09:59:52.0350 3888  ============================================================
09:59:52.0366 7772  Detected object count: 5
09:59:52.0366 7772  Actual detected object count: 5
10:00:21.0865 7772  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:00:21.0896 7772  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:00:21.0896 7772  NSUService ( UnsignedFile.Multi.Generic ) - skipped by user
10:00:21.0896 7772  NSUService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:00:21.0896 7772  PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user
10:00:21.0896 7772  PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:00:21.0912 7772  VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:00:21.0912 7772  VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:00:21.0912 7772  VzCdbSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:00:21.0912 7772  VzCdbSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:01:20.0530 8052  Deinitialize success
         

Hoffe das passt so.
Vielen Dank schonmal bis hierher,
ich fühle mich sehr gut aufgehoben bei dir, cosinus!

LG KlausKlaus

Alt 13.05.2013, 10:51   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F  sowie  TR/Agent.385024.338 - Standard

Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F sowie TR/Agent.385024.338



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.05.2013, 12:05   #13
KlausKlaus
 
Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F  sowie  TR/Agent.385024.338 - Standard

Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F sowie TR/Agent.385024.338



hier die logfiles:

JRT:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Christian on 13.05.2013 at 12:08:44,55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D4FD0727-ECC5-44F1-9964-C4BDFAE5148A}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Christian\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Program Files\icq6toolbar"



~~~ FireFox

Successfully deleted: [File] C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\6bykvql9.default\user.js
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Emptied folder: C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\6bykvql9.default\minidumps [150 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.05.2013 at 12:11:21,36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         


adwCleaner:

Code:
ATTFilter
# AdwCleaner v2.300 - Datei am 13/05/2013 um 12:25:35 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Christian - CHRISTIAN-VAIO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Christian\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.19412

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\6bykvql9.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [2297 octets] - [13/05/2013 12:25:35]

########## EOF - C:\AdwCleaner[S1].txt - [2357 octets] ##########
         

OTL.txt:

Code:
ATTFilter
OTL logfile created on: 13.05.2013 12:39:07 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Christian\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19412)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 60,27% Memory free
6,19 Gb Paging File | 4,77 Gb Available in Paging File | 77,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,20 Gb Total Space | 134,31 Gb Free Space | 47,09% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTIAN-VAIO | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Christian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\sony\VAIO Update\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Program Files\sony\VAIO Update\VUAgent.exe (Sony Corporation)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
PRC - C:\Program Files\sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
PRC - C:\Program Files\Logitech\SetPoint\LBTWiz.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
PRC - C:\Program Files\sony\VAIO Media plus\VMpTtray.exe (Sony Corporation)
PRC - C:\Program Files\sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe (Realtek Semiconductor)
PRC - C:\Program Files\sony\Network Utility\LANUtil.exe (Sony Corporation)
PRC - C:\Program Files\sony\Network Utility\NSUService.exe (Sony Corporation)
PRC - C:\Program Files\sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Program Files\sony\VAIO Power Management\SPMService.exe (Sony Corporation)
PRC - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15e2d7f51f15830591727d6d6a1e4032\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\421cb77e6a4c21f94e3c5ddf766de23b\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\System32\CmdLineExt03.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\f300bbe8b18d4a04933422f241aa1428\System.IdentityModel.Selectors.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1c40efd2328e271920f4b4eda38c0125\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9b2eef59d0cfc5aff182d0951de5f040\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\895899bb8c1772f2043de17305d7eb35\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\f9d4a89fc32b5a458c0a02c48dc8538e\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\bb8af3cf69f1337efda4e810b6751b89\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3421.42239__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3421.42258__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3421.42253__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3421.42257__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3421.42313__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3421.42295__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3421.42282__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3421.42247__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3421.42331__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3421.42332__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3421.42247__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3421.42300__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3421.42300__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3421.42299__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3421.42284__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3421.42248__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3421.42259__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3421.42308__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3421.42259__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3421.42293__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3421.42284__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3421.42263__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3421.42292__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3421.42279__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3421.42283__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3421.42294__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3421.42263__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