Home » Viren, Trojaner & Malware Forum » online banking will 20 Tan`s verdacht auf Infostealer.Banker.C » Themenansicht

online banking will 20 Tan`s verdacht auf Infostealer.Banker.C
#0
31.05.2011, 21:11
greenhorn2
Member

Beiträge: 17
#1 Hallo zusammen,

wer kann mir helfen, sobald ich ins online banking gehe geht ein pop up auf der 20 i Tan``s von mir haben will.

Antivir, mc affe und spybot finden nichts.

Danke im Voraus


Bei einem Scan mit Anti Vir wurde u.a ein Java Agent gefunden, ich habe diesen gelöscht.

Code


OTL logfile created on: 01.06.2011 07:08:10 - Run 1
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\Test\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 56,29% Memory free
6,19 Gb Paging File | 4,84 Gb Available in Paging File | 78,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 275,41 Gb Total Space | 122,71 Gb Free Space | 44,55% Space Free | Partition Type: NTFS
Drive D: | 22,66 Gb Total Space | 12,53 Gb Free Space | 55,28% Space Free | Partition Type: FAT32
Drive F: | 550,08 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: DIRKVOPEL-PC | User Name: Test | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\Test\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe (Bytemobile, Inc.)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Google\Google Desktop Search\GoogleDesktopIndex.exe (Google)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)
PRC - C:\Programme\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)
PRC - C:\Programme\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Softex\OmniPass\scureapp.exe ()
PRC - C:\Programme\Softex\OmniPass\opvapp.exe ()
PRC - C:\Programme\Softex\OmniPass\OmniServ.exe (Softex Inc.)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
PRC - C:\Programme\Launch Manager\WButton.exe (Wistron)
PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron)
PRC - C:\Programme\Launch Manager\LaunchAp.exe ()
PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Programme\Launch Manager\OSD.exe (Wistron Corp.)
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\Test\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe (Google)
SRV - (CodeMeter.exe) -- C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)
SRV - (SentinelProtectionServer) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)
SRV - (SentinelKeysServer) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (omniserv) -- C:\Programme\Softex\OmniPass\OmniServ.exe (Softex Inc.)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbfake) -- C:\Windows\System32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (Sentinel) -- C:\Windows\System32\Drivers\SENTINEL.SYS (SafeNet, Inc.)
DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (Cam5607) -- C:\Windows\System32\drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (Si3531) -- C:\Windows\system32\DRIVERS\Si3531.sys (Silicon Image, Inc)
DRV - (SiFilter) -- C:\Windows\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\Windows\system32\DRIVERS\SiRemFil.sys (Silicon Image, Inc.)
DRV - (SNTNLUSB) -- C:\Windows\System32\drivers\SNTNLUSB.SYS (SafeNet, Inc.)
DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys ()
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:59838
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: o2cplayer@eleco.com:2.0.0.56
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.8.20100713041928
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 59838
FF - prefs.js..network.proxy.type: 4
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.03.08 15:09:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2010.08.23 10:35:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.03 21:12:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.14 20:51:46 | 000,000,000 | ---D | M]
 
[2010.11.16 16:49:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Test\AppData\Roaming\mozilla\Extensions
[2011.05.28 08:03:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Test\AppData\Roaming\mozilla\Firefox\Profiles\z2ckxntq.default\extensions
[2010.11.16 21:43:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Test\AppData\Roaming\mozilla\Firefox\Profiles\z2ckxntq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.02.06 22:49:19 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Test\AppData\Roaming\mozilla\Firefox\Profiles\z2ckxntq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.05.28 08:03:11 | 000,000,000 | ---D | M] (O2CPlayer Plugin) -- C:\Users\Test\AppData\Roaming\mozilla\Firefox\Profiles\z2ckxntq.default\extensions\o2cplayer@eleco.com
[2011.05.02 08:51:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.12.10 14:09:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.02.06 22:46:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.05.02 08:51:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- 
[2010.12.10 14:09:03 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.02.06 22:46:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.05.02 08:51:24 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.05.03 21:12:54 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CtrlVol]  File not found
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [PLFSetL]  File not found
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snp2uvc]  File not found
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [toolbar_eula_launcher]  File not found
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [0JUC5I2ZXZ6C0Y9AMPWRKP] C:\syufahusjif\syufahusjif.exe (Wkuf6LzD)
O4 - HKCU..\Run: [1X8C4VXU8ZZC7V4WOUHQFDNICMPMHW]  File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {1241F20B-0688-45A5-ADB2-208AFE4A5DDC} https://goglobal4lic.maklersoftware.com/goglobal/plugins/gg-activex.cab (GO-Global 4)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.04.15 10:35:02 | 000,000,051 | R--- | M] () - F:\AUTORUN.INF -- [ UDF ]
O33 - MountPoints2\{25093e12-8521-11e0-8e20-001e101fe5e1}\Shell - "" = AutoRun
O33 - MountPoints2\{25093e12-8521-11e0-8e20-001e101fe5e1}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{8ff42503-a6e4-11df-974f-001e101f2a27}\Shell - "" = AutoRun
O33 - MountPoints2\{8ff42503-a6e4-11df-974f-001e101f2a27}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9c74ec61-899a-11dd-805d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9c74ec61-899a-11dd-805d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe -04_2011.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011.06.01 07:05:37 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Test\Desktop\OTL.exe
[2011.05.31 20:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011.05.30 21:32:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.05.30 21:32:17 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2011.05.30 21:32:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.05.25 17:35:51 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.05.17 21:22:28 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Local\HP
[2011.05.04 20:31:31 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\Avira
[2011.05.02 08:51:02 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.05.02 08:51:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.05.02 08:51:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2008.07.25 09:00:57 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011.06.01 07:09:59 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A7FEAADD-00F9-48DC-AF31-CEDB3830C84E}.job
[2011.06.01 07:05:50 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Test\Desktop\OTL.exe
[2011.06.01 07:03:19 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.06.01 07:00:19 | 000,056,672 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.06.01 06:59:54 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.06.01 06:59:33 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.01 06:59:32 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.01 06:59:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.01 06:59:13 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.01 00:25:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.31 16:54:12 | 000,002,631 | ---- | M] () -- C:\Users\Test\Desktop\Microsoft Office Word 2007.lnk
[2011.05.30 21:32:30 | 000,001,059 | ---- | M] () -- C:\Users\Test\Desktop\Spybot - Search & Destroy.lnk
[2011.05.25 17:35:51 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.05.25 12:49:54 | 000,632,252 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.25 12:49:54 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.25 12:49:54 | 000,127,464 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.25 12:49:54 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.11 14:27:42 | 000,000,680 | ---- | M] () -- C:\Users\Test\AppData\Local\d3d9caps.dat
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011.05.30 21:32:30 | 000,001,059 | ---- | C] () -- C:\Users\Test\Desktop\Spybot - Search & Destroy.lnk
[2011.03.22 18:56:38 | 000,008,114 | ---- | C] () -- C:\Users\Test\AppData\Roaming\ECA6.C3B
[2010.11.16 20:37:47 | 000,006,144 | ---- | C] () -- C:\Users\Test\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.16 18:33:44 | 000,000,680 | ---- | C] () -- C:\Users\Test\AppData\Local\d3d9caps.dat
[2010.11.16 16:44:38 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.10.21 20:17:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.21 20:17:41 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.10.21 20:17:04 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.01.21 18:54:03 | 000,010,563 | R--- | C] () -- C:\Windows\hpwscr19.dat
[2009.01.21 18:51:13 | 000,202,601 | ---- | C] () -- C:\Windows\hpwins19.dat
[2008.11.08 13:20:09 | 000,406,016 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2008.11.08 13:20:08 | 003,128,320 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2008.11.08 13:20:08 | 000,683,865 | ---- | C] () -- C:\Windows\unins000.exe
[2008.11.08 13:20:08 | 000,001,347 | ---- | C] () -- C:\Windows\unins000.dat
[2008.07.25 09:00:57 | 001,753,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008.07.25 09:00:57 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008.07.25 09:00:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2008.07.17 14:50:28 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI
[2008.07.17 13:56:03 | 000,632,252 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.07.17 13:56:03 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.07.17 13:56:03 | 000,127,464 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.07.17 13:56:03 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.07.17 11:54:02 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2008.07.17 09:35:24 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.07.17 08:04:27 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2008.07.14 11:32:16 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.01.07 16:08:10 | 000,000,997 | R--- | C] () -- C:\Windows\hpwmdl19.dat
[2007.03.29 23:00:40 | 000,203,264 | ---- | C] () -- C:\Windows\System32\CddbCdda.dll
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,509,784 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,598,900 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,914 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1997.05.13 00:00:00 | 001,664,272 | ---- | C] () -- C:\Windows\System32\MSO97V.DLL
[1997.05.13 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL
[1997.05.13 00:00:00 | 000,016,384 | ---- | C] () -- C:\Windows\System32\MSORFS.DLL
[1997.05.13 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010.11.16 23:40:07 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Blackberry Desktop
[2010.11.16 16:48:35 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Bytemobile
[2010.11.16 16:47:59 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\PC Suite
[2010.11.16 23:22:38 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Research In Motion
[2010.11.16 16:48:35 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Vodafone
[2011.01.03 12:42:46 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Vodafone Mobile Connect
[2010.11.16 23:18:09 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Volkswohl Bund
[2011.06.01 06:58:19 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.06.01 07:09:59 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A7FEAADD-00F9-48DC-AF31-CEDB3830C84E}.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >
[/ CODE]

[CODE]

