Malware auf der Festplatte?

Gondorin · 12.06.2013, 13:13

Hallo
ich benötige Hilfe bei der Erkennung von Malware, habe mit GMER mein System gecheckt, da plötzlich ein Laufwerk meiner externen Festplatte fehlt. Weiterhin sind in der Registrierung laut GMER einzelne Bereiche in Local Machine unter Software und System rot markiert. Diese sieht man über Regedit allerdings nicht, obwohl sie in GMER angezeigt werden. Habe die GMER Analyse gepostet. Ich habe noch einen Screenshot der Registry angehängt.

Viele Grüße

GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-06-12 14:04:29
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_DT01ACA100 rev.MS2OA750 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Gondorin\AppData\Local\Temp\pgddqpog.sys

---- User code sections - GMER 2.1 ----

.text C:\Windows\system32\winlogon.exe[728] C:\Windows\system32\USER32.dll!PeekMessageA 0000000077603a18 14 bytes [68, 70, 38, 4B, FD, C7, 44, ...]
.text C:\Windows\system32\winlogon.exe[728] C:\Windows\system32\USER32.dll!GetMessageA 0000000077606110 14 bytes [68, 70, 37, 4B, FD, C7, 44, ...]
.text C:\Windows\system32\winlogon.exe[728] C:\Windows\system32\USER32.dll!IsDialogMessageW 00000000776066c0 14 bytes [68, 30, 37, 4B, FD, C7, 44, ...]
.text C:\Windows\system32\winlogon.exe[728] C:\Windows\system32\USER32.dll!PeekMessageW 0000000077608fd0 14 bytes [68, 10, 39, 4B, FD, C7, 44, ...]
.text C:\Windows\system32\winlogon.exe[728] C:\Windows\system32\USER32.dll!GetMessageW 0000000077609e74 14 bytes [68, F0, 37, 4B, FD, C7, 44, ...]
.text C:\Windows\system32\winlogon.exe[728] C:\Windows\system32\USER32.dll!IsDialogMessage 0000000077643268 14 bytes [68, F0, 36, 4B, FD, C7, 44, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778efc90 5 bytes JMP 000000010027091c
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efdf4 5 bytes JMP 0000000100270048
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efe88 5 bytes JMP 00000001002702ee
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778effe4 5 bytes JMP 00000001002704b2
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778f0018 5 bytes JMP 00000001002709fe
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0048 5 bytes JMP 0000000100270ae0
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778f0064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f077c 5 bytes JMP 000000010027012a
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778f086c 5 bytes JMP 0000000100270758
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778f0884 5 bytes JMP 0000000100270676
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778f0dd4 5 bytes JMP 00000001002703d0
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778f1900 5 bytes JMP 0000000100270594
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778f1bc4 5 bytes JMP 000000010027083a
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000778f1d50 5 bytes JMP 000000010027020c
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076a1524f 7 bytes JMP 0000000100270f52
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076a153d0 7 bytes JMP 0000000100280210
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076a15677 1 byte JMP 0000000100280048
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076a15679 5 bytes {JMP 0xffffffff8986a9d1}
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076a1589a 7 bytes JMP 0000000100270ca6
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076a15a1d 7 bytes JMP 00000001002803d8
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076a15c9b 7 bytes JMP 000000010028012c
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076a15d87 7 bytes JMP 00000001002802f4
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076a17240 7 bytes JMP 0000000100270e6e
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000769278e2 6 bytes [68, A0, 36, 18, 75, C3]
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076927bd3 6 bytes [68, 00, 36, 18, 75, C3]
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000769305ba 6 bytes [68, F0, 37, 18, 75, C3]
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076935f74 6 bytes [68, 40, 37, 18, 75, C3]
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000769450ed 6 bytes [68, 00, 35, 18, 75, C3]
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 000000007694c701 6 bytes [68, 80, 35, 18, 75, C3]
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076971492 3 bytes JMP 00000001002804bc
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 886 0000000076971496 3 bytes [89, EB, F9]
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778efc90 5 bytes JMP 00000001000a091c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efdf4 5 bytes JMP 00000001000a0048
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efe88 5 bytes JMP 00000001000a02ee
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778effe4 5 bytes JMP 00000001000a04b2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778f0018 5 bytes JMP 00000001000a09fe
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0048 5 bytes JMP 00000001000a0ae0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778f0064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f077c 5 bytes JMP 00000001000a012a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778f086c 5 bytes JMP 00000001000a0758
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778f0884 5 bytes JMP 00000001000a0676
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778f0dd4 5 bytes JMP 00000001000a03d0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778f1900 5 bytes JMP 00000001000a0594
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778f1bc4 5 bytes JMP 00000001000a083a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000778f1d50 5 bytes JMP 00000001000a020c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000769278e2 6 bytes [68, A0, 36, 18, 75, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076927bd3 6 bytes [68, 00, 36, 18, 75, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000769305ba 6 bytes [68, F0, 37, 18, 75, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076935f74 6 bytes [68, 40, 37, 18, 75, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000769450ed 6 bytes [68, 00, 35, 18, 75, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 000000007694c701 6 bytes [68, 80, 35, 18, 75, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076971492 7 bytes JMP 00000001000b059e
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076a1524f 7 bytes JMP 00000001000a0f52
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076a153d0 7 bytes JMP 00000001000b0210
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076a15677 1 byte JMP 00000001000b0048
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076a15679 5 bytes {JMP 0xffffffff8969a9d1}
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076a1589a 7 bytes JMP 00000001000a0ca6
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076a15a1d 7 bytes JMP 00000001000b03d8
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076a15c9b 7 bytes JMP 00000001000b012c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076a15d87 7 bytes JMP 00000001000b02f4
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076a17240 7 bytes JMP 00000001000a0e6e
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
.text C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe[1992] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000769278e2 6 bytes [68, A0, 36, 18, 75, C3]
.text C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe[1992] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076927bd3 6 bytes [68, 00, 36, 18, 75, C3]
.text C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe[1992] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000769305ba 6 bytes [68, F0, 37, 18, 75, C3]
.text C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe[1992] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076935f74 6 bytes [68, 40, 37, 18, 75, C3]
.text C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe[1992] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000769450ed 6 bytes [68, 00, 35, 18, 75, C3]
.text C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe[1992] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 000000007694c701 6 bytes [68, 80, 35, 18, 75, C3]
.text C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
.text C:\Program Files\OO Software\Defrag\oodag.exe[1548] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter 00000000774c9b80 13 bytes {MOV R11, 0x140003a70; JMP R11}
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778efc90 5 bytes JMP 000000010023091c
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efdf4 5 bytes JMP 0000000100230048
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efe88 5 bytes JMP 00000001002302ee
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778effe4 5 bytes JMP 00000001002304b2
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778f0018 5 bytes JMP 00000001002309fe
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0048 5 bytes JMP 0000000100230ae0
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778f0064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f077c 5 bytes JMP 000000010023012a
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778f086c 5 bytes JMP 0000000100230758
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778f0884 5 bytes JMP 0000000100230676
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778f0dd4 5 bytes JMP 00000001002303d0
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778f1900 5 bytes JMP 0000000100230594
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778f1bc4 5 bytes JMP 000000010023083a
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000778f1d50 5 bytes JMP 000000010023020c
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000769278e2 6 bytes [68, A0, 36, 18, 75, C3]
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076927bd3 6 bytes [68, 00, 36, 18, 75, C3]
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000769305ba 6 bytes [68, F0, 37, 18, 75, C3]
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076935f74 6 bytes [68, 40, 37, 18, 75, C3]
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000769450ed 6 bytes [68, 00, 35, 18, 75, C3]
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 000000007694c701 6 bytes [68, 80, 35, 18, 75, C3]
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076971492 7 bytes JMP 00000001004804bc
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076a1524f 7 bytes JMP 0000000100230f52
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076a153d0 7 bytes JMP 0000000100480210
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076a15677 1 byte JMP 0000000100480048
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076a15679 5 bytes {JMP 0xffffffff89a6a9d1}
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076a1589a 7 bytes JMP 0000000100230ca6
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076a15a1d 7 bytes JMP 00000001004803d8
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076a15c9b 7 bytes JMP 000000010048012c
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076a15d87 7 bytes JMP 00000001004802f4