3421.42283__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3421.42284__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3421.42294__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3294.18728__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3294.18709__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3294.18751__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3294.18787__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3294.18795__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3294.18747__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3294.18794__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3294.18699__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3294.18701__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3294.18753__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3294.18745__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3294.18787__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3294.18708__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3294.18832__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3294.18755__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3294.18735__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3294.18771__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3294.18785__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3294.18737__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3294.18731__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3294.18717__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3294.18727__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3294.18758__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3294.18755__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3294.18772__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3294.18767__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3294.18766__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3294.18765__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3294.18771__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3294.18742__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3294.18760__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3294.18756__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3294.18748__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3294.18769__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3294.18757__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3421.42357__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3421.42340__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3294.18746__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3294.18728__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3421.42234__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3421.42326__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3294.18725__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3294.18720__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3294.18745__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3421.42321__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3421.42252__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3421.42325__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3421.42238__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3294.18714__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3294.18748__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3421.42236__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3294.18750__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3294.18744__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3421.42243__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3421.42237__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3421.42236__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3421.42235__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3294.18740__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3421.42326__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3294.18774__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (VUAgent) -- C:\Program Files\sony\VAIO Update\VUAgent.exe (Sony Corporation)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (VcmIAlzMgr) -- C:\Program Files\sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (SOHCImp) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHPlMgr) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHDBSvr) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (RtkAudioService) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe (Realtek Semiconductor)
SRV - (NSUService) -- C:\Program Files\sony\Network Utility\NSUService.exe (Sony Corporation)
SRV - (VAIO Power Management) -- C:\Program Files\sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (uCamMonitor) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (lxcg_device) -- C:\Windows\System32\lxcgcoms.exe ( )
 
 
========== Driver Services (SafeList) ==========
 
DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (hwusbdev) -- system32\DRIVERS\ewusbdev.sys File not found
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (ewusbnet) -- system32\DRIVERS\ewusbnet.sys File not found
DRV - (catchme) -- C:\Users\CHRIST~1\AppData\Local\Temp\catchme.sys File not found
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYT
IE - HKLM\..\SearchScopes\{73B60328-40E2-4CBC-AAFD-169B4DB776FB}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig
IE - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYK_de
IE - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\..\SearchScopes\{73B60328-40E2-4CBC-AAFD-169B4DB776FB}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
IE - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 15:18:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.12 15:18:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 15:18:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.12 15:18:11 | 000,000,000 | ---D | M]
 
[2010.07.27 17:35:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions
[2013.05.09 11:45:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\6bykvql9.default\extensions
[2010.12.13 12:07:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\6bykvql9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.22 17:42:12 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\6bykvql9.default\extensions\firefox@tvunetworks.com