OTL Extras logfile created on: 01.06.2011 07:08:10 - Run 1
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\Test\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 56,29% Memory free
6,19 Gb Paging File | 4,84 Gb Available in Paging File | 78,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 275,41 Gb Total Space | 122,71 Gb Free Space | 44,55% Space Free | Partition Type: NTFS
Drive D: | 22,66 Gb Total Space | 12,53 Gb Free Space | 55,28% Space Free | Partition Type: FAT32
Drive F: | 550,08 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: DIRKVOPEL-PC | User Name: Test | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C0EC973-21A3-49D9-8C64-C7747A14E4FD}" = rport=445 | protocol=6 | dir=out | app=system | 
"{204CA5BD-562E-47ED-88D7-E01A34539E85}" = lport=445 | protocol=6 | dir=in | app=system | 
"{34FFB04E-6376-4DFB-97AD-EA42C1151733}" = rport=137 | protocol=17 | dir=out | app=system | 
"{3A112E0C-0572-4021-BF00-4FF18033E1CF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5624206E-1FCB-48E1-857A-96E3C024D3D6}" = lport=137 | protocol=17 | dir=in | app=system | 
"{651B29D9-3424-4EC6-97C2-069145561A3E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{74BD90A5-FAEB-4762-88ED-7F52C69D764C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7D15ED71-D6C4-468C-8060-3E36AE15E919}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{7EB55A38-785A-46B0-9F1A-58C56B6FBF3B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{8AD10308-7854-42B2-BB04-38E8B7630FF1}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C0BC2B24-3A2D-48CC-91BC-AB3C8439DCC2}" = rport=138 | protocol=17 | dir=out | app=system | 
"{C31E0D44-4D05-4EDA-B2AB-F9BCA73504B6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F75ACA44-EF8F-49A7-BAD9-19981EFED206}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F47084A-C3E6-4524-8008-397409F71DFD}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{1C6836D8-D838-45AD-9596-FB12B6FD93D3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{289F4083-94FF-4FA0-964B-8AD17F302DA2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{2C09D3CF-2A4A-4A4C-8A95-10C37A049CFC}" = protocol=6 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel protection server\winnt\spnsrvnt.exe | 
"{30611AB3-4371-451A-9702-C50EC67E5691}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{4938B0FE-1BE3-4577-BA77-D29B9F752CE8}" = protocol=17 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe | 
"{5063F0A4-1194-4002-AE4D-F3F7E5A90FD6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{638E13D5-AFEF-4D15-AD8D-54F4D294292A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{6EA13D93-701B-4F46-93F3-75F931AAFA3A}" = protocol=17 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel protection server\winnt\spnsrvnt.exe | 
"{728D9C6D-A139-4C8C-A293-53B688AEEFEB}" = protocol=17 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe | 
"{73CA0604-574C-4FDF-A296-09296115BAC2}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{77B738DE-E773-44C6-A281-2105B7DFF58A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{79B91FD3-52A9-4D72-8C31-F170652BCF65}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8580E541-B35F-48EA-8B98-6D21F7530CDF}" = protocol=17 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe | 
"{96EE7343-328E-460B-B372-2B36D01EE775}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe | 
"{9CC3C7EF-F2CA-4D14-AC98-1E1B6AAF8A54}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe | 
"{AFE9DD61-FFB0-48F0-B699-F8282ECD3600}" = protocol=6 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe | 
"{B55B77B4-8F86-4919-8ED0-5D98BF6142F9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C69F6AAB-99EC-40FA-9150-9DE7D43643B7}" = protocol=6 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe | 
"{C7502F25-D77E-45AC-A118-9FB6F5CFC59F}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 
"{C8537798-ECCC-4A56-8C22-0DCEBEA76015}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{D718DCCD-3134-400D-ACD9-390208EFD8AC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{DA7700B3-847B-4043-963A-A2C7631A3A7C}" = protocol=6 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe | 
"{E5A4EF1D-881D-4F92-B6F6-0D72AF6600D6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{EBB42C07-EB97-4E58-A41A-D4D72859E140}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"TCP Query User{11B9E990-876C-44F1-9E92-5072185F37AE}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{2F44794A-E02F-4655-A805-8A8D17C6DC9E}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{4A5C1725-9EA8-436E-8F59-9FCD219D1BD7}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{66B546D4-5C3C-48F2-A03E-DA5E3195D291}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{C684AB47-4059-4196-8522-91240D0E8E2B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{E87ABFE1-4114-43B9-B130-8447084FF6F3}C:\program files\chilirec\chilirec.exe" = protocol=6 | dir=in | app=c:\program files\chilirec\chilirec.exe | 
"TCP Query User{ED421807-2A87-4CA1-8F45-D90311EC6E4C}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{EFA108A7-4A72-48EF-8202-85DE109DF8E2}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{0C56D238-3A69-4B5C-BADE-9367FC921FEE}C:\program files\chilirec\chilirec.exe" = protocol=17 | dir=in | app=c:\program files\chilirec\chilirec.exe | 
"UDP Query User{36EF1361-C2A8-4DAC-891E-00243382CF13}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{5132CDA8-A7E6-47A0-A87B-BDC535D8D6BA}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{5790ABDE-D9F4-417D-86A2-5C1DEFE1E08B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{611BC28B-8BB5-4A4B-A6C1-1B57E4FA279B}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{93B7C806-E78C-4587-A8CD-2780E8B823B6}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{BEFD1092-F3F9-4921-9CD9-3D92D8F90A7E}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{CDCFE905-1F47-4F5E-9BD6-5F9329B7CFF8}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 24
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{335424A2-2C4E-49F3-A066-58635269DB83}" = Sentinel Protection Installer 7.4.2
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Suyin Webcam
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{54613ADC-0DDC-4BFE-8D25-281272D58D5D}" = KV-WIN
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}" = Nokia PC Suite
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}" = Roxio Media Manager
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{88CFEF4F-3BA5-4B1F-BAD9-0C8F82026C96}" = CodeMeter Runtime Kit v3.30b
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}" = BlackBerry Desktop Software 4.2.2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AFA9D219-A7FD-4240-8793-E5C7C9D715F4}" = IKEA Home Planner
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B96DB037-DBEA-4186-9081-9CBD537F82E8}" = 3D-Viewer-innoPlus
"{BD1587F7-B8D0-4111-8F1F-3327628AB02F}" = 3531-W-D
"{BFC1E04D-AA94-4E5F-A220-89209FF0FA3A}" = LV-WIN
"{C20B2271-69D4-11D4-A951-08005AD260A8}" = VOLKSWOHL BUND - Angebotsprogramm Komfort
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.9
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}" = Safari
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{E815FB81-995F-4F33-8E25-F16712123AB7}" = AuthenTec Fingerprint Sensor Minimum Install
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass 5.00.91
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"{FEDE400D-3381-4087-ACCB-689DD8A56123}" = Inst5657
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"5986551A16FD8E9B1B4C89E7AAD17C1BB3196D28" = Windows-Treiberpaket - Nokia Modem  (10/27/2008 7.01.0.1)
"6D296974BAB6CA8429D5E687B292A6DA3E9FBD4A" = Windows-Treiberpaket - Nokia Modem  (10/27/2008 3.9)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BlackBerry_{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}" = BlackBerry Desktop Software 4.2.2
"Chilirec_0" = Chilirec 1.01
"ffdshow_is1" = ffdshow [rev 610][2006-11-27]
"FirstloadIkarus" = Firstload Ikarus
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LetsTrade" = LetsTrade Komponenten
"McAfee Security Scan" = McAfee Security Scan Plus
"Media Markt Fotoservice_is1" = Media Markt Fotoservice 2.6
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Mp3tag" = Mp3tag v2.45a
"neue leben Beratung" = neue leben Beratung
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PROHYBRIDR" = 2007 Microsoft Office system
"REALAXIOM CT_is1" = RealAxiom 3.0.0.43
"REALAXIOM_is1" = RealAxiom 2.1.0.37
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Viewer97" = Microsoft Word Viewer 97
"VLC media player" = VLC media player 0.9.6
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Skat-Online V8" = Skat-Online V8
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 12.01.2011 11:13:23 | Computer Name = DirkVopel-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12.01.2011 11:13:23 | Computer Name = DirkVopel-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 64834983
 
Error - 12.01.2011 11:13:23 | Computer Name = DirkVopel-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 64834983
 
Error - 13.01.2011 01:58:10 | Computer Name = DirkVopel-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 13.01.2011 01:58:32 | Computer Name = DirkVopel-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.01.2011 15:15:30 | Computer Name = DirkVopel-PC | Source = Bonjour Service | ID = 100
Description = WSARecvMsg failed (10038) 
 
Error - 13.01.2011 15:15:35 | Computer Name = DirkVopel-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 13.01.2011 15:16:51 | Computer Name = DirkVopel-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.01.2011 01:04:03 | Computer Name = DirkVopel-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 14.01.2011 01:04:03 | Computer Name = DirkVopel-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 19787354
 
[ ODiag Events ]
Error - 17.11.2010 04:06:50 | Computer Name = DirkVopel-PC | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 3fft. Error code: N/A
 
[ OSession Events ]
Error - 02.08.2009 12:55:39 | Computer Name = DirkVopel-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 69
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 17.11.2010 04:06:49 | Computer Name = DirkVopel-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 211
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 17.11.2010 04:07:29 | Computer Name = DirkVopel-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 21
 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
Dieser Beitrag wurde am 01.06.2011 um 07:29 Uhr von greenhorn2 editiert.
Seitenanfang Seitenende
31.05.2011, 22:18
Gool
Member
Avatar Gool

Beiträge: 4730
#2 http://board.protecus.de/t40182.htm
__________
Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren.
Der Grabsteinschubser
Seitenanfang Seitenende
01.06.2011, 07:37
greenhorn2
Member

Themenstarter

Beiträge: 17
#3 so habe den scan gemacht...

bin ja wirklich mal gespannt.
Seitenanfang Seitenende
01.06.2011, 20:46
greenhorn2
Member