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076a17240 7 bytes JMP 0000000100230e6e
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
.text C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778efc90 5 bytes JMP 000000010028091c
.text C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efdf4 5 bytes JMP 0000000100280048
.text C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efe88 5 bytes JMP 00000001002802ee
.text C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778effe4 5 bytes JMP 00000001002804b2
.text C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778f0018 5 bytes JMP 00000001002809fe
.text C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0048 5 bytes JMP 0000000100280ae0
.text C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778f0064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f077c 5 bytes JMP 000000010028012a
.text C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778f086c 5 bytes JMP 0000000100280758
.text C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778f0884 5 bytes JMP 0000000100280676
.text C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778f0dd4 5 bytes JMP 00000001002803d0
.text C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778f1900 5 bytes JMP 0000000100280594
.text C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778f1bc4 5 bytes JMP 000000010028083a
.text C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000778f1d50 5 bytes JMP 000000010028020c
.text C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe[3380] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000769278e2 6 bytes [68, A0, 36, 18, 75, C3]
.text C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe[3380] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076927bd3 6 bytes [68, 00, 36, 18, 75, C3]
.text C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe[3380] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000769305ba 6 bytes [68, F0, 37, 18, 75, C3]
.text C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe[3380] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076935f74 6 bytes [68, 40, 37, 18, 75, C3]
.text C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe[3380] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000769450ed 6 bytes [68, 00, 35, 18, 75, C3]
.text C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe[3380] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 000000007694c701 6 bytes [68, 80, 35, 18, 75, C3]
.text C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe[3380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe[3380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778efc90 5 bytes JMP 0000000100f7091c
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efdf4 5 bytes JMP 0000000100f70048
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efe88 5 bytes JMP 0000000100f702ee
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778effe4 5 bytes JMP 0000000100f704b2
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778f0018 5 bytes JMP 0000000100f709fe
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0048 5 bytes JMP 0000000100f70ae0
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778f0064 5 bytes JMP 000000010059004c
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f077c 5 bytes JMP 0000000100f7012a
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778f086c 5 bytes JMP 0000000100f70758
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778f0884 5 bytes JMP 0000000100f70676
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778f0dd4 5 bytes JMP 0000000100f703d0
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778f1900 5 bytes JMP 0000000100f70594
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778f1bc4 5 bytes JMP 0000000100f7083a
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000778f1d50 5 bytes JMP 0000000100f7020c
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076a1524f 7 bytes JMP 0000000100f70f52
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076a153d0 7 bytes JMP 0000000101090210
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076a15677 1 byte JMP 0000000101090048
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076a15679 5 bytes {JMP 0xffffffff8a67a9d1}
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076a1589a 7 bytes JMP 0000000100f70ca6
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076a15a1d 7 bytes JMP 00000001010903d8
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076a15c9b 7 bytes JMP 000000010109012c
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076a15d87 7 bytes JMP 00000001010902f4
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076a17240 7 bytes JMP 0000000100f70e6e
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000769278e2 6 bytes [68, A0, 36, 18, 75, C3]
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076927bd3 6 bytes [68, 00, 36, 18, 75, C3]
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000769305ba 6 bytes [68, F0, 37, 18, 75, C3]
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076935f74 6 bytes [68, 40, 37, 18, 75, C3]
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000769450ed 6 bytes [68, 00, 35, 18, 75, C3]
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 000000007694c701 6 bytes [68, 80, 35, 18, 75, C3]
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076971492 7 bytes JMP 000000010109059e
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778efc90 5 bytes JMP 000000010029091c
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efdf4 5 bytes JMP 0000000100290048
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efe88 5 bytes JMP 00000001002902ee
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778effe4 5 bytes JMP 00000001002904b2
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778f0018 5 bytes JMP 00000001002909fe
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0048 5 bytes JMP 0000000100290ae0
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778f0064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f077c 5 bytes JMP 000000010029012a
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778f086c 5 bytes JMP 0000000100290758
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778f0884 5 bytes JMP 0000000100290676
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778f0dd4 5 bytes JMP 00000001002903d0
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778f1900 5 bytes JMP 0000000100290594
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778f1bc4 5 bytes JMP 000000010029083a
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000778f1d50 5 bytes JMP 000000010029020c
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000769278e2 6 bytes [68, A0, 36, 18, 75, C3]
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076927bd3 6 bytes [68, 00, 36, 18, 75, C3]
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000769305ba 6 bytes [68, F0, 37, 18, 75, C3]
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076935f74 6 bytes [68, 40, 37, 18, 75, C3]
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000769450ed 6 bytes [68, 00, 35, 18, 75, C3]
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 000000007694c701 6 bytes [68, 80, 35, 18, 75, C3]
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076971492 7 bytes JMP 00000001002a04bc
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076a1524f 7 bytes JMP 0000000100290f52
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076a153d0 7 bytes JMP 00000001002a0210
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076a15677 1 byte JMP 00000001002a0048
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076a15679 5 bytes {JMP 0xffffffff8988a9d1}
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076a1589a 7 bytes JMP 0000000100290ca6
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076a15a1d 7 bytes JMP 00000001002a03d8
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076a15c9b 7 bytes JMP 00000001002a012c
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076a15d87 7 bytes JMP 00000001002a02f4
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076a17240 7 bytes JMP 0000000100290e6e
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778efc90 5 bytes JMP 000000010028091c
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efdf4 5 bytes JMP 0000000100280048
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efe88 5 bytes JMP 00000001002802ee
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778effe4 5 bytes JMP 00000001002804b2
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778f0018 5 bytes JMP 00000001002809fe
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0048 5 bytes JMP 0000000100280ae0
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778f0064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f077c 5 bytes JMP 000000010028012a
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778f086c 5 bytes JMP 0000000100280758
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778f0884 5 bytes JMP 0000000100280676
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778f0dd4 5 bytes JMP 00000001002803d0
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778f1900 5 bytes JMP 0000000100280594
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778f1bc4 5 bytes JMP 000000010028083a
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000778f1d50 5 bytes JMP 000000010028020c
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\syswow64\kernel32.dll!CreateThread + 28 0000000076db34d1 4 bytes {CALL 0xffffffff899cacdc}
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076a1524f 7 bytes JMP 0000000100280f52
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076a153d0 7 bytes JMP 0000000100290210
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076a15677 1 byte JMP 0000000100290048
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076a15679 5 bytes {JMP 0xffffffff8987a9d1}
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076a1589a 7 bytes JMP 0000000100280ca6
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076a15a1d 7 bytes JMP 00000001002903d8
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076a15c9b 7 bytes JMP 000000010029012c
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076a15d87 7 bytes JMP 00000001002902f4
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076a17240 7 bytes JMP 0000000100280e6e
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000769278e2 6 bytes [68, A0, 36, 18, 75, C3]
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076927bd3 6 bytes [68, 00, 36, 18, 75, C3]
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000769305ba 6 bytes [68, F0, 37, 18, 75, C3]
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076935f74 6 bytes [68, 40, 37, 18, 75, C3]
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000769450ed 6 bytes [68, 00, 35, 18, 75, C3]
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 000000007694c701 6 bytes [68, 80, 35, 18, 75, C3]
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076971492 7 bytes JMP 0000000100290762
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778efc90 5 bytes JMP 00000001000a091c
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efdf4 5 bytes JMP 00000001000a0048
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efe88 5 bytes JMP 00000001000a02ee