[2012.12.12 01:31:30 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\6bykvql9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.05.09 11:45:09 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\6bykvql9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.12 15:18:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.04.12 15:18:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.04.12 15:18:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.04.12 15:18:21 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.04.12 15:18:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.04.12 15:18:16 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.04.12 15:18:16 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.04.12 15:18:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.12 15:18:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.04.12 15:18:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2013.05.12 23:35:24 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [AML] C:\Program Files\Sony\VAIO Launcher\AML.exe (Sony)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [MarketingTools] C:\Program Files\sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1033429082-2119218386-936885420-1000..\Run: [Dywoyreven] C:\Users\Christian\AppData\Roaming\Tagy\qoer.exe File not found
O4 - HKU\S-1-5-21-1033429082-2119218386-936885420-1000..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKU\S-1-5-21-1033429082-2119218386-936885420-1000..\Run: [Spotify] C:\Users\Christian\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-1033429082-2119218386-936885420-1000..\Run: [Spotify Web Helper] C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-1033429082-2119218386-936885420-1000..\Run: [VMpTtray.exe] C:\Program Files\sony\VAIO Media plus\VMpTtray.exe (Sony Corporation)
O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1033429082-2119218386-936885420-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A017C41E-C727-41AC-A634-FF0F56357C14}: DhcpNameServer = 192.168.34.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBE8C1D3-07B5-4507-B8CA-145AFDF06D11}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Christian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Christian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.13 12:08:39 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.13 12:08:02 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.13 12:06:22 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Christian\Desktop\JRT.exe
[2013.05.13 09:53:26 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Christian\Desktop\tdsskiller.exe
[2013.05.13 01:17:56 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Christian\Desktop\aswMBR.exe
[2013.05.13 00:07:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.12 23:38:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.12 23:38:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.05.12 23:38:07 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\temp
[2013.05.12 23:23:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.12 23:23:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.12 23:23:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.12 23:23:29 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.05.12 23:23:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.12 23:22:47 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.12 23:17:02 | 005,069,265 | R--- | C] (Swearware) -- C:\Users\Christian\Desktop\ComboFix.exe
[2013.05.09 13:54:05 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\call of duty 4 modern warefare
[2013.05.07 19:50:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2013.05.07 13:31:10 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\Age of Empires II
[2013.05.05 13:34:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.05.05 13:29:49 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.05.05 13:29:49 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.05.05 13:29:49 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.05.02 16:32:26 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Avira
[2013.05.02 16:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.05.02 16:26:39 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.05.02 16:26:37 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.05.02 16:26:37 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.05.02 16:26:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.05.02 16:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.04.30 09:15:54 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Xoilq
[2013.04.30 09:15:54 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Rizur
[2013.04.27 23:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.04.26 13:51:36 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Spotify
[2013.04.26 13:51:15 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Spotify
[2013.04.21 11:30:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.13 12:27:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.13 12:27:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.13 12:27:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.13 12:27:46 | 3218,104,320 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.13 12:26:42 | 000,004,833 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.05.13 12:24:36 | 000,628,743 | ---- | M] () -- C:\Users\Christian\Desktop\adwcleaner.exe
[2013.05.13 12:06:32 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Christian\Desktop\JRT.exe
[2013.05.13 10:54:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.13 09:53:25 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Christian\Desktop\tdsskiller.exe
[2013.05.13 09:49:02 | 000,000,512 | ---- | M] () -- C:\Users\Christian\Desktop\MBR.dat
[2013.05.13 01:19:46 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Christian\Desktop\aswMBR.exe
[2013.05.13 00:00:57 | 012,917,756 | ---- | M] () -- C:\Users\Christian\Desktop\mbar-1.05.0.1001.zip
[2013.05.12 23:35:24 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.05.12 23:17:37 | 005,069,265 | R--- | M] (Swearware) -- C:\Users\Christian\Desktop\ComboFix.exe
[2013.05.11 20:09:04 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.11 20:09:04 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.11 20:09:04 | 000,126,704 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.11 20:09:04 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.07 21:16:39 | 000,020,027 | ---- | M] () -- C:\Users\Christian\Desktop\Unbenannt 1.odt
[2013.05.07 21:10:12 | 000,377,856 | ---- | M] () -- C:\Users\Christian\Desktop\gmer_2.1.19163.exe
[2013.05.07 19:50:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2013.05.07 19:49:36 | 000,000,000 | ---- | M] () -- C:\Users\Christian\defogger_reenable
[2013.05.07 19:48:36 | 000,050,477 | ---- | M] () -- C:\Users\Christian\Desktop\Defogger.exe
[2013.05.06 22:30:47 | 000,110,592 | ---- | M] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.05.06 12:30:30 | 000,013,004 | ---- | M] () -- C:\Users\Christian\Desktop\Unbenannt 1.odg
[2013.05.02 16:16:19 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.05.02 16:16:18 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.05.02 16:16:18 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.05.02 16:16:18 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.05.02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013.04.26 13:51:35 | 000,001,775 | ---- | M] () -- C:\Users\Christian\Desktop\Spotify.lnk