Themenstarter

Beiträge: 17
#4 jetzt noch meine gmer

Code



GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-01 20:48:39
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD32 rev.11.0
Running: ykzwh7z8.exe; Driver: C:\Users\Test\AppData\Local\Temp\uwlyruow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                                      section is writeable [0x8E806340, 0x3ECA97, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[624] ntdll.dll!NtEnumerateValueKey                                           779A46E4 8 Bytes  JMP 0BADAC49 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[624] ntdll.dll!NtQueryDirectoryFile                                          779A4C04 8 Bytes  JMP 0BAE4EDD 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[624] ntdll.dll!NtResumeThread                                                779A5004 8 Bytes  JMP 0BAF61E8 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[624] ntdll.dll!NtSetInformationFile                                          779A5134 8 Bytes  JMP 0BADA993 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[624] ntdll.dll!NtVdmControl                                                  779A5434 8 Bytes  JMP 0BAE4F93 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[624] USER32.dll!TranslateMessage                                             762001AD 8 Bytes  JMP 0BADC43C 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[624] ADVAPI32.dll!CryptEncrypt                                               768EFB99 8 Bytes  JMP 0BAED9E1 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[624] WS2_32.dll!send                                                         764D659B 8 Bytes  JMP 0BAEE31B 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[624] CRYPT32.dll!PFXImportCertStore                                          75A19521 8 Bytes  JMP 0BAE0ABF 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[624] WININET.dll!InternetQueryOptionA                                        77A859AF 8 Bytes  JMP 0BAEE33D 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[624] WININET.dll!InternetCloseHandle                                         77A8B7C4 8 Bytes  JMP 0BAEA9DA 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[624] WININET.dll!HttpQueryInfoA                                              77A8D29A 8 Bytes  JMP 0BAEA485 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[624] WININET.dll!InternetReadFile                                            77A8EA3A 8 Bytes  JMP 0BAF13CA 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[624] WININET.dll!HttpAddRequestHeadersA                                      77A91B9C 8 Bytes  JMP 0BADCA44 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[624] WININET.dll!InternetQueryDataAvailable                                  77A922E4 8 Bytes  JMP 0BAF12DA 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[624] WININET.dll!HttpOpenRequestA                                            77AB5539 8 Bytes  JMP 0BAEA370 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[624] WININET.dll!HttpSendRequestW                                            77AB6109 8 Bytes  JMP 0BAF2BAB 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[624] WININET.dll!InternetReadFileExA                                         77ABB606 8 Bytes  JMP 0BAF14E4 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[624] WININET.dll!InternetWriteFile                                           77ACB146 8 Bytes  JMP 0BAF2D09 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[624] WININET.dll!HttpSendRequestA                                            77AE5770 8 Bytes  JMP 0BAF2A4D 
.text           C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[744] ntdll.dll!NtEnumerateValueKey                    779A46E4 8 Bytes  JMP 0BADAC49 
.text           C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[744] ntdll.dll!NtQueryDirectoryFile                   779A4C04 8 Bytes  JMP 0BAE4EDD 
.text           C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[744] ntdll.dll!NtResumeThread                         779A5004 8 Bytes  JMP 0BAF61E8 
.text           C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[744] ntdll.dll!NtSetInformationFile                   779A5134 8 Bytes  JMP 0BADA993 
.text           C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[744] ntdll.dll!NtVdmControl                           779A5434 8 Bytes  JMP 0BAE4F93 
.text           C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[744] ADVAPI32.dll!CryptEncrypt                        768EFB99 8 Bytes  JMP 0BAED9E1 
.text           C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[744] USER32.dll!TranslateMessage                      762001AD 8 Bytes  JMP 0BADC43C 
.text           C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[744] WS2_32.dll!send                                  764D659B 8 Bytes  JMP 0BAEE31B 
.text           C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[744] crypt32.dll!PFXImportCertStore                   75A19521 8 Bytes  JMP 0BAE0ABF 
.text           C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[744] WININET.dll!InternetQueryOptionA                 77A859AF 8 Bytes  JMP 0BAEE33D 
.text           C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[744] WININET.dll!InternetCloseHandle                  77A8B7C4 8 Bytes  JMP 0BAEA9DA 
.text           C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[744] WININET.dll!HttpQueryInfoA                       77A8D29A 8 Bytes  JMP 0BAEA485 
.text           C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[744] WININET.dll!InternetReadFile                     77A8EA3A 8 Bytes  JMP 0BAF13CA 
.text           C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[744] WININET.dll!HttpAddRequestHeadersA               77A91B9C 8 Bytes  JMP 0BADCA44 
.text           C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[744] WININET.dll!InternetQueryDataAvailable           77A922E4 8 Bytes  JMP 0BAF12DA 
.text           C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[744] WININET.dll!HttpOpenRequestA                     77AB5539 8 Bytes  JMP 0BAEA370 
.text           C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[744] WININET.dll!HttpSendRequestW                     77AB6109 8 Bytes  JMP 0BAF2BAB 
.text           C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[744] WININET.dll!InternetReadFileExA                  77ABB606 8 Bytes  JMP 0BAF14E4 
.text           C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[744] WININET.dll!InternetWriteFile                    77ACB146 8 Bytes  JMP 0BAF2D09 
.text           C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[744] WININET.dll!HttpSendRequestA                     77AE5770 8 Bytes  JMP 0BAF2A4D 
.text           C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[1020] ntdll.dll!NtClose                                  779A4164 5 Bytes  JMP 01A903B2 
.text           C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1296] ntdll.dll!NtEnumerateValueKey                                      779A46E4 8 Bytes  JMP 0BADAC49 
.text           C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1296] ntdll.dll!NtQueryDirectoryFile                                     779A4C04 8 Bytes  JMP 0BAE4EDD 
.text           C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1296] ntdll.dll!NtResumeThread                                           779A5004 8 Bytes  JMP 0BAF61E8 
.text           C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1296] ntdll.dll!NtSetInformationFile                                     779A5134 8 Bytes  JMP 0BADA993 
.text           C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1296] ntdll.dll!NtVdmControl                                             779A5434 8 Bytes  JMP 0BAE4F93 
.text           C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1296] USER32.dll!TranslateMessage                                        762001AD 8 Bytes  JMP 0BADC43C 
.text           C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1296] ADVAPI32.dll!CryptEncrypt                                          768EFB99 8 Bytes  JMP 0BAED9E1 
.text           C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1296] WS2_32.dll!send                                                    764D659B 8 Bytes  JMP 0BAEE31B 
.text           C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1296] CRYPT32.dll!PFXImportCertStore                                     75A19521 8 Bytes  JMP 0BAE0ABF 
.text           C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1296] WININET.dll!InternetQueryOptionA                                   77A859AF 8 Bytes  JMP 0BAEE33D 
.text           C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1296] WININET.dll!InternetCloseHandle                                    77A8B7C4 8 Bytes  JMP 0BAEA9DA 
.text           C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1296] WININET.dll!HttpQueryInfoA                                         77A8D29A 8 Bytes  JMP 0BAEA485 
.text           C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1296] WININET.dll!InternetReadFile                                       77A8EA3A 8 Bytes  JMP 0BAF13CA 
.text           C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1296] WININET.dll!HttpAddRequestHeadersA                                 77A91B9C 8 Bytes  JMP 0BADCA44 
.text           C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1296] WININET.dll!InternetQueryDataAvailable                             77A922E4 8 Bytes  JMP 0BAF12DA 
.text           C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1296] WININET.dll!HttpOpenRequestA                                       77AB5539 8 Bytes  JMP 0BAEA370 
.text           C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1296] WININET.dll!HttpSendRequestW                                       77AB6109 8 Bytes  JMP 0BAF2BAB 
.text           C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1296] WININET.dll!InternetReadFileExA                                    77ABB606 8 Bytes  JMP 0BAF14E4 
.text           C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1296] WININET.dll!InternetWriteFile                                      77ACB146 8 Bytes  JMP 0BAF2D09 
.text           C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1296] WININET.dll!HttpSendRequestA                                       77AE5770 8 Bytes  JMP 0BAF2A4D 
.text           C:\Windows\RtHDVCpl.exe[1856] ntdll.dll!NtEnumerateValueKey                                                                   779A46E4 8 Bytes  JMP 0BADAC49 
.text           C:\Windows\RtHDVCpl.exe[1856] ntdll.dll!NtQueryDirectoryFile                                                                  779A4C04 8 Bytes  JMP 0BAE4EDD 
.text           C:\Windows\RtHDVCpl.exe[1856] ntdll.dll!NtResumeThread                                                                        779A5004 8 Bytes  JMP 0BAF61E8 
.text           C:\Windows\RtHDVCpl.exe[1856] ntdll.dll!NtSetInformationFile                                                                  779A5134 8 Bytes  JMP 0BADA993 
.text           C:\Windows\RtHDVCpl.exe[1856] ntdll.dll!NtVdmControl                                                                          779A5434 8 Bytes  JMP 0BAE4F93 
.text           C:\Windows\RtHDVCpl.exe[1856] ADVAPI32.dll!CryptEncrypt                                                                       768EFB99 8 Bytes  JMP 0BAED9E1 
.text           C:\Windows\RtHDVCpl.exe[1856] USER32.dll!TranslateMessage                                                                     762001AD 8 Bytes  JMP 0BADC43C 
.text           C:\Windows\RtHDVCpl.exe[1856] WS2_32.dll!send                                                                                 764D659B 8 Bytes  JMP 0BAEE31B 
.text           C:\Windows\RtHDVCpl.exe[1856] CRYPT32.dll!PFXImportCertStore                                                                  75A19521 8 Bytes  JMP 0BAE0ABF 
.text           C:\Windows\RtHDVCpl.exe[1856] WININET.dll!InternetQueryOptionA                                                                77A859AF 8 Bytes  JMP 0BAEE33D 
.text           C:\Windows\RtHDVCpl.exe[1856] WININET.dll!InternetCloseHandle                                                                 77A8B7C4 8 Bytes  JMP 0BAEA9DA 
.text           C:\Windows\RtHDVCpl.exe[1856] WININET.dll!HttpQueryInfoA                                                                      77A8D29A 8 Bytes  JMP 0BAEA485 
.text           C:\Windows\RtHDVCpl.exe[1856] WININET.dll!InternetReadFile                                                                    77A8EA3A 8 Bytes  JMP 0BAF13CA 
.text           C:\Windows\RtHDVCpl.exe[1856] WININET.dll!HttpAddRequestHeadersA                                                              77A91B9C 8 Bytes  JMP 0BADCA44 
.text           C:\Windows\RtHDVCpl.exe[1856] WININET.dll!InternetQueryDataAvailable                                                          77A922E4 8 Bytes  JMP 0BAF12DA 
.text           C:\Windows\RtHDVCpl.exe[1856] WININET.dll!HttpOpenRequestA                                                                    77AB5539 8 Bytes  JMP 0BAEA370 
.text           C:\Windows\RtHDVCpl.exe[1856] WININET.dll!HttpSendRequestW                                                                    77AB6109 8 Bytes  JMP 0BAF2BAB 
.text           C:\Windows\RtHDVCpl.exe[1856] WININET.dll!InternetReadFileExA                                                                 77ABB606 8 Bytes  JMP 0BAF14E4 
.text           C:\Windows\RtHDVCpl.exe[1856] WININET.dll!InternetWriteFile                                                                   77ACB146 8 Bytes  JMP 0BAF2D09 
.text           C:\Windows\RtHDVCpl.exe[1856] WININET.dll!HttpSendRequestA                                                                    77AE5770 8 Bytes  JMP 0BAF2A4D 
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2508] ntdll.dll!NtEnumerateValueKey                                           779A46E4 8 Bytes  JMP 0BADAC49 
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2508] ntdll.dll!NtQueryDirectoryFile                                          779A4C04 8 Bytes  JMP 0BAE4EDD 
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2508] ntdll.dll!NtResumeThread                                                779A5004 8 Bytes  JMP 0BAF61E8 
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2508] ntdll.dll!NtSetInformationFile                                          779A5134 8 Bytes  JMP 0BADA993 
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2508] ntdll.dll!NtVdmControl                                                  779A5434 8 Bytes  JMP 0BAE4F93 
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2508] USER32.dll!TranslateMessage                                             762001AD 8 Bytes  JMP 0BADC43C 
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2508] ADVAPI32.dll!CryptEncrypt                                               768EFB99 8 Bytes  JMP 0BAED9E1 
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2508] WS2_32.dll!send                                                         764D659B 8 Bytes  JMP 0BAEE31B 
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2508] WININET.dll!InternetQueryOptionA                                        77A859AF 8 Bytes  JMP 0BAEE33D 
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2508] WININET.dll!InternetCloseHandle                                         77A8B7C4 8 Bytes  JMP 0BAEA9DA 
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2508] WININET.dll!HttpQueryInfoA                                              77A8D29A 8 Bytes  JMP 0BAEA485 
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2508] WININET.dll!InternetReadFile                                            77A8EA3A 8 Bytes  JMP 0BAF13CA 
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2508] WININET.dll!HttpAddRequestHeadersA                                      77A91B9C 8 Bytes  JMP 0BADCA44 
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2508] WININET.dll!InternetQueryDataAvailable                                  77A922E4 8 Bytes  JMP 0BAF12DA 
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2508] WININET.dll!HttpOpenRequestA                                            77AB5539 8 Bytes  JMP 0BAEA370 
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2508] WININET.dll!HttpSendRequestW                                            77AB6109 8 Bytes  JMP 0BAF2BAB 