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778effe4 5 bytes JMP 00000001000a04b2
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778f0018 5 bytes JMP 00000001000a09fe
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0048 5 bytes JMP 00000001000a0ae0
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778f0064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f077c 5 bytes JMP 00000001000a012a
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778f086c 5 bytes JMP 00000001000a0758
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778f0884 5 bytes JMP 00000001000a0676
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778f0dd4 5 bytes JMP 00000001000a03d0
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778f1900 5 bytes JMP 00000001000a0594
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778f1bc4 5 bytes JMP 00000001000a083a
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000778f1d50 5 bytes JMP 00000001000a020c
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000769278e2 6 bytes [68, A0, 36, 18, 75, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076927bd3 6 bytes [68, 00, 36, 18, 75, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000769305ba 6 bytes [68, F0, 37, 18, 75, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076935f74 6 bytes [68, 40, 37, 18, 75, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000769450ed 6 bytes [68, 00, 35, 18, 75, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 000000007694c701 6 bytes [68, 80, 35, 18, 75, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076971492 7 bytes JMP 00000001000b059e
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076a1524f 7 bytes JMP 00000001000a0f52
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076a153d0 7 bytes JMP 00000001000b0210
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076a15677 1 byte JMP 00000001000b0048
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076a15679 5 bytes {JMP 0xffffffff8969a9d1}
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076a1589a 7 bytes JMP 00000001000a0ca6
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076a15a1d 7 bytes JMP 00000001000b03d8
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076a15c9b 7 bytes JMP 00000001000b012c
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076a15d87 7 bytes JMP 00000001000b02f4
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076a17240 7 bytes JMP 00000001000a0e6e
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778efc90 5 bytes JMP 00000001002b091c
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efdf4 5 bytes JMP 00000001002b0048
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efe88 5 bytes JMP 00000001002b02ee
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778effe4 5 bytes JMP 00000001002b04b2
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778f0018 5 bytes JMP 00000001002b09fe
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0048 5 bytes JMP 00000001002b0ae0
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778f0064 5 bytes JMP 000000010028004c
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f077c 5 bytes JMP 00000001002b012a
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778f086c 5 bytes JMP 00000001002b0758
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778f0884 5 bytes JMP 00000001002b0676
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778f0dd4 5 bytes JMP 00000001002b03d0
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778f1900 5 bytes JMP 00000001002b0594
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778f1bc4 5 bytes JMP 00000001002b083a
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000778f1d50 5 bytes JMP 00000001002b020c
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000769278e2 6 bytes [68, A0, 36, 18, 75, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076927bd3 6 bytes [68, 00, 36, 18, 75, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000769305ba 6 bytes [68, F0, 37, 18, 75, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076935f74 6 bytes [68, 40, 37, 18, 75, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000769450ed 6 bytes [68, 00, 35, 18, 75, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 000000007694c701 6 bytes [68, 80, 35, 18, 75, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076971492 7 bytes JMP 00000001002c059e
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076a1524f 7 bytes JMP 00000001002b0f52
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076a153d0 7 bytes JMP 00000001002c0210
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076a15677 1 byte JMP 00000001002c0048
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076a15679 5 bytes {JMP 0xffffffff898aa9d1}
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076a1589a 7 bytes JMP 00000001002b0ca6
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076a15a1d 7 bytes JMP 00000001002c03d8
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076a15c9b 7 bytes JMP 00000001002c012c
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076a15d87 7 bytes JMP 00000001002c02f4
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076a17240 7 bytes JMP 00000001002b0e6e
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
.text C:\Windows\explorer.exe[4356] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdbf7490 5 bytes JMP 000007fffbae0060
.text C:\Windows\explorer.exe[4356] C:\Windows\system32\dwmapi.dll!DwmExtendFrameIntoClientArea 000007fefbaf3580 5 bytes JMP 000007fffbae0010
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778efc90 5 bytes JMP 000000010010091c
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efdf4 5 bytes JMP 0000000100100048
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efe88 5 bytes JMP 00000001001002ee
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778effe4 5 bytes JMP 00000001001004b2
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778f0018 5 bytes JMP 00000001001009fe
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0048 5 bytes JMP 0000000100100ae0
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778f0064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f077c 5 bytes JMP 000000010010012a
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778f086c 5 bytes JMP 0000000100100758
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778f0884 5 bytes JMP 0000000100100676
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778f0dd4 5 bytes JMP 00000001001003d0
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778f1900 5 bytes JMP 0000000100100594
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778f1bc4 5 bytes JMP 000000010010083a
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000778f1d50 5 bytes JMP 000000010010020c
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000769278e2 6 bytes [68, A0, 36, 18, 75, C3]
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076927bd3 6 bytes [68, 00, 36, 18, 75, C3]
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000769305ba 6 bytes [68, F0, 37, 18, 75, C3]
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076935f74 6 bytes [68, 40, 37, 18, 75, C3]
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000769450ed 6 bytes [68, 00, 35, 18, 75, C3]
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 000000007694c701 6 bytes [68, 80, 35, 18, 75, C3]
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076971492 7 bytes JMP 00000001001104bc
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076a1524f 7 bytes JMP 0000000100100f52
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076a153d0 7 bytes JMP 0000000100110210
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076a15677 1 byte JMP 0000000100110048
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076a15679 5 bytes {JMP 0xffffffff896fa9d1}
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076a1589a 7 bytes JMP 0000000100100ca6
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076a15a1d 7 bytes JMP 00000001001103d8
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076a15c9b 7 bytes JMP 000000010011012c
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076a15d87 7 bytes JMP 00000001001102f4
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076a17240 7 bytes JMP 0000000100100e6e
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [4748] entry point in ".rdata" section 000000006fdb71e6
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778efc90 5 bytes JMP 000000010028091c
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efdf4 5 bytes JMP 0000000100280048
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efe88 5 bytes JMP 00000001002802ee
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778effe4 5 bytes JMP 00000001002804b2
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778f0018 5 bytes JMP 00000001002809fe
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0048 5 bytes JMP 0000000100280ae0
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778f0064 5 bytes JMP 000000010002004c
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f077c 5 bytes JMP 000000010028012a
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778f086c 5 bytes JMP 0000000100280758
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778f0884 5 bytes JMP 0000000100280676
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778f0dd4 5 bytes JMP 00000001002803d0
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778f1900 5 bytes JMP 0000000100280594
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778f1bc4 5 bytes JMP 000000010028083a
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000778f1d50 5 bytes JMP 000000010028020c
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076a1524f 7 bytes JMP 0000000100280f52
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076a153d0 7 bytes JMP 0000000100290210
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076a15677 1 byte JMP 0000000100290048
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076a15679 5 bytes {JMP 0xffffffff8987a9d1}
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076a1589a 7 bytes JMP 0000000100280ca6
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076a15a1d 7 bytes JMP 00000001002903d8
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076a15c9b 7 bytes JMP 000000010029012c
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076a15d87 7 bytes JMP 00000001002902f4
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076a17240 7 bytes JMP 0000000100280e6e
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000769278e2 6 bytes [68, A0, 36, 18, 75, C3]
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076927bd3 6 bytes [68, 00, 36, 18, 75, C3]
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000769305ba 6 bytes [68, F0, 37, 18, 75, C3]
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076935f74 6 bytes [68, 40, 37, 18, 75, C3]
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000769450ed 6 bytes [68, 00, 35, 18, 75, C3]
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 000000007694c701 6 bytes [68, 80, 35, 18, 75, C3]
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076971492 7 bytes JMP 00000001002904bc
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2