[2013.04.21 11:42:57 | 000,000,000 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\sversion.ini
[2013.04.21 11:29:29 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.04.21 11:29:29 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.04.20 19:54:22 | 000,000,680 | ---- | M] () -- C:\Users\Christian\AppData\Local\d3d9caps.dat
 
========== Files Created - No Company Name ==========
 
[2013.05.13 12:24:35 | 000,628,743 | ---- | C] () -- C:\Users\Christian\Desktop\adwcleaner.exe
[2013.05.13 09:49:02 | 000,000,512 | ---- | C] () -- C:\Users\Christian\Desktop\MBR.dat
[2013.05.12 23:59:37 | 012,917,756 | ---- | C] () -- C:\Users\Christian\Desktop\mbar-1.05.0.1001.zip
[2013.05.12 23:23:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.12 23:23:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.12 23:23:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.12 23:23:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.12 23:23:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.07 21:16:37 | 000,020,027 | ---- | C] () -- C:\Users\Christian\Desktop\Unbenannt 1.odt
[2013.05.07 21:10:10 | 000,377,856 | ---- | C] () -- C:\Users\Christian\Desktop\gmer_2.1.19163.exe
[2013.05.07 19:49:36 | 000,000,000 | ---- | C] () -- C:\Users\Christian\defogger_reenable
[2013.05.07 19:48:34 | 000,050,477 | ---- | C] () -- C:\Users\Christian\Desktop\Defogger.exe
[2013.04.26 13:51:35 | 000,001,775 | ---- | C] () -- C:\Users\Christian\Desktop\Spotify.lnk
[2013.04.26 13:51:35 | 000,001,761 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2011.09.17 22:13:48 | 000,011,264 | ---- | C] () -- C:\Windows\System32\atimuixx.dll
[2011.09.11 12:41:54 | 000,000,282 | ---- | C] () -- C:\Windows\Config.ini
[2011.09.11 12:41:54 | 000,000,225 | ---- | C] () -- C:\Windows\Config.ini.bak
[2011.09.11 12:41:52 | 054,601,633 | ---- | C] () -- C:\Windows\BIOSROM.DAT
[2010.06.11 22:57:29 | 000,000,680 | ---- | C] () -- C:\Users\Christian\AppData\Local\d3d9caps.dat
[2010.04.10 08:28:41 | 000,000,760 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\setup_ldm.iss
[2009.08.22 19:29:36 | 000,000,000 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\sversion.ini
[2009.08.16 18:10:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.08.09 04:58:38 | 000,024,064 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\UserTile.png
[2009.08.05 19:27:26 | 000,110,592 | ---- | C] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         


und Extras:

Code:
ATTFilter
OTL Extras logfile created on: 13.05.2013 12:39:07 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Christian\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19412)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 60,27% Memory free
6,19 Gb Paging File | 4,77 Gb Available in Paging File | 77,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,20 Gb Total Space | 134,31 Gb Free Space | 47,09% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTIAN-VAIO | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-1033429082-2119218386-936885420-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B5FBFDE-9A81-49AF-8B2D-4F2B4F7704E7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{0E1276B1-0311-43C2-B812-F6DE4F3656A3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{1074E664-9F32-4CCA-AB0D-9B07ACDD869E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{122ECF6F-21AE-471B-B235-367597FBFF6A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{17139A5A-05AA-46FE-BB57-0A481BC7A557}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1BAAC31F-EA4C-4BF3-8BA8-86903FD896DA}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{1CBAB161-B794-40A3-9E96-B6C6882B74E7}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{23EACC63-AE5A-4687-8B39-B951694C5624}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2EEA3600-4F69-48F7-ADBF-4ED966F6D5CD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{2F24B054-7378-4E0B-833E-6C8881C00134}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3120E0DD-F561-433F-9158-5BE7CF20C8A0}" = lport=137 | protocol=17 | dir=in | app=system | 
"{319D9108-B986-4698-B94B-11C3EE57F26F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{36C2CCCD-D45D-4A92-9CB6-A14A149AE6E8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{4794FD15-DD6B-47B3-B10E-A90502245811}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{49A204E2-0AD2-496C-BE55-0A6528DC0E67}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{593CAB15-F0B3-456C-94DF-347E140DC6E6}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5A60E279-716A-4D12-AE4E-9E9A91BB68C4}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{6042E77A-198F-4796-BBB6-65CE6FD091B8}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{72D4E8EC-E3AA-4B8C-AFF9-37354B52F660}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8797EA83-7218-4935-BBF6-82A93A942188}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8E7EB605-ECBA-4A2F-A2E7-096C5FFD187D}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{9430473A-CA16-4261-8BFF-61931C5A6919}" = lport=139 | protocol=6 | dir=in | app=system | 
"{991AA5F0-F354-43C8-AF0A-0BD168E85D21}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9A9B65F3-9055-4D4E-8D81-9067601B5D20}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B0056FEE-5173-4629-8063-8A7925482FB8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C1B0EBB1-F027-4015-91E3-2D1FA95C3F3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C2356B44-AC7C-4AE1-A515-9E8DA8F41D8C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D4A02098-4A45-4153-90C2-E0F448D87BF1}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{D839420C-DF76-4B05-B6E4-E1A4FDFA9AF8}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{DC62D110-9105-4A53-AD9D-8C30A80A3BFD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{EFD0E59E-3A0D-4DEB-A5C0-D48ABF161D9F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{F0E7EE21-CDE2-48F4-8E8A-1F9A7D506AEE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FBEC581B-8C15-401D-A215-A7B0508D9AA3}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A58DB22-B32C-49E6-9B23-2CC1A790693D}" = protocol=6 | dir=in | app=c:\program files\common files\sony shared\sohlib\sohdms.exe | 
"{0C765B7B-0EDB-4F23-9355-66A8FAF37720}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{21CB2DC0-8CD1-4823-A487-3294FF3D5DC6}" = protocol=6 | dir=in | app=c:\program files\common files\sony shared\sohlib\sohcimp.exe | 
"{21D7054F-F3DE-4795-ADCB-CF2F54A38208}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{21D9BCB9-B7D5-4888-8780-75EF7CC3E829}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{24442338-2E05-4B8E-8245-17546574EDCC}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{264E55F1-A5EA-4174-BDC5-3170DF5D8D7D}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{4E5AC57A-B2A6-4304-804E-267B975C1BD1}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{4EC19C25-6A4A-4A24-BBFA-4BBB86AD9F0D}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{5551ACED-DAF7-409C-AED8-668C1FFAA6EE}" = protocol=17 | dir=in | app=c:\program files\sony\vaio media plus\vmp.exe | 