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2508] WININET.dll!InternetReadFileExA                                         77ABB606 8 Bytes  JMP 0BAF14E4 
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2508] WININET.dll!InternetWriteFile                                           77ACB146 8 Bytes  JMP 0BAF2D09 
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2508] WININET.dll!HttpSendRequestA                                            77AE5770 8 Bytes  JMP 0BAF2A4D 
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2508] CRYPT32.dll!PFXImportCertStore                                          75A19521 8 Bytes  JMP 0BAE0ABF 
.text           C:\Program Files\iTunes\iTunesHelper.exe[2704] ntdll.dll!NtEnumerateValueKey                                                  779A46E4 8 Bytes  JMP 0BADAC49 
.text           C:\Program Files\iTunes\iTunesHelper.exe[2704] ntdll.dll!NtQueryDirectoryFile                                                 779A4C04 8 Bytes  JMP 0BAE4EDD 
.text           C:\Program Files\iTunes\iTunesHelper.exe[2704] ntdll.dll!NtResumeThread                                                       779A5004 8 Bytes  JMP 0BAF61E8 
.text           C:\Program Files\iTunes\iTunesHelper.exe[2704] ntdll.dll!NtSetInformationFile                                                 779A5134 8 Bytes  JMP 0BADA993 
.text           C:\Program Files\iTunes\iTunesHelper.exe[2704] ntdll.dll!NtVdmControl                                                         779A5434 8 Bytes  JMP 0BAE4F93 
.text           C:\Program Files\iTunes\iTunesHelper.exe[2704] ADVAPI32.dll!CryptEncrypt                                                      768EFB99 8 Bytes  JMP 0BAED9E1 
.text           C:\Program Files\iTunes\iTunesHelper.exe[2704] USER32.dll!TranslateMessage                                                    762001AD 8 Bytes  JMP 0BADC43C 
.text           C:\Program Files\iTunes\iTunesHelper.exe[2704] WS2_32.dll!send                                                                764D659B 8 Bytes  JMP 0BAEE31B 
.text           C:\Program Files\iTunes\iTunesHelper.exe[2704] CRYPT32.dll!PFXImportCertStore                                                 75A19521 8 Bytes  JMP 0BAE0ABF 
.text           C:\Program Files\iTunes\iTunesHelper.exe[2704] WININET.DLL!InternetQueryOptionA                                               77A859AF 8 Bytes  JMP 0BAEE33D 
.text           C:\Program Files\iTunes\iTunesHelper.exe[2704] WININET.DLL!InternetCloseHandle                                                77A8B7C4 8 Bytes  JMP 0BAEA9DA 
.text           C:\Program Files\iTunes\iTunesHelper.exe[2704] WININET.DLL!HttpQueryInfoA                                                     77A8D29A 8 Bytes  JMP 0BAEA485 
.text           C:\Program Files\iTunes\iTunesHelper.exe[2704] WININET.DLL!InternetReadFile                                                   77A8EA3A 8 Bytes  JMP 0BAF13CA 
.text           C:\Program Files\iTunes\iTunesHelper.exe[2704] WININET.DLL!HttpAddRequestHeadersA                                             77A91B9C 8 Bytes  JMP 0BADCA44 
.text           C:\Program Files\iTunes\iTunesHelper.exe[2704] WININET.DLL!InternetQueryDataAvailable                                         77A922E4 8 Bytes  JMP 0BAF12DA 
.text           C:\Program Files\iTunes\iTunesHelper.exe[2704] WININET.DLL!HttpOpenRequestA                                                   77AB5539 8 Bytes  JMP 0BAEA370 
.text           C:\Program Files\iTunes\iTunesHelper.exe[2704] WININET.DLL!HttpSendRequestW                                                   77AB6109 8 Bytes  JMP 0BAF2BAB 
.text           C:\Program Files\iTunes\iTunesHelper.exe[2704] WININET.DLL!InternetReadFileExA                                                77ABB606 8 Bytes  JMP 0BAF14E4 
.text           C:\Program Files\iTunes\iTunesHelper.exe[2704] WININET.DLL!InternetWriteFile                                                  77ACB146 8 Bytes  JMP 0BAF2D09 
.text           C:\Program Files\iTunes\iTunesHelper.exe[2704] WININET.DLL!HttpSendRequestA                                                   77AE5770 8 Bytes  JMP 0BAF2A4D 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2904] ntdll.dll!NtEnumerateValueKey                          779A46E4 8 Bytes  JMP 0BADAC49 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2904] ntdll.dll!NtQueryDirectoryFile                         779A4C04 8 Bytes  JMP 0BAE4EDD 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2904] ntdll.dll!NtResumeThread                               779A5004 8 Bytes  JMP 0BAF61E8 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2904] ntdll.dll!NtSetInformationFile                         779A5134 8 Bytes  JMP 0BADA993 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2904] ntdll.dll!NtVdmControl                                 779A5434 8 Bytes  JMP 0BAE4F93 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2904] USER32.dll!TranslateMessage                            762001AD 8 Bytes  JMP 0BADC43C 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2904] ADVAPI32.dll!CryptEncrypt                              768EFB99 8 Bytes  JMP 0BAED9E1 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2904] WS2_32.dll!send                                        764D659B 8 Bytes  JMP 0BAEE31B 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2904] CRYPT32.dll!PFXImportCertStore                         75A19521 8 Bytes  JMP 0BAE0ABF 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2904] WININET.dll!InternetQueryOptionA                       77A859AF 8 Bytes  JMP 0BAEE33D 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2904] WININET.dll!InternetCloseHandle                        77A8B7C4 8 Bytes  JMP 0BAEA9DA 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2904] WININET.dll!HttpQueryInfoA                             77A8D29A 8 Bytes  JMP 0BAEA485 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2904] WININET.dll!InternetReadFile                           77A8EA3A 8 Bytes  JMP 0BAF13CA 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2904] WININET.dll!HttpAddRequestHeadersA                     77A91B9C 8 Bytes  JMP 0BADCA44 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2904] WININET.dll!InternetQueryDataAvailable                 77A922E4 8 Bytes  JMP 0BAF12DA 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2904] WININET.dll!HttpOpenRequestA                           77AB5539 8 Bytes  JMP 0BAEA370 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2904] WININET.dll!HttpSendRequestW                           77AB6109 8 Bytes  JMP 0BAF2BAB 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2904] WININET.dll!InternetReadFileExA                        77ABB606 8 Bytes  JMP 0BAF14E4 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2904] WININET.dll!InternetWriteFile                          77ACB146 8 Bytes  JMP 0BAF2D09 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2904] WININET.dll!HttpSendRequestA                           77AE5770 8 Bytes  JMP 0BAF2A4D 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2948] ntdll.dll!NtEnumerateValueKey                                             779A46E4 8 Bytes  JMP 0BADAC49 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2948] ntdll.dll!NtQueryDirectoryFile                                            779A4C04 8 Bytes  JMP 0BAE4EDD 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2948] ntdll.dll!NtResumeThread                                                  779A5004 8 Bytes  JMP 0BAF61E8 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2948] ntdll.dll!NtSetInformationFile                                            779A5134 8 Bytes  JMP 0BADA993 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2948] ntdll.dll!NtVdmControl                                                    779A5434 8 Bytes  JMP 0BAE4F93 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2948] ADVAPI32.dll!CryptEncrypt                                                 768EFB99 8 Bytes  JMP 0BAED9E1 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2948] USER32.dll!TranslateMessage                                               762001AD 8 Bytes  JMP 0BADC43C 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2948] WININET.dll!InternetQueryOptionA                                          77A859AF 8 Bytes  JMP 0BAEE33D 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2948] WININET.dll!InternetCloseHandle                                           77A8B7C4 8 Bytes  JMP 0BAEA9DA 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2948] WININET.dll!HttpQueryInfoA                                                77A8D29A 8 Bytes  JMP 0BAEA485 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2948] WININET.dll!InternetReadFile                                              77A8EA3A 8 Bytes  JMP 0BAF13CA 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2948] WININET.dll!HttpAddRequestHeadersA                                        77A91B9C 8 Bytes  JMP 0BADCA44 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2948] WININET.dll!InternetQueryDataAvailable                                    77A922E4 8 Bytes  JMP 0BAF12DA 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2948] WININET.dll!HttpOpenRequestA                                              77AB5539 8 Bytes  JMP 0BAEA370 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2948] WININET.dll!HttpSendRequestW                                              77AB6109 8 Bytes  JMP 0BAF2BAB 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2948] WININET.dll!InternetReadFileExA                                           77ABB606 8 Bytes  JMP 0BAF14E4 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2948] WININET.dll!InternetWriteFile                                             77ACB146 8 Bytes  JMP 0BAF2D09 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2948] WININET.dll!HttpSendRequestA                                              77AE5770 8 Bytes  JMP 0BAF2A4D 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2948] WS2_32.dll!send                                                           764D659B 8 Bytes  JMP 0BAEE31B 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2948] CRYPT32.dll!PFXImportCertStore                                            75A19521 8 Bytes  JMP 0BAE0ABF 
.text           C:\Windows\System32\rundll32.exe[3124] ntdll.dll!NtEnumerateValueKey                                                          779A46E4 8 Bytes  JMP 0BADAC49 
.text           C:\Windows\System32\rundll32.exe[3124] ntdll.dll!NtQueryDirectoryFile                                                         779A4C04 8 Bytes  JMP 0BAE4EDD 
.text           C:\Windows\System32\rundll32.exe[3124] ntdll.dll!NtResumeThread                                                               779A5004 8 Bytes  JMP 0BAF61E8 
.text           C:\Windows\System32\rundll32.exe[3124] ntdll.dll!NtSetInformationFile                                                         779A5134 8 Bytes  JMP 0BADA993 
.text           C:\Windows\System32\rundll32.exe[3124] ntdll.dll!NtVdmControl                                                                 779A5434 8 Bytes  JMP 0BAE4F93 
.text           C:\Windows\System32\rundll32.exe[3124] USER32.dll!TranslateMessage                                                            762001AD 8 Bytes  JMP 0BADC43C 
.text           C:\Windows\System32\rundll32.exe[3124] ADVAPI32.dll!CryptEncrypt                                                              768EFB99 8 Bytes  JMP 0BAED9E1 
.text           C:\Windows\System32\rundll32.exe[3124] WS2_32.dll!send                                                                        764D659B 8 Bytes  JMP 0BAEE31B 
.text           C:\Windows\System32\rundll32.exe[3124] CRYPT32.dll!PFXImportCertStore                                                         75A19521 8 Bytes  JMP 0BAE0ABF 
.text           C:\Windows\System32\rundll32.exe[3124] WININET.dll!InternetQueryOptionA                                                       77A859AF 8 Bytes  JMP 0BAEE33D 
.text           C:\Windows\System32\rundll32.exe[3124] WININET.dll!InternetCloseHandle                                                        77A8B7C4 8 Bytes  JMP 0BAEA9DA 
.text           C:\Windows\System32\rundll32.exe[3124] WININET.dll!HttpQueryInfoA                                                             77A8D29A 8 Bytes  JMP 0BAEA485 
.text           C:\Windows\System32\rundll32.exe[3124] WININET.dll!InternetReadFile                                                           77A8EA3A 8 Bytes  JMP 0BAF13CA 
.text           C:\Windows\System32\rundll32.exe[3124] WININET.dll!HttpAddRequestHeadersA                                                     77A91B9C 8 Bytes  JMP 0BADCA44 
.text           C:\Windows\System32\rundll32.exe[3124] WININET.dll!InternetQueryDataAvailable                                                 77A922E4 8 Bytes  JMP 0BAF12DA 
.text           C:\Windows\System32\rundll32.exe[3124] WININET.dll!HttpOpenRequestA                                                           77AB5539 8 Bytes  JMP 0BAEA370 
.text           C:\Windows\System32\rundll32.exe[3124] WININET.dll!HttpSendRequestW                                                           77AB6109 8 Bytes  JMP 0BAF2BAB 
.text           C:\Windows\System32\rundll32.exe[3124] WININET.dll!InternetReadFileExA                                                        77ABB606 8 Bytes  JMP 0BAF14E4 
.text           C:\Windows\System32\rundll32.exe[3124] WININET.dll!InternetWriteFile                                                          77ACB146 8 Bytes  JMP 0BAF2D09 
.text           C:\Windows\System32\rundll32.exe[3124] WININET.dll!HttpSendRequestA                                                           77AE5770 8 Bytes  JMP 0BAF2A4D 
.text           C:\Program Files\Launch Manager\WButton.exe[3184] ntdll.dll!NtEnumerateValueKey                                               779A46E4 8 Bytes  JMP 0BADAC49 
.text           C:\Program Files\Launch Manager\WButton.exe[3184] ntdll.dll!NtQueryDirectoryFile                                              779A4C04 8 Bytes  JMP 0BAE4EDD 
.text           C:\Program Files\Launch Manager\WButton.exe[3184] ntdll.dll!NtResumeThread                                                    779A5004 8 Bytes  JMP 0BAF61E8 
.text           C:\Program Files\Launch Manager\WButton.exe[3184] ntdll.dll!NtSetInformationFile                                              779A5134 8 Bytes  JMP 0BADA993 
.text           C:\Program Files\Launch Manager\WButton.exe[3184] ntdll.dll!NtVdmControl                                                      779A5434 8 Bytes  JMP 0BAE4F93 
.text           C:\Program Files\Launch Manager\WButton.exe[3184] ADVAPI32.dll!CryptEncrypt                                                   768EFB99 8 Bytes  JMP 0BAED9E1 
.text           C:\Program Files\Launch Manager\WButton.exe[3184] USER32.dll!TranslateMessage                                                 762001AD 8 Bytes  JMP 0BADC43C 
.text           C:\Program Files\Launch Manager\WButton.exe[3184] WININET.dll!InternetQueryOptionA                                            77A859AF 8 Bytes  JMP 0BAEE33D 
.text           C:\Program Files\Launch Manager\WButton.exe[3184] WININET.dll!InternetCloseHandle                                             77A8B7C4 8 Bytes  JMP 0BAEA9DA 
.text           C:\Program Files\Launch Manager\WButton.exe[3184] WININET.dll!HttpQueryInfoA                                                  77A8D29A 8 Bytes  JMP 0BAEA485 
.text           C:\Program Files\Launch Manager\WButton.exe[3184] WININET.dll!InternetReadFile                                                77A8EA3A 8 Bytes  JMP 0BAF13CA 
.text           C:\Program Files\Launch Manager\WButton.exe[3184] WININET.dll!HttpAddRequestHeadersA                                          77A91B9C 8 Bytes  JMP 0BADCA44 
.text           C:\Program Files\Launch Manager\WButton.exe[3184] WININET.dll!InternetQueryDataAvailable                                      77A922E4 8 Bytes  JMP 0BAF12DA 
.text           C:\Program Files\Launch Manager\WButton.exe[3184] WININET.dll!HttpOpenRequestA                                                77AB5539 8 Bytes  JMP 0BAEA370 
.text           C:\Program Files\Launch Manager\WButton.exe[3184] WININET.dll!HttpSendRequestW                                                77AB6109 8 Bytes  JMP 0BAF2BAB 
.text           C:\Program Files\Launch Manager\WButton.exe[3184] WININET.dll!InternetReadFileExA                                             77ABB606 8 Bytes  JMP 0BAF14E4 
