| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Click Compare in BrowserWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.02.2013, 10:38
| #1 |
| |  Click Compare in Browser Hallo, habe auf mehreren Rechner sowohl in FF als auch Chrome Links, die zu Clickcompare weiterleiten. Habe gelesen, dass es sich hierbei um einen Trojaner handelt. Hier der Log von mbam: Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.14.03 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 vinexus :: PC-TANJA [Administrator] Schutz: Aktiviert 14.02.2013 10:14:30 mbam-log-2013-02-14 (10-14-30).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 194682 Laufzeit: 3 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) OTL: HTML-Code: OTL logfile created on: 14.02.2013 10:14:32 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\tanja\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 64,35% Memory free 5,99 Gb Paging File | 4,78 Gb Available in Paging File | 79,73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 29,72 Gb Total Space | 6,54 Gb Free Space | 22,02% Space Free | Partition Type: NTFS Drive D: | 149,05 Gb Total Space | 144,55 Gb Free Space | 96,98% Space Free | Partition Type: NTFS Computer Name: PC-TANJA | User Name: tanja | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013.02.14 09:11:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tanja\Desktop\OTL.exe PRC - [2013.02.06 12:07:42 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.06 12:07:34 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.02.06 12:07:33 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.02.06 12:07:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2013.01.31 18:05:33 | 000,222,720 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ielowutil.exe PRC - [2013.01.24 23:43:03 | 002,319,504 | ---- | M] (COMODO) -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe PRC - [2013.01.24 23:42:40 | 007,626,448 | ---- | M] (COMODO) -- C:\Programme\COMODO\COMODO Internet Security\cis.exe PRC - [2013.01.24 23:42:40 | 001,430,736 | ---- | M] (COMODO) -- C:\Programme\COMODO\COMODO Internet Security\cistray.exe PRC - [2013.01.24 23:42:39 | 000,404,688 | ---- | M] (COMODO) -- C:\Programme\COMODO\COMODO Internet Security\cavwp.exe PRC - [2013.01.09 17:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) -- C:\Programme\PDF Architect\ConversionService.exe PRC - [2013.01.09 17:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) -- C:\Programme\PDF Architect\HelperService.exe PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.14 16:49:28 | 000,824,232 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2011.08.31 12:15:38 | 000,532,480 | ---- | M] (3CX Ltd) -- C:\Programme\3CXPhone\3CXPhone.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.08.18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013.02.06 12:10:36 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.02.06 12:10:21 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.02.06 12:10:15 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2011.03.23 10:21:52 | 005,210,449 | ---- | M] () -- C:\Programme\3CXPhone\ffdshow\libavcodec.dll MOD - [2011.03.23 10:21:52 | 003,843,584 | ---- | M] () -- C:\Programme\3CXPhone\ffdshow\ffdshow.ax MOD - [2011.03.23 10:21:52 | 000,962,008 | ---- | M] () -- C:\Programme\3CXPhone\ffdshow\ff_x264.dll MOD - [2011.03.23 10:21:52 | 000,901,509 | ---- | M] () -- C:\Programme\3CXPhone\ffdshow\xvidcore.dll MOD - [2011.03.23 10:21:52 | 000,270,336 | ---- | M] () -- C:\Programme\3CXPhone\avfilters\lame.ax MOD - [2011.03.23 10:21:52 | 000,157,184 | ---- | M] () -- C:\Programme\3CXPhone\avfilters\libspeexdsp.dll MOD - [2011.03.23 10:21:52 | 000,100,864 | ---- | M] () -- C:\Programme\3CXPhone\ffdshow\ff_wmv9.dll MOD - [2011.03.23 10:21:52 | 000,024,848 | ---- | M] () -- C:\Programme\3CXPhone\avfilters\wavdest.ax MOD - [2010.11.13 00:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2013.02.08 09:37:24 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.07 08:48:37 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.06 12:07:42 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.06 12:07:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.01.24 23:43:03 | 002,319,504 | ---- | M] (COMODO) [Auto | Running] -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent) SRV - [2013.01.24 23:42:41 | 000,127,184 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Programme\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth) SRV - [2013.01.09 17:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Programme\PDF Architect\ConversionService.exe -- (PDF Architect Service) SRV - [2013.01.09 17:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Programme\PDF Architect\HelperService.exe -- (PDF Architect Helper Service) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - [2013.02.14 10:14:17 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2013.01.16 20:51:42 | 000,084,416 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect) DRV - [2013.01.16 20:51:42 | 000,043,728 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp) DRV - [2013.01.16 20:51:41 | 000,576,768 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard) DRV - [2013.01.16 20:51:40 | 000,020,072 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmderd.sys -- (cmderd) DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.11.27 10:01:26 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.11.22 15:51:13 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.11.22 15:50:51 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.08.27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.11.20 22:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010.11.20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 22:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub) DRV - [2010.11.20 22:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV - [2010.11.20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc) DRV - [2010.11.20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2010.11.20 22:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt) DRV - [2010.11.20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.08.18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.07.14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2009.07.14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 26 FC D8 04 05 CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledAddons: FFPDFArchitectConverter%40pdfarchitect.com:1.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\tanja\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\tanja\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files\PDF Architect\FFPDFArchitectExt [2013.01.30 09:57:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.07 08:48:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.07 08:48:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.30 09:48:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tanja\AppData\Roaming\mozilla\Extensions [2013.01.30 10:05:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tanja\AppData\Roaming\mozilla\Firefox\Profiles\rpq8pfaq.default\extensions [2013.01.30 10:05:06 | 000,000,000 | ---D | M] (SaveByclick) -- C:\Users\tanja\AppData\Roaming\mozilla\Firefox\Profiles\rpq8pfaq.default\extensions\5108dff31cf55@5108dff31cf8f.com [2013.02.07 08:48:34 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.01.30 09:57:59 | 000,000,000 | ---D | M] (PDF Architect Converter For Firefox) -- C:\PROGRAM FILES\PDF ARCHITECT\FFPDFARCHITECTEXT [2013.02.07 08:48:37 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.01.17 01:11:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.17 01:11:04 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.01.17 01:11:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.01.17 01:11:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.17 01:11:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.17 01:11:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml [color=#E56717]========== Chrome ==========[/color] CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\tanja\AppData\Local\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\tanja\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\tanja\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Users\tanja\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll CHR - Extension: Google Docs = C:\Users\tanja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.4_0\ CHR - Extension: Google Drive = C:\Users\tanja\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\tanja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\tanja\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: SaveByclick = C:\Users\tanja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pefkmbnbicbddjcoekkpahgnfbncldob\1\ CHR - Extension: Google Mail = C:\Users\tanja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Programme\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Programme\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [COMODO Internet Security] C:\Programme\COMODO\COMODO Internet Security\cistray.exe (COMODO) O4 - Startup: C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3CXPhone.lnk = C:\Programme\3CXPhone\3CXPhone.exe (3CX Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.180.1 0.0.0.0 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86EE4E0A-98C3-42A2-B170-301D182472BD}: DhcpNameServer = 192.168.180.1 0.0.0.0 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013.02.14 10:14:17 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.02.14 09:56:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt [2013.02.14 09:49:29 | 000,000,000 | ---D | C] -- C:\Users\tanja\AppData\Roaming\Malwarebytes [2013.02.14 09:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.14 09:49:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.14 09:49:17 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.02.14 09:49:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.02.14 09:24:10 | 000,000,000 | ---D | C] -- C:\_OTL [2013.02.14 09:22:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\tanja\Desktop\OTL.exe [2013.02.07 08:48:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.02.04 08:18:21 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys [2013.02.04 08:18:20 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys [2013.02.04 08:18:18 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys [2013.02.04 08:18:18 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe [2013.01.31 18:32:45 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2013.01.31 18:32:45 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2013.01.31 18:32:45 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2013.01.31 18:08:29 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2013.01.31 18:08:28 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll [2013.01.31 18:07:39 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll [2013.01.31 18:07:38 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll [2013.01.31 18:07:38 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll [2013.01.31 18:05:33 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2013.01.31 18:05:33 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.01.31 18:05:33 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.01.31 18:05:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.01.31 18:05:33 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.01.31 18:05:33 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013.01.31 18:05:33 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013.01.31 18:05:33 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2013.01.31 18:05:33 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013.01.31 18:05:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.01.31 18:05:33 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2013.01.31 18:05:33 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2013.01.31 18:05:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.01.31 18:05:33 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2013.01.31 18:05:33 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2013.01.31 18:05:33 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2013.01.31 18:05:33 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2013.01.31 18:05:33 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2013.01.31 18:05:33 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.01.31 18:05:33 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2013.01.31 18:05:33 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013.01.31 18:05:33 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2013.01.31 18:05:33 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2013.01.31 18:05:33 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.01.31 18:05:33 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2013.01.31 18:05:33 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2013.01.31 18:05:33 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.01.31 18:05:33 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.01.31 18:05:33 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.01.31 18:05:33 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.01.31 18:05:33 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2013.01.31 18:05:33 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2013.01.31 18:05:33 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013.01.31 18:05:33 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2013.01.31 18:05:33 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.01.31 18:05:33 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2013.01.31 18:05:33 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2013.01.31 18:04:22 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe [2013.01.31 13:13:48 | 000,000,000 | R--D | C] -- C:\Users\tanja\AppData\Roaming\Brother [2013.01.31 13:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother [2013.01.31 12:46:30 | 000,000,000 | ---D | C] -- C:\Users\tanja\AppData\Roaming\PDF Architect [2013.01.31 11:37:14 | 000,000,000 | ---D | C] -- C:\Users\tanja\AppData\Local\Adobe [2013.01.31 09:19:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.01.31 09:19:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.01.31 09:13:40 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.01.31 09:13:39 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys [2013.01.31 09:13:12 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll [2013.01.31 09:13:12 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe [2013.01.31 09:12:46 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2013.01.31 09:12:21 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe [2013.01.31 09:12:18 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll [2013.01.31 09:12:17 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl [2013.01.31 09:12:17 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2013.01.31 09:12:17 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax [2013.01.31 09:12:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll [2013.01.31 09:11:58 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2013.01.31 09:11:58 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2013.01.31 09:11:58 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll [2013.01.31 09:11:58 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll [2013.01.31 09:11:58 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2013.01.31 09:11:55 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll [2013.01.31 09:11:49 