"{56E4A717-17FE-4628-B974-F3A6EABFBF90}" = protocol=17 | dir=in | app=c:\program files\common files\sony shared\sohlib\sohdms.exe | 
"{5EECCAAC-9EF7-4B32-8CB2-E597535B3AD8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5F974FEB-7894-42EA-92E2-E3EBB8ABCA91}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{67F6625C-18B8-4232-BBC6-BE2F1B8EBE7D}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\initengine.exe | 
"{6CFB0022-FBD5-43B8-9613-A97FCC8F5B69}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{6FA321F1-4335-4178-8440-265E02E28ADC}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{6FBC28F1-7917-49A0-AAF2-4D71F7453130}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\autopatcher.exe | 
"{7D4F814D-B9F2-4B3A-AA1D-9B366CBFFE4B}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\anno5.exe | 
"{8044E6A0-FB64-4CCE-BEDB-9862E31139F5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{814BC493-9807-4225-BD13-3FE818683C43}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{89CBD9BF-9B44-4B17-BC3F-5935FC0CD826}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{8B2A9FFC-CB0A-4BFF-B98B-13E16D917150}" = protocol=6 | dir=in | app=c:\program files\sony\vaio media plus\vmp.exe | 
"{93458ED9-784C-467C-9BCE-9AEBF85214E3}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{967DB318-6032-4A13-A78E-C7D54F09630D}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{A1742D28-E4B0-4ADA-94F7-9FEF73FC9266}" = protocol=17 | dir=in | app=c:\program files\common files\sony shared\sohlib\sohcimp.exe | 
"{A69597A4-1F65-4B54-8B7F-170530B8D197}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{A8429FEF-2BE7-433A-A9F2-927D565213E7}" = protocol=17 | dir=in | app=c:\program files\common files\sony shared\sohlib\sohds.exe | 
"{ADC37CB2-8AD5-472F-BF84-A631D158E0B5}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\initengine.exe | 
"{B5140B72-01E4-43B9-8378-E951A9ED14D3}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\autopatcher.exe | 
"{B5EFA606-C888-4CBE-B8BC-77F7F835F3DF}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{C11BFB45-5695-417A-B5C1-75CDB5F84720}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{D0043BC0-70E4-484B-BCB3-DD2CF45EEED2}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{D17B0934-05B5-44B4-A263-57E473EA85DC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{E35852A0-F31E-450D-A282-8897553401AD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E46CB965-4FE2-4959-A0D0-77235B34DED2}" = protocol=6 | dir=in | app=c:\program files\common files\sony shared\sohlib\sohds.exe | 
"{E5385247-2B04-4A97-A6A7-13EDAA17693C}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{EBD2DEA3-1FD5-4AD3-88B1-91393B612B9A}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{EE90FBA4-5511-4718-84A9-6237127674E2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F27F0F48-82F1-44FE-8F73-9729F070102C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F82DE2A1-FE7C-4671-9ECF-D57470B03EB6}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{FDE5A5D3-A7A4-49B9-84EC-0C4AE8136F98}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\anno5.exe | 
"{FF4769E5-83CF-4E4B-BE18-A024EF427A09}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{10A31E8E-E4FA-4257-9DB8-A5664A607D29}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{13BD7203-6C18-467B-9C8B-04D965463E4C}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{19577B63-798D-4DC5-B214-6752E8859637}C:\users\christian\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\users\christian\anno 1701\anno1701.exe | 
"TCP Query User{2C8306EC-6B51-4B82-90EC-9BBBB68B6F5D}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{3295802C-B4EC-4765-BBBA-5E026DBD2786}C:\users\christian\desktop\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\christian\desktop\age of empires ii\age2_x1\age2_x1.exe | 
"TCP Query User{3739C260-992C-45C0-959B-7F938D72B529}C:\users\christian\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\christian\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{4123F8C2-98D2-4337-A05E-C115A3578593}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{48DE48BF-CE13-4756-B1F8-FF935E027C74}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{48FF6931-73C9-4D98-9E58-7044EABA44EF}C:\users\christian\desktop\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\christian\desktop\age of empires ii\age2_x1\age2_x1.exe | 
"TCP Query User{543051C0-1C1E-4275-BEEE-164ACCB66553}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{5F96C40F-4E79-4088-8F20-EB43A2DEBED3}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{7221B613-5089-4711-869F-5DB78C0E6917}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{84F2F03B-AD03-4021-8362-51162CACFDB3}C:\users\christian\desktop\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\users\christian\desktop\anno 1701\anno1701.exe | 
"TCP Query User{8C9AADF0-1052-4425-96EB-12DC75B0F6B8}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{8E2D6474-F06A-4FF7-AC62-D01D87E59874}C:\users\christian\desktop\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\users\christian\desktop\age of empires ii\empires2.exe | 
"TCP Query User{9791F87A-BDED-4219-BB30-5B37E07B4E45}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{99A7D3E6-B2CB-4CD0-BD41-765C98B1B0A8}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{9F900524-530A-4608-BA4C-45EF976E9957}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{ABF77450-8B0E-463F-AB9E-AC283601A1C0}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{B4C63CEA-1090-445B-9E69-854F905BBEF0}C:\users\christian\desktop\call of duty 4 modern warefare\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\christian\desktop\call of duty 4 modern warefare\iw3mp.exe | 
"TCP Query User{BDB2A6E5-DEE9-4EA4-B67C-DFAFDA0E0677}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{C964FE4F-F53B-4B03-98BB-6E32BC6669A7}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{D005C666-D616-4E09-B9DB-1B3E56307ABB}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{D63D42D6-0E46-4DE8-8647-8AAB4C695BFE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{020D9395-8F12-4E63-9872-5822AFE4BF73}C:\users\christian\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\users\christian\anno 1701\anno1701.exe | 
"UDP Query User{055D9C1B-00D0-40AA-9953-6203FE2C9859}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{318B0F47-291B-41FA-AD72-C3109ED0798F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{364F1FBA-704E-4E49-992D-3843636CCA4F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{3C71CD0A-3088-4973-891B-7B2758C6756F}C:\users\christian\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\christian\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{3F8629A4-46C1-4252-9664-1925A359BC80}C:\users\christian\desktop\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\christian\desktop\age of empires ii\age2_x1\age2_x1.exe | 