.text           C:\Program Files\Launch Manager\WButton.exe[3184] WININET.dll!InternetWriteFile                                               77ACB146 8 Bytes  JMP 0BAF2D09 
.text           C:\Program Files\Launch Manager\WButton.exe[3184] WININET.dll!HttpSendRequestA                                                77AE5770 8 Bytes  JMP 0BAF2A4D 
.text           C:\Program Files\Launch Manager\WButton.exe[3184] WS2_32.dll!send                                                             764D659B 8 Bytes  JMP 0BAEE31B 
.text           C:\Program Files\Launch Manager\WButton.exe[3184] CRYPT32.dll!PFXImportCertStore                                              75A19521 8 Bytes  JMP 0BAE0ABF 
.text           C:\Program Files\Softex\OmniPass\scureapp.exe[3200] ntdll.dll!NtEnumerateValueKey                                             779A46E4 8 Bytes  JMP 0BADAC49 
.text           C:\Program Files\Softex\OmniPass\scureapp.exe[3200] ntdll.dll!NtQueryDirectoryFile                                            779A4C04 8 Bytes  JMP 0BAE4EDD 
.text           C:\Program Files\Softex\OmniPass\scureapp.exe[3200] ntdll.dll!NtResumeThread                                                  779A5004 8 Bytes  JMP 0BAF61E8 
.text           C:\Program Files\Softex\OmniPass\scureapp.exe[3200] ntdll.dll!NtSetInformationFile                                            779A5134 8 Bytes  JMP 0BADA993 
.text           C:\Program Files\Softex\OmniPass\scureapp.exe[3200] ntdll.dll!NtVdmControl                                                    779A5434 8 Bytes  JMP 0BAE4F93 
.text           C:\Program Files\Softex\OmniPass\scureapp.exe[3200] USER32.dll!TranslateMessage                                               762001AD 8 Bytes  JMP 0BADC43C 
.text           C:\Program Files\Softex\OmniPass\scureapp.exe[3200] ADVAPI32.dll!CryptEncrypt                                                 768EFB99 8 Bytes  JMP 0BAED9E1 
.text           C:\Program Files\Softex\OmniPass\scureapp.exe[3200] CRYPT32.dll!PFXImportCertStore                                            75A19521 8 Bytes  JMP 0BAE0ABF 
.text           C:\Program Files\Softex\OmniPass\scureapp.exe[3200] WININET.dll!InternetQueryOptionA                                          77A859AF 8 Bytes  JMP 0BAEE33D 
.text           C:\Program Files\Softex\OmniPass\scureapp.exe[3200] WININET.dll!InternetCloseHandle                                           77A8B7C4 8 Bytes  JMP 0BAEA9DA 
.text           C:\Program Files\Softex\OmniPass\scureapp.exe[3200] WININET.dll!HttpQueryInfoA                                                77A8D29A 8 Bytes  JMP 0BAEA485 
.text           C:\Program Files\Softex\OmniPass\scureapp.exe[3200] WININET.dll!InternetReadFile                                              77A8EA3A 8 Bytes  JMP 0BAF13CA 
.text           C:\Program Files\Softex\OmniPass\scureapp.exe[3200] WININET.dll!HttpAddRequestHeadersA                                        77A91B9C 8 Bytes  JMP 0BADCA44 
.text           C:\Program Files\Softex\OmniPass\scureapp.exe[3200] WININET.dll!InternetQueryDataAvailable                                    77A922E4 8 Bytes  JMP 0BAF12DA 
.text           C:\Program Files\Softex\OmniPass\scureapp.exe[3200] WININET.dll!HttpOpenRequestA                                              77AB5539 8 Bytes  JMP 0BAEA370 
.text           C:\Program Files\Softex\OmniPass\scureapp.exe[3200] WININET.dll!HttpSendRequestW                                              77AB6109 8 Bytes  JMP 0BAF2BAB 
.text           C:\Program Files\Softex\OmniPass\scureapp.exe[3200] WININET.dll!InternetReadFileExA                                           77ABB606 8 Bytes  JMP 0BAF14E4 
.text           C:\Program Files\Softex\OmniPass\scureapp.exe[3200] WININET.dll!InternetWriteFile                                             77ACB146 8 Bytes  JMP 0BAF2D09 
.text           C:\Program Files\Softex\OmniPass\scureapp.exe[3200] WININET.dll!HttpSendRequestA                                              77AE5770 8 Bytes  JMP 0BAF2A4D 
.text           C:\Program Files\Softex\OmniPass\scureapp.exe[3200] WS2_32.dll!send                                                           764D659B 8 Bytes  JMP 0BAEE31B 
.text           C:\Program Files\Launch Manager\LaunchAp.exe[3212] ntdll.dll!NtEnumerateValueKey                                              779A46E4 8 Bytes  JMP 0BADAC49 
.text           C:\Program Files\Launch Manager\LaunchAp.exe[3212] ntdll.dll!NtQueryDirectoryFile                                             779A4C04 8 Bytes  JMP 0BAE4EDD 
.text           C:\Program Files\Launch Manager\LaunchAp.exe[3212] ntdll.dll!NtResumeThread                                                   779A5004 8 Bytes  JMP 0BAF61E8 
.text           C:\Program Files\Launch Manager\LaunchAp.exe[3212] ntdll.dll!NtSetInformationFile                                             779A5134 8 Bytes  JMP 0BADA993 
.text           C:\Program Files\Launch Manager\LaunchAp.exe[3212] ntdll.dll!NtVdmControl                                                     779A5434 8 Bytes  JMP 0BAE4F93 
.text           C:\Program Files\Launch Manager\LaunchAp.exe[3212] USER32.dll!TranslateMessage                                                762001AD 8 Bytes  JMP 0BADC43C 
.text           C:\Program Files\Launch Manager\LaunchAp.exe[3212] ADVAPI32.dll!CryptEncrypt                                                  768EFB99 8 Bytes  JMP 0BAED9E1 
.text           C:\Program Files\Launch Manager\LaunchAp.exe[3212] WININET.dll!InternetQueryOptionA                                           77A859AF 8 Bytes  JMP 0BAEE33D 
.text           C:\Program Files\Launch Manager\LaunchAp.exe[3212] WININET.dll!InternetCloseHandle                                            77A8B7C4 8 Bytes  JMP 0BAEA9DA 
.text           C:\Program Files\Launch Manager\LaunchAp.exe[3212] WININET.dll!HttpQueryInfoA                                                 77A8D29A 8 Bytes  JMP 0BAEA485 
.text           C:\Program Files\Launch Manager\LaunchAp.exe[3212] WININET.dll!InternetReadFile                                               77A8EA3A 8 Bytes  JMP 0BAF13CA 
.text           C:\Program Files\Launch Manager\LaunchAp.exe[3212] WININET.dll!HttpAddRequestHeadersA                                         77A91B9C 8 Bytes  JMP 0BADCA44 
.text           C:\Program Files\Launch Manager\LaunchAp.exe[3212] WININET.dll!InternetQueryDataAvailable                                     77A922E4 8 Bytes  JMP 0BAF12DA 
.text           C:\Program Files\Launch Manager\LaunchAp.exe[3212] WININET.dll!HttpOpenRequestA                                               77AB5539 8 Bytes  JMP 0BAEA370 
.text           C:\Program Files\Launch Manager\LaunchAp.exe[3212] WININET.dll!HttpSendRequestW                                               77AB6109 8 Bytes  JMP 0BAF2BAB 
.text           C:\Program Files\Launch Manager\LaunchAp.exe[3212] WININET.dll!InternetReadFileExA                                            77ABB606 8 Bytes  JMP 0BAF14E4 
.text           C:\Program Files\Launch Manager\LaunchAp.exe[3212] WININET.dll!InternetWriteFile                                              77ACB146 8 Bytes  JMP 0BAF2D09 
.text           C:\Program Files\Launch Manager\LaunchAp.exe[3212] WININET.dll!HttpSendRequestA                                               77AE5770 8 Bytes  JMP 0BAF2A4D 
.text           C:\Program Files\Launch Manager\LaunchAp.exe[3212] WS2_32.dll!send                                                            764D659B 8 Bytes  JMP 0BAEE31B 
.text           C:\Program Files\Launch Manager\LaunchAp.exe[3212] CRYPT32.dll!PFXImportCertStore                                             75A19521 8 Bytes  JMP 0BAE0ABF 
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[3244] ntdll.dll!NtEnumerateValueKey                                             779A46E4 8 Bytes  JMP 0BADAC49 
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[3244] ntdll.dll!NtQueryDirectoryFile                                            779A4C04 8 Bytes  JMP 0BAE4EDD 
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[3244] ntdll.dll!NtResumeThread                                                  779A5004 8 Bytes  JMP 0BAF61E8 
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[3244] ntdll.dll!NtSetInformationFile                                            779A5134 8 Bytes  JMP 0BADA993 
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[3244] ntdll.dll!NtVdmControl                                                    779A5434 8 Bytes  JMP 0BAE4F93 
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[3244] USER32.dll!TranslateMessage                                               762001AD 8 Bytes  JMP 0BADC43C 
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[3244] ADVAPI32.dll!CryptEncrypt                                                 768EFB99 8 Bytes  JMP 0BAED9E1 
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[3244] WS2_32.dll!send                                                           764D659B 8 Bytes  JMP 0BAEE31B 
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[3244] WININET.dll!InternetQueryOptionA                                          77A859AF 8 Bytes  JMP 0BAEE33D 
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[3244] WININET.dll!InternetCloseHandle                                           77A8B7C4 8 Bytes  JMP 0BAEA9DA 
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[3244] WININET.dll!HttpQueryInfoA                                                77A8D29A 8 Bytes  JMP 0BAEA485 
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[3244] WININET.dll!InternetReadFile                                              77A8EA3A 8 Bytes  JMP 0BAF13CA 
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[3244] WININET.dll!HttpAddRequestHeadersA                                        77A91B9C 8 Bytes  JMP 0BADCA44 
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[3244] WININET.dll!InternetQueryDataAvailable                                    77A922E4 8 Bytes  JMP 0BAF12DA 
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[3244] WININET.dll!HttpOpenRequestA                                              77AB5539 8 Bytes  JMP 0BAEA370 
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[3244] WININET.dll!HttpSendRequestW                                              77AB6109 8 Bytes  JMP 0BAF2BAB 
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[3244] WININET.dll!InternetReadFileExA                                           77ABB606 8 Bytes  JMP 0BAF14E4 
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[3244] WININET.dll!InternetWriteFile                                             77ACB146 8 Bytes  JMP 0BAF2D09 
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[3244] WININET.dll!HttpSendRequestA                                              77AE5770 8 Bytes  JMP 0BAF2A4D 
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[3244] CRYPT32.dll!PFXImportCertStore                                            75A19521 8 Bytes  JMP 0BAE0ABF 
.text           C:\Program Files\Launch Manager\OSD.exe[3248] ntdll.dll!NtEnumerateValueKey                                                   779A46E4 8 Bytes  JMP 0BADAC49 
.text           C:\Program Files\Launch Manager\OSD.exe[3248] ntdll.dll!NtQueryDirectoryFile                                                  779A4C04 8 Bytes  JMP 0BAE4EDD 
.text           C:\Program Files\Launch Manager\OSD.exe[3248] ntdll.dll!NtResumeThread                                                        779A5004 8 Bytes  JMP 0BAF61E8 
.text           C:\Program Files\Launch Manager\OSD.exe[3248] ntdll.dll!NtSetInformationFile                                                  779A5134 8 Bytes  JMP 0BADA993 
.text           C:\Program Files\Launch Manager\OSD.exe[3248] ntdll.dll!NtVdmControl                                                          779A5434 8 Bytes  JMP 0BAE4F93 
.text           C:\Program Files\Launch Manager\OSD.exe[3248] USER32.dll!TranslateMessage                                                     762001AD 8 Bytes  JMP 0BADC43C 
.text           C:\Program Files\Launch Manager\OSD.exe[3248] ADVAPI32.dll!CryptEncrypt                                                       768EFB99 8 Bytes  JMP 0BAED9E1 
.text           C:\Program Files\Launch Manager\OSD.exe[3248] WININET.dll!InternetQueryOptionA                                                77A859AF 8 Bytes  JMP 0BAEE33D 
.text           C:\Program Files\Launch Manager\OSD.exe[3248] WININET.dll!InternetCloseHandle                                                 77A8B7C4 8 Bytes  JMP 0BAEA9DA 
.text           C:\Program Files\Launch Manager\OSD.exe[3248] WININET.dll!HttpQueryInfoA                                                      77A8D29A 8 Bytes  JMP 0BAEA485 
.text           C:\Program Files\Launch Manager\OSD.exe[3248] WININET.dll!InternetReadFile                                                    77A8EA3A 8 Bytes  JMP 0BAF13CA 
.text           C:\Program Files\Launch Manager\OSD.exe[3248] WININET.dll!HttpAddRequestHeadersA                                              77A91B9C 8 Bytes  JMP 0BADCA44 
.text           C:\Program Files\Launch Manager\OSD.exe[3248] WININET.dll!InternetQueryDataAvailable                                          77A922E4 8 Bytes  JMP 0BAF12DA 
.text           C:\Program Files\Launch Manager\OSD.exe[3248] WININET.dll!HttpOpenRequestA                                                    77AB5539 8 Bytes  JMP 0BAEA370 
.text           C:\Program Files\Launch Manager\OSD.exe[3248] WININET.dll!HttpSendRequestW                                                    77AB6109 8 Bytes  JMP 0BAF2BAB 
.text           C:\Program Files\Launch Manager\OSD.exe[3248] WININET.dll!InternetReadFileExA                                                 77ABB606 8 Bytes  JMP 0BAF14E4 
.text           C:\Program Files\Launch Manager\OSD.exe[3248] WININET.dll!InternetWriteFile                                                   77ACB146 8 Bytes  JMP 0BAF2D09 
.text           C:\Program Files\Launch Manager\OSD.exe[3248] WININET.dll!HttpSendRequestA                                                    77AE5770 8 Bytes  JMP 0BAF2A4D 
.text           C:\Program Files\Launch Manager\OSD.exe[3248] WS2_32.dll!send                                                                 764D659B 8 Bytes  JMP 0BAEE31B 