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2013.01.31 09:11:49 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2013.01.31 09:11:49 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2013.01.31 09:11:49 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2013.01.31 09:11:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.31 09:11:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.31 09:11:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.31 09:11:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2013.01.31 09:11:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2013.01.31 09:11:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.31 09:11:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2013.01.31 09:11:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.31 09:11:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.31 09:11:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2013.01.31 09:11:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.31 09:11:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.31 09:11:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2013.01.31 09:11:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2013.01.31 09:11:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2013.01.31 09:11:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.31 09:11:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2013.01.31 09:11:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2013.01.31 09:11:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2013.01.31 09:11:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2013.01.31 09:11:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.31 09:11:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2013.01.31 09:11:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2013.01.31 09:11:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2013.01.31 09:11:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2013.01.31 09:11:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2013.01.31 09:11:40 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll [2013.01.31 09:11:40 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll [2013.01.31 09:11:40 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll [2013.01.31 09:11:40 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll [2013.01.31 09:11:40 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll [2013.01.31 09:11:40 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll [2013.01.31 09:11:38 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll [2013.01.31 09:11:34 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll [2013.01.31 09:11:34 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe [2013.01.31 09:11:33 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2013.01.31 09:11:32 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2013.01.31 09:11:32 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll [2013.01.31 09:11:31 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2013.01.31 09:11:30 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2013.01.31 09:11:29 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2013.01.31 09:11:29 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll [2013.01.31 09:11:29 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2013.01.31 09:11:28 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2013.01.31 09:11:28 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll [2013.01.31 09:11:21 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2013.01.31 09:11:16 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.01.31 09:11:16 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.01.31 09:11:14 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013.01.31 09:11:00 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2013.01.31 09:11:00 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs [2013.01.31 09:11:00 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs [2013.01.31 09:11:00 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs [2013.01.31 09:11:00 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs [2013.01.31 09:11:00 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs [2013.01.31 09:11:00 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs [2013.01.31 09:11:00 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs [2013.01.31 09:11:00 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs [2013.01.31 09:11:00 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs [2013.01.31 09:11:00 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs [2013.01.31 09:10:59 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll [2013.01.31 09:10:59 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs [2013.01.31 09:10:59 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs [2013.01.31 09:10:59 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs [2013.01.31 09:10:59 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs [2013.01.31 09:10:53 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2013.01.31 09:10:52 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll [2013.01.31 09:10:51 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll [2013.01.31 09:10:51 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll [2013.01.31 09:10:51 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll [2013.01.31 09:10:51 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll [2013.01.31 09:10:51 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll [2013.01.31 09:10:51 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll [2013.01.31 09:10:49 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll [2013.01.31 09:10:49 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll [2013.01.31 09:10:49 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe [2013.01.31 09:10:48 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013.01.31 09:10:46 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll [2013.01.31 09:10:42 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013.01.31 09:10:42 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe [2013.01.31 09:10:39 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll [2013.01.31 09:10:39 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll [2013.01.31 09:08:12 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2013.01.31 09:08:12 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2013.01.31 09:08:08 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe [2013.01.31 09:08:07 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys [2013.01.31 09:08:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2013.01.31 09:07:56 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys [2013.01.31 09:01:26 | 000,000,000 | ---D | C] -- C:\Users\tanja\AppData\Local\Macromedia [2013.01.30 12:09:20 | 000,000,000 | ---D | C] -- C:\Users\tanja\Desktop\TANJA [2013.01.30 11:19:59 | 000,000,000 | ---D | C] -- C:\Users\tanja\AppData\Local\3CX VoIP Phone [2013.01.30 11:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\3CXPhone [2013.01.30 11:19:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3CX Phone [2013.01.30 10:30:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM [2013.01.30 10:30:11 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll [2013.01.30 10:30:11 | 001,725,784 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll [2013.01.30 10:30:11 | 001,379,760 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\System32\tosade.dll [2013.01.30 10:30:11 | 000,819,648 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\System32\tadefxapo2.dll [2013.01.30 10:30:11 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll [2013.01.30 10:30:11 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll [2013.01.30 10:30:11 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll [2013.01.30 10:30:11 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll [2013.01.30 10:30:11 | 000,134,584 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\System32\tadefxapo.dll [2013.01.30 10:30:11 | 000,058,264 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\System32\TepeqAPO.dll [2013.01.30 10:30:10 | 003,173,008 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll [2013.01.30 10:30:10 | 002,417,808 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll [2013.01.30 10:30:10 | 001,497,704 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl [2013.01.30 10:30:10 | 000,645,776 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll [2013.01.30 10:30:10 | 000,359,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll [2013.01.30 10:30:10 | 000,214,368 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFNHK.dll [2013.01.30 10:30:10 | 000,192,104 | ---- | C] (Sony Corporation) -- C:\Windows\System32\SFSS_APO.dll [2013.01.30 10:30:10 | 000,087,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInstII.dll [2013.01.30 10:30:10 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll [2013.01.30 10:30:10 | 000,074,080 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFCOM.dll [2013.01.30 10:30:10 | 000,068,960 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFAPO.dll [2013.01.30 10:30:10 | 000,013,416 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoLDR.dll [2013.01.30 10:30:09 | 007,783,768 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll [2013.01.30 10:30:09 | 007,161,696 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEP32A.dll [2013.01.30 10:30:09 | 005,096,448 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RCoRes.dat [2013.01.30 10:30:09 | 001,836,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll [2013.01.30 10:30:09 | 001,185,112 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek2.dll [2013.01.30 10:30:09 | 000,709,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPOShell.dll [2013.01.30 10:30:09 | 000,357,712 | ---- | C] (Knowles Acoustics ) -- C:\Windows\System32\KAAPORT.dll [2013.01.30 10:30:09 | 000,351,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EED32A.dll [2013.01.30 10:30:09 | 000,350,552 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll [2013.01.30 10:30:09 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll [2013.01.30 10:30:09 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll [2013.01.30 10:30:09 | 000,259,928 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll [2013.01.30 10:30:09 | 000,232,792 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll [2013.01.30 10:30:09 | 000,170,840 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll [2013.01.30 10:30:09 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll [2013.01.30 10:30:09 | 000,105,824 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEL32A.dll [2013.01.30 10:30:09 | 000,091,488 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEA32A.dll [2013.01.30 10:30:09 | 000,064,856 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll [2013.01.30 10:30:09 | 000,061,792 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEG32A.dll [2013.01.30 10:30:08 | 002,193,472 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll [2013.01.30 10:30:08 | 001,509,480 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll [2013.01.30 10:30:08 | 001,292,904 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll [2013.01.30 10:30:08 | 001,220,200 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll [2013.01.30 10:30:08 | 000,654,952 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll [2013.01.30 10:30:08 | 000,631,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll [2013.01.30 10:30:08 | 000,601,704 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll [2013.01.30 10:30:08 | 000,458,344 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll [2013.01.30 10:30:08 | 000,421,744 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PLFX32.dll [2013.01.30 10:30:08 | 000,398,192 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PGFX32.dll [2013.01.30 10:30:08 | 000,389,736 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll [2013.01.30 10:30:08 | 000,375,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll [2013.01.30 10:30:08 | 000,335,216 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PREC32.dll [2013.01.30 10:30:08 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll [2013.01.30 10:30:08 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll [2013.01.30 10:30:08 | 000,218,216 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll [2013.01.30 10:30:08 | 000,176,736 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll [2013.01.30 10:30:08 | 000,095,840 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll [2013.01.30 10:30:08 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2013.01.30 10:30:07 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information [2013.01.30 10:30:06 | 001,706,640 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll [2013.01.30 10:30:06 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp [2013.01.30 10:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield [2013.01.30 10:10:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO [2013.01.30 10:09:58 | 000,000,000 | --SD | C] -- C:\ProgramData\Shared Space [2013.01.30 10:09:39 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll [2013.01.30 10:09:39 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll [2013.01.30 10:09:39 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll [2013.01.30 10:09:39 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll [2013.01.30 10:09:39 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll [2013.01.30 10:09:39 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll [2013.01.30 10:09:39 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll [2013.01.30 10:09:38 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll [2013.01.30 10:09:38 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll [2013.01.30 10:09:38 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll [2013.01.30 10:09:38 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll [2013.01.30 10:09:38 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll [2013.01.30 10:09:38 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll [2013.01.30 10:09:38 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll [2013.01.30 10:09:38 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll [2013.01.30 10:09:38 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll [2013.01.30 10:09:37 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll [2013.01.30 10:09:37 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll [2013.01.30 10:09:37 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll [2013.01.30 10:09:37 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll [2013.01.30 10:09:37 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll [2013.01.30 10:09:37 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll [2013.01.30 10:09:36 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll [2013.01.30 10:09:36 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll [2013.01.30 10:09:36 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll [2013.01.30 10:09:36 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll [2013.01.30 10:09:36 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll [2013.01.30 10:09:36 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll [2013.01.30 10:09:36 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll [2013.01.30 10:09:36 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll [2013.01.30 10:09:36 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll [2013.01.30 10:09:36 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll [2013.01.30 10:09:36 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll [2013.01.30 10:09:35 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll [2013.01.30 10:09:35 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll [2013.01.30 10:09:35 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll [2013.01.30 10:09:35 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll [2013.01.30 10:09:35 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll [2013.01.30 10:09:35 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll [2013.01.30 10:09:35 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll [2013.01.30 10:09:35 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll [2013.01.30 10:09:35 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll [2013.01.30 10:09:35 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll [2013.01.30 10:09:34 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll [2013.01.30 10:09:34 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll [2013.01.30 10:09:34 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll [2013.01.30 10:09:34 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll [2013.01.30 10:09:34 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll [2013.01.30 10:09:34 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll [2013.01.30 10:09:34 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll [2013.01.30 10:09:34 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll [2013.01.30 10:09:34 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll [2013.01.30 10:09:33 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll [2013.01.30 10:09:33 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll [2013.01.30 10:09:33 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll [2013.01.30 10:09:33 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll [2013.01.30 10:09:33 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll [2013.01.30 10:09:33 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll [2013.01.30 10:09:32 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll [2013.01.30 10:09:32 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll [2013.01.30 10:09:32 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll [2013.01.30 10:09:32 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll [2013.01.30 10:09:32 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll [2013.01.30 10:09:32 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll [2013.01.30 10:09:32 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll [2013.01.30 10:09:32 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll [2013.01.30 10:09:31 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll [2013.01.30 10:09:31 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll [2013.01.30 10:09:31 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll [2013.01.30 10:09:31 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll [2013.01.30 10:09:31 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll [2013.01.30 10:09:31 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll [2013.01.30 10:09:31 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll [2013.01.30 10:09:30 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll [2013.01.30 10:09:30 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll [2013.01.30 10:09:30 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll [2013.01.30 10:09:30 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll [2013.01.30 10:09:30 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll [2013.01.30 10:09:30 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll [2013.01.30 10:09:30 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll [2013.01.30 10:09:30 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll [2013.01.30 10:09:30 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll [2013.01.30 10:09:28 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll [2013.01.30 10:09:28 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll [2013.01.30 10:09:28 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll [2013.01.30 10:09:28 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll [2013.01.30 10:09:28 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll [2013.01.30 10:09:28 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll [2013.01.30 10:09:27 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll [2013.01.30 10:09:27 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll [2013.01.30 10:09:27 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll [2013.01.30 10:08:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo [2013.01.30 10:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader [2013.01.30 10:08:53 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO [2013.01.30 10:06:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx [2013.01.30 10:04:34 | 000,000,000 | ---D | C] -- C:\Users\tanja\AppData\Roaming\Avira [2013.01.30 09:59:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.01.30 09:59:03 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.01.30 09:59:03 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.01.30 09:59:03 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.01.30 09:59:03 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2013.01.30 09:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.01.30 09:59:02 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2013.01.30 09:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\RightClick [2013.01.30 09:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\SaveByClick [2013.01.30 09:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SaveByclick [2013.01.30 09:58:10 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate [2013.01.30 09:58:03 | 000,000,000 | ---D | C] -- C:\Users\tanja\Documents\PDF Architect Files [2013.01.30 09:58:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect [2013.01.30 09:57:57 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Architect [2013.01.30 09:57:51 | 000,000,000 | ---D | C] -- C:\Users\tanja\AppData\Roaming\pdfforge [2013.01.30 09:57:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2013.01.30 09:57:49 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX [2013.01.30 09:57:49 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX [2013.01.30 09:57:49 | 000,088,576 | ---- | C] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll [2013.01.30 09:57:48 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6DE.DLL [2013.01.30 09:57:47 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL [2013.01.30 09:57:47 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL [2013.01.30 09:57:47 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL [2013.01.30 09:57:47 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator [2013.01.30 09:54:58 | 000,000,000 | ---D | C] -- C:\Users\tanja\AppData\Local\Programs [2013.01.30 09:53:52 | 000,000,000 | ---D | C] -- C:\Users\tanja\AppData\Roaming\WinRAR [2013.01.30 09:53:52 | 000,000,000 | ---D | C] -- C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.01.30 09:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.01.30 09:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2013.01.30 09:53:11 | 000,000,000 | ---D | C] -- C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.01.30 09:52:15 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2013.01.30 09:52:10 | 000,000,000 | ---D | C] -- C:\Users\tanja\AppData\Local\Google [2013.01.30 09:51:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2013.01.30 09:51:16 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2013.01.30 09:49:44 | 000,000,000 | ---D | C] -- C:\Users\tanja\AppData\Roaming\Skype [2013.01.30 09:49:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.01.30 09:49:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013.01.30 09:49:39 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2013.01.30 09:49:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2013.01.30 09:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2013.01.30 09:48:14 | 000,000,000 | ---D | C] -- C:\Users\tanja\AppData\Roaming\Mozilla [2013.01.30 09:48:14 | 000,000,000 | ---D | C] -- C:\Users\tanja\AppData\Local\Mozilla [2013.01.30 09:48:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2013.01.30 09:48:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.01.30 09:45:28 | 000,000,000 | ---D | C] -- C:\Users\tanja\AppData\Roaming\Macromedia [2013.01.30 09:45:28 | 000,000,000 | ---D | C] -- C:\Users\tanja\AppData\Roaming\Adobe [2013.01.30 09:45:21 | 000,697,712 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.01.30 09:45:21 | 000,074,096 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.01.30 09:45:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed [2013.01.30 09:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2013.01.30 09:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio [2013.01.30 09:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2013.01.30 09:42:20 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2013.01.30 09:42:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2013.01.30 09:40:18 | 000,000,000 | ---D | C] -- C:\Users\tanja\AppData\Local\Microsoft Help [2013.01.30 09:40:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2013.01.30 09:40:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2013.01.30 09:38:36 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll [2013.01.30 09:38:15 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2013.01.30 09:37:55 | 000,000,000 | RH-D | C] -- C:\MSOCache [2013.01.30 09:35:03 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2013.01.30 09:35:03 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2013.01.30 09:35:00 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2013.01.30 09:35:00 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2013.01.30 09:35:00 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2013.01.30 09:34:53 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2013.01.30 09:34:53 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2013.01.30 09:34:46 | 000,000,000 | R--D | C] -- C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.01.30 09:34:46 | 000,000,000 | R--D | C] -- C:\Users\tanja\Searches [2013.01.30 09:34:46 | 000,000,000 | R--D | C] -- C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.01.30 09:34:40 | 000,000,000 | ---D | C] -- C:\Users\tanja\AppData\Roaming\Identities [2013.01.30 09:34:39 | 000,000,000 | R--D | C] -- C:\Users\tanja\Contacts [2013.01.30 09:34:36 | 000,000,000 | --SD | C] -- C:\Users\tanja\AppData\Roaming\Microsoft [2013.01.30 09:34:36 | 000,000,000 | R--D | C] -- C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.01.30 09:34:36 | 000,000,000 | R--D | C] -- C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.01.30 09:34:36 | 000,000,000 | -HSD | C] -- C:\Users\tanja\Vorlagen [2013.01.30 09:34:36 | 000,000,000 | -HSD | C] -- C:\Users\tanja\AppData\Local\Verlauf [2013.01.30 09:34:36 | 000,000,000 | -HSD | C] -- C:\Users\tanja\AppData\Local\Temporary Internet Files [2013.01.30 09:34:36 | 000,000,000 | -HSD | C] -- C:\Users\tanja\Startmenü [2013.01.30 09:34:36 | 000,000,000 | -HSD | C] -- C:\Users\tanja\SendTo [2013.01.30 09:34:36 | 000,000,000 | -HSD | C] -- C:\Users\tanja\Recent [2013.01.30 09:34:36 | 000,000,000 | -HSD | C] -- C:\Users\tanja\Netzwerkumgebung [2013.01.30 09:34:36 | 000,000,000 | -HSD | C] -- C:\Users\tanja\Lokale Einstellungen [2013.01.30 09:34:36 | 000,000,000 | -HSD | C] -- C:\Users\tanja\Documents\Eigene Videos [2013.01.30 09:34:36 | 000,000,000 | -HSD | C] -- C:\Users\tanja\Documents\Eigene Musik [2013.01.30 09:34:36 | 000,000,000 | -HSD | C] -- C:\Users\tanja\Eigene Dateien [2013.01.30 09:34:36 | 000,000,000 | -HSD | C] -- C:\Users\tanja\Documents\Eigene Bilder [2013.01.30 09:34:36 | 000,000,000 | -HSD | C] -- C:\Users\tanja\Druckumgebung [2013.01.30 09:34:36 | 000,000,000 | -HSD | C] -- C:\Users\tanja\Cookies [2013.01.30 09:34:36 | 000,000,000 | -HSD | C] -- C:\Users\tanja\AppData\Local\Anwendungsdaten [2013.01.30 09:34:36 | 000,000,000 | -HSD | C] -- C:\Users\tanja\Anwendungsdaten [2013.01.30 09:34:36 | 000,000,000 | -H-D | C] -- C:\Users\tanja\AppData [2013.01.30 09:34:36 | 000,000,000 | ---D | C] -- C:\Users\tanja\AppData\Local\VirtualStore [2013.01.30 09:34:36 | 000,000,000 | ---D | C] -- C:\Users\tanja\AppData\Local\Temp [2013.01.30 09:34:36 | 000,000,000 | ---D | C] -- C:\Users\tanja\AppData\Local\Microsoft [2013.01.30 09:34:36 | 000,000,000 | ---D | C] -- C:\Users\tanja\AppData\Roaming\Media Center Programs [2013.01.30 09:34:35 | 000,000,000 | R--D | C] -- C:\Users\tanja\Videos [2013.01.30 09:34:35 | 000,000,000 | R--D | C] -- C:\Users\tanja\Saved Games [2013.01.30 09:34:35 | 000,000,000 | R--D | C] -- C:\Users\tanja\Pictures [2013.01.30 09:34:35 | 000,000,000 | R--D | C] -- C:\Users\tanja\Music [2013.01.30 09:34:35 | 000,000,000 | R--D | C] -- C:\Users\tanja\Links [2013.01.30 09:34:35 | 000,000,000 | R--D | C] -- C:\Users\tanja\Favorites [2013.01.30 09:34:35 | 000,000,000 | R--D | C] -- C:\Users\tanja\Downloads [2013.01.30 09:34:35 | 000,000,000 | R--D | C] -- C:\Users\tanja\Documents [2013.01.30 09:34:35 | 000,000,000 | R--D | C] -- C:\Users\tanja\Desktop [2013.01.30 09:34:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.01.30 09:34:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.01.30 09:34:28 | 000,000,000 | -HSD | C] -- C:\Recovery [2013.01.30 09:34:28 | 000,000,000 | -HSD | C] -- C:\Programme [2013.01.30 09:34:28 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.01.30 09:34:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2013.01.30 09:34:28 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.01.30 09:34:28 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.01.30 09:34:28 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.01.30 09:34:28 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.01.30 09:34:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.01.30 09:34:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2013.01.30 09:34:26 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013.01.30 09:30:34 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2013.01.30 09:30:18 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2013.01.30 09:29:28 | 000,000,000 | ---D | C] -- C:\Windows\Panther [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013.02.14 10:14:17 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.02.14 10:13:58 | 000,001,959 | ---- | M] () -- C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3CXPhone.lnk [2013.02.14 10:13:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.14 10:12:58 | 2414,485,504 | -HS- | M] () -- C:\hiberfil.sys [2013.02.14 10:12:27 | 000,026,352 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.14 10:12:27 | 000,026,352 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.14 10:08:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-128914377-670426599-1984384762-1000UA.job [2013.02.14 09:49:20 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.14 09:36:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.14 09:31:12 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.02.14 09:31:12 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.02.14 09:31:12 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.02.14 09:31:12 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.02.14 09:17:19 | 000,056,228 | ---- | M] () -- C:\Users\tanja\Desktop\160088748.pdf [2013.02.14 09:11:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tanja\Desktop\OTL.exe [2013.02.14 