"UDP Query User{4CF9ED12-BF6B-4781-907B-3B73120FEDD7}C:\users\christian\desktop\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\users\christian\desktop\age of empires ii\empires2.exe | 
"UDP Query User{569DFC57-F501-4709-AAAF-5CBE91AFDE16}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{56D20EFD-E3D0-41AA-84AF-A8C195ABF3E1}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{61334277-6D54-473B-81D5-34FCA5D4B7C2}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{61A1FE17-150E-4E7F-A2DB-DD117F530A54}C:\users\christian\desktop\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\christian\desktop\age of empires ii\age2_x1\age2_x1.exe | 
"UDP Query User{7960A02D-D312-45E8-953F-866F12D666B7}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{804FF513-71BD-4C45-A652-AC27C06DFC36}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{80FEE8A3-DB4E-4A25-89E3-900B7CFE7A48}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{85B37A68-908B-4CB3-9943-26308D4B8015}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{B00D44E6-7C95-484C-B4E2-54196BE3D858}C:\users\christian\desktop\call of duty 4 modern warefare\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\christian\desktop\call of duty 4 modern warefare\iw3mp.exe | 
"UDP Query User{B7FC3B21-3B7C-47B4-B034-9D535B763CA4}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{BAB0407B-87B1-41D1-A117-886CC4C25B48}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{BFC07C14-6B83-4AF0-92DA-3AB83195903A}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{C0B2A5A5-413A-4257-9E27-6CF8595120C2}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{C64ABD8A-7E5A-46E2-9827-B7831B84616F}C:\users\christian\desktop\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\users\christian\desktop\anno 1701\anno1701.exe | 
"UDP Query User{CE4BD4BE-81ED-4428-AED8-66876B6A79F1}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{DFDDFDF5-4AF2-4EDA-9AC1-6219DEDF4A55}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{FE4D295C-A56D-4B7F-9358-5065A560E181}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0B9B76C9-4967-59FC-C994-191AEA152F04}" = ATI Catalyst Install Manager
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6100_series" = Canon MG6100 series MP Drivers
"{12D0BE8D-538C-4AB1-86DE-C540308F50DA}" = VAIO Content Metadata Manager Settings
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{18510937-0146-417B-95D8-14706649C384}" = VAIO Content Metadata Manager Settings
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation
"{202F2838-156B-FC76-013F-9241B9673F39}" = CCC Help Thai
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2878C3C9-9D91-430F-8F50-885BB23DB001}" = VAIO Content Folder Watcher
"{291FB4BF-EEC7-4CF9-8469-F39ED1DBC4D8}" = VAIO Content Metadata XML Interface Library
"{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1" = Pokemon Online 2.0.1
"{2C3CE8F0-F4AD-4D54-A520-975309C617E2}" = LG PC Suite III
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{325ED81A-EC15-7CE8-729B-0392A1DD3854}" = CCC Help Czech
"{327B75F0-92AF-420A-988F-FA596A218E0B}" = VAIO Content Folder Watcher
"{36BDB1C2-CC66-41EB-B7DD-76339A7BB046}" = VAIO Edit Components
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCA23DD-CEDA-CC7F-C74C-4D1EDAE919AA}" = Catalyst Control Center Graphics Full New
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{42DD2173-B7CA-8AB3-8AC2-40DFE2CA6FBC}" = CCC Help German
"{430DD2C5-65FD-9781-F9F2-693CAF05CD10}" = Catalyst Control Center InstallProxy
"{4882EBF5-CA37-4EF4-BCB8-9B0E78B907D0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{49B8916D-1DEA-F18A-731F-BF0FE209C63B}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4EEAF8D8-CB79-06CA-A566-EAC1726DAABB}" = CCC Help Finnish
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{540DB82A-EE11-BBC1-8BD8-BB7D937A53A4}" = CCC Help Hungarian
"{547FD64B-98D9-1D8F-9001-BE027E3A7BD8}" = Catalyst Control Center InstallProxy
"{5511C07D-A83C-45AD-92B6-42DF99729A3C}" = Adobe Photoshop Elements 7.0
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5882396B-9FB3-37AC-1AE1-5EA344BD7705}" = Catalyst Control Center Graphics Previews Vista
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5BA149D9-D5FA-5AB3-400B-9F1BF424B7CE}" = CCC Help Chinese Traditional
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{642F96CC-1D3B-20DE-8673-44EE15B3DC2F}" = CCC Help Portuguese
"{64DBE9FE-A07D-41A0-B81A-8D416D9647FF}" = VAIO Content Folder Watcher
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69C8B1E3-2665-4A0F-B049-67746E5C4CE3}" = Software Info for Me&My VAIO
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D26ACF9-4919-0744-C509-28EAF53112D4}" = CCC Help Dutch
"{6EB6A82E-4918-481F-9AF8-3129E6D29B7E}" = Sony Home Network Library
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71256374-2053-CF0F-BD54-20082980B95C}" = Catalyst Control Center Graphics Full Existing
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{72EEB695-388B-4835-8EA6-0C04545B06B9}" = Intel(R) PROSet/Wireless WiFi-Software
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{737D8F4D-24D4-D626-DEC0-9E39A6166890}" = CCC Help Danish
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{74B705C2-173A-FFD1-98BC-AD5FB647AB38}" = CCC Help Polish
"{76D7CCD6-8369-405C-B494-5F34FAE67249}" = Me&My VAIO
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{784BDC03-2D22-BCAE-5CAC-84AFA799FBDE}" = CCC Help Turkish
"{7B79CD75-F848-4B33-83E3-0EE1A1805A8C}" = VAIO Movie Story
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8572CE7D-46B0-70B3-96CD-534F07B35F5D}" = CCC Help Italian
"{85AF94EC-55DE-452A-8FD7-C34E598B3F1F}" = Adobe Premiere Elements 7.0 Templates
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87544F2E-CCA5-01BC-AEBC-D8C1D759EE61}" = CCC Help English
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PROR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_PROR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_PROR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90B38901-52C8-85A7-D6C8-9A5592C9FCAA}" = CCC Help Greek
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9648D00F-0589-619B-6114-BF2A0620168B}" = CCC Help Korean
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = 
"{9805E4EE-9B66-CABD-AF6B-4B84F2A8EF46}" = Skins
"{989ED050-E296-4FDC-9E4E-C48B4AF76E32}" = VAIO Content Metadata Intelligent Analyzing Manager
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AC34FA1-BCDE-1D09-5DB7-EB6A064FDEA9}" = CCC Help Spanish
"{9B973FC0-E71F-6F89-10D6-1BFD063D1707}" = CCC Help Swedish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9EAC0E21-510E-4259-A9C6-F5D5B8969036}" = Catalyst Control Center - Branding
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{A3563827-B0DB-44DC-B037-15CC4E5E692F}" = VAIO Content Metadata XML Interface Library