.text           C:\Program Files\Launch Manager\OSD.exe[3248] CRYPT32.dll!PFXImportCertStore                                                  75A19521 8 Bytes  JMP 0BAE0ABF 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3368] ntdll.dll!NtEnumerateValueKey                                              779A46E4 8 Bytes  JMP 0BADAC49 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3368] ntdll.dll!NtQueryDirectoryFile                                             779A4C04 8 Bytes  JMP 0BAE4EDD 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3368] ntdll.dll!NtResumeThread                                                   779A5004 8 Bytes  JMP 0BAF61E8 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3368] ntdll.dll!NtSetInformationFile                                             779A5134 8 Bytes  JMP 0BADA993 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3368] ntdll.dll!NtVdmControl                                                     779A5434 8 Bytes  JMP 0BAE4F93 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3368] ADVAPI32.dll!CryptEncrypt                                                  768EFB99 8 Bytes  JMP 0BAED9E1 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3368] USER32.dll!TranslateMessage                                                762001AD 8 Bytes  JMP 0BADC43C 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3368] WININET.dll!InternetQueryOptionA                                           77A859AF 8 Bytes  JMP 0BAEE33D 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3368] WININET.dll!InternetCloseHandle                                            77A8B7C4 8 Bytes  JMP 0BAEA9DA 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3368] WININET.dll!HttpQueryInfoA                                                 77A8D29A 8 Bytes  JMP 0BAEA485 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3368] WININET.dll!InternetReadFile                                               77A8EA3A 8 Bytes  JMP 0BAF13CA 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3368] WININET.dll!HttpAddRequestHeadersA                                         77A91B9C 8 Bytes  JMP 0BADCA44 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3368] WININET.dll!InternetQueryDataAvailable                                     77A922E4 8 Bytes  JMP 0BAF12DA 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3368] WININET.dll!HttpOpenRequestA                                               77AB5539 8 Bytes  JMP 0BAEA370 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3368] WININET.dll!HttpSendRequestW                                               77AB6109 8 Bytes  JMP 0BAF2BAB 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3368] WININET.dll!InternetReadFileExA                                            77ABB606 8 Bytes  JMP 0BAF14E4 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3368] WININET.dll!InternetWriteFile                                              77ACB146 8 Bytes  JMP 0BAF2D09 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3368] WININET.dll!HttpSendRequestA                                               77AE5770 8 Bytes  JMP 0BAF2A4D 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3368] CRYPT32.dll!PFXImportCertStore                                             75A19521 8 Bytes  JMP 0BAE0ABF 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3368] WS2_32.dll!send                                                            764D659B 8 Bytes  JMP 0BAEE31B 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3684] ntdll.dll!NtEnumerateValueKey                                779A46E4 8 Bytes  JMP 0BADAC49 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3684] ntdll.dll!NtQueryDirectoryFile                               779A4C04 8 Bytes  JMP 0BAE4EDD 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3684] ntdll.dll!NtResumeThread                                     779A5004 8 Bytes  JMP 0BAF61E8 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3684] ntdll.dll!NtSetInformationFile                               779A5134 8 Bytes  JMP 0BADA993 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3684] ntdll.dll!NtVdmControl                                       779A5434 8 Bytes  JMP 0BAE4F93 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3684] ADVAPI32.dll!CryptEncrypt                                    768EFB99 8 Bytes  JMP 0BAED9E1 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3684] USER32.dll!TranslateMessage                                  762001AD 8 Bytes  JMP 0BADC43C 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3684] WININET.dll!InternetQueryOptionA                             77A859AF 8 Bytes  JMP 0BAEE33D 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3684] WININET.dll!InternetCloseHandle                              77A8B7C4 8 Bytes  JMP 0BAEA9DA 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3684] WININET.dll!HttpQueryInfoA                                   77A8D29A 8 Bytes  JMP 0BAEA485 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3684] WININET.dll!InternetReadFile                                 77A8EA3A 8 Bytes  JMP 0BAF13CA 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3684] WININET.dll!HttpAddRequestHeadersA                           77A91B9C 8 Bytes  JMP 0BADCA44 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3684] WININET.dll!InternetQueryDataAvailable                       77A922E4 8 Bytes  JMP 0BAF12DA 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3684] WININET.dll!HttpOpenRequestA                                 77AB5539 8 Bytes  JMP 0BAEA370 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3684] WININET.dll!HttpSendRequestW                                 77AB6109 8 Bytes  JMP 0BAF2BAB 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3684] WININET.dll!InternetReadFileExA                              77ABB606 8 Bytes  JMP 0BAF14E4 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3684] WININET.dll!InternetWriteFile                                77ACB146 8 Bytes  JMP 0BAF2D09 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3684] WININET.dll!HttpSendRequestA                                 77AE5770 8 Bytes  JMP 0BAF2A4D 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3684] WS2_32.dll!send                                              764D659B 8 Bytes  JMP 0BAEE31B 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3684] CRYPT32.dll!PFXImportCertStore                               75A19521 8 Bytes  JMP 0BAE0ABF 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] ntdll.dll!NtEnumerateValueKey                                     779A46E4 8 Bytes  JMP 0BB6AC49 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] ntdll.dll!NtQueryDirectoryFile                                    779A4C04 8 Bytes  JMP 0BB74EDD 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] ntdll.dll!NtResumeThread                                          779A5004 8 Bytes  JMP 0BB861E8 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] ntdll.dll!NtSetInformationFile                                    779A5134 8 Bytes  JMP 0BB6A993 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] ntdll.dll!NtVdmControl                                            779A5434 8 Bytes  JMP 0BB74F93 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] kernel32.dll!CreateFileW                                          7643AECB 8 Bytes  JMP 0BB75DF3 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] ADVAPI32.dll!CryptEncrypt                                         768EFB99 8 Bytes  JMP 0BB7D9E1 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] WS2_32.dll!send                                                   764D659B 8 Bytes  JMP 0BB7E31B 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] USER32.dll!GetWindowInfo                                          761F428E 5 Bytes  JMP 60E57187 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] USER32.dll!TranslateMessage                                       762001AD 8 Bytes  JMP 0BB6C43C 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] USER32.dll!TrackPopupMenu                                         762014F3 5 Bytes  JMP 60E57781 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[3792] CRYPT32.dll!PFXImportCertStore                                    75A19521 8 Bytes  JMP 0BB70ABF 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3904] ntdll.dll!LdrLoadDll                                                       779693A8 5 Bytes  JMP 000D1410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3904] ntdll.dll!NtEnumerateValueKey                                              779A46E4 8 Bytes  JMP 0BB6AC49 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3904] ntdll.dll!NtQueryDirectoryFile                                             779A4C04 8 Bytes  JMP 0BB74EDD 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3904] ntdll.dll!NtResumeThread                                                   779A5004 8 Bytes  JMP 0BB861E8 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3904] ntdll.dll!NtSetInformationFile                                             779A5134 8 Bytes  JMP 0BB6A993 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3904] ntdll.dll!NtVdmControl                                                     779A5434 8 Bytes  JMP 0BB74F93 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3904] kernel32.dll!CreateFileW                                                   7643AECB 8 Bytes  JMP 0BB75DF3 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3904] ADVAPI32.dll!CryptEncrypt                                                  768EFB99 8 Bytes  JMP 0BB7D9E1 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3904] WS2_32.dll!send                                                            764D659B 8 Bytes  JMP 0BB7E31B 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3904] USER32.dll!TranslateMessage                                                762001AD 8 Bytes  JMP 0BB6C43C 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3904] CRYPT32.dll!PFXImportCertStore                                             75A19521 8 Bytes  JMP 0BB70ABF 
.text           C:\Windows\system32\Dwm.exe[3912] ntdll.dll!NtEnumerateValueKey                                                               779A46E4 8 Bytes  JMP 0BADAC49 
.text           C:\Windows\system32\Dwm.exe[3912] ntdll.dll!NtQueryDirectoryFile                                                              779A4C04 8 Bytes  JMP 0BAE4EDD 
.text           C:\Windows\system32\Dwm.exe[3912] ntdll.dll!NtResumeThread                                                                    779A5004 8 Bytes  JMP 0BAF61E8 
.text           C:\Windows\system32\Dwm.exe[3912] ntdll.dll!NtSetInformationFile                                                              779A5134 8 Bytes  JMP 0BADA993 
.text           C:\Windows\system32\Dwm.exe[3912] ntdll.dll!NtVdmControl                                                                      779A5434 8 Bytes  JMP 0BAE4F93 
.text           C:\Windows\system32\Dwm.exe[3912] ADVAPI32.dll!CryptEncrypt                                                                   768EFB99 8 Bytes  JMP 0BAED9E1 
.text           C:\Windows\system32\Dwm.exe[3912] USER32.dll!TranslateMessage                                                                 762001AD 8 Bytes  JMP 0BADC43C 
.text           C:\Windows\system32\Dwm.exe[3912] WS2_32.dll!send                                                                             764D659B 8 Bytes  JMP 0BAEE31B 
.text           C:\Windows\system32\Dwm.exe[3912] CRYPT32.dll!PFXImportCertStore                                                              75A19521 8 Bytes  JMP 0BAE0ABF 
.text           C:\Windows\system32\Dwm.exe[3912] WININET.dll!InternetQueryOptionA                                                            77A859AF 8 Bytes  JMP 0BAEE33D 
.text           C:\Windows\system32\Dwm.exe[3912] WININET.dll!InternetCloseHandle                                                             77A8B7C4 8 Bytes  JMP 0BAEA9DA 
.text           C:\Windows\system32\Dwm.exe[3912] WININET.dll!HttpQueryInfoA                                                                  77A8D29A 8 Bytes  JMP 0BAEA485 
.text           C:\Windows\system32\Dwm.exe[3912] WININET.dll!InternetReadFile                                                                77A8EA3A 8 Bytes  JMP 0BAF13CA 
.text           C:\Windows\system32\Dwm.exe[3912] WININET.dll!HttpAddRequestHeadersA                                                          77A91B9C 8 Bytes  JMP 0BADCA44 
.text           C:\Windows\system32\Dwm.exe[3912] WININET.dll!InternetQueryDataAvailable                                                      77A922E4 8 Bytes  JMP 0BAF12DA 
.text           C:\Windows\system32\Dwm.exe[3912] WININET.dll!HttpOpenRequestA                                                                77AB5539 8 Bytes  JMP 0BAEA370 
.text           C:\Windows\system32\Dwm.exe[3912] WININET.dll!HttpSendRequestW                                                                77AB6109 8 Bytes  JMP 0BAF2BAB 
.text           C:\Windows\system32\Dwm.exe[3912] WININET.dll!InternetReadFileExA                                                             77ABB606 8 Bytes  JMP 0BAF14E4 
.text           C:\Windows\system32\Dwm.exe[3912] WININET.dll!InternetWriteFile                                                               77ACB146 8 Bytes  JMP 0BAF2D09 
.text           C:\Windows\system32\Dwm.exe[3912] WININET.dll!HttpSendRequestA                                                                77AE5770 8 Bytes  JMP 0BAF2A4D 
.text           C:\Windows\system32\taskeng.exe[3960] ntdll.dll!NtEnumerateValueKey                                                           779A46E4 8 Bytes  JMP 0BADAC49 
.text           C:\Windows\system32\taskeng.exe[3960] ntdll.dll!NtQueryDirectoryFile                                                          779A4C04 8 Bytes  JMP 0BAE4EDD 
.text           C:\Windows\system32\taskeng.exe[3960] ntdll.dll!NtResumeThread                                                                779A5004 8 Bytes  JMP 0BAF61E8 
.text           C:\Windows\system32\taskeng.exe[3960] ntdll.dll!NtSetInformationFile                                                          779A5134 8 Bytes  JMP 0BADA993 
.text           C:\Windows\system32\taskeng.exe[3960] ntdll.dll!NtVdmControl                                                                  779A5434 8 Bytes  JMP 0BAE4F93 
.text           C:\Windows\system32\taskeng.exe[3960] ADVAPI32.dll!CryptEncrypt                                                               768EFB99 8 Bytes  JMP 0BAED9E1 
.text           C:\Windows\system32\taskeng.exe[3960] USER32.dll!TranslateMessage                                                             762001AD 8 Bytes  JMP 0BADC43C 
.text           C:\Windows\system32\taskeng.exe[3960] WS2_32.dll!send                                                                         764D659B 8 Bytes  JMP 0BAEE31B 
.text           C:\Windows\system32\taskeng.exe[3960] CRYPT32.dll!PFXImportCertStore                                                          75A19521 8 Bytes  JMP 0BAE0ABF 
.text           C:\Windows\system32\taskeng.exe[3960] WININET.dll!InternetQueryOptionA                                                        77A859AF 8 Bytes  JMP 0BAEE33D 
.text           C:\Windows\system32\taskeng.exe[3960] WININET.dll!InternetCloseHandle                                                         77A8B7C4 8 Bytes  JMP 0BAEA9DA 
.text           C:\Windows\system32\taskeng.exe[3960] WININET.dll!HttpQueryInfoA                                                              77A8D29A 8 Bytes  JMP 0BAEA485 
.text           C:\Windows\system32\taskeng.exe[3960] WININET.dll!InternetReadFile                                                            77A8EA3A 8 Bytes  JMP 0BAF13CA 
.text           C:\Windows\system32\taskeng.exe[3960] WININET.dll!HttpAddRequestHeadersA                                                      77A91B9C 8 Bytes  JMP 0BADCA44 
.text           C:\Windows\system32\taskeng.exe[3960] WININET.dll!InternetQueryDataAvailable                                                  77A922E4 8 Bytes  JMP 0BAF12DA 
.text           C:\Windows\system32\taskeng.exe[3960] WININET.dll!HttpOpenRequestA                                                            77AB5539 8 Bytes  JMP 0BAEA370 
.text           C:\Windows\system32\taskeng.exe[3960] WININET.dll!HttpSendRequestW                                                            77AB6109 8 Bytes  JMP 0BAF2BAB 
.text           C:\Windows\system32\taskeng.exe[3960] WININET.dll!InternetReadFileExA                                                         77ABB606 8 Bytes  JMP 0BAF14E4 
.text           C:\Windows\system32\taskeng.exe[3960] WININET.dll!InternetWriteFile                                                           77ACB146 8 Bytes  JMP 0BAF2D09 
.text           C:\Windows\system32\taskeng.exe[3960] WININET.dll!HttpSendRequestA                                                            77AE5770 8 Bytes  JMP 0BAF2A4D 
.text           C:\Windows\Explorer.EXE[3972] ntdll.dll!NtEnumerateValueKey                                                                   779A46E4 8 Bytes  JMP 0BB6AC49 
.text           C:\Windows\Explorer.EXE[3972] ntdll.dll!NtQueryDirectoryFile                                                                  779A4C04 8 Bytes  JMP 0BB74EDD 
.text           C:\Windows\Explorer.EXE[3972] ntdll.dll!NtResumeThread                                                                        779A5004 8 Bytes  JMP 0BB861E8 
.text           C:\Windows\Explorer.EXE[3972] ntdll.dll!NtSetInformationFile                                                                  779A5134 8 Bytes  JMP 0BB6A993 
.text           C:\Windows\Explorer.EXE[3972] ntdll.dll!NtVdmControl                                                                          779A5434 8 Bytes  JMP 0BB74F93 
.text           C:\Windows\Explorer.EXE[3972] ADVAPI32.dll!CryptEncrypt                                                                       768EFB99 8 Bytes  JMP 0BB7D9E1 
.text           C:\Windows\Explorer.EXE[3972] USER32.dll!TranslateMessage                                                                     762001AD 8 Bytes  JMP 0BB6C43C 
.text           C:\Windows\Explorer.EXE[3972] WS2_32.dll!send                                                                                 764D659B 8 Bytes  JMP 0BB7E31B 
.text           C:\Windows\Explorer.EXE[3972] CRYPT32.dll!PFXImportCertStore                                                                  75A19521 8 Bytes  JMP 0BB70ABF 