09:08:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-128914377-670426599-1984384762-1000Core.job [2013.02.12 14:08:58 | 000,056,687 | ---- | M] () -- C:\Users\tanja\Desktop\160089185.pdf [2013.02.08 10:33:59 | 000,056,066 | ---- | M] () -- C:\Users\tanja\Desktop\160089100.pdf [2013.02.08 10:14:51 | 000,017,865 | ---- | M] () -- C:\Users\tanja\Desktop\Status-zu-Sendung-634924479542.pdf [2013.02.08 09:37:23 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.02.08 09:37:23 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.02.07 14:02:48 | 000,056,399 | ---- | M] () -- C:\Users\tanja\Desktop\160089054.pdf [2013.02.07 13:56:57 | 000,210,810 | ---- | M] () -- C:\Users\tanja\Documents\Gerard-Butler-gerard-butler-16740958-1280-1024.jpg [2013.02.07 12:41:01 | 000,009,661 | ---- | M] () -- C:\Users\tanja\Documents\helau.jpg [2013.02.07 11:31:03 | 000,105,112 | ---- | M] () -- C:\Users\tanja\Desktop\S62254_AB_Vignobles Alain Jaum.pdf [2013.02.07 11:04:06 | 000,003,880 | ---- | M] () -- C:\Users\tanja\Documents\th.jpg [2013.02.04 08:08:22 | 000,289,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.01.31 18:05:33 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2013.01.31 18:05:33 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.01.31 18:05:33 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.01.31 18:05:33 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.01.31 18:05:33 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.01.31 18:05:33 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013.01.31 18:05:33 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013.01.31 18:05:33 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2013.01.31 18:05:33 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013.01.31 18:05:33 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.01.31 18:05:33 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2013.01.31 18:05:33 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2013.01.31 18:05:33 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.01.31 18:05:33 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2013.01.31 18:05:33 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2013.01.31 18:05:33 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2013.01.31 18:05:33 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2013.01.31 18:05:33 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2013.01.31 18:05:33 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.01.31 18:05:33 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2013.01.31 18:05:33 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013.01.31 18:05:33 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2013.01.31 18:05:33 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2013.01.31 18:05:33 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.01.31 18:05:33 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2013.01.31 18:05:33 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2013.01.31 18:05:33 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.01.31 18:05:33 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.01.31 18:05:33 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.01.31 18:05:33 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2013.01.31 18:05:33 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.01.31 18:05:33 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2013.01.31 18:05:33 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2013.01.31 18:05:33 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013.01.31 18:05:33 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2013.01.31 18:05:33 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.01.31 18:05:33 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2013.01.31 18:05:33 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2013.01.31 14:50:07 | 000,005,696 | ---- | M] () -- C:\Users\tanja\Documents\210007668.pdf [2013.01.31 13:10:28 | 000,000,416 | ---- | M] () -- C:\Windows\BRWMARK.INI [2013.01.31 12:46:27 | 000,120,294 | ---- | M] () -- C:\Users\tanja\Desktop\rg.php.pdf [2013.01.31 10:53:17 | 2328,757,248 | ---- | M] () -- C:\Users\tanja\Desktop\archivorder-tanja.pst [2013.01.30 11:33:09 | 000,001,440 | ---- | M] () -- C:\Users\tanja\Desktop\Skype - Tanja.lnk [2013.01.30 11:18:12 | 000,001,534 | ---- | M] () -- C:\Users\tanja\Desktop\Public (192.168.180.3).lnk [2013.01.30 09:32:48 | 000,161,548 | ---- | M] () -- C:\Windows\System32\license.rtf [2013.01.30 09:31:31 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2013.01.30 09:31:08 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013.01.24 23:43:01 | 000,035,488 | ---- | M] (COMODO) -- C:\Windows\System32\cmdcsr.dll [2013.01.24 23:43:00 | 000,354,752 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll [2013.01.24 23:42:49 | 000,263,888 | ---- | M] (COMODO) -- C:\Windows\System32\cmdvrt32.dll [2013.01.24 23:42:48 | 000,040,656 | ---- | M] (COMODO) -- C:\Windows\System32\cmdkbd32.dll [2013.01.16 20:51:42 | 000,084,416 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys [2013.01.16 20:51:42 | 000,043,728 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys [2013.01.16 20:51:41 | 000,576,768 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys [2013.01.16 20:51:40 | 000,020,072 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmderd.sys [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013.02.14 09:49:20 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.14 09:17:18 | 000,056,228 | ---- | C] () -- C:\Users\tanja\Desktop\160088748.pdf [2013.02.12 14:08:58 | 000,056,687 | ---- | C] () -- C:\Users\tanja\Desktop\160089185.pdf [2013.02.08 10:33:59 | 000,056,066 | ---- | C] () -- C:\Users\tanja\Desktop\160089100.pdf [2013.02.08 10:14:51 | 000,017,865 | ---- | C] () -- C:\Users\tanja\Desktop\Status-zu-Sendung-634924479542.pdf [2013.02.07 14:02:48 | 000,056,399 | ---- | C] () -- C:\Users\tanja\Desktop\160089054.pdf [2013.02.07 13:56:55 | 000,210,810 | ---- | C] () -- C:\Users\tanja\Documents\Gerard-Butler-gerard-butler-16740958-1280-1024.jpg [2013.02.07 12:41:01 | 000,009,661 | ---- | C] () -- C:\Users\tanja\Documents\helau.jpg [2013.02.07 11:31:03 | 000,105,112 | ---- | C] () -- C:\Users\tanja\Desktop\S62254_AB_Vignobles Alain Jaum.pdf [2013.02.07 11:04:05 | 000,003,880 | ---- | C] () -- C:\Users\tanja\Documents\th.jpg [2013.01.31 18:08:31 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.01.31 18:07:38 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.01.31 18:05:33 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2013.01.31 14:50:06 | 000,005,696 | ---- | C] () -- C:\Users\tanja\Documents\210007668.pdf [2013.01.31 13:10:28 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI [2013.01.31 12:46:24 | 000,120,294 | ---- | C] () -- C:\Users\tanja\Desktop\rg.php.pdf [2013.01.31 10:34:59 | 2328,757,248 | ---- | C] () -- C:\Users\tanja\Desktop\archivorder-tanja.pst [2013.01.30 11:21:38 | 000,001,959 | ---- | C] () -- C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3CXPhone.lnk [2013.01.30 11:17:44 | 000,001,534 | ---- | C] () -- C:\Users\tanja\Desktop\Public (192.168.180.3).lnk [2013.01.30 11:17:16 | 000,001,440 | ---- | C] () -- C:\Users\tanja\Desktop\Skype - Tanja.lnk [2013.01.30 10:30:09 | 000,293,889 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT [2013.01.30 09:52:10 | 000,001,128 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-128914377-670426599-1984384762-1000UA.job [2013.01.30 09:52:10 | 000,001,076 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-128914377-670426599-1984384762-1000Core.job [2013.01.30 09:51:25 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.01.30 09:48:09 | 000,001,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.01.30 09:45:22 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.30 09:34:47 | 000,001,409 | ---- | C] () -- C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.01.30 09:32:38 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2013.01.30 09:32:36 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2013.01.30 09:31:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013.01.30 09:31:08 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013.01.30 09:30:18 | 2414,485,504 | -HS- | C] () -- C:\hiberfil.sys [2012.12.03 06:43:44 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI [2012.12.03 06:43:42 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL [2012.12.03 06:43:42 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM08A.DAT [2011.04.12 02:30:05 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2011.04.12 02:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2011.04.12 02:30:05 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2011.04.12 02:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [color=#E56717]========== ZeroAccess Check ==========[/color] [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Grüße Kai |
|
14.02.2013, 13:33
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Click Compare in Browser Hallo und
__________________ Zitat:
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner? Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus. Anleitung MBAR: Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ |
|
14.02.2013, 16:50
| #3 |
| | Click Compare in Browser Hallo cosinus,
__________________ja, es sind Firmen-PCs. Alles vor paar Wochen neu aufgesetzte Rechner  .Vorab schon Mal danke für deine Hilfe. Hier die Logs: gmer - hatte auch gemeckert, dass er was gefunden habe Code:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-14 16:36:14
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 SanDisk_SDSSDRC032G rev.2.0.0 29,82GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\tanja\AppData\Local\Temp\uxlyapow.sys
---- System - GMER 2.0 ----
SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x8FC34230]
SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x8FC3441C]
SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x8FC33590]
SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x8FC33E96]
SSDT 8E93486E ZwCreateSection
SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x8FC34F94]
SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0x8FC32F7C]
SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x8FC3464A]
SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x8FC349C6]
SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x8FC33858]
SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x8FC34072]
SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x8FC33AF2]
SSDT 8E934878 ZwRequestWaitReplyPort
SSDT 8E934873 ZwSetContextThread
SSDT 8E93487D ZwSetSecurityObject
SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x8FC34CB2]
SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x8FC337C2]
SSDT 8E934882 ZwSystemDebugControl
SSDT 8E93480F ZwTerminateProcess
SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x8FC33180]
---- Kernel code sections - GMER 2.0 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C53A49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C8D4D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 82C9450C 4 Bytes [30, 42, C3, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 82C94534 4 Bytes [1C, 44, C3, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 82C945C8 4 Bytes [90, 35, C3, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11AF 82C945E4 4 Bytes [96, 3E, C3, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82C9462C 4 Bytes [6E, 48, 93, 8E]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9081E000, 0x2D5378, 0xE8000020]
.text ntdll.dll!NtAlpcSendWaitReceivePort 77CB5418 3 Bytes [FF, 25, 1E]
.text ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CB541C 2 Bytes [7D, 71] {JGE 0x73}
.text ntdll.dll!NtClose 77CB54C8 3 Bytes [FF, 25, 1E]
.text ntdll.dll!NtClose + 4 77CB54CC 2 Bytes [AE, 71]
.text ntdll.dll!LdrUnloadDll 77CCC86E 6 Bytes [FF, 25, 1E, 00, A7, 71] {JMP DWORD [0x71a7001e]}
.text user32.dll!SetWindowsHookExW 7788E30C 6 Bytes [FF, 25, 1E, 00, 83, 71] {JMP DWORD [0x7183001e]}
.text user32.dll!SetWinEventHook 778924DC 6 Bytes [FF, 25, 1E, 00, 80, 71] {JMP DWORD [0x7180001e]}
.text user32.dll!SetWindowsHookExA 778B6D0C 6 Bytes [FF, 25, 1E, 00, 86, 71] {JMP DWORD [0x7186001e]}
.text kernel32.dll!CreateProcessW 765D204D 6 Bytes [FF, 25, 1E, 00, 9E, 71] {JMP DWORD [0x719e001e]}
.text kernel32.dll!CreateProcessA 765D2082 6 Bytes [FF, 25, 1E, 00, 9B, 71] {JMP DWORD [0x719b001e]}
.text kernel32.dll!CreateProcessAsUserW 766059FF 6 Bytes [FF, 25, 1E, 00, 95, 71] {JMP DWORD [0x7195001e]}
.text advapi32.dll!CreateProcessAsUserA 76552538 6 Bytes [FF, 25, 1E, 00, 98, 71] {JMP DWORD [0x7198001e]}
.text gdi32.dll!DeleteDC 76226EAA 6 Bytes [FF, 25, 1E, 00, 89, 71] {JMP DWORD [0x7189001e]}
.text gdi32.dll!GetPixel 7622C3D5 6 Bytes [FF, 25, 1E, 00, 8C, 71] {JMP DWORD [0x718c001e]}
.text gdi32.dll!CreateDCA 7622CCA9 6 Bytes [FF, 25, 1E, 00, 92, 71] {JMP DWORD [0x7192001e]}
.text gdi32.dll!CreateDCW 7622CF79 6 Bytes [FF, 25, 1E, 00, 8F, 71] {JMP DWORD [0x718f001e]}
.text KernelBase.dll!FreeLibrary + B3 76088C15 4 Bytes [0A, 00, AC, 71]
---- User code sections - GMER 2.0 ----
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[112] ntdll.dll!NtAlpcSendWaitReceivePort 77CB5418 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[112] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CB541C 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[112] ntdll.dll!NtClose 77CB54C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[112] ntdll.dll!NtClose + 4 77CB54CC 2 Bytes [AE, 71]
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[112] ntdll.dll!LdrUnloadDll 77CCC86E 6 Bytes JMP 71A8000A
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[112] kernel32.dll!CreateProcessW 765D204D 6 Bytes JMP 719F000A
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[112] kernel32.dll!CreateProcessA 765D2082 6 Bytes JMP 719C000A
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[112] kernel32.dll!CreateProcessAsUserW 766059FF 6 Bytes JMP 7196000A
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[112] USER32.dll!SetWindowsHookExW 7788E30C 6 Bytes JMP 7184000A
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[112] USER32.dll!SetWinEventHook 778924DC 6 Bytes JMP 7181000A
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[112] USER32.dll!SetWindowsHookExA 778B6D0C 6 Bytes JMP 7187000A
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[112] GDI32.dll!DeleteDC 76226EAA 6 Bytes JMP 718A000A
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[112] GDI32.dll!GetPixel 7622C3D5 6 Bytes JMP 718D000A
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[112] GDI32.dll!CreateDCA 7622CCA9 6 Bytes JMP 7193000A
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[112] GDI32.dll!CreateDCW 7622CF79 6 Bytes JMP 7190000A
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[112] ADVAPI32.dll!CreateProcessAsUserA 76552538 6 Bytes JMP 7199000A
.text C:\Windows\system32\svchost.exe[316] ntdll.dll!NtAlpcSendWaitReceivePort 77CB5418 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[316] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CB541C 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\svchost.exe[316] ntdll.dll!NtClose 77CB54C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[316] ntdll.dll!NtClose + 4 77CB54CC 2 Bytes [AE, 71]
.text C:\Windows\system32\svchost.exe[316] ntdll.dll!LdrUnloadDll 77CCC86E 6 Bytes JMP 71A8000A
.text C:\Windows\system32\svchost.exe[316] kernel32.dll!CreateProcessW 765D204D 6 Bytes JMP 719F000A
.text C:\Windows\system32\svchost.exe[316] kernel32.dll!CreateProcessA 765D2082 6 Bytes JMP 719C000A