"{A3979A05-6834-D0A7-75CD-71B5A9E5F4C0}" = Catalyst Control Center Localization All
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A6F21795-E629-35B2-9487-00A8363B28AA}" = Catalyst Control Center Graphics Light
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{AEA6A4C2-7C4E-48F9-A770-879DE2EDEE1B}" = OpenMG Secure Module 5.4.00
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1991F22-4F93-4D11-9866-A7DFE551DF9E}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B3668C08-EBB1-40F4-B4F9-4F8E13501A7D}" = VAIO Entertainment Platform
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.5
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C0AD2831-3398-A078-CBEB-39A6B381BB56}" = CCC Help Japanese
"{C0E18DC4-C74A-4889-AE3A-933471023787}" = LG PC Suite III
"{C18A02EC-966B-E7A7-9AC9-082F770ABF9B}" = CCC Help Russian
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup aktivieren
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C9C390CC-F9B9-EFE8-27DF-6EB7FF8F8760}" = CCC Help Norwegian
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CD431A7B-88D8-0823-E66F-CCFAEA6DA7B4}" = ccc-core-static
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF0F8D1B-5FB9-468D-BD88-E6239906D2B7}" = Click to Disc
"{D035FBF6-FDEF-487D-89CA-6F9DD07B783F}" = Dolby Control Center
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D239B547-8B20-4BDE-888D-C9CCA823FFD8}" = WIDCOMM Bluetooth Software
"{D47E6B9C-F5A5-23B7-AB6A-3806AD4C9529}" = ccc-utility
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D564B5E2-CCB5-4A5C-B35E-2FC30BBC9336}" = Adobe Premiere Elements 7.0
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D613E659-6503-42A8-9617-4F599061EAD5}" = VAIO MusicBox
"{D6DA6836-77C2-5338-10E3-D7A6CD65681D}" = Catalyst Control Center Core Implementation
"{DA8F979E-43B9-3EEC-721C-F297D9509992}" = Catalyst Control Center Graphics Previews Common
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" = 
"{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FE0782BC-7AB0-CF6A-6E38-D3040462C7EC}" = CCC Help French
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"7-Zip" = 7-Zip 9.20
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"dt icon module" = 
"EPSON Scanner" = EPSON Scan
"EPSON SX110 Series" = Druckerdeinstallation für EPSON SX110 Series
"EPSON SX218 Series" = EPSON SX218 Series Printer Uninstall
"EPSON SX218 Series Manual" = EPSON SX218 Series Handbuch
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.21.1212
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Free YouTube Download_is1" = Free YouTube Download version 3.1.42.1212
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{AEA6A4C2-7C4E-48F9-A770-879DE2EDEE1B}" = OpenMG Secure Module 5.4.00
"InstallShield_{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"MarketingTools" = VAIO Marketing Tools
"MFU Module" = 
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NimoCorp" = Nimo Codecs Pack v5.0 (Remove Only)
"PremElem70" = Adobe Premiere Elements 7.0
"PremElem70Templates" = Adobe Premiere Elements 7.0 Templates
"ProInst" = Intel PROSet Wireless
"PROR" = Microsoft Office Professional 2007-Testversion
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"SUPER ©" = SUPER © Version 2010.bld.42 (Nov 7, 2010)
"VAIO Help and Support" = 
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"YTdetect" = Yahoo! Detect
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1033429082-2119218386-936885420-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.05.2013 06:18:41 | Computer Name = Christian-Vaio | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
Error - 13.05.2013 06:28:42 | Computer Name = Christian-Vaio | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.05.2013 06:28:57 | Computer Name = Christian-Vaio | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
Error - 13.05.2013 06:33:22 | Computer Name = Christian-Vaio | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 13.05.2013 06:33:22 | Computer Name = Christian-Vaio | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 13.05.2013 06:33:22 | Computer Name = Christian-Vaio | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 13.05.2013 06:33:22 | Computer Name = Christian-Vaio | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 13.05.2013 06:33:22 | Computer Name = Christian-Vaio | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 13.05.2013 06:33:22 | Computer Name = Christian-Vaio | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 13.05.2013 06:33:22 | Computer Name = Christian-Vaio | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ OSession Events ]
Error - 15.07.2010 17:51:24 | Computer Name = Christian-Vaio | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 15.07.2010 17:52:00 | Computer Name = Christian-Vaio | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 15.07.2010 17:59:46 | Computer Name = Christian-Vaio | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 07.12.2010 14:41:31 | Computer Name = Christian-Vaio | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 8 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 07.12.2010 14:53:46 | Computer Name = Christian-Vaio | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 27.01.2011 05:16:48 | Computer Name = Christian-Vaio | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 12.04.2011 09:46:07 | Computer Name = Christian-Vaio | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.05.2011 13:57:06 | Computer Name = Christian-Vaio | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 2861 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 13.05.2013 06:17:27 | Computer Name = Christian-Vaio | Source = DCOM | ID = 10016
Description = 
 
Error - 13.05.2013 06:17:54 | Computer Name = Christian-Vaio | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.05.2013 06:18:17 | Computer Name = Christian-Vaio | Source = DCOM | ID = 10016
Description = 
 
Error - 13.05.2013 06:28:42 | Computer Name = Christian-Vaio | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.05.2013 06:29:07 | Computer Name = Christian-Vaio | Source = DCOM | ID = 10016
Description = 
 
Error - 13.05.2013 06:29:14 | Computer Name = Christian-Vaio | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
         

LG KlausKlaus

Alt 13.05.2013, 13:09   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F  sowie  TR/Agent.385024.338 - Standard

Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F sowie TR/Agent.385024.338



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:Files
C:\Users\Christian\AppData\Roaming\Xoilq
C:\Users\Christian\AppData\Roaming\Rizur
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.05.2013, 13:37   #15
KlausKlaus
 
Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F  sowie  TR/Agent.385024.338 - Standard

Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F sowie TR/Agent.385024.338



Habe den letzten Schritt wie beschrieben ausgeführt.