.text           C:\Windows\Explorer.EXE[3972] WININET.dll!InternetCloseHandle                                                                 77A8B7C4 8 Bytes  JMP 0BB7A9DA 
.text           C:\Windows\Explorer.EXE[3972] WININET.dll!HttpSendRequestW                                                                    77AB6109 8 Bytes  JMP 0BB82BAB 
.text           C:\Windows\Explorer.EXE[3972] WININET.dll!InternetWriteFile                                                                   77ACB146 8 Bytes  JMP 0BB82D09 
.text           C:\Windows\Explorer.EXE[3972] WININET.dll!HttpSendRequestA                                                                    77AE5770 8 Bytes  JMP 0BB82A4D 
.text           C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4008] ntdll.dll!NtEnumerateValueKey                           779A46E4 8 Bytes  JMP 0BADAC49 
.text           C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4008] ntdll.dll!NtQueryDirectoryFile                          779A4C04 8 Bytes  JMP 0BAE4EDD 
.text           C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4008] ntdll.dll!NtResumeThread                                779A5004 8 Bytes  JMP 0BAF61E8 
.text           C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4008] ntdll.dll!NtSetInformationFile                          779A5134 8 Bytes  JMP 0BADA993 
.text           C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4008] ntdll.dll!NtVdmControl                                  779A5434 8 Bytes  JMP 0BAE4F93 
.text           C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4008] ADVAPI32.dll!CryptEncrypt                               768EFB99 8 Bytes  JMP 0BAED9E1 
.text           C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4008] USER32.dll!TranslateMessage                             762001AD 8 Bytes  JMP 0BADC43C 
.text           C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4008] WS2_32.dll!send                                         764D659B 8 Bytes  JMP 0BAEE31B 
.text           C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4008] WININET.dll!InternetQueryOptionA                        77A859AF 8 Bytes  JMP 0BAEE33D 
.text           C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4008] WININET.dll!InternetCloseHandle                         77A8B7C4 8 Bytes  JMP 0BAEA9DA 
.text           C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4008] WININET.dll!HttpQueryInfoA                              77A8D29A 8 Bytes  JMP 0BAEA485 
.text           C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4008] WININET.dll!InternetReadFile                            77A8EA3A 8 Bytes  JMP 0BAF13CA 
.text           C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4008] WININET.dll!HttpAddRequestHeadersA                      77A91B9C 8 Bytes  JMP 0BADCA44 
.text           C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4008] WININET.dll!InternetQueryDataAvailable                  77A922E4 8 Bytes  JMP 0BAF12DA 
.text           C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4008] WININET.dll!HttpOpenRequestA                            77AB5539 8 Bytes  JMP 0BAEA370 
.text           C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4008] WININET.dll!HttpSendRequestW                            77AB6109 8 Bytes  JMP 0BAF2BAB 
.text           C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4008] WININET.dll!InternetReadFileExA                         77ABB606 8 Bytes  JMP 0BAF14E4 
.text           C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4008] WININET.dll!InternetWriteFile                           77ACB146 8 Bytes  JMP 0BAF2D09 
.text           C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4008] WININET.dll!HttpSendRequestA                            77AE5770 8 Bytes  JMP 0BAF2A4D 
.text           C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4008] CRYPT32.dll!PFXImportCertStore                          75A19521 8 Bytes  JMP 0BAE0ABF 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4224] ntdll.dll!NtEnumerateValueKey                                      779A46E4 8 Bytes  JMP 0BADAC49 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4224] ntdll.dll!NtQueryDirectoryFile                                     779A4C04 8 Bytes  JMP 0BAE4EDD 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4224] ntdll.dll!NtResumeThread                                           779A5004 8 Bytes  JMP 0BAF61E8 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4224] ntdll.dll!NtSetInformationFile                                     779A5134 8 Bytes  JMP 0BADA993 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4224] ntdll.dll!NtVdmControl                                             779A5434 8 Bytes  JMP 0BAE4F93 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4224] ADVAPI32.dll!CryptEncrypt                                          768EFB99 8 Bytes  JMP 0BAED9E1 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4224] USER32.dll!TranslateMessage                                        762001AD 8 Bytes  JMP 0BADC43C 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4224] WS2_32.dll!send                                                    764D659B 8 Bytes  JMP 0BAEE31B 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4224] CRYPT32.dll!PFXImportCertStore                                     75A19521 8 Bytes  JMP 0BAE0ABF 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4224] WININET.dll!InternetQueryOptionA                                   77A859AF 8 Bytes  JMP 0BAEE33D 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4224] WININET.dll!InternetCloseHandle                                    77A8B7C4 8 Bytes  JMP 0BAEA9DA 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4224] WININET.dll!HttpQueryInfoA                                         77A8D29A 8 Bytes  JMP 0BAEA485 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4224] WININET.dll!InternetReadFile                                       77A8EA3A 8 Bytes  JMP 0BAF13CA 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4224] WININET.dll!HttpAddRequestHeadersA                                 77A91B9C 8 Bytes  JMP 0BADCA44 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4224] WININET.dll!InternetQueryDataAvailable                             77A922E4 8 Bytes  JMP 0BAF12DA 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4224] WININET.dll!HttpOpenRequestA                                       77AB5539 8 Bytes  JMP 0BAEA370 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4224] WININET.dll!HttpSendRequestW                                       77AB6109 8 Bytes  JMP 0BAF2BAB 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4224] WININET.dll!InternetReadFileExA                                    77ABB606 8 Bytes  JMP 0BAF14E4 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4224] WININET.dll!InternetWriteFile                                      77ACB146 8 Bytes  JMP 0BAF2D09 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4224] WININET.dll!HttpSendRequestA                                       77AE5770 8 Bytes  JMP 0BAF2A4D 
.text           C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[4268] ntdll.dll!NtEnumerateValueKey                             779A46E4 8 Bytes  JMP 0BADAC49 
.text           C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[4268] ntdll.dll!NtQueryDirectoryFile                            779A4C04 8 Bytes  JMP 0BAE4EDD 
.text           C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[4268] ntdll.dll!NtResumeThread                                  779A5004 8 Bytes  JMP 0BAF61E8 
.text           C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[4268] ntdll.dll!NtSetInformationFile                            779A5134 8 Bytes  JMP 0BADA993 
.text           C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[4268] ntdll.dll!NtVdmControl                                    779A5434 8 Bytes  JMP 0BAE4F93 
.text           C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[4268] USER32.dll!TranslateMessage                               762001AD 8 Bytes  JMP 0BADC43C 
.text           C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[4268] ADVAPI32.dll!CryptEncrypt                                 768EFB99 8 Bytes  JMP 0BAED9E1 
.text           C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[4268] WS2_32.dll!send                                           764D659B 8 Bytes  JMP 0BAEE31B 
.text           C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[4268] CRYPT32.dll!PFXImportCertStore                            75A19521 8 Bytes  JMP 0BAE0ABF 
.text           C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[4268] WININET.dll!InternetQueryOptionA                          77A859AF 8 Bytes  JMP 0BAEE33D 
.text           C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[4268] WININET.dll!InternetCloseHandle                           77A8B7C4 8 Bytes  JMP 0BAEA9DA 
.text           C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[4268] WININET.dll!HttpQueryInfoA                                77A8D29A 8 Bytes  JMP 0BAEA485 
.text           C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[4268] WININET.dll!InternetReadFile                              77A8EA3A 8 Bytes  JMP 0BAF13CA 
.text           C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[4268] WININET.dll!HttpAddRequestHeadersA                        77A91B9C 8 Bytes  JMP 0BADCA44 
.text           C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[4268] WININET.dll!InternetQueryDataAvailable                    77A922E4 8 Bytes  JMP 0BAF12DA 
.text           C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[4268] WININET.dll!HttpOpenRequestA                              77AB5539 8 Bytes  JMP 0BAEA370 
.text           C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[4268] WININET.dll!HttpSendRequestW                              77AB6109 8 Bytes  JMP 0BAF2BAB 
.text           C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[4268] WININET.dll!InternetReadFileExA                           77ABB606 8 Bytes  JMP 0BAF14E4 
.text           C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[4268] WININET.dll!InternetWriteFile                             77ACB146 8 Bytes  JMP 0BAF2D09 
.text           C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[4268] WININET.dll!HttpSendRequestA                              77AE5770 8 Bytes  JMP 0BAF2A4D 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4532] ntdll.dll!NtEnumerateValueKey                                      779A46E4 8 Bytes  JMP 0BADAC49 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4532] ntdll.dll!NtQueryDirectoryFile                                     779A4C04 8 Bytes  JMP 0BAE4EDD 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4532] ntdll.dll!NtResumeThread                                           779A5004 8 Bytes  JMP 0BAF61E8 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4532] ntdll.dll!NtSetInformationFile                                     779A5134 8 Bytes  JMP 0BADA993 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4532] ntdll.dll!NtVdmControl                                             779A5434 8 Bytes  JMP 0BAE4F93 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4532] USER32.dll!TranslateMessage                                        762001AD 8 Bytes  JMP 0BADC43C 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4532] ADVAPI32.dll!CryptEncrypt                                          768EFB99 8 Bytes  JMP 0BAED9E1 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4532] WS2_32.dll!send                                                    764D659B 8 Bytes  JMP 0BAEE31B 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4532] CRYPT32.dll!PFXImportCertStore                                     75A19521 8 Bytes  JMP 0BAE0ABF 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4532] WININET.dll!InternetQueryOptionA                                   77A859AF 8 Bytes  JMP 0BAEE33D 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4532] WININET.dll!InternetCloseHandle                                    77A8B7C4 8 Bytes  JMP 0BAEA9DA 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4532] WININET.dll!HttpQueryInfoA                                         77A8D29A 8 Bytes  JMP 0BAEA485 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4532] WININET.dll!InternetReadFile                                       77A8EA3A 8 Bytes  JMP 0BAF13CA 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4532] WININET.dll!HttpAddRequestHeadersA                                 77A91B9C 8 Bytes  JMP 0BADCA44 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4532] WININET.dll!InternetQueryDataAvailable                             77A922E4 8 Bytes  JMP 0BAF12DA 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4532] WININET.dll!HttpOpenRequestA                                       77AB5539 8 Bytes  JMP 0BAEA370 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4532] WININET.dll!HttpSendRequestW                                       77AB6109 8 Bytes  JMP 0BAF2BAB 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4532] WININET.dll!InternetReadFileExA                                    77ABB606 8 Bytes  JMP 0BAF14E4 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4532] WININET.dll!InternetWriteFile                                      77ACB146 8 Bytes  JMP 0BAF2D09 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4532] WININET.dll!HttpSendRequestA                                       77AE5770 8 Bytes  JMP 0BAF2A4D 
.text           C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe[5692] ntdll.dll!NtEnumerateValueKey           779A46E4 8 Bytes  JMP 0BADAC49 
.text           C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe[5692] ntdll.dll!NtQueryDirectoryFile          779A4C04 8 Bytes  JMP 0BAE4EDD 
.text           C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe[5692] ntdll.dll!NtResumeThread                779A5004 8 Bytes  JMP 0BAF61E8 
.text           C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe[5692] ntdll.dll!NtSetInformationFile          779A5134 8 Bytes  JMP 0BADA993 
.text           C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe[5692] ntdll.dll!NtVdmControl                  779A5434 8 Bytes  JMP 0BAE4F93 
.text           C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe[5692] USER32.dll!TranslateMessage             762001AD 8 Bytes  JMP 0BADC43C 
.text           C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe[5692] ADVAPI32.dll!CryptEncrypt               768EFB99 8 Bytes  JMP 0BAED9E1 
.text           C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe[5692] WS2_32.dll!send                         764D659B 8 Bytes  JMP 0BAEE31B 
.text           C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe[5692] CRYPT32.dll!PFXImportCertStore          75A19521 8 Bytes  JMP 0BAE0ABF 
.text           C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe[5692] WININET.dll!InternetQueryOptionA        77A859AF 8 Bytes  JMP 0BAEE33D 
.text           C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe[5692] WININET.dll!InternetCloseHandle         77A8B7C4 8 Bytes  JMP 0BAEA9DA 
.text           C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe[5692] WININET.dll!HttpQueryInfoA              77A8D29A 8 Bytes  JMP 0BAEA485 
.text           C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe[5692] WININET.dll!InternetReadFile            77A8EA3A 8 Bytes  JMP 0BAF13CA 
.text           C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe[5692] WININET.dll!HttpAddRequestHeadersA      77A91B9C 8 Bytes  JMP 0BADCA44 
.text           C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe[5692] WININET.dll!InternetQueryDataAvailable  77A922E4 8 Bytes  JMP 0BAF12DA 
.text           C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe[5692] WININET.dll!HttpOpenRequestA            77AB5539 8 Bytes  JMP 0BAEA370 
.text           C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe[5692] WININET.dll!HttpSendRequestW            77AB6109 8 Bytes  JMP 0BAF2BAB 
.text           C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe[5692] WININET.dll!InternetReadFileExA         77ABB606 8 Bytes  JMP 0BAF14E4 
.text           C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe[5692] WININET.dll!InternetWriteFile           77ACB146 8 Bytes  JMP 0BAF2D09 
.text           C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe[5692] WININET.dll!HttpSendRequestA            77AE5770 8 Bytes  JMP 0BAF2A4D 