---- EOF - GMER 2.1 ----

cosinus · 12.06.2013, 13:22

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Gondorin · 12.06.2013, 15:11

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.12.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Gondorin :: C3PO [limitiert]

12.06.2013 15:27:43
mbam-log-2013-06-12 (15-27-43).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P
Deaktivierte Suchlaufeinstellungen:
Durchsuchte Objekte: 419918
Laufzeit: 37 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

RogueKiller V8.5.4 [Mar 18 2013] durch Tigzy
mail: tigzyRK<at>gmail<dot>com

mail : tigzyRK<at>gmail<dot>com
Kommentare : hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Webseite : hxxp://tigzy.geekstogo.com/roguekiller.php
Blog : hxxp://tigzyrk.blogspot.com/

Betriebssystem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Gestartet in : Normaler Modus
Benutzer : Gondorin [Admin Rechte]
Funktion : Entfernen -- Datum : 06/12/2013 14:46:29
| ARK || FAK || MBR |

¤¤¤ Böswillige Prozesse : 0 ¤¤¤

¤¤¤ Registry-Einträge : 8 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> ERSETZT (2)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> ERSETZT (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ERSETZT (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ERSETZT (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> ERSETZT (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> ERSETZT (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ERSETZT (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ERSETZT (0)

¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤

¤¤¤ Treiber : [NICHT GELADEN] ¤¤¤

¤¤¤ Hosts-Datei: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR überprüfen: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA DT01ACA100 ATA Device +++++
--- User ---
[MBR] 2f0f6e6ae55ec83745f6007ea3910e03
[BSP] af47f6f7033ebb7b09442ba064238ffa : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 199899 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600000 | Size: 753868 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WD Ext HDD 1021 USB Device +++++
--- User ---
[MBR] b66375c685cfd09fc2af2d079f106db3
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 953866 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Abgeschlossen : << RKreport[2]_D_06122013_02d1446.txt >>
RKreport[1]_S_06122013_02d1441.txt ; RKreport[2]_D_06122013_02d1446.txt

cosinus · 12.06.2013, 15:42

Zitat:

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Hast du diesen Satz überlesen oder nicht verstanden?
Neue Scan solltest du noch nicht machen. Ich wollte nur bisherige Logs sehen, falls denn schonmal was gefunden wurde.

Gondorin · 18.06.2013, 14:57

Nein, alte LOG Dateien sind nicht vorhanden, da der PC gerade 3 Monate alt ist. Habe heute das komplette System offline neuinstalliert, Comodo Internet Security läuft. Trotzdem zeigt GMER mal wieder an, dass das System mit Malware/Rootkits infiziert ist. Ist das ein Fehler des Programms oder muss ich mir Sorgen machen? Hatte eben einen Bluescreen.

mfg

cosinus · 18.06.2013, 15:16

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Erstmal eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

Gondorin · 18.06.2013, 15:42

Code:

ATTFilter

OTL logfile created on: 18.06.2013 16:34:49 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Programme\OTL
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16618)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
16,00 Gb Total Physical Memory | 13,05 Gb Available Physical Memory | 81,59% Memory free
31,99 Gb Paging File | 28,50 Gb Available in Paging File | 89,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,21 Gb Total Space | 144,30 Gb Free Space | 73,92% Space Free | Partition Type: NTFS
Drive D: | 736,20 Gb Total Space | 689,98 Gb Free Space | 93,72% Space Free | Partition Type: NTFS
 