Nach ein paar Minuten (während das Programm arbeitete) kam dann ein Fenster, in dem Stand, dass OTL nicht mehr funktioniert und deshalb geschlossen werden muss.
Jetzt habe ich meinen Desktop mit Hintergrundbild aber ohne Icons und Start-/Taskleiste.
Die Maus kann ich auch noch bewegen, aber sonst passiert leider gar nichts mehr.

Soll ich den Computer ausschalten ("killen") und dann einfach nochmal mit OTL den letzten Schritt durchführen?
Oder gibts einen anderen Weg?

LG KlausKlaus

Antwort

Themen zu Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F sowie TR/Agent.385024.338
7-zip, antivir, autorun, avira, bho, branding, ebanking, error, excel, fehler, firefox, flash player, frage, home, iexplore.exe, install.exe, logfile, mp3, problem, realtek, registry, rundll, scan, security, server, software, spotify web helper, super, svchost.exe, vista, wma



Ähnliche Themen: Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F sowie TR/Agent.385024.338


  1. Gemeiner Trojaner HEUR:Exploit.Java.CVE-2013-2423.gen
    Plagegeister aller Art und deren Bekämpfung - 14.07.2015 (15)
  2. Banking Trojaner bei Sparkassen-Onlinebanking
    Log-Analyse und Auswertung - 19.03.2014 (10)
  3. EXP/CVE-2013-2423.HV von AntiVir gefunden, was nun?
    Plagegeister aller Art und deren Bekämpfung - 14.11.2013 (16)
  4. Win XP HEUR:Exploit.Java.CVE-2013/2423.gen
    Log-Analyse und Auswertung - 07.09.2013 (1)
  5. HEUR:Exploit.Java.CVE-2013-2423.gen
    Log-Analyse und Auswertung - 27.07.2013 (19)
  6. AntiVir findet u.a.: TR/Dldr.Dofoil.R.266, JAVA/Dldr.Obfshlp.MA, EXP/CVE-2013-2423.DV, TR/Spy.ZBot.lntt.12, JAVA/Lamar.gta.27
    Log-Analyse und Auswertung - 24.07.2013 (13)
  7. Deinstallieren von : HEUR: Exploit.Java.CVE-2013-2423.gen
    Log-Analyse und Auswertung - 19.06.2013 (7)
  8. TR/Spy.ZBot.lntt.12 und EXP/CVE-2013-2423.J von Avira gefunden
    Log-Analyse und Auswertung - 10.06.2013 (4)
  9. Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun?
    Log-Analyse und Auswertung - 09.06.2013 (19)
  10. Schädlinge "EXP/CVE-2013-2423.J" und "TR/Spy.ZBot.Intt.12" über Avira gefunden
    Log-Analyse und Auswertung - 24.05.2013 (9)
  11. Sparkassen Onlin Banking Virus (Zbot.HEEP, Agent.MIXC, Zbot, Agent.ED)
    Plagegeister aller Art und deren Bekämpfung - 18.05.2013 (21)
  12. variant of Java/Exploit.CVE-2013-2423.Q trojan - Landespolizeidirection-Virus
    Log-Analyse und Auswertung - 12.05.2013 (15)
  13. Trojaner manipuliert Sparkassen-Onlinebanking
    Log-Analyse und Auswertung - 09.01.2013 (1)
  14. Sparkassen Onlinebanking-Virus (TAN-Nummer-Abfrage) und weiterer Systemcheck
    Log-Analyse und Auswertung - 18.10.2011 (55)
  15. Trojaner fordert Tan-Liste bei Sparkassen Onlinebanking
    Log-Analyse und Auswertung - 04.08.2011 (9)
  16. TR/Agent.ar.55 mit Folge beim Onlinebanking
    Log-Analyse und Auswertung - 01.06.2011 (10)
  17. Befall TR/Crypt.ZPACK.Gen sowie Agent.AO.205 und Agent.AO.223
    Log-Analyse und Auswertung - 26.12.2010 (6)

Zum Thema Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F sowie TR/Agent.385024.338 - Hallo liebe Trojaner-Boarder. Bei euch im Forum habe ich schon mehrfach Themen gesehen und gelesen, die Ähnlichkeiten mit meinem Problem haben, speziell die, wo es um Ausspähen von Sparkasse-Daten geht. - Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F sowie TR/Agent.385024.338...
Archiv
Du betrachtest: Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F sowie TR/Agent.385024.338 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.