.text C:\Windows\system32\svchost.exe[316] kernel32.dll!CreateProcessAsUserW 766059FF 6 Bytes JMP 7196000A
.text C:\Windows\system32\svchost.exe[316] USER32.dll!SetWindowsHookExW 7788E30C 6 Bytes JMP 7184000A
.text C:\Windows\system32\svchost.exe[316] USER32.dll!SetWinEventHook 778924DC 6 Bytes JMP 7181000A
.text C:\Windows\system32\svchost.exe[316] USER32.dll!SetWindowsHookExA 778B6D0C 6 Bytes JMP 7187000A
.text C:\Windows\system32\svchost.exe[316] GDI32.dll!DeleteDC 76226EAA 6 Bytes JMP 718A000A
.text C:\Windows\system32\svchost.exe[316] GDI32.dll!GetPixel 7622C3D5 6 Bytes JMP 718D000A
.text C:\Windows\system32\svchost.exe[316] GDI32.dll!CreateDCA 7622CCA9 6 Bytes JMP 7193000A
.text C:\Windows\system32\svchost.exe[316] GDI32.dll!CreateDCW 7622CF79 6 Bytes JMP 7190000A
.text C:\Windows\system32\svchost.exe[316] ADVAPI32.dll!CreateProcessAsUserA 76552538 6 Bytes JMP 7199000A
.text C:\Windows\system32\csrss.exe[408] ntdll.dll!NtAlpcSendWaitReceivePort 77CB5418 5 Bytes JMP 75E51EB0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\csrss.exe[408] ntdll.dll!NtReplyWaitReceivePort 77CB6418 5 Bytes JMP 75E515D0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\csrss.exe[408] ntdll.dll!NtReplyWaitReceivePortEx 77CB6428 5 Bytes JMP 75E51A40 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PDF Architect\HelperService.exe[484] ntdll.dll!NtAlpcSendWaitReceivePort 77CB5418 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PDF Architect\HelperService.exe[484] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CB541C 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\PDF Architect\HelperService.exe[484] ntdll.dll!NtClose 77CB54C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PDF Architect\HelperService.exe[484] ntdll.dll!NtClose + 4 77CB54CC 2 Bytes [AE, 71]
.text C:\Program Files\PDF Architect\HelperService.exe[484] ntdll.dll!LdrUnloadDll 77CCC86E 6 Bytes JMP 71A8000A
.text C:\Program Files\PDF Architect\HelperService.exe[484] kernel32.dll!CreateProcessW 765D204D 6 Bytes JMP 719F000A
.text C:\Program Files\PDF Architect\HelperService.exe[484] kernel32.dll!CreateProcessA 765D2082 6 Bytes JMP 719C000A
.text C:\Program Files\PDF Architect\HelperService.exe[484] kernel32.dll!CreateProcessAsUserW 766059FF 6 Bytes JMP 7196000A
.text C:\Program Files\PDF Architect\HelperService.exe[484] USER32.dll!SetWindowsHookExW 7788E30C 6 Bytes JMP 7184000A
.text C:\Program Files\PDF Architect\HelperService.exe[484] USER32.dll!SetWinEventHook 778924DC 6 Bytes JMP 7181000A
.text C:\Program Files\PDF Architect\HelperService.exe[484] USER32.dll!SetWindowsHookExA 778B6D0C 6 Bytes JMP 7187000A
.text C:\Program Files\PDF Architect\HelperService.exe[484] GDI32.dll!DeleteDC 76226EAA 6 Bytes JMP 718A000A
.text C:\Program Files\PDF Architect\HelperService.exe[484] GDI32.dll!GetPixel 7622C3D5 6 Bytes JMP 718D000A
.text C:\Program Files\PDF Architect\HelperService.exe[484] GDI32.dll!CreateDCA 7622CCA9 6 Bytes JMP 7193000A
.text C:\Program Files\PDF Architect\HelperService.exe[484] GDI32.dll!CreateDCW 7622CF79 6 Bytes JMP 7190000A
.text C:\Program Files\PDF Architect\HelperService.exe[484] ADVAPI32.dll!CreateProcessAsUserA 76552538 6 Bytes JMP 7199000A
.text C:\Windows\system32\wininit.exe[488] ntdll.dll!NtAlpcSendWaitReceivePort 77CB5418 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[488] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CB541C 2 Bytes [14, 71] {ADC AL, 0x71}
.text C:\Windows\system32\wininit.exe[488] ntdll.dll!NtClose 77CB54C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[488] ntdll.dll!NtClose + 4 77CB54CC 2 Bytes [AE, 71]
.text C:\Windows\system32\wininit.exe[488] ntdll.dll!LdrUnloadDll 77CCC86E 6 Bytes JMP 71A8000A
.text C:\Windows\system32\wininit.exe[488] kernel32.dll!CreateProcessW 765D204D 6 Bytes JMP 719F000A
.text C:\Windows\system32\wininit.exe[488] kernel32.dll!CreateProcessA 765D2082 6 Bytes JMP 719C000A
.text C:\Windows\system32\wininit.exe[488] kernel32.dll!CreateProcessAsUserW 766059FF 6 Bytes JMP 7196000A
.text C:\Windows\system32\wininit.exe[488] USER32.dll!RegisterRawInputDevices 77885B52 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[488] USER32.dll!RegisterRawInputDevices + 4 77885B56 2 Bytes [35, 71]
.text C:\Windows\system32\wininit.exe[488] USER32.dll!SystemParametersInfoA 778880E0 6 Bytes JMP 7121000A
.text C:\Windows\system32\wininit.exe[488] USER32.dll!SetParent 77888314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[488] USER32.dll!SetParent + 4 77888318 2 Bytes [32, 71]
.text C:\Windows\system32\wininit.exe[488] USER32.dll!EnableWindow 77888D02 6 Bytes JMP 711B000A
.text C:\Windows\system32\wininit.exe[488] USER32.dll!MoveWindow 77888D29 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[488] USER32.dll!MoveWindow + 4 77888D2D 2 Bytes [2F, 71]
.text C:\Windows\system32\wininit.exe[488] USER32.dll!GetAsyncKeyState 7788A256 6 Bytes JMP 7139000A
.text C:\Windows\system32\wininit.exe[488] USER32.dll!RegisterHotKey 7788AA19 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[488] USER32.dll!RegisterHotKey + 4 7788AA1D 2 Bytes [23, 71]
.text C:\Windows\system32\wininit.exe[488] USER32.dll!PostThreadMessageA 7788AD09 6 Bytes JMP 7166000A
.text C:\Windows\system32\wininit.exe[488] USER32.dll!SendMessageA 7788AD60 6 Bytes JMP 7160000A
.text C:\Windows\system32\wininit.exe[488] USER32.dll!PostMessageA 7788B446 6 Bytes JMP 716C000A
.text C:\Windows\system32\wininit.exe[488] USER32.dll!SendNotifyMessageW 7788C88A 6 Bytes JMP 714B000A
.text C:\Windows\system32\wininit.exe[488] USER32.dll!SystemParametersInfoW 7788E09A 6 Bytes JMP 711E000A
.text C:\Windows\system32\wininit.exe[488] USER32.dll!SetWindowsHookExW 7788E30C 6 Bytes JMP 7172000A
.text C:\Windows\system32\wininit.exe[488] USER32.dll!SendMessageTimeoutW 7788E459 6 Bytes JMP 7157000A
.text C:\Windows\system32\wininit.exe[488] USER32.dll!PostThreadMessageW 7788EEFC 6 Bytes JMP 7163000A
.text C:\Windows\system32\wininit.exe[488] USER32.dll!SetWinEventHook 778924DC 6 Bytes JMP 716F000A
.text C:\Windows\system32\wininit.exe[488] USER32.dll!GetKeyState 77892B4D 6 Bytes JMP 713C000A
.text C:\Windows\system32\wininit.exe[488] USER32.dll!SendMessageCallbackW 77892F7B 6 Bytes JMP 7151000A
.text C:\Windows\system32\wininit.exe[488] USER32.dll!PostMessageW 7789447B 6 Bytes JMP 7169000A
.text C:\Windows\system32\wininit.exe[488] USER32.dll!SendMessageW 77895539 6 Bytes JMP 715D000A
.text C:\Windows\system32\wininit.exe[488] USER32.dll!GetClipboardData 778A2BA7 6 Bytes JMP 7127000A
.text C:\Windows\system32\wininit.exe[488] USER32.dll!SendNotifyMessageA 778A493C 6 Bytes JMP 714E000A
.text C:\Windows\system32\wininit.exe[488] USER32.dll!mouse_event 778A6209 6 Bytes JMP 7178000A
.text C:\Windows\system32\wininit.exe[488] USER32.dll!SetClipboardViewer 778A6FF6 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[488] USER32.dll!SetClipboardViewer + 4 778A6FFA 2 Bytes [2C, 71] {SUB AL, 0x71}
.text C:\Windows\system32\wininit.exe[488] USER32.dll!SendDlgItemMessageW 778A70D8 6 Bytes JMP 7145000A
.text C:\Windows\system32\wininit.exe[488] USER32.dll!SendDlgItemMessageA 778A7241 6 Bytes JMP 7148000A
.text C:\Windows\system32\wininit.exe[488] USER32.dll!GetKeyboardState 778B6946 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[488] USER32.dll!GetKeyboardState + 4 778B694A 2 Bytes [3E, 71]
.text C:\Windows\system32\wininit.exe[488] USER32.dll!BlockInput 778B6A99 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[488] USER32.dll!BlockInput + 4 778B6A9D 2 Bytes [29, 71]
.text C:\Windows\system32\wininit.exe[488] USER32.dll!SetWindowsHookExA 778B6D0C 6 Bytes JMP 7175000A
.text C:\Windows\system32\wininit.exe[488] USER32.dll!SendMessageTimeoutA 778B6DA9 6 Bytes JMP 715A000A
.text C:\Windows\system32\wininit.exe[488] USER32.dll!SendInput 778B7019 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[488] USER32.dll!SendInput + 4 778B701D 2 Bytes [41, 71]
.text C:\Windows\system32\wininit.exe[488] USER32.dll!ExitWindowsEx 778D06C7 6 Bytes JMP 7118000A
.text C:\Windows\system32\wininit.exe[488] USER32.dll!keybd_event 778DEC3B 6 Bytes JMP 717B000A
.text C:\Windows\system32\wininit.exe[488] USER32.dll!SendMessageCallbackA 778E3E8B 6 Bytes JMP 7154000A
.text C:\Windows\system32\wininit.exe[488] GDI32.dll!DeleteDC 76226EAA 6 Bytes JMP 718A000A
.text C:\Windows\system32\wininit.exe[488] GDI32.dll!BitBlt 762272C0 6 Bytes JMP 7187000A
.text C:\Windows\system32\wininit.exe[488] GDI32.dll!GetPixel 7622C3D5 6 Bytes JMP 718D000A
.text C:\Windows\system32\wininit.exe[488] GDI32.dll!MaskBlt 7622C7AD 6 Bytes JMP 7184000A
.text C:\Windows\system32\wininit.exe[488] GDI32.dll!CreateDCA 7622CCA9 6 Bytes JMP 7193000A
.text C:\Windows\system32\wininit.exe[488] GDI32.dll!CreateDCW 7622CF79 6 Bytes JMP 7190000A
.text C:\Windows\system32\wininit.exe[488] GDI32.dll!StretchBlt 7622F467 6 Bytes JMP 717E000A
.text C:\Windows\system32\wininit.exe[488] GDI32.dll!PlgBlt 76240F73 6 Bytes JMP 7181000A
.text C:\Windows\system32\wininit.exe[488] ADVAPI32.dll!CreateProcessAsUserA 76552538 6 Bytes JMP 7199000A
.text C:\Windows\system32\csrss.exe[496] ntdll.dll!NtAlpcSendWaitReceivePort 77CB5418 5 Bytes JMP 75E51EB0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\csrss.exe[496] ntdll.dll!NtReplyWaitReceivePort 77CB6418 5 Bytes JMP 75E515D0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\csrss.exe[496] ntdll.dll!NtReplyWaitReceivePortEx 77CB6428 5 Bytes JMP 75E51A40 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[540] services.exe 00961608 4 Bytes [70, 39, 01, 10] {JO 0x3b; ADD [EAX], EDX}
.text C:\Windows\system32\services.exe[540] services.exe 00961618 4 Bytes [50, 3D, 01, 10]
.text C:\Windows\system32\services.exe[540] services.exe 00961638 4 Bytes [D0, 36, 01, 10] {SAL BYTE [ESI], 0x1; ADD [EAX], EDX}
.text C:\Windows\system32\services.exe[540] services.exe 00961648 4 Bytes [70, 3B, 01, 10] {JO 0x3d; ADD [EAX], EDX}
.text C:\Windows\system32\services.exe[540] ntdll.dll!NtAlpcSendWaitReceivePort 77CB5418 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[540] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CB541C 2 Bytes [7A, 71] {JP 0x73}
.text C:\Windows\system32\services.exe[540] ntdll.dll!NtClose 77CB54C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[540] ntdll.dll!NtClose + 4 77CB54CC 2 Bytes [AE, 71]
.text C:\Windows\system32\services.exe[540] ntdll.dll!LdrUnloadDll 77CCC86E 6 Bytes JMP 71A8000A
.text C:\Windows\system32\services.exe[540] kernel32.dll!CreateProcessW 765D204D 6 Bytes JMP 719F000A
.text C:\Windows\system32\services.exe[540] kernel32.dll!CreateProcessA 765D2082 6 Bytes JMP 719C000A
.text C:\Windows\system32\services.exe[540] kernel32.dll!CreateProcessAsUserW 766059FF 6 Bytes JMP 7196000A
.text C:\Windows\system32\services.exe[540] RPCRT4.dll!RpcServerRegisterIfEx 76AB09BC 6 Bytes JMP 7193000A
.text C:\Windows\system32\services.exe[540] USER32.dll!SetWindowsHookExW 7788E30C 6 Bytes JMP 7181000A
.text C:\Windows\system32\services.exe[540] USER32.dll!SetWinEventHook 778924DC 6 Bytes JMP 717E000A
.text C:\Windows\system32\services.exe[540] USER32.dll!SetWindowsHookExA 778B6D0C 6 Bytes JMP 7184000A
.text C:\Windows\system32\services.exe[540] GDI32.dll!DeleteDC 76226EAA 6 Bytes JMP 7187000A
.text C:\Windows\system32\services.exe[540] GDI32.dll!GetPixel 7622C3D5 6 Bytes JMP 718A000A
.text C:\Windows\system32\services.exe[540] GDI32.dll!CreateDCA 7622CCA9 6 Bytes JMP 7190000A
.text C:\Windows\system32\services.exe[540] GDI32.dll!CreateDCW 7622CF79 6 Bytes JMP 718D000A
.text C:\Windows\system32\services.exe[540] ADVAPI32.dll!CreateProcessAsUserA 76552538 6 Bytes JMP 7199000A
.text C:\Windows\system32\lsass.exe[556] ntdll.dll!NtAlpcSendWaitReceivePort 77CB5418 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[556] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CB541C 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\lsass.exe[556] ntdll.dll!NtClose 77CB54C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[556] ntdll.dll!NtClose + 4 77CB54CC 2 Bytes [AE, 71]
.text C:\Windows\system32\lsass.exe[556] ntdll.dll!LdrUnloadDll 77CCC86E 6 Bytes JMP 71A8000A
.text C:\Windows\system32\lsass.exe[556] kernel32.dll!CreateProcessW 765D204D 6 Bytes JMP 719F000A
.text C:\Windows\system32\lsass.exe[556] kernel32.dll!CreateProcessA 765D2082 6 Bytes JMP 719C000A
.text C:\Windows\system32\lsass.exe[556] kernel32.dll!CreateProcessAsUserW 766059FF 6 Bytes JMP 7196000A
.text C:\Windows\system32\lsass.exe[556] USER32.dll!SetWindowsHookExW 7788E30C 6 Bytes JMP 7184000A
.text C:\Windows\system32\lsass.exe[556] USER32.dll!SetWinEventHook 778924DC 6 Bytes JMP 7181000A
.text C:\Windows\system32\lsass.exe[556] USER32.dll!SetWindowsHookExA 778B6D0C 6 Bytes JMP 7187000A
.text C:\Windows\system32\lsass.exe[556] GDI32.dll!DeleteDC 76226EAA 6 Bytes JMP 718A000A
.text C:\Windows\system32\lsass.exe[556] GDI32.dll!GetPixel 7622C3D5 6 Bytes JMP 718D000A
.text C:\Windows\system32\lsass.exe[556] GDI32.dll!CreateDCA 7622CCA9 6 Bytes JMP 7193000A
.text C:\Windows\system32\lsass.exe[556] GDI32.dll!CreateDCW 7622CF79 6 Bytes JMP 7190000A
.text C:\Windows\system32\lsass.exe[556] ADVAPI32.dll!CreateProcessAsUserA 76552538 6 Bytes JMP 7199000A
.text C:\Windows\system32\lsm.exe[564] ntdll.dll!NtAlpcSendWaitReceivePort 77CB5418 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[564] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CB541C 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\lsm.exe[564] ntdll.dll!NtClose 77CB54C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[564] ntdll.dll!NtClose + 4 77CB54CC 2 Bytes [AE, 71]
.text C:\Windows\system32\lsm.exe[564] ntdll.dll!LdrUnloadDll 77CCC86E 6 Bytes JMP 71A8000A
.text C:\Windows\system32\lsm.exe[564] kernel32.dll!CreateProcessW 765D204D 6 Bytes JMP 719F000A
.text C:\Windows\system32\lsm.exe[564] kernel32.dll!CreateProcessA 765D2082 6 Bytes JMP 719C000A
.text C:\Windows\system32\lsm.exe[564] kernel32.dll!CreateProcessAsUserW 766059FF 6 Bytes JMP 7196000A
.text C:\Windows\system32\lsm.exe[564] USER32.dll!SetWindowsHookExW 7788E30C 6 Bytes JMP 7184000A
.text C:\Windows\system32\lsm.exe[564] USER32.dll!SetWinEventHook 778924DC 6 Bytes JMP 7181000A
.text C:\Windows\system32\lsm.exe[564] USER32.dll!SetWindowsHookExA 778B6D0C 6 Bytes JMP 7187000A
.text C:\Windows\system32\lsm.exe[564] GDI32.dll!DeleteDC 76226EAA 6 Bytes JMP 718A000A
.text C:\Windows\system32\lsm.exe[564] GDI32.dll!GetPixel 7622C3D5 6 Bytes JMP 718D000A
.text C:\Windows\system32\lsm.exe[564] GDI32.dll!CreateDCA 7622CCA9 6 Bytes JMP 7193000A
.text C:\Windows\system32\lsm.exe[564] GDI32.dll!CreateDCW 7622CF79 6 Bytes JMP 7190000A
.text C:\Windows\system32\lsm.exe[564] ADVAPI32.dll!CreateProcessAsUserA 76552538 6 Bytes JMP 7199000A
.text C:\Windows\system32\svchost.exe[684] ntdll.dll!NtAlpcSendWaitReceivePort 77CB5418 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[684] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CB541C 2 Bytes [7A, 71] {JP 0x73}
.text C:\Windows\system32\svchost.exe[684] ntdll.dll!NtClose 77CB54C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[684] ntdll.dll!NtClose + 4 77CB54CC 2 Bytes [AE, 71]
.text C:\Windows\system32\svchost.exe[684] ntdll.dll!LdrUnloadDll 77CCC86E 6 Bytes JMP 71A8000A
.text C:\Windows\system32\svchost.exe[684] kernel32.dll!CreateProcessW 765D204D 6 Bytes JMP 719F000A
.text C:\Windows\system32\svchost.exe[684] kernel32.dll!CreateProcessA 765D2082 6 Bytes JMP 719C000A
.text C:\Windows\system32\svchost.exe[684] kernel32.dll!CreateProcessAsUserW 766059FF 6 Bytes JMP 7196000A
.text C:\Windows\system32\svchost.exe[684] RPCRT4.dll!RpcServerRegisterIfEx 76AB09BC 6 Bytes JMP 7193000A