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                       Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                       Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                       tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                      fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@{!s!\30!r!{!`!t!c!i!\24!t!j!s!y!s!\24!                     19583823

---- EOF - GMER 1.0.15 ----
Seitenanfang Seitenende
06.06.2011, 19:30
greenhorn2
Member

Themenstarter

Beiträge: 17
#5 kann mir niemand helfen ? oder habe ich etwas falsch gemacht ?

Wäre für Hilfe sehr dankbar
Seitenanfang Seitenende
06.06.2011, 20:00
Swisstreasure
Moderator

Beiträge: 5694
#6 Malwarebytes Anti-Malware

Lade MBAM herunter, installiere es und wähle bei Reiter:

-> “Update“> “Suche nach Aktualisierungen“
-> “Einstellungen“> “Beende Internet Explorer während des Löschvorgangs“
-> “Scanner”> "Quickscan durchfuehren".

Wenn am Ende Infizierungen gefunden werden, diese anhaken und entfernen lassen. Starte dein Rechner neu
Seitenanfang Seitenende
06.06.2011, 22:49
greenhorn2
Member

Themenstarter

Beiträge: 17
#7 hab ich gemacht und es wurden drei Trojaner gefunden, habe sie gelöscht jetzt wird nicht mehr angeziegt.

Erstmal vielen vielen Dank, denkst Du ich kann mein online Banking jetzt wieder aktivieren ?

Werde es dann testen, wenn gut dann gut sonst melde ich mich wieder.


Also nochmal tausend Dank bis hierher
Seitenanfang Seitenende
06.06.2011, 23:12
Swisstreasure
Moderator

Beiträge: 5694
#8 Poste das Log.
Seitenanfang Seitenende
06.06.2011, 23:39
greenhorn2
Member

Themenstarter

Beiträge: 17
#9 hier das log

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6788

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

06.06.2011 22:31:49
mbam-log-2011-06-06 (22-31-49).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 199265
Laufzeit: 8 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\syufahusjif (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\syufahusjif\syufahusjif.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.
c:\syufahusjif\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.
Seitenanfang Seitenende
09.06.2011, 15:48
Swisstreasure
Moderator

Beiträge: 5694
#10 Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Lade ComboFix von einem der unten aufgeführten Links herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.

BleepingComputer
ForoSpyware**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**




• Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
• Doppel-klicke auf ComboFix.exe und folge den Aufforderungen.
• Wenn ComboFix fertig ist, wird es ein Log für dich erstellen.
• Bitte poste mir den Inhalt von C:\ComboFix.txt hier in de Thread.
Seitenanfang Seitenende
09.06.2011, 17:46
greenhorn2
Member

Themenstarter

Beiträge: 17
#11 hallo habe gerade super problem mit meinem bildschrim der geht nach 30 min immer aus daher kann meine antwort etwas dauern. melde mich so bald es ging.

schonmal danke
Seitenanfang Seitenende
23.07.2011, 22:12
greenhorn2
Member

Themenstarter

Beiträge: 17
#12 so hat echt lange gedauert, mein Hersteller hat das komplette Mainboard ausgetauscht.

Ist damit ein Virusproblem auch gehoben ?
falls nein was soll ich jetzt machen.

Danke
Seitenanfang Seitenende
24.07.2011, 14:57
Swisstreasure
Moderator

Beiträge: 5694
#13 Nein da ja die Festplatte noch vorhanden ist. Füre Combofix aus.
Seitenanfang Seitenende
24.07.2011, 16:41
greenhorn2
Member

Themenstarter

Beiträge: 17
#14 hier der log

ComboFix 11-07-19.03 - Test 24.07.2011 16:11:36.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1801 [GMT 2:00]
ausgeführt von:: c:\users\Test\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
C:\rgotgktjgbt
c:\rgotgktjgbt\config.bin
c:\windows\IsUn0407.exe
C:\winstackxx.exe
c:\winstackxx.exe\config.bin
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-06-24 bis 2011-07-24 ))))))))))))))))))))))))))))))
.
.
2011-07-24 14:22 . 2011-07-24 14:22 -------- d-----w- c:\users\S-Finanz\AppData\Local\temp
2011-07-24 14:22 . 2011-07-24 14:22 -------- d-----w- c:\users\Dirk Vopel\AppData\Local\temp
2011-07-24 14:22 . 2011-07-24 14:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-24 14:06 . 2011-07-24 14:06 -------- d-----w- C:\Combo-Fix
2011-07-24 14:04 . 2011-07-24 14:07 -------- d-----w- C:\32788R22FWJFW
2011-07-23 21:45 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-23 21:45 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-07-23 21:45 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-23 19:57 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-07-23 19:56 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-07-23 19:56 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-07-23 19:56 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-07-23 19:56 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-07-23 19:56 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-07-23 19:55 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-07-23 19:55 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-23 19:55 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-07-23 19:55 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-23 19:54 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-23 19:52 . 2011-07-20 07:44 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{11DC37F9-0C94-4A45-BE69-F4D6A3A4F68F}\mpengine.dll ERROR(0x00000005)
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-23 19:52 . 2011-05-01 12:31 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-23 19:52 . 2011-05-01 12:31 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-07-06 17:52 . 2011-06-06 20:15 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2011-06-06 20:15 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-02 13:34 . 2011-07-23 19:56 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-05-25 15:35 . 2011-05-25 15:35 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-24 17:14 . 2009-10-03 08:05 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-09 20:46 . 2008-07-17 02:05 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll ERROR(0x00000005)
2011-05-04 02:52 . 2010-12-10 12:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-29 15:59 . 2011-07-23 19:50 276992 ----a-w- c:\windows\system32\schannel.dll
2011-05-03 19:12 . 2011-04-14 18:51 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]
"Skytel"="Skytel.exe" [2008-06-25 1826816]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-31 102400]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2007-09-01 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-09-06 188416]
"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2007-09-07 86016]
"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2007-11-02 2564096]
"LanguageShortcut"="c:\program files\HomeCinema\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-11 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-11 92704]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-25 220160]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-09-11 2403840]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 228088]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\users\Dirk Vopel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CodeMeter Control Center.lnk - c:\program files\CodeMeter\Runtime\bin\CodeMeterCC.exe [2008-6-16 5332992]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL
.
R2 gupdate1c9f4e1c8ab670;Google Update Service (gupdate1c9f4e1c8ab670);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-24 133104]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-29 112128]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-24 133104]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-06-29 102912]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [2007-06-01 210736]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [2008-06-27 1221952]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2008-03-21 327800]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-11 9216]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2007-09-11 118784]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-07-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-24 15:20]
.
2011-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-24 15:32]
.
2011-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-24 15:32]
.
2011-07-24 c:\windows\Tasks\User_Feed_Synchronization-{A7FEAADD-00F9-48DC-AF31-CEDB3830C84E}.job
- c:\windows\system32\msfeedssync.exe [2011-04-14 18:57]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.aldi.com/
uInternet Settings,ProxyServer = 127.0.0.1:59838
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4
LSP: bmnet.dll
TCP: DhcpNameServer = 192.168.2.1
DPF: {1241F20B-0688-45A5-ADB2-208AFE4A5DDC} - hxxps://goglobal4lic.maklersoftware.com/goglobal/plugins/gg-activex.cab
FF - ProfilePath - c:\users\Test\AppData\Roaming\Mozilla\Firefox\Profiles\z2ckxntq.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 59838
FF - prefs.js: network.proxy.type - 4
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-1X8C4VXU8ZZC7V4WOUHQFDNICMPMHW - c:\rgotgktjgbt\rgotgktjgbt.exe
HKLM-Run-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe
HKLM-Run-PLFSetL - c:\windows\PLFSetL.exe
HKLM-Run-toolbar_eula_launcher - c:\program files\GoogleEULA\EULALauncher.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-24 16:28
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(740)
c:\windows\system32\bmnet.dll
.
- - - - - - - > 'Explorer.exe'(4528)
c:\program files\Softex\OmniPass\SCUREDLL.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Softex\OmniPass\OmniServ.exe
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Softex\OmniPass\opvapp.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-07-24 16:36:14 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-07-24 14:36
.
Vor Suchlauf: 10 Verzeichnis(se), 130.794.749.952 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 134.023.229.440 Bytes frei
.
- - End Of File - - 4796076A1885CE1F96D00B203953D54D
Seitenanfang Seitenende
24.07.2011, 16:46
Swisstreasure
Moderator

Beiträge: 5694
#15 Wie läuft die Kiste?
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 12