Computer Name: FLAMEV1 | User Name: Gondorin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Programme\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Users\Gondorin\AppData\Local\Temp\BDUSBImmunizer\BDUSBImmunizer.exe (Bitdefender LLC)
PRC - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe ()
PRC - C:\Program Files (x86)\Comodo\Dragon\dragon.exe (Comodo)
PRC - C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe (Zemana Ltd.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Clover\clover.exe (EJIE Technology)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\ASCOMP Software\Secure Eraser\sEraser.exe (ASCOMP Software GmbH)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Gondorin\AppData\Local\Temp\BDUSBImmunizer\BDMetrics.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
MOD - C:\Program Files (x86)\Comodo\Dragon\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Comodo\Dragon\libglesv2.dll ()
MOD - C:\Program Files (x86)\Comodo\Dragon\libegl.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Program Files (x86)\ASCOMP Software\Secure Eraser\mftutils.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (DragonUpdater) -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (cmdAgent) -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (cmdvirth) -- C:\Programme\COMODO\COMODO Internet Security\cmdvirth.exe (COMODO)
SRV - (SynchronizationService.exe) -- C:\Programme\COMODO\COMMON\SynchronizationService.exe (COMODO Security Solutions)
SRV - (COSService.exe) -- C:\Programme\COMODO\COMMON\COSService.exe (COMODO Security Solutions)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (keycrypt) -- C:\Windows\SysNative\drivers\KeyCrypt64.sys (Zemana Ltd.)
DRV:64bit: - (cmderd) -- C:\Windows\SysNative\drivers\cmderd.sys (COMODO)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (vdbus) -- C:\Windows\SysNative\drivers\vdbus.sys (COMODO Security Solutions Inc.)
DRV:64bit: - (cbvd) -- C:\Windows\SysNative\drivers\CBVD.sys (COMODO Security Solutions Inc.)
DRV:64bit: - (CBUfs) -- C:\Windows\SysNative\drivers\cbufs.sys (COMODO Security Solutions Inc.)
DRV:64bit: - (reparse) -- C:\Windows\SysNative\drivers\cbreparse.sys (COMODO Security Solutions Inc.)
DRV:64bit: - (bdisk) -- C:\Windows\SysNative\drivers\bdisk.sys (COMODO Security Solutions Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (UnlockerDriver5) -- C:\Programme\Unlocker\UnlockerDriver5.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2106267325-1399569245-2908342380-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2106267325-1399569245-2908342380-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2106267325-1399569245-2908342380-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.18 15:05:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2013.06.18 15:04:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gondorin\AppData\Roaming\mozilla\Extensions
[2013.06.18 15:04:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.06.18 15:04:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (ExplorerWatcher Class) - {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} - C:\Program Files (x86)\Clover\TabHelper64.dll (EJIE Technology)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Programme\COMODO\COMODO Internet Security\CisTray.exe (COMODO)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [EMET Notifier] C:\Program Files (x86)\EMET\EMET_notifier.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZALFree] C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe (Zemana Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2106267325-1399569245-2908342380-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2106267325-1399569245-2908342380-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D1D9BC5-2F05-4885-8835-7074DA6C2282}: DhcpNameServer = 192.168.1.1
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL) - C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL (Zemana Ltd.)
O20 - AppInit_DLLs: (C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL) - C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL (Zemana Ltd.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.18 16:14:19 | 000,000,000 | ---D | C] -- C:\Users\Gondorin\AppData\Roaming\Thunderbird
[2013.06.18 16:14:19 | 000,000,000 | ---D | C] -- C:\Users\Gondorin\AppData\Local\Thunderbird
[2013.06.18 16:12:01 | 000,000,000 | ---D | C] -- C:\Users\Gondorin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2013.06.18 16:12:01 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2013.06.18 16:10:23 | 000,000,000 | ---D | C] -- C:\Users\Gondorin\AppData\Roaming\ASCOMP Software
[2013.06.18 16:10:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASCOMP Software
[2013.06.18 16:10:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASCOMP Software
[2013.06.18 15:51:28 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.06.18 15:37:59 | 000,000,000 | --SD | C] -- C:\Users\Gondorin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013.06.18 15:37:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2013.06.18 15:36:11 | 000,000,000 | ---D | C] -- C:\Users\Gondorin\Desktop\OpenOffice.org 3.4.1 (de) Installation Files
[2013.06.18 15:33:43 | 001,092,512 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013.06.18 15:33:43 | 000,971,680 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013.06.18 15:33:43 | 000,311,200 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.06.18 15:33:40 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.06.18 15:33:40 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.06.18 15:33:40 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.06.18 15:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.06.18 15:26:08 | 000,000,000 | ---D | C] -- C:\Users\Gondorin\AppData\Roaming\Macromedia
[2013.06.18 15:05:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.06.18 15:04:17 | 000,000,000 | ---D | C] -- C:\Users\Gondorin\AppData\Roaming\Mozilla
[2013.06.18 15:04:17 | 000,000,000 | ---D | C] -- C:\Users\Gondorin\AppData\Local\Mozilla
[2013.06.18 15:04:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.06.18 15:04:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.06.18 15:04:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.06.18 14:58:50 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.06.18 14:58:46 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.06.18 14:58:46 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.06.18 14:58:46 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.06.18 14:58:44 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.06.18 14:58:44 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.06.18 14:58:44 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.06.18 14:58:43 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.06.18 14:58:43 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.06.18 14:58:43 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.06.18 14:58:42 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.06.18 14:58:41 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.06.18 14:58:41 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.06.18 14:58:40 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.06.18 14:58:40 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.06.18 14:58:40 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.06.18 14:58:39 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.06.18 14:58:39 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.06.18 14:58:39 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.06.18 14:58:39 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.06.18 14:58:38 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.18 14:58:37 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.06.18 14:58:37 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.06.18 14:58:36 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.06.18 14:58:36 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.06.18 14:58:36 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.06.18 14:58:35 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.06.18 14:58:35 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.06.18 14:58:35 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.06.18 14:58:35 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.06.18 14:58:35 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.06.18 14:58:30 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.06.18 14:58:30 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.06.18 14:58:30 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.06.18 14:58:30 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.06.18 14:58:30 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.06.18 14:58:30 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.06.18 14:58:30 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.06.18 14:58:30 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.06.18 14:58:30 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.06.18 14:58:30 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.06.18 14:58:30 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.06.18 14:58:30 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.06.18 14:58:30 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.06.18 14:58:30 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.06.18 14:58:30 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.06.18 14:58:30 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.06.18 14:58:29 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.06.18 14:58:29 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.06.18 14:58:29 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.06.18 14:58:29 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.06.18 14:58:29 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.18 14:58:29 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.06.18 14:58:29 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.06.18 14:58:29 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.06.18 14:58:29 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.06.18 14:58:29 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.06.18 14:58:29 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.06.18 14:58:29 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.06.18 14:58:29 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.06.18 14:58:29 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.06.18 14:58:29 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.06.18 14:58:29 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.06.18 14:58:29 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.06.18 14:58:29 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.06.18 14:58:29 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.06.18 14:58:29 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.06.18 14:58:29 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.06.18 14:56:22 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.06.18 14:56:22 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.06.18 14:56:22 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.06.18 14:56:22 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.06.18 14:56:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.06.18 14:56:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.06.18 14:56:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.06.18 14:56:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.06.18 14:56:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.06.18 14:56:21 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.06.18 14:56:21 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.06.18 14:56:21 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.06.18 14:56:21 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013.06.18 14:56:21 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.06.18 14:56:21 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.06.18 14:56:21 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.06.18 14:56:21 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.06.18 14:56:21 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.06.18 14:56:21 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.06.18 14:56:21 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.06.18 14:56:21 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.06.18 14:56:21 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.06.18 14:56:21 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.06.18 14:56:21 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.06.18 14:56:21 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.06.18 14:56:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.06.18 14:56:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.06.18 14:56:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.06.18 14:56:21 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.06.18 14:56:21 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.06.18 14:56:20 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.06.18 14:56:20 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.06.18 14:56:20 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.06.18 14:56:20 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.06.18 14:56:20 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.06.18 14:56:20 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.06.18 14:56:20 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.06.18 14:56:20 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.06.18 14:56:20 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.06.18 14:56:20 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.06.18 14:56:20 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013.06.18 14:31:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geany