.text C:\Windows\system32\svchost.exe[684] USER32.dll!SetWindowsHookExW 7788E30C 6 Bytes JMP 7181000A
.text C:\Windows\system32\svchost.exe[684] USER32.dll!SetWinEventHook 778924DC 6 Bytes JMP 717E000A
.text C:\Windows\system32\svchost.exe[684] USER32.dll!SetWindowsHookExA 778B6D0C 6 Bytes JMP 7184000A
.text C:\Windows\system32\svchost.exe[684] GDI32.dll!DeleteDC 76226EAA 6 Bytes JMP 7187000A
.text C:\Windows\system32\svchost.exe[684] GDI32.dll!GetPixel 7622C3D5 6 Bytes JMP 718A000A
.text C:\Windows\system32\svchost.exe[684] GDI32.dll!CreateDCA 7622CCA9 6 Bytes JMP 7190000A
.text C:\Windows\system32\svchost.exe[684] GDI32.dll!CreateDCW 7622CF79 6 Bytes JMP 718D000A
.text C:\Windows\system32\svchost.exe[684] ADVAPI32.dll!CreateProcessAsUserA 76552538 6 Bytes JMP 7199000A
.text C:\Windows\system32\svchost.exe[772] ntdll.dll!NtAlpcSendWaitReceivePort 77CB5418 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[772] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CB541C 2 Bytes [7A, 71] {JP 0x73}
.text C:\Windows\system32\svchost.exe[772] ntdll.dll!NtClose 77CB54C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[772] ntdll.dll!NtClose + 4 77CB54CC 2 Bytes [AE, 71]
.text C:\Windows\system32\svchost.exe[772] ntdll.dll!LdrUnloadDll 77CCC86E 6 Bytes JMP 71A8000A
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!CreateProcessW 765D204D 6 Bytes JMP 719F000A
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!CreateProcessA 765D2082 6 Bytes JMP 719C000A
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!CreateProcessAsUserW 766059FF 6 Bytes JMP 7196000A
.text C:\Windows\system32\svchost.exe[772] RPCRT4.dll!RpcServerRegisterIfEx 76AB09BC 6 Bytes JMP 7193000A
.text C:\Windows\system32\svchost.exe[772] USER32.dll!SetWindowsHookExW 7788E30C 6 Bytes JMP 7181000A
.text C:\Windows\system32\svchost.exe[772] USER32.dll!SetWinEventHook 778924DC 6 Bytes JMP 717E000A
.text C:\Windows\system32\svchost.exe[772] USER32.dll!SetWindowsHookExA 778B6D0C 6 Bytes JMP 7184000A
.text C:\Windows\system32\svchost.exe[772] GDI32.dll!DeleteDC 76226EAA 6 Bytes JMP 7187000A
.text C:\Windows\system32\svchost.exe[772] GDI32.dll!GetPixel 7622C3D5 6 Bytes JMP 718A000A
.text C:\Windows\system32\svchost.exe[772] GDI32.dll!CreateDCA 7622CCA9 6 Bytes JMP 7190000A
.text C:\Windows\system32\svchost.exe[772] GDI32.dll!CreateDCW 7622CF79 6 Bytes JMP 718D000A
.text C:\Windows\system32\svchost.exe[772] ADVAPI32.dll!CreateProcessAsUserA 76552538 6 Bytes JMP 7199000A
.text C:\Windows\system32\svchost.exe[772] rpcss.dll!CoGetComCatalog 753835EC 8 Bytes [10, 33, 01, 10, D0, 30, 01, ...] {ADC [EBX], DH; ADD [EAX], EDX; SAL BYTE [EAX], 0x1; ADD [EAX], EDX}
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[824] ntdll.dll!NtAllocateVirtualMemory 77CB52D8 5 Bytes JMP 012C3FD0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[824] ntdll.dll!NtCreateFile 77CB55C8 5 Bytes JMP 012FDB90 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[912] ntdll.dll!NtAlpcSendWaitReceivePort 77CB5418 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[912] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CB541C 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\svchost.exe[912] ntdll.dll!NtClose 77CB54C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[912] ntdll.dll!NtClose + 4 77CB54CC 2 Bytes [AE, 71]
.text C:\Windows\system32\svchost.exe[912] ntdll.dll!LdrUnloadDll 77CCC86E 6 Bytes JMP 71A8000A
.text C:\Windows\system32\svchost.exe[912] kernel32.dll!CreateProcessW 765D204D 6 Bytes JMP 719F000A
.text C:\Windows\system32\svchost.exe[912] kernel32.dll!CreateProcessA 765D2082 6 Bytes JMP 719C000A
.text C:\Windows\system32\svchost.exe[912] kernel32.dll!CreateProcessAsUserW 766059FF 6 Bytes JMP 7196000A
.text C:\Windows\system32\svchost.exe[912] USER32.dll!SetWindowsHookExW 7788E30C 6 Bytes JMP 7184000A
.text C:\Windows\system32\svchost.exe[912] USER32.dll!SetWinEventHook 778924DC 6 Bytes JMP 7181000A
.text C:\Windows\system32\svchost.exe[912] USER32.dll!SetWindowsHookExA 778B6D0C 6 Bytes JMP 7187000A
.text C:\Windows\system32\svchost.exe[912] GDI32.dll!DeleteDC 76226EAA 6 Bytes JMP 718A000A
.text C:\Windows\system32\svchost.exe[912] GDI32.dll!GetPixel 7622C3D5 6 Bytes JMP 718D000A
.text C:\Windows\system32\svchost.exe[912] GDI32.dll!CreateDCA 7622CCA9 6 Bytes JMP 7193000A
.text C:\Windows\system32\svchost.exe[912] GDI32.dll!CreateDCW 7622CF79 6 Bytes JMP 7190000A
.text C:\Windows\system32\svchost.exe[912] ADVAPI32.dll!CreateProcessAsUserA 76552538 6 Bytes JMP 7199000A
.text C:\Windows\system32\atiesrxx.exe[972] ntdll.dll!NtAlpcSendWaitReceivePort 77CB5418 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\atiesrxx.exe[972] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CB541C 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\atiesrxx.exe[972] ntdll.dll!NtClose 77CB54C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\atiesrxx.exe[972] ntdll.dll!NtClose + 4 77CB54CC 2 Bytes [AE, 71]
.text C:\Windows\system32\atiesrxx.exe[972] ntdll.dll!LdrUnloadDll 77CCC86E 6 Bytes JMP 71A8000A
.text C:\Windows\system32\atiesrxx.exe[972] kernel32.dll!CreateProcessW 765D204D 6 Bytes JMP 719F000A
.text C:\Windows\system32\atiesrxx.exe[972] kernel32.dll!CreateProcessA 765D2082 6 Bytes JMP 719C000A
.text C:\Windows\system32\atiesrxx.exe[972] kernel32.dll!CreateProcessAsUserW 766059FF 6 Bytes JMP 7196000A
.text C:\Windows\system32\atiesrxx.exe[972] USER32.dll!SetWindowsHookExW 7788E30C 6 Bytes JMP 7184000A
.text C:\Windows\system32\atiesrxx.exe[972] USER32.dll!SetWinEventHook 778924DC 6 Bytes JMP 7181000A
.text C:\Windows\system32\atiesrxx.exe[972] USER32.dll!SetWindowsHookExA 778B6D0C 6 Bytes JMP 7187000A
.text C:\Windows\system32\atiesrxx.exe[972] GDI32.dll!DeleteDC 76226EAA 6 Bytes JMP 718A000A
.text C:\Windows\system32\atiesrxx.exe[972] GDI32.dll!GetPixel 7622C3D5 6 Bytes JMP 718D000A
.text C:\Windows\system32\atiesrxx.exe[972] GDI32.dll!CreateDCA 7622CCA9 6 Bytes JMP 7193000A
.text C:\Windows\system32\atiesrxx.exe[972] GDI32.dll!CreateDCW 7622CF79 6 Bytes JMP 7190000A
.text C:\Windows\system32\atiesrxx.exe[972] ADVAPI32.dll!CreateProcessAsUserA 76552538 6 Bytes JMP 7199000A
.text C:\Windows\System32\svchost.exe[1016] ntdll.dll!NtAlpcSendWaitReceivePort 77CB5418 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1016] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CB541C 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\System32\svchost.exe[1016] ntdll.dll!NtClose 77CB54C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1016] ntdll.dll!NtClose + 4 77CB54CC 2 Bytes [AE, 71]
.text C:\Windows\System32\svchost.exe[1016] ntdll.dll!LdrUnloadDll 77CCC86E 6 Bytes JMP 71A8000A
.text C:\Windows\System32\svchost.exe[1016] kernel32.dll!CreateProcessW 765D204D 6 Bytes JMP 719F000A
.text C:\Windows\System32\svchost.exe[1016] kernel32.dll!CreateProcessA 765D2082 6 Bytes JMP 719C000A
.text C:\Windows\System32\svchost.exe[1016] kernel32.dll!CreateProcessAsUserW 766059FF 6 Bytes JMP 7196000A
.text C:\Windows\System32\svchost.exe[1016] USER32.dll!SetWindowsHookExW 7788E30C 6 Bytes JMP 7184000A
.text C:\Windows\System32\svchost.exe[1016] USER32.dll!SetWinEventHook 778924DC 6 Bytes JMP 7181000A
.text C:\Windows\System32\svchost.exe[1016] USER32.dll!SetWindowsHookExA 778B6D0C 6 Bytes JMP 7187000A
.text C:\Windows\System32\svchost.exe[1016] GDI32.dll!DeleteDC 76226EAA 6 Bytes JMP 718A000A
.text C:\Windows\System32\svchost.exe[1016] GDI32.dll!GetPixel 7622C3D5 6 Bytes JMP 718D000A
.text C:\Windows\System32\svchost.exe[1016] GDI32.dll!CreateDCA 7622CCA9 6 Bytes JMP 7193000A
.text C:\Windows\System32\svchost.exe[1016] GDI32.dll!CreateDCW 7622CF79 6 Bytes JMP 7190000A
.text C:\Windows\System32\svchost.exe[1016] ADVAPI32.dll!CreateProcessAsUserA 76552538 6 Bytes JMP 7199000A
.text C:\Windows\System32\svchost.exe[1060] ntdll.dll!NtAlpcSendWaitReceivePort 77CB5418 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1060] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CB541C 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\System32\svchost.exe[1060] ntdll.dll!NtClose 77CB54C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1060] ntdll.dll!NtClose + 4 77CB54CC 2 Bytes [AE, 71]
.text C:\Windows\System32\svchost.exe[1060] ntdll.dll!LdrUnloadDll 77CCC86E 6 Bytes JMP 71A8000A
.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!CreateProcessW 765D204D 6 Bytes JMP 719F000A
.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!CreateProcessA 765D2082 6 Bytes JMP 719C000A
.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!CreateProcessAsUserW 766059FF 6 Bytes JMP 7196000A
.text C:\Windows\System32\svchost.exe[1060] USER32.dll!SetWindowsHookExW 7788E30C 6 Bytes JMP 7184000A
.text C:\Windows\System32\svchost.exe[1060] USER32.dll!SetWinEventHook 778924DC 6 Bytes JMP 7181000A
.text C:\Windows\System32\svchost.exe[1060] USER32.dll!SetWindowsHookExA 778B6D0C 6 Bytes JMP 7187000A
.text C:\Windows\System32\svchost.exe[1060] GDI32.dll!DeleteDC 76226EAA 6 Bytes JMP 718A000A
.text C:\Windows\System32\svchost.exe[1060] GDI32.dll!GetPixel 7622C3D5 6 Bytes JMP 718D000A
.text C:\Windows\System32\svchost.exe[1060] GDI32.dll!CreateDCA 7622CCA9 6 Bytes JMP 7193000A
.text C:\Windows\System32\svchost.exe[1060] GDI32.dll!CreateDCW 7622CF79 6 Bytes JMP 7190000A
.text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!CreateProcessAsUserA 76552538 6 Bytes JMP 7199000A
.text C:\Windows\system32\svchost.exe[1104] ntdll.dll!NtAlpcSendWaitReceivePort 77CB5418 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1104] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CB541C 2 Bytes [7A, 71] {JP 0x73}
.text C:\Windows\system32\svchost.exe[1104] ntdll.dll!NtClose 77CB54C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1104] ntdll.dll!NtClose + 4 77CB54CC 2 Bytes [AE, 71]
.text C:\Windows\system32\svchost.exe[1104] ntdll.dll!LdrUnloadDll 77CCC86E 6 Bytes JMP 71A8000A
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!CreateProcessW 765D204D 6 Bytes JMP 719F000A
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!CreateProcessA 765D2082 6 Bytes JMP 719C000A
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!CreateProcessAsUserW 766059FF 6 Bytes JMP 7196000A
.text C:\Windows\system32\svchost.exe[1104] RPCRT4.dll!RpcServerRegisterIfEx 76AB09BC 6 Bytes JMP 7193000A
.text C:\Windows\system32\svchost.exe[1104] USER32.dll!SetWindowsHookExW 7788E30C 6 Bytes JMP 7181000A
.text C:\Windows\system32\svchost.exe[1104] USER32.dll!SetWinEventHook 778924DC 6 Bytes JMP 717E000A
.text C:\Windows\system32\svchost.exe[1104] USER32.dll!SetWindowsHookExA 778B6D0C 6 Bytes JMP 7184000A
.text C:\Windows\system32\svchost.exe[1104] GDI32.dll!DeleteDC 76226EAA 6 Bytes JMP 7187000A
.text C:\Windows\system32\svchost.exe[1104] GDI32.dll!GetPixel 7622C3D5 6 Bytes JMP 718A000A
.text C:\Windows\system32\svchost.exe[1104] GDI32.dll!CreateDCA 7622CCA9 6 Bytes JMP 7190000A
.text C:\Windows\system32\svchost.exe[1104] GDI32.dll!CreateDCW 7622CF79 6 Bytes JMP 718D000A
.text C:\Windows\system32\svchost.exe[1104] ADVAPI32.dll!CreateProcessAsUserA 76552538 6 Bytes JMP 7199000A
.text C:\Windows\system32\AUDIODG.EXE[1192] ntdll.dll!NtAlpcSendWaitReceivePort 77CB5418 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\AUDIODG.EXE[1192] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CB541C 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\AUDIODG.EXE[1192] ntdll.dll!NtClose 77CB54C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\AUDIODG.EXE[1192] ntdll.dll!NtClose + 4 77CB54CC 2 Bytes [AE, 71]
.text C:\Windows\system32\AUDIODG.EXE[1192] ntdll.dll!LdrUnloadDll 77CCC86E 6 Bytes JMP 71A7001E
.text C:\Windows\system32\AUDIODG.EXE[1192] kernel32.dll!CreateProcessW 765D204D 6 Bytes JMP 719E001E
.text C:\Windows\system32\AUDIODG.EXE[1192] kernel32.dll!CreateProcessA 765D2082 6 Bytes JMP 719B001E
.text C:\Windows\system32\AUDIODG.EXE[1192] kernel32.dll!CreateProcessAsUserW 766059FF 6 Bytes JMP 7195001E
.text C:\Windows\system32\AUDIODG.EXE[1192] USER32.dll!SetWindowsHookExW 7788E30C 6 Bytes JMP 7183001E
.text C:\Windows\system32\AUDIODG.EXE[1192] USER32.dll!SetWinEventHook 778924DC 6 Bytes JMP 7180001E
.text C:\Windows\system32\AUDIODG.EXE[1192] USER32.dll!SetWindowsHookExA 778B6D0C 6 Bytes JMP 7186001E
.text C:\Windows\system32\AUDIODG.EXE[1192] GDI32.dll!DeleteDC 76226EAA 6 Bytes JMP 7189001E
.text C:\Windows\system32\AUDIODG.EXE[1192] GDI32.dll!GetPixel 7622C3D5 6 Bytes JMP 718C001E
.text C:\Windows\system32\AUDIODG.EXE[1192] GDI32.dll!CreateDCA 7622CCA9 6 Bytes JMP 7192001E
.text C:\Windows\system32\AUDIODG.EXE[1192] GDI32.dll!CreateDCW 7622CF79 6 Bytes JMP 718F001E
.text C:\Windows\system32\AUDIODG.EXE[1192] ADVAPI32.dll!CreateProcessAsUserA 76552538 6 Bytes JMP 7198001E
.text C:\Windows\system32\svchost.exe[1260] ntdll.dll!NtAlpcSendWaitReceivePort 77CB5418 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1260] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CB541C 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\svchost.exe[1260] ntdll.dll!NtClose 77CB54C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1260] ntdll.dll!NtClose + 4 77CB54CC 2 Bytes [AE, 71]
.text C:\Windows\system32\svchost.exe[1260] ntdll.dll!LdrUnloadDll 77CCC86E 6 Bytes JMP 71A8000A
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!CreateProcessW 765D204D 6 Bytes JMP 719F000A
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!CreateProcessA 765D2082 6 Bytes JMP 719C000A
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!CreateProcessAsUserW 766059FF 6 Bytes JMP 7196000A
.text C:\Windows\system32\svchost.exe[1260] USER32.dll!SetWindowsHookExW 7788E30C 6 Bytes JMP 7184000A
.text C:\Windows\system32\svchost.exe[1260] USER32.dll!SetWinEventHook 778924DC 6 Bytes JMP 7181000A
.text C:\Windows\system32\svchost.exe[1260] USER32.dll!SetWindowsHookExA 778B6D0C 6 Bytes JMP 7187000A
.text C:\Windows\system32\svchost.exe[1260] GDI32.dll!DeleteDC 76226EAA 6 Bytes JMP 718A000A
.text C:\Windows\system32\svchost.exe[1260] GDI32.dll!GetPixel 7622C3D5 6 Bytes JMP 718D000A
.text C:\Windows\system32\svchost.exe[1260] GDI32.dll!CreateDCA 7622CCA9 6 Bytes JMP 7193000A
.text C:\Windows\system32\svchost.exe[1260] GDI32.dll!CreateDCW 7622CF79 6 Bytes JMP 7190000A
.text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!CreateProcessAsUserA 76552538 6 Bytes JMP 7199000A
.text C:\Users\tanja\Desktop\gmer_2.0.18454.exe[1324] ntdll.dll!NtAlpcSendWaitReceivePort 77CB5418 3 Bytes [FF, 25, 1E]
.text C:\Users\tanja\Desktop\gmer_2.0.18454.exe[1324] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CB541C 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Users\tanja\Desktop\gmer_2.0.18454.exe[1324] ntdll.dll!NtClose 77CB54C8 3 Bytes [FF, 25, 1E]
.text C:\Users\tanja\Desktop\gmer_2.0.18454.exe[1324] ntdll.dll!NtClose + 4 77CB54CC 2 Bytes [AE, 71]
.text C:\Users\tanja\Desktop\gmer_2.0.18454.exe[1324] ntdll.dll!LdrUnloadDll 77CCC86E 6 Bytes JMP 71A8000A
.text C:\Users\tanja\Desktop\gmer_2.0.18454.exe[1324] kernel32.dll!CreateProcessW 765D204D 6 Bytes JMP 719F000A
.text C:\Users\tanja\Desktop\gmer_2.0.18454.exe[1324] kernel32.dll!CreateProcessA 765D2082 6 Bytes JMP 719C000A
.text C:\Users\tanja\Desktop\gmer_2.0.18454.exe[1324] kernel32.dll!CreateProcessAsUserW 766059FF 6 Bytes JMP 7196000A
.text C:\Users\tanja\Desktop\gmer_2.0.18454.exe[1324] USER32.dll!SetWindowsHookExW 7788E30C 6 Bytes JMP 7184000A
.text C:\Users\tanja\Desktop\gmer_2.0.18454.exe[1324] USER32.dll!SetWinEventHook 778924DC 6 Bytes JMP 7181000A
.text C:\Users\tanja\Desktop\gmer_2.0.18454.exe[1324] USER32.dll!SetWindowsHookExA 778B6D0C 6 Bytes JMP 7187000A
.text C:\Users\tanja\Desktop\gmer_2.0.18454.exe[1324] GDI32.dll!DeleteDC 76226EAA 6 Bytes JMP 718A000A
.text C:\Users\tanja\Desktop\gmer_2.0.18454.exe[1324] GDI32.dll!GetPixel 7622C3D5 6 Bytes JMP 718D000A
.text C:\Users\tanja\Desktop\gmer_2.0.18454.exe[1324] GDI32.dll!CreateDCA 7622CCA9 6 Bytes JMP 7193000A
.text C:\Users\tanja\Desktop\gmer_2.0.18454.exe[1324] GDI32.dll!CreateDCW 7622CF79 6 Bytes JMP 7190000A
.text C:\Users\tanja\Desktop\gmer_2.0.18454.exe[1324] ADVAPI32.dll!CreateProcessAsUserA 76552538 6 Bytes JMP 7199000A
.text C:\Windows\system32\atieclxx.exe[1376] ntdll.dll!NtAlpcSendWaitReceivePort 77CB5418 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\atieclxx.exe[1376] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CB541C 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\atieclxx.exe[1376] ntdll.dll!NtClose 77CB54C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\atieclxx.exe[1376] ntdll.dll!NtClose + 4 77CB54CC 2 Bytes [AE, 71]
.text C:\Windows\system32\atieclxx.exe[1376] ntdll.dll!LdrUnloadDll 77CCC86E 6 Bytes JMP 71A8000A
.text C:\Windows\system32\atieclxx.exe[1376] kernel32.dll!CreateProcessW 765D204D 6 Bytes JMP 719F000A
.text C:\Windows\system32\atieclxx.exe[1376] kernel32.dll!CreateProcessA 765D2082 6 Bytes JMP 719C000A
.text C:\Windows\system32\atieclxx.exe[1376] kernel32.dll!CreateProcessAsUserW 766059FF 6 Bytes JMP 7196000A
.text C:\Windows\system32\atieclxx.exe[1376] USER32.dll!SetWindowsHookExW 7788E30C 6 Bytes JMP 7184000A
.text C:\Windows\system32\atieclxx.exe[1376] USER32.dll!SetWinEventHook 778924DC 6 Bytes JMP 7181000A
.text C:\Windows\system32\atieclxx.exe[1376] USER32.dll!SetWindowsHookExA 778B6D0C 6 Bytes JMP 7187000A
.text C:\Windows\system32\atieclxx.exe[1376] GDI32.dll!DeleteDC 76226EAA 6 Bytes JMP 718A000A
.text C:\Windows\system32\atieclxx.exe[1376] GDI32.dll!GetPixel 7622C3D5 6 Bytes JMP 718D000A
.text C:\Windows\system32\atieclxx.exe[1376] GDI32.dll!CreateDCA 7622CCA9 6 Bytes JMP 7193000A
.text C:\Windows\system32\atieclxx.exe[1376] GDI32.dll!CreateDCW 7622CF79 6 Bytes JMP 7190000A
.text C:\Windows\system32\atieclxx.exe[1376] ADVAPI32.dll!CreateProcessAsUserA 76552538 6 Bytes JMP 7199000A
.text C:\Program Files\PDF Architect\ConversionService.exe[1440] ntdll.dll!NtAlpcSendWaitReceivePort 77CB5418 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PDF Architect\ConversionService.exe[1440] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CB541C 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\PDF Architect\ConversionService.exe[1440] ntdll.dll!NtClose 77CB54C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PDF Architect\ConversionService.exe[1440] ntdll.dll!NtClose + 4 77CB54CC 2 Bytes [AE, 71]
.text C:\Program Files\PDF Architect\ConversionService.exe[1440] ntdll.dll!LdrUnloadDll 77CCC86E 6 Bytes JMP 71A8000A
.text C:\Program Files\PDF Architect\ConversionService.exe[1440] kernel32.dll!CreateProcessW 765D204D 6 Bytes JMP 719F000A
.text C:\Program Files\PDF Architect\ConversionService.exe[1440] kernel32.dll!CreateProcessA 765D2082 6 Bytes JMP 719C000A
.text C:\Program Files\PDF Architect\ConversionService.exe[1440] kernel32.dll!CreateProcessAsUserW 766059FF 6 Bytes JMP 7196000A
.text C:\Program Files\PDF Architect\ConversionService.exe[1440] USER32.dll!SetWindowsHookExW 7788E30C 6 Bytes JMP 7184000A
.text C:\Program Files\PDF Architect\ConversionService.exe[1440] USER32.dll!SetWinEventHook 778924DC 6 Bytes JMP 7181000A
.text C:\Program Files\PDF Architect\ConversionService.exe[1440] USER32.dll!SetWindowsHookExA 778B6D0C 6 Bytes JMP 7187000A
.text C:\Program Files\PDF Architect\ConversionService.exe[1440] GDI32.dll!DeleteDC 76226EAA 6 Bytes JMP 718A000A
.text C:\Program Files\PDF Architect\ConversionService.exe[1440] GDI32.dll!GetPixel 7622C3D5 6 Bytes JMP 718D000A
.text C:\Program Files\PDF Architect\ConversionService.exe[1440] GDI32.dll!CreateDCA 7622CCA9 6 Bytes JMP 7193000A
.text C:\Program Files\PDF Architect\ConversionService.exe[1440] GDI32.dll!CreateDCW 7622CF79 6 Bytes JMP 7190000A
.text C:\Program Files\PDF Architect\ConversionService.exe[1440] ADVAPI32.dll!CreateProcessAsUserA 76552538 6 Bytes JMP 7199000A
.text C:\Windows\System32\spoolsv.exe[1548] ntdll.dll!NtAlpcSendWaitReceivePort 77CB5418 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1548] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CB541C 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\System32\spoolsv.exe[1548] ntdll.dll!NtClose 77CB54C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1548] ntdll.dll!NtClose + 4 77CB54CC 2 Bytes [AE, 71]
.text C:\Windows\System32\spoolsv.exe[1548] ntdll.dll!LdrUnloadDll 77CCC86E 6 Bytes JMP 71A8000A
.text C:\Windows\System32\spoolsv.exe[1548] kernel32.dll!CreateProcessW 765D204D 6 Bytes JMP 719F000A
.text C:\Windows\System32\spoolsv.exe[1548] kernel32.dll!CreateProcessA 765D2082 6 Bytes JMP 719C000A
.text C:\Windows\System32\spoolsv.exe[1548] kernel32.dll!CreateProcessAsUserW 766059FF 6 Bytes JMP 7196000A
.text C:\Windows\System32\spoolsv.exe[1548] USER32.dll!SetWindowsHookExW 7788E30C 6 Bytes JMP 7184000A
.text C:\Windows\System32\spoolsv.exe[1548] USER32.dll!SetWinEventHook 778924DC 6 Bytes JMP 7181000A
.text C:\Windows\System32\spoolsv.exe[1548] USER32.dll!SetWindowsHookExA 778B6D0C 6 Bytes JMP 7187000A
.text C:\Windows\System32\spoolsv.exe[1548] GDI32.dll!DeleteDC 76226EAA 6 Bytes JMP 718A000A
.text C:\Windows\System32\spoolsv.exe[1548] GDI32.dll!GetPixel 7622C3D5 6 Bytes JMP 718D000A
.text C:\Windows\System32\spoolsv.exe[1548] GDI32.dll!CreateDCA 7622CCA9 6 Bytes JMP 7193000A
.text C:\Windows\System32\spoolsv.exe[1548] GDI32.dll!CreateDCW 7622CF79 6 Bytes JMP 7190000A
.text C:\Windows\System32\spoolsv.exe[1548] ADVAPI32.dll!CreateProcessAsUserA 76552538 6 Bytes JMP 7199000A
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1624] ntdll.dll!NtAlpcSendWaitReceivePort 77CB5418 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1624] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CB541C 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1624] ntdll.dll!NtClose 77CB54C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1624] ntdll.dll!NtClose + 4 77CB54CC 2 Bytes [AE, 71]
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1624] ntdll.dll!LdrUnloadDll 77CCC86E 6 Bytes JMP 71A8000A
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1624] kernel32.dll!CreateProcessW 765D204D 6 Bytes JMP 719F000A
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1624] kernel32.dll!CreateProcessA 765D2082 6 Bytes JMP 719C000A
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1624] kernel32.dll!CreateProcessAsUserW 766059FF 6 Bytes JMP 7196000A
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1624] USER32.dll!SetWindowsHookExW 7788E30C 6 Bytes JMP 7184000A
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1624] USER32.dll!SetWinEventHook 778924DC 6 Bytes JMP 7181000A
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1624] USER32.dll!SetWindowsHookExA 778B6D0C 6 Bytes JMP 7187000A
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1624] GDI32.dll!DeleteDC 76226EAA 6 Bytes JMP 718A000A
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1624] GDI32.dll!GetPixel 7622C3D5 6 Bytes JMP 718D000A
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1624] GDI32.dll!CreateDCA 7622CCA9 6 Bytes JMP 7193000A
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1624] GDI32.dll!CreateDCW 7622CF79 6 Bytes JMP 7190000A
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1624] ADVAPI32.dll!CreateProcessAsUserA 76552538 6 Bytes JMP 7199000A
.text C:\Windows\system32\svchost.exe[1720] ntdll.dll!NtAlpcSendWaitReceivePort 77CB5418 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1720] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CB541C 2 Bytes [7A, 71] {JP 0x73}
.text C:\Windows\system32\svchost.exe[1720] ntdll.dll!NtClose 77CB54C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1720] ntdll.dll!NtClose + 4 77CB54CC 2 Bytes [AE, 71]
.text C:\Windows\system32\svchost.exe[1720] ntdll.dll!LdrUnloadDll 77CCC86E 6 Bytes JMP 71A8000A
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!CreateProcessW 765D204D 6 Bytes JMP 719F000A
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!CreateProcessA 765D2082 6 Bytes JMP 719C000A
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!CreateProcessAsUserW 766059FF 6 Bytes JMP 7196000A
.text C:\Windows\system32\svchost.exe[1720] RPCRT4.dll!RpcServerRegisterIfEx 76AB09BC 6 Bytes JMP 7193000A
.text C:\Windows\system32\svchost.exe[1720] USER32.dll!SetWindowsHookExW 7788E30C 6 Bytes JMP 7181000A
.text C:\Windows\system32\svchost.exe[1720] USER32.dll!SetWinEventHook 778924DC 6 Bytes JMP 717E000A
.text C:\Windows\system32\svchost.exe[1720] USER32.dll!SetWindowsHookExA 778B6D0C 6 Bytes JMP 7184000A
.text C:\Windows\system32\svchost.exe[1720] GDI32.dll!DeleteDC 76226EAA 6 Bytes JMP 7187000A
.text C:\Windows\system32\svchost.exe[1720] GDI32.dll!GetPixel 7622C3D5 6 Bytes JMP 718A000A
.text C:\Windows\system32\svchost.exe[1720] GDI32.dll!CreateDCA 7622CCA9 6 Bytes JMP 7190000A
.text C:\Windows\system32\svchost.exe[1720] GDI32.dll!CreateDCW 7622CF79 6 Bytes JMP 718D000A
.text C:\Windows\system32\svchost.exe[1720] ADVAPI32.dll!CreateProcessAsUserA 76552538 6 Bytes JMP 7199000A
.text C:\Windows\system32\Dwm.exe[1748] ntdll.dll!NtAlpcSendWaitReceivePort 77CB5418 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[1748] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CB541C 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\Dwm.exe[1748] ntdll.dll!NtClose 77CB54C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[1748] ntdll.dll!NtClose + 4 77CB54CC 2 Bytes [AE, 71]
.text C:\Windows\system32\Dwm.exe[1748] ntdll.dll!LdrUnloadDll 77CCC86E 6 Bytes JMP 71A8000A
.text C:\Windows\system32\Dwm.exe[1748] kernel32.dll!CreateProcessW 765D204D 6 Bytes JMP 719F000A
.text C:\Windows\system32\Dwm.exe[1748] kernel32.dll!CreateProcessA 765D2082 6 Bytes JMP 719C000A
.text C:\Windows\system32\Dwm.exe[1748] kernel32.dll!CreateProcessAsUserW 766059FF 6 Bytes JMP 7196000A
.text C:\Windows\system32\Dwm.exe[1748] GDI32.dll!DeleteDC 76226EAA 6 Bytes JMP 718A000A
.text C:\Windows\system32\Dwm.exe[1748] GDI32.dll!GetPixel 7622C3D5 6 Bytes JMP 718D000A
.text C:\Windows\system32\Dwm.exe[1748] GDI32.dll!CreateDCA 7622CCA9 6 Bytes JMP 7193000A
.text C:\Windows\system32\Dwm.exe[1748] GDI32.dll!CreateDCW 7622CF79 6 Bytes JMP 7190000A
.text C:\Windows\system32\Dwm.exe[1748] USER32.dll!SetWindowsHookExW 7788E30C 6 Bytes JMP 7184000A
.text C:\Windows\system32\Dwm.exe[1748] USER32.dll!SetWinEventHook 778924DC 6 Bytes JMP 7181000A
.text C:\Windows\system32\Dwm.exe[1748] USER32.dll!SetWindowsHookExA 778B6D0C 6 Bytes JMP 7187000A
.text C:\Windows\system32\Dwm.exe[1748] ADVAPI32.dll!CreateProcessAsUserA 76552538 6 Bytes JMP 7199000A
.text C:\Windows\Explorer.EXE[1796] ntdll.dll!NtAlpcSendWaitReceivePort 77CB5418 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1796] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CB541C 2 Bytes [66, 71]
.text C:\Windows\Explorer.EXE[1796] ntdll.dll!NtClose 77CB54C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1796] ntdll.dll!NtClose + 4 77CB54CC 2 Bytes [AE, 71]
.text C:\Windows\Explorer.EXE[1796] ntdll.dll!LdrUnloadDll 77CCC86E 6 Bytes JMP 7191000A
.text C:\Windows\Explorer.EXE[1796] kernel32.dll!CreateProcessW 765D204D 6 Bytes JMP 7188000A
.text C:\Windows\Explorer.EXE[1796] kernel32.dll!CreateProcessA 765D2082 6 Bytes JMP 7185000A
.text C:\Windows\Explorer.EXE[1796] kernel32.dll!CreateProcessAsUserW 766059FF 6 Bytes JMP 717F000A
.text C:\Windows\Explorer.EXE[1796] ADVAPI32.dll!CreateProcessAsUserA 76552538 6 Bytes JMP 7182000A
.text C:\Windows\Explorer.EXE[1796] GDI32.dll!DeleteDC 76226EAA 6 Bytes JMP 7173000A
.text C:\Windows\Explorer.EXE[1796] GDI32.dll!GetPixel 7622C3D5 6 Bytes JMP 7176000A
.text C:\Windows\Explorer.EXE[1796] GDI32.dll!CreateDCA 7622CCA9 6 Bytes JMP 717C000A
.text C:\Windows\Explorer.EXE[1796] GDI32.dll!CreateDCW 7622CF79 6 Bytes JMP 7179000A
.text C:\Windows\Explorer.EXE[1796] USER32.dll!SetWindowsHookExW 7788E30C 6 Bytes JMP 716D000A
.text C:\Windows\Explorer.EXE[1796] USER32.dll!SetWinEventHook 778924DC 6 Bytes JMP 716A000A
.text C:\Windows\Explorer.EXE[1796] USER32.dll!SetWindowsHookExA 778B6D0C 6 Bytes JMP 7170000A
.text C:\Windows\system32\taskhost.exe[1844] ntdll.dll!NtAlpcSendWaitReceivePort 77CB5418 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[1844] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CB541C 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\taskhost.exe[1844] ntdll.dll!NtClose 77CB54C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[1844] ntdll.dll!NtClose + 4 77CB54CC 2 Bytes [AE, 71]
.text C:\Windows\system32\taskhost.exe[1844] ntdll.dll!LdrUnloadDll 77CCC86E 6 Bytes JMP 71A8000A
.text C:\Windows\system32\taskhost.exe[1844] kernel32.dll!CreateProcessW 765D204D 6 Bytes JMP 719F000A
.text C:\Windows\system32\taskhost.exe[1844] kernel32.dll!CreateProcessA 765D2082 6 Bytes JMP 719C000A
.text C:\Windows\system32\taskhost.exe[1844] kernel32.dll!CreateProcessAsUserW 766059FF 6 Bytes JMP 7196000A
.text C:\Windows\system32\taskhost.exe[1844] GDI32.dll!DeleteDC 76226EAA 6 Bytes JMP 718A000A
.text C:\Windows\system32\taskhost.exe[1844] GDI32.dll!GetPixel 7622C3D5 6 Bytes JMP 718D000A
.text C:\Windows\system32\taskhost.exe[1844] GDI32.dll!CreateDCA 7622CCA9 6 Bytes JMP 7193000A
.text C:\Windows\system32\taskhost.exe[1844] GDI32.dll!CreateDCW 7622CF79 6 Bytes JMP 7190000A
.text C:\Windows\system32\taskhost.exe[1844] USER32.dll!SetWindowsHookExW 7788E30C 6 Bytes JMP 7184000A
.text C:\Windows\system32\taskhost.exe[1844] USER32.dll!SetWinEventHook 778924DC 6 Bytes JMP 7181000A
.text C:\Windows\system32\taskhost.exe[1844] USER32.dll!SetWindowsHookExA 778B6D0C 6 Bytes JMP 7187000A
.text C:\Windows\system32\taskhost.exe[1844] ADVAPI32.dll!CreateProcessAsUserA 76552538 6 Bytes JMP 7199000A
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2012] ntdll.dll!NtAlpcSendWaitReceivePort 77CB5418 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2012] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CB541C 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2012] ntdll.dll!NtClose 77CB54C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2012] ntdll.dll!NtClose + 4 77CB54CC 2 Bytes [AE, 71]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2012] ntdll.dll!LdrUnloadDll 77CCC86E 6 Bytes JMP 71A8000A
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2012] kernel32.dll!CreateProcessW 765D204D 6 Bytes JMP 719F000A
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2012] kernel32.dll!CreateProcessA 765D2082 6 Bytes JMP 719C000A
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2012] kernel32.dll!CreateProcessAsUserW 766059FF 6 Bytes JMP 7196000A
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2012] USER32.dll!SetWindowsHookExW 7788E30C 6 Bytes JMP 7184000A
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2012] USER32.dll!SetWinEventHook 778924DC 6 Bytes JMP 7181000A
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2012] USER32.dll!SetWindowsHookExA 778B6D0C 6 Bytes JMP 7187000A
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2012] GDI32.dll!DeleteDC 76226EAA 6 Bytes JMP 718A000A
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2012] GDI32.dll!GetPixel 7622C3D5 6 Bytes JMP 718D000A
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2012] GDI32.dll!CreateDCA 7622CCA9 6 Bytes JMP 7193000A
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2012] GDI32.dll!CreateDCW 7622CF79 6 Bytes JMP 7190000A