[2013.06.18 14:31:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Geany
[2013.06.18 14:28:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2013.06.18 14:28:57 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2013.06.18 14:26:54 | 000,000,000 | ---D | C] -- C:\Users\Gondorin\AppData\Roaming\Adobe
[2013.06.18 14:25:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2013.06.18 14:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.06.18 14:22:15 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013.06.18 14:18:08 | 000,000,000 | ---D | C] -- C:\Users\Gondorin\AppData\Local\Clover
[2013.06.18 14:18:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clover
[2013.06.18 14:18:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Clover
[2013.06.18 14:15:16 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2013.06.18 14:06:16 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013.06.18 14:06:16 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013.06.18 14:06:16 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013.06.18 14:06:16 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013.06.18 14:06:16 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013.06.18 14:06:16 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013.06.18 14:03:24 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013.06.18 14:03:24 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2013.06.18 14:00:18 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013.06.18 14:00:17 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013.06.18 13:59:53 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.06.18 13:59:53 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.06.18 13:59:36 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2013.06.18 13:59:35 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2013.06.18 13:59:35 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2013.06.18 13:59:35 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2013.06.18 13:59:35 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2013.06.18 13:59:35 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2013.06.18 13:59:23 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.06.18 13:59:23 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.06.18 13:59:23 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.06.18 13:59:23 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.06.18 13:59:23 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.06.18 13:59:22 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.06.18 13:59:15 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.06.18 13:59:15 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.06.18 13:59:15 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.06.18 13:59:15 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.06.18 13:58:59 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2013.06.18 13:58:58 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.06.18 13:58:57 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2013.06.18 13:58:57 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2013.06.18 13:58:56 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013.06.18 13:58:56 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.06.18 13:58:56 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013.06.18 13:58:56 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.06.18 13:58:56 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.06.18 13:58:56 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.06.18 13:58:56 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.06.18 13:58:56 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.06.18 13:58:56 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.06.18 13:58:56 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.06.18 13:58:56 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.06.18 13:58:56 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.06.18 13:58:56 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.06.18 13:58:56 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.06.18 13:58:56 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.06.18 13:58:56 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.06.18 13:58:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.06.18 13:58:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.06.18 13:58:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.06.18 13:58:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.06.18 13:58:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.06.18 13:58:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.06.18 13:58:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.06.18 13:58:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.06.18 13:58:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.06.18 13:58:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.06.18 13:58:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.06.18 13:58:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.06.18 13:58:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.06.18 13:58:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.06.18 13:58:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.06.18 13:58:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.06.18 13:58:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.06.18 13:58:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.06.18 13:58:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.06.18 13:58:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.06.18 13:58:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.06.18 13:58:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.06.18 13:58:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.06.18 13:58:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.06.18 13:58:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.06.18 13:58:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.06.18 13:58:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.06.18 13:58:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.06.18 13:58:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.06.18 13:58:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.06.18 13:58:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.06.18 13:58:55 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.06.18 13:58:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013.06.18 13:58:55 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.06.18 13:58:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.06.18 13:58:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.06.18 13:58:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.06.18 13:58:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.06.18 13:58:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.06.18 13:58:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.06.18 13:58:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.06.18 13:58:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.06.18 13:58:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.06.18 13:58:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.06.18 13:58:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.06.18 13:58:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.06.18 13:58:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.06.18 13:58:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.06.18 13:58:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.06.18 13:58:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.06.18 13:58:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.06.18 13:58:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.06.18 13:58:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.06.18 13:58:42 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2013.06.18 13:58:42 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2013.06.18 13:58:42 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2013.06.18 13:58:42 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013.06.18 13:58:40 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2013.06.18 13:58:40 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2013.06.18 13:58:35 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2013.06.18 13:58:35 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2013.06.18 13:58:35 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2013.06.18 13:58:35 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2013.06.18 13:58:35 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2013.06.18 13:58:35 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2013.06.18 13:58:35 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2013.06.18 13:58:35 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2013.06.18 13:58:35 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2013.06.18 13:58:31 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2013.06.18 13:58:31 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2013.06.18 13:58:31 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2013.06.18 13:58:31 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2013.06.18 13:57:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2013.06.18 13:57:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2013.06.18 13:57:58 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2013.06.18 13:57:58 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2013.06.18 13:57:58 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2013.06.18 13:57:58 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2013.06.18 13:57:53 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013.06.18 13:57:52 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2013.06.18 13:57:52 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2013.06.18 13:57:52 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2013.06.18 13:57:51 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.06.18 13:57:51 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.06.18 13:57:50 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2013.06.18 13:57:50 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2013.06.18 13:57:50 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2013.06.18 13:57:48 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.06.18 13:57:47 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2013.06.18 13:57:47 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2013.06.18 13:57:47 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2013.06.18 13:57:46 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2013.06.18 13:57:46 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2013.06.18 13:57:45 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2013.06.18 13:57:45 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2013.06.18 13:57:45 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2013.06.18 13:57:45 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2013.06.18 13:57:45 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2013.06.18 13:57:45 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2013.06.18 13:57:45 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2013.06.18 13:57:44 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2013.06.18 13:57:44 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2013.06.18 13:57:43 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013.06.18 13:57:36 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2013.06.18 13:57:36 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2013.06.18 13:51:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2013.06.18 13:51:29 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2013.06.18 13:51:29 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2013.06.18 13:51:22 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2013.06.18 13:51:19 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2013.06.18 13:51:12 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.06.18 13:51:12 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013.06.18 13:51:12 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013.06.18 13:51:12 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013.06.18 13:51:12 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013.06.18 13:51:12 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013.06.18 13:51:03 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2013.06.18 13:51:00 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2013.06.18 13:50:59 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2013.06.18 13:50:57 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2013.06.18 13:50:56 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2013.06.18 13:50:52 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.06.18 13:50:52 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.06.18 13:50:51 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.06.18 13:50:51 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.06.18 13:50:51 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.06.18 13:50:51 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.06.18 13:50:49 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2013.06.18 13:50:48 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2013.06.18 13:50:43 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013.06.18 13:50:42 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2013.06.18 13:50:42 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2013.06.18 13:50:15 | 000,026,080 | ---- | C] (Zemana Ltd.) -- C:\Windows\SysNative\drivers\KeyCrypt64.sys
[2013.06.18 13:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free
[2013.06.18 13:50:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zemana AntiLogger Free
[2013.06.18 13:50:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeyCryptSDK
[2013.06.18 13:50:15 | 000,000,000 | ---D | C] -- C:\Users\Gondorin\AppData\Local\AntiLogger Free
[2013.06.18 13:38:27 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2013.06.18 13:38:27 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2013.06.18 13:35:57 | 000,000,000 | -H-D | C] -- C:\VTRoot
[2013.06.18 13:35:26 | 000,000,000 | ---D | C] -- C:\Users\Gondorin\AppData\Roaming\Comodo
[2013.06.18 13:32:35 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2013.06.18 13:32:35 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2013.06.18 13:32:35 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2013.06.18 13:32:25 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2013.06.18 13:32:25 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2013.06.18 13:32:25 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2013.06.18 13:32:11 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013.06.18 13:32:11 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2013.06.18 13:19:25 | 000,000,000 | ---D | C] -- C:\Users\Gondorin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Enhanced Mitigation Experience Toolkit
[2013.06.18 13:19:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EMET
[2013.06.18 13:12:24 | 000,000,000 | --SD | C] -- C:\ProgramData\Shared Space
[2013.06.18 13:11:10 | 000,000,000 | ---D | C] -- C:\Users\Gondorin\AppData\Local\Comodo
[2013.06.18 13:11:07 | 000,056,072 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
[2013.06.18 13:11:07 | 000,047,368 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
[2013.06.18 13:11:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2013.06.18 13:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2013.06.18 13:03:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013.06.18 13:03:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.06.18 13:03:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013.06.18 13:03:12 | 006,491,936 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2013.06.18 13:03:12 | 003,514,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2013.06.18 13:03:12 | 002,555,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2013.06.18 13:03:12 | 000,237,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2013.06.18 13:03:12 | 000,063,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2013.06.18 13:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013.06.18 13:02:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013.06.18 13:02:34 | 027,775,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.06.18 13:02:34 | 021,096,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.06.18 13:02:34 | 015,910,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013.06.18 13:02:34 | 015,143,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013.06.18 13:02:34 | 013,403,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013.06.18 13:02:34 | 012,426,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013.06.18 13:02:34 | 007,641,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.06.18 13:02:34 | 006,324,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.06.18 13:02:34 | 001,832,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6432018.dll
[2013.06.18 13:02:34 | 001,511,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6432018.dll
[2013.06.18 13:02:34 | 001,510,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2013.06.18 13:02:34 | 001,059,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2013.06.18 13:02:34 | 000,925,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013.06.18 13:02:34 | 000,550,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2013.06.18 13:02:34 | 000,518,944 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2013.06.18 13:02:34 | 000,443,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2013.06.18 13:02:34 | 000,421,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2013.06.18 13:02:34 | 000,266,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013.06.18 13:02:34 | 000,218,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2013.06.18 13:02:34 | 000,214,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013.06.18 13:02:34 | 000,194,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2013.06.18 13:02:34 | 000,181,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2013.06.18 13:02:34 | 000,031,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2013.06.18 13:02:33 | 025,256,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.06.18 13:02:33 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.06.18 13:02:33 | 009,233,688 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.06.18 13:02:33 | 007,682,960 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.06.18 13:02:33 | 002,942,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.06.18 13:02:33 | 002,935,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2013.06.18 13:02:33 | 002,754,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.06.18 13:02:33 | 002,597,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013.06.18 13:02:33 | 002,363,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.06.18 13:02:33 | 002,002,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.06.18 13:01:42 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013.06.18 13:01:19 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013.06.18 12:53:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2013.06.18 12:53:38 | 000,056,448 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\usbfilter.sys
[2013.06.18 12:53:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2013.06.18 12:53:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2013.06.18 12:53:30 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2013.06.18 12:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013.06.17 20:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\GIGABYTE
[2013.06.17 20:25:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIGABYTE
[2013.06.17 20:25:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Etron Technology
[2013.06.17 20:23:53 | 000,565,352 | ---- | C] (Realtek                                            ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2013.06.17 20:23:53 | 000,107,552 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll
[2013.06.17 20:21:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013.06.17 20:21:13 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013.06.17 20:20:58 | 002,604,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2013.06.17 20:20:58 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013.06.17 20:20:58 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013.06.17 20:20:58 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013.06.17 20:20:57 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2013.06.17 20:20:57 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013.06.17 20:20:56 | 003,213,928 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2013.06.17 20:20:56 | 002,528,872 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2013.06.17 20:20:56 | 001,914,472 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2013.06.17 20:20:56 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2013.06.17 20:20:55 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2013.06.17 20:20:55 | 001,247,848 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2013.06.17 20:20:55 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013.06.17 20:20:55 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013.06.17 20:20:55 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013.06.17 20:20:55 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013.06.17 20:20:55 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013.06.17 20:20:55 | 000,099,432 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2013.06.17 20:20:55 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013.06.17 20:20:52 | 002,132,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2013.06.17 20:20:52 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013.06.17 20:20:52 | 000,080,984 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBWrp64.dll
[2013.06.17 20:20:52 | 000,064,600 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBppld64.dll
[2013.06.17 20:20:51 | 000,886,360 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBAPO64.dll
[2013.06.17 20:20:51 | 000,746,072 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBAPO32.dll
[2013.06.17 20:20:51 | 000,060,504 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBPPCn64.dll
[2013.06.17 20:20:49 | 002,085,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013.06.17 20:20:46 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2013.06.17 20:20:46 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2013.06.17 20:20:46 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2013.06.17 20:20:46 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013.06.17 20:20:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013.06.17 20:20:45 | 001,698,408 | R--- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2013.06.17 20:20:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.06.17 20:08:33 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013.06.17 19:45:15 | 000,000,000 | ---D | C] -- C:\Users\Gondorin\AppData\Roaming\Ashampoo
[2013.06.17 19:45:02 | 000,000,000 | ---D | C] -- C:\Users\Gondorin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2013.06.17 19:45:02 | 000,000,000 | ---D | C] -- C:\Users\Gondorin\AppData\Local\ashampoo
[2013.06.17 19:44:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Ashampoo
[2013.06.17 19:44:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo
[2013.06.17 19:44:28 | 000,000,000 | ---D | C] -- C:\Users\Gondorin\AppData\Local\Programs
[2013.06.17 19:32:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2013.06.17 19:32:03 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO
[2013.06.17 19:31:30 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2013.06.17 19:31:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.06.17 19:31:11 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2013.06.17 19:31:11 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
[2013.06.17 19:30:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.06.17 19:30:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.06.17 19:30:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2013.06.17 19:30:02 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.06.17 19:30:02 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.06.17 19:30:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013.06.17 19:29:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013.06.17 19:28:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2013.06.17 19:26:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013.06.17 19:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013.06.17 19:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013.06.17 19:22:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.06.17 19:22:53 | 000,866,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.06.17 19:22:53 | 000,788,896 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.06.17 19:22:53 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.06.17 19:22:52 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.06.17 19:22:52 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.06.17 19:22:52 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.06.17 19:22:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.06.17 19:22:46 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.06.17 19:18:38 | 000,000,000 | R--D | C] -- C:\Users\Gondorin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.06.17 19:18:38 | 000,000,000 | R--D | C] -- C:\Users\Gondorin\Searches
[2013.06.17 19:18:38 | 000,000,000 | R--D | C] -- C:\Users\Gondorin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.06.17 19:18:27 | 000,000,000 | ---D | C] -- C:\Users\Gondorin\AppData\Roaming\Identities
[2013.06.17 19:18:26 | 000,000,000 | R--D | C] -- C:\Users\Gondorin\Contacts
[2013.06.17 19:18:24 | 000,000,000 | ---D | C] -- C:\Users\Gondorin\AppData\Local\VirtualStore
[2013.06.17 19:18:14 | 000,000,000 | --SD | C] -- C:\Users\Gondorin\AppData\Roaming\Microsoft
[2013.06.17 19:18:14 | 000,000,000 | R--D | C] -- C:\Users\Gondorin\Videos
[2013.06.17 19:18:14 | 000,000,000 | R--D | C] -- C:\Users\Gondorin\Saved Games
[2013.06.17 19:18:14 | 000,000,000 | R--D | C] -- C:\Users\Gondorin\Pictures
[2013.06.17 19:18:14 | 000,000,000 | R--D | C] -- C:\Users\Gondorin\Music
[2013.06.17 19:18:14 | 000,000,000 | R--D | C] -- C:\Users\Gondorin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.06.17 19:18:14 | 000,000,000 | R--D | C] -- C:\Users\Gondorin\Links
[2013.06.17 19:18:14 | 000,000,000 | R--D | C] -- C:\Users\Gondorin\Favorites
[2013.06.17 19:18:14 | 000,000,000 | R--D | C] -- C:\Users\Gondorin\Downloads
[2013.06.17 19:18:14 | 000,000,000 | R--D | C] -- C:\Users\Gondorin\Documents
[2013.06.17 19:18:14 | 000,000,000 | R--D | C] -- C:\Users\Gondorin\Desktop
[2013.06.17 19:18:14 | 000,000,000 | R--D | C] -- C:\Users\Gondorin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.06.17 19:18:14 | 000,000,000 | -HSD | C] -- C:\Users\Gondorin\Vorlagen
[2013.06.17 19:18:14 | 000,000,000 | -HSD | C] -- C:\Users\Gondorin\AppData\Local\Verlauf