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2012] ADVAPI32.dll!CreateProcessAsUserA 76552538 6 Bytes JMP 7199000A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2260] ntdll.dll!NtAlpcSendWaitReceivePort 77CB5418 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2260] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CB541C 2 Bytes [77, 71] {JA 0x73}
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2260] ntdll.dll!NtClose 77CB54C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2260] ntdll.dll!NtClose + 4 77CB54CC 2 Bytes [AE, 71]
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2260] ntdll.dll!LdrUnloadDll 77CCC86E 6 Bytes JMP 71A8000A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2260] kernel32.dll!CreateProcessW 765D204D 6 Bytes JMP 719F000A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2260] kernel32.dll!CreateProcessA 765D2082 6 Bytes JMP 719C000A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2260] kernel32.dll!CreateProcessAsUserW 766059FF 6 Bytes JMP 7196000A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2260] USER32.dll!SetWindowsHookExW 7788E30C 6 Bytes JMP 717E000A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2260] USER32.dll!SetWinEventHook 778924DC 6 Bytes JMP 717B000A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2260] USER32.dll!SetWindowsHookExA 778B6D0C 6 Bytes JMP 7181000A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2260] GDI32.dll!DeleteDC 76226EAA 6 Bytes JMP 7184000A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2260] GDI32.dll!GetPixel 7622C3D5 6 Bytes JMP 718D000A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2260] GDI32.dll!CreateDCA 7622CCA9 6 Bytes JMP 7193000A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2260] GDI32.dll!CreateDCW 7622CF79 6 Bytes JMP 7190000A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2260] ADVAPI32.dll!CreateProcessAsUserA 76552538 6 Bytes JMP 7199000A
.text C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe[2344] ntdll.dll!NtAllocateVirtualMemory 77CB52D8 5 Bytes JMP 00A91000 C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2632] ntdll.dll!NtAlpcSendWaitReceivePort 77CB5418 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2632] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CB541C 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2632] ntdll.dll!NtClose 77CB54C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2632] ntdll.dll!NtClose + 4 77CB54CC 2 Bytes [AE, 71]
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2632] ntdll.dll!LdrUnloadDll 77CCC86E 6 Bytes JMP 71A8000A
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2632] kernel32.dll!CreateProcessW 765D204D 6 Bytes JMP 719F000A
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2632] kernel32.dll!CreateProcessA 765D2082 6 Bytes JMP 719C000A
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2632] kernel32.dll!CreateProcessAsUserW 766059FF 6 Bytes JMP 7196000A
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2632] ADVAPI32.dll!CreateProcessAsUserA 76552538 6 Bytes JMP 7199000A
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2632] USER32.dll!SetWindowsHookExW 7788E30C 6 Bytes JMP 7184000A
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2632] USER32.dll!SetWinEventHook 778924DC 6 Bytes JMP 7181000A
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2632] USER32.dll!SetWindowsHookExA 778B6D0C 6 Bytes JMP 7187000A
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2632] GDI32.dll!DeleteDC 76226EAA 6 Bytes JMP 718A000A
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2632] GDI32.dll!GetPixel 7622C3D5 6 Bytes JMP 718D000A
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2632] GDI32.dll!CreateDCA 7622CCA9 6 Bytes JMP 7193000A
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2632] GDI32.dll!CreateDCW 7622CF79 6 Bytes JMP 7190000A
.text C:\Windows\system32\SearchIndexer.exe[2728] ntdll.dll!NtAlpcSendWaitReceivePort 77CB5418 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[2728] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CB541C 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\SearchIndexer.exe[2728] ntdll.dll!NtClose 77CB54C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[2728] ntdll.dll!NtClose + 4 77CB54CC 2 Bytes [AE, 71]
.text C:\Windows\system32\SearchIndexer.exe[2728] ntdll.dll!LdrUnloadDll 77CCC86E 6 Bytes JMP 71A8000A
.text C:\Windows\system32\SearchIndexer.exe[2728] kernel32.dll!CreateProcessW 765D204D 6 Bytes JMP 719F000A
.text C:\Windows\system32\SearchIndexer.exe[2728] kernel32.dll!CreateProcessA 765D2082 6 Bytes JMP 719C000A
.text C:\Windows\system32\SearchIndexer.exe[2728] kernel32.dll!CreateProcessAsUserW 766059FF 6 Bytes JMP 7196000A
.text C:\Windows\system32\SearchIndexer.exe[2728] ADVAPI32.dll!CreateProcessAsUserA 76552538 6 Bytes JMP 7199000A
.text C:\Windows\system32\SearchIndexer.exe[2728] USER32.dll!SetWindowsHookExW 7788E30C 6 Bytes JMP 7184000A
.text C:\Windows\system32\SearchIndexer.exe[2728] USER32.dll!SetWinEventHook 778924DC 6 Bytes JMP 7181000A
.text C:\Windows\system32\SearchIndexer.exe[2728] USER32.dll!SetWindowsHookExA 778B6D0C 6 Bytes JMP 7187000A
.text C:\Windows\system32\SearchIndexer.exe[2728] GDI32.dll!DeleteDC 76226EAA 6 Bytes JMP 718A000A
.text C:\Windows\system32\SearchIndexer.exe[2728] GDI32.dll!GetPixel 7622C3D5 6 Bytes JMP 718D000A
.text C:\Windows\system32\SearchIndexer.exe[2728] GDI32.dll!CreateDCA 7622CCA9 6 Bytes JMP 7193000A
.text C:\Windows\system32\SearchIndexer.exe[2728] GDI32.dll!CreateDCW 7622CF79 6 Bytes JMP 7190000A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3216] ntdll.dll!NtAlpcSendWaitReceivePort 77CB5418 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3216] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CB541C 2 Bytes [77, 71] {JA 0x73}
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3216] ntdll.dll!NtClose 77CB54C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3216] ntdll.dll!NtClose + 4 77CB54CC 2 Bytes [AE, 71]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3216] ntdll.dll!LdrUnloadDll 77CCC86E 6 Bytes JMP 71A8000A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3216] kernel32.dll!CreateProcessW 765D204D 6 Bytes JMP 719F000A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3216] kernel32.dll!CreateProcessA 765D2082 6 Bytes JMP 719C000A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3216] kernel32.dll!CreateProcessAsUserW 766059FF 6 Bytes JMP 7196000A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3216] ADVAPI32.dll!CreateProcessAsUserA 76552538 6 Bytes JMP 7199000A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3216] GDI32.dll!DeleteDC 76226EAA 6 Bytes JMP 7184000A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3216] GDI32.dll!GetPixel 7622C3D5 6 Bytes JMP 718D000A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3216] GDI32.dll!CreateDCA 7622CCA9 6 Bytes JMP 7193000A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3216] GDI32.dll!CreateDCW 7622CF79 6 Bytes JMP 7190000A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3216] USER32.dll!SetWindowsHookExW 7788E30C 6 Bytes JMP 717E000A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3216] USER32.dll!SetWinEventHook 778924DC 6 Bytes JMP 717B000A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3216] USER32.dll!SetWindowsHookExA 778B6D0C 6 Bytes JMP 7181000A
.text C:\Windows\system32\svchost.exe[3236] ntdll.dll!NtAlpcSendWaitReceivePort 77CB5418 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3236] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CB541C 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\svchost.exe[3236] ntdll.dll!NtClose 77CB54C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3236] ntdll.dll!NtClose + 4 77CB54CC 2 Bytes [AE, 71]
.text C:\Windows\system32\svchost.exe[3236] ntdll.dll!LdrUnloadDll 77CCC86E 6 Bytes JMP 71A8000A
.text C:\Windows\system32\svchost.exe[3236] kernel32.dll!CreateProcessW 765D204D 6 Bytes JMP 719F000A
.text C:\Windows\system32\svchost.exe[3236] kernel32.dll!CreateProcessA 765D2082 6 Bytes JMP 719C000A
.text C:\Windows\system32\svchost.exe[3236] kernel32.dll!CreateProcessAsUserW 766059FF 6 Bytes JMP 7196000A
.text C:\Windows\system32\svchost.exe[3236] USER32.dll!SetWindowsHookExW 7788E30C 6 Bytes JMP 7184000A
.text C:\Windows\system32\svchost.exe[3236] USER32.dll!SetWinEventHook 778924DC 6 Bytes JMP 7181000A
.text C:\Windows\system32\svchost.exe[3236] USER32.dll!SetWindowsHookExA 778B6D0C 6 Bytes JMP 7187000A
.text C:\Windows\system32\svchost.exe[3236] GDI32.dll!DeleteDC 76226EAA 6 Bytes JMP 718A000A
.text C:\Windows\system32\svchost.exe[3236] GDI32.dll!GetPixel 7622C3D5 6 Bytes JMP 718D000A
.text C:\Windows\system32\svchost.exe[3236] GDI32.dll!CreateDCA 7622CCA9 6 Bytes JMP 7193000A
.text C:\Windows\system32\svchost.exe[3236] GDI32.dll!CreateDCW 7622CF79 6 Bytes JMP 7190000A
.text C:\Windows\system32\svchost.exe[3236] ADVAPI32.dll!CreateProcessAsUserA 76552538 6 Bytes JMP 7199000A
.text C:\Windows\System32\WUDFHost.exe[3256] ntdll.dll!NtAlpcSendWaitReceivePort 77CB5418 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\WUDFHost.exe[3256] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CB541C 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\System32\WUDFHost.exe[3256] ntdll.dll!NtClose 77CB54C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\WUDFHost.exe[3256] ntdll.dll!NtClose + 4 77CB54CC 2 Bytes [AE, 71]
.text C:\Windows\System32\WUDFHost.exe[3256] ntdll.dll!LdrUnloadDll 77CCC86E 6 Bytes JMP 71A8000A
.text C:\Windows\System32\WUDFHost.exe[3256] kernel32.dll!CreateProcessW 765D204D 6 Bytes JMP 719F000A
.text C:\Windows\System32\WUDFHost.exe[3256] kernel32.dll!CreateProcessA 765D2082 6 Bytes JMP 719C000A
.text C:\Windows\System32\WUDFHost.exe[3256] kernel32.dll!CreateProcessAsUserW 766059FF 6 Bytes JMP 7196000A
.text C:\Windows\System32\WUDFHost.exe[3256] ADVAPI32.dll!CreateProcessAsUserA 76552538 6 Bytes JMP 7199000A
.text C:\Windows\System32\WUDFHost.exe[3256] USER32.dll!SetWindowsHookExW 7788E30C 6 Bytes JMP 7184000A
.text C:\Windows\System32\WUDFHost.exe[3256] USER32.dll!SetWinEventHook 778924DC 6 Bytes JMP 7181000A
.text C:\Windows\System32\WUDFHost.exe[3256] USER32.dll!SetWindowsHookExA 778B6D0C 6 Bytes JMP 7187000A
.text C:\Windows\System32\WUDFHost.exe[3256] GDI32.dll!DeleteDC 76226EAA 6 Bytes JMP 718A000A
.text C:\Windows\System32\WUDFHost.exe[3256] GDI32.dll!GetPixel 7622C3D5 6 Bytes JMP 718D000A
.text C:\Windows\System32\WUDFHost.exe[3256] GDI32.dll!CreateDCA 7622CCA9 6 Bytes JMP 7193000A
.text C:\Windows\System32\WUDFHost.exe[3256] GDI32.dll!CreateDCW 7622CF79 6 Bytes JMP 7190000A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3952] ntdll.dll!NtAlpcSendWaitReceivePort 77CB5418 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3952] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CB541C 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3952] ntdll.dll!NtClose 77CB54C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3952] ntdll.dll!NtClose + 4 77CB54CC 2 Bytes [AE, 71]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3952] ntdll.dll!LdrUnloadDll 77CCC86E 6 Bytes JMP 71A8000A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3952] kernel32.dll!CreateProcessW 765D204D 6 Bytes JMP 719F000A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3952] kernel32.dll!CreateProcessA 765D2082 6 Bytes JMP 719C000A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3952] kernel32.dll!CreateProcessAsUserW 766059FF 6 Bytes JMP 7196000A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3952] ADVAPI32.dll!CreateProcessAsUserA 76552538 6 Bytes JMP 7199000A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3952] USER32.dll!SetWindowsHookExW 7788E30C 6 Bytes JMP 7184000A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3952] USER32.dll!SetWinEventHook 778924DC 6 Bytes JMP 7181000A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3952] USER32.dll!SetWindowsHookExA 778B6D0C 6 Bytes JMP 7187000A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3952] GDI32.dll!DeleteDC 76226EAA 6 Bytes JMP 718A000A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3952] GDI32.dll!GetPixel 7622C3D5 6 Bytes JMP 718D000A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3952] GDI32.dll!CreateDCA 7622CCA9 6 Bytes JMP 7193000A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3952] GDI32.dll!CreateDCW 7622CF79 6 Bytes JMP 7190000A
.text C:\Windows\system32\wuauclt.exe[5088] ntdll.dll!NtAlpcSendWaitReceivePort 77CB5418 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wuauclt.exe[5088] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77CB541C 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\wuauclt.exe[5088] ntdll.dll!NtClose 77CB54C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wuauclt.exe[5088] ntdll.dll!NtClose + 4 77CB54CC 2 Bytes [AE, 71]
.text C:\Windows\system32\wuauclt.exe[5088] ntdll.dll!LdrUnloadDll 77CCC86E 6 Bytes JMP 71A8000A
.text C:\Windows\system32\wuauclt.exe[5088] kernel32.dll!CreateProcessW 765D204D 6 Bytes JMP 719F000A
.text C:\Windows\system32\wuauclt.exe[5088] kernel32.dll!CreateProcessA 765D2082 6 Bytes JMP 719C000A
.text C:\Windows\system32\wuauclt.exe[5088] kernel32.dll!CreateProcessAsUserW 766059FF 6 Bytes JMP 7196000A
.text C:\Windows\system32\wuauclt.exe[5088] GDI32.dll!DeleteDC 76226EAA 6 Bytes JMP 718A000A
.text C:\Windows\system32\wuauclt.exe[5088] GDI32.dll!GetPixel 7622C3D5 6 Bytes JMP 718D000A
.text C:\Windows\system32\wuauclt.exe[5088] GDI32.dll!CreateDCA 7622CCA9 6 Bytes JMP 7193000A
.text C:\Windows\system32\wuauclt.exe[5088] GDI32.dll!CreateDCW 7622CF79 6 Bytes JMP 7190000A
.text C:\Windows\system32\wuauclt.exe[5088] USER32.dll!SetWindowsHookExW 7788E30C 6 Bytes JMP 7184000A
.text C:\Windows\system32\wuauclt.exe[5088] USER32.dll!SetWinEventHook 778924DC 6 Bytes JMP 7181000A
.text C:\Windows\system32\wuauclt.exe[5088] USER32.dll!SetWindowsHookExA 778B6D0C 6 Bytes JMP 7187000A
.text C:\Windows\system32\wuauclt.exe[5088] ADVAPI32.dll!CreateProcessAsUserA 76552538 6 Bytes JMP 7199000A
---- Modules - GMER 2.0 ----
Module (noname) (*** hidden *** ) 85DF0000-85E13000 (143360 bytes)
Module (noname) (*** hidden *** ) 85DD0000-85DE7000 (94208 bytes)
Module (noname) (*** hidden *** ) 85DE7000-85DF0000 (36864 bytes)
---- EOF - GMER 2.0 ----
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org
Database version: v2013.02.14.06
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
vinexus :: PC-TANJA [administrator]
14.02.2013 16:42:24
mbar-log-2013-02-14 (16-42-24).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27084
Time elapsed: 4 minute(s), 30 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
14.02.2013, 16:54
| #4 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Click Compare in BrowserZitat:
Siehe => http://www.trojaner-board.de/108422-...-anfragen.html Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.02.2013, 16:58
| #5 |
| | Click Compare in Browser Wie hoch wäre diese Spende? Uns fehlt es hier an entsprechendem Wissen, um Trojaner zu entfernen. |
|
14.02.2013, 17:11
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Click Compare in Browser Sei dir überlassen. Aber mal wieder kommt kein Kommentar zu dem extra fett und in rosa Schrift gedrucktem Satz 
__________________ --> Click Compare in Browser |
|
| Themen zu Click Compare in Browser |
| administrator, adobe, antivir, autorun, browser, click compare deinstallieren, click compare entfernen, click compare löschen, click compare redirect, click compare virus, converter, homepage, installation, object, opera, realtek, registry, savebyclick, security, software, trojaner |
Linear-Darstellung