[2013.06.17 19:18:14 | 000,000,000 | -HSD | C] -- C:\Users\Gondorin\AppData\Local\Temporary Internet Files
[2013.06.17 19:18:14 | 000,000,000 | -HSD | C] -- C:\Users\Gondorin\Startmenü
[2013.06.17 19:18:14 | 000,000,000 | -HSD | C] -- C:\Users\Gondorin\SendTo
[2013.06.17 19:18:14 | 000,000,000 | -HSD | C] -- C:\Users\Gondorin\Recent
[2013.06.17 19:18:14 | 000,000,000 | -HSD | C] -- C:\Users\Gondorin\Netzwerkumgebung
[2013.06.17 19:18:14 | 000,000,000 | -HSD | C] -- C:\Users\Gondorin\Lokale Einstellungen
[2013.06.17 19:18:14 | 000,000,000 | -HSD | C] -- C:\Users\Gondorin\Documents\Eigene Videos
[2013.06.17 19:18:14 | 000,000,000 | -HSD | C] -- C:\Users\Gondorin\Documents\Eigene Musik
[2013.06.17 19:18:14 | 000,000,000 | -HSD | C] -- C:\Users\Gondorin\Eigene Dateien
[2013.06.17 19:18:14 | 000,000,000 | -HSD | C] -- C:\Users\Gondorin\Documents\Eigene Bilder
[2013.06.17 19:18:14 | 000,000,000 | -HSD | C] -- C:\Users\Gondorin\Druckumgebung
[2013.06.17 19:18:14 | 000,000,000 | -HSD | C] -- C:\Users\Gondorin\Cookies
[2013.06.17 19:18:14 | 000,000,000 | -HSD | C] -- C:\Users\Gondorin\AppData\Local\Anwendungsdaten
[2013.06.17 19:18:14 | 000,000,000 | -HSD | C] -- C:\Users\Gondorin\Anwendungsdaten
[2013.06.17 19:18:14 | 000,000,000 | -H-D | C] -- C:\Users\Gondorin\AppData
[2013.06.17 19:18:14 | 000,000,000 | ---D | C] -- C:\Users\Gondorin\AppData\Local\Temp
[2013.06.17 19:18:14 | 000,000,000 | ---D | C] -- C:\Users\Gondorin\AppData\Local\Microsoft
[2013.06.17 19:18:14 | 000,000,000 | ---D | C] -- C:\Users\Gondorin\AppData\Roaming\Media Center Programs
[2013.06.17 19:18:08 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.06.17 19:18:08 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.06.17 19:18:08 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013.06.17 19:18:08 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.06.17 19:18:08 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.06.17 19:18:08 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.06.17 19:18:08 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.06.17 19:18:08 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.06.17 19:18:08 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.06.17 19:18:08 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.06.17 19:18:08 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.06.17 19:18:08 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.06.17 19:12:00 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.06.17 19:09:49 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013.06.17 19:09:16 | 000,000,000 | -HSD | C] -- C:\System Volume Information
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.18 16:31:15 | 001,087,905 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2013.06.18 16:30:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.18 16:23:17 | 001,647,128 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.18 16:23:17 | 000,709,156 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.18 16:23:17 | 000,662,294 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.18 16:23:17 | 000,153,592 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.18 16:23:17 | 000,125,424 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.18 16:21:32 | 000,001,195 | ---- | M] () -- C:\Users\Gondorin\Desktop\BDUSBImmunizer2019Launcher - Verknüpfung.lnk
[2013.06.18 16:10:21 | 000,002,165 | ---- | M] () -- C:\Users\Public\Desktop\Secure Eraser.lnk
[2013.06.18 15:59:08 | 000,021,520 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.18 15:59:08 | 000,021,520 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.18 15:51:27 | 000,292,776 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.06.18 15:51:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.18 15:51:18 | 688,513,198 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.06.18 15:51:18 | 4293,042,174 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.18 15:38:35 | 000,261,452 | ---- | M] () -- C:\Windows\SysNative\drivers\fvstore.dat
[2013.06.18 15:38:00 | 000,001,248 | ---- | M] () -- C:\Users\Gondorin\Desktop\OpenOffice.org 3.4.1.lnk
[2013.06.18 15:33:29 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.06.18 15:33:28 | 001,092,512 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013.06.18 15:33:28 | 000,971,680 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013.06.18 15:33:28 | 000,311,200 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.06.18 15:33:28 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.06.18 15:33:28 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.06.18 15:23:22 | 000,001,051 | ---- | M] () -- C:\Users\Gondorin\Desktop\KeePass - Verknüpfung.lnk
[2013.06.18 15:05:20 | 000,002,090 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2013.06.18 15:04:13 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.06.18 14:58:50 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.06.18 14:58:46 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.06.18 14:58:46 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.06.18 14:58:46 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.06.18 14:58:44 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.06.18 14:58:44 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.06.18 14:58:44 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.06.18 14:58:43 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.06.18 14:58:43 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.06.18 14:58:43 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.06.18 14:58:42 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.06.18 14:58:41 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.06.18 14:58:41 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.06.18 14:58:40 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.06.18 14:58:40 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.06.18 14:58:40 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.06.18 14:58:39 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.06.18 14:58:39 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.06.18 14:58:39 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.06.18 14:58:39 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.06.18 14:58:38 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.18 14:58:37 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.06.18 14:58:37 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.06.18 14:58:36 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.06.18 14:58:36 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.06.18 14:58:36 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.06.18 14:58:35 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.06.18 14:58:35 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.06.18 14:58:35 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.06.18 14:58:35 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.06.18 14:58:35 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.06.18 14:58:35 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.06.18 14:58:30 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.06.18 14:58:30 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.06.18 14:58:30 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.06.18 14:58:30 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.06.18 14:58:30 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.06.18 14:58:30 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.06.18 14:58:30 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.06.18 14:58:30 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.06.18 14:58:30 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.06.18 14:58:30 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.06.18 14:58:30 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.06.18 14:58:30 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.06.18 14:58:30 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.06.18 14:58:30 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.06.18 14:58:30 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.06.18 14:58:30 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.06.18 14:58:30 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.06.18 14:58:29 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.06.18 14:58:29 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.06.18 14:58:29 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.06.18 14:58:29 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.06.18 14:58:29 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.18 14:58:29 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.06.18 14:58:29 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.06.18 14:58:29 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.06.18 14:58:29 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.06.18 14:58:29 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.06.18 14:58:29 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.06.18 14:58:29 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.06.18 14:58:29 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.06.18 14:58:29 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.06.18 14:58:29 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.06.18 14:58:29 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.06.18 14:58:29 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.06.18 14:58:29 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.06.18 14:58:29 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.06.18 14:58:29 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.06.18 14:58:29 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.06.18 14:56:22 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.06.18 14:56:22 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.06.18 14:56:22 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.06.18 14:56:22 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.06.18 14:56:22 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.06.18 14:56:22 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.06.18 14:56:22 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.06.18 14:56:22 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.06.18 14:56:22 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.06.18 14:56:21 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.06.18 14:56:21 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.06.18 14:56:21 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.06.18 14:56:21 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013.06.18 14:56:21 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.06.18 14:56:21 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.06.18 14:56:21 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.06.18 14:56:21 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.06.18 14:56:21 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.06.18 14:56:21 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.06.18 14:56:21 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.06.18 14:56:21 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.06.18 14:56:21 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.06.18 14:56:21 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.06.18 14:56:21 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.06.18 14:56:21 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.06.18 14:56:21 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.06.18 14:56:21 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.06.18 14:56:21 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.06.18 14:56:21 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.06.18 14:56:21 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.06.18 14:56:20 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.06.18 14:56:20 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.06.18 14:56:20 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.06.18 14:56:20 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.06.18 14:56:20 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.06.18 14:56:20 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.06.18 14:56:20 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.06.18 14:56:20 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.06.18 14:56:20 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.06.18 14:56:20 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.06.18 14:56:20 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013.06.18 14:46:55 | 000,056,072 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
[2013.06.18 14:46:55 | 000,047,368 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
[2013.06.18 14:31:56 | 000,001,057 | ---- | M] () -- C:\Users\Public\Desktop\Geany.lnk
[2013.06.18 14:30:20 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.06.18 14:30:20 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.06.18 14:28:58 | 000,000,869 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2013.06.18 14:26:01 | 000,002,041 | ---- | M] () -- C:\Users\Gondorin\Desktop\JDownloader.lnk
[2013.06.18 14:22:20 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.06.18 14:18:07 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Clover.lnk
[2013.06.18 13:50:16 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\AntiLogger Free.lnk
[2013.06.18 13:36:14 | 000,000,504 | ---- | M] () -- C:\Windows\cce.INI
[2013.06.18 13:13:00 | 000,001,899 | ---- | M] () -- C:\Users\Public\Desktop\Virtual Comodo Dragon.lnk
[2013.06.18 13:13:00 | 000,001,838 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2013.06.18 13:13:00 | 000,000,593 | ---- | M] () -- C:\Users\Public\Desktop\Gemeinsamer Bereich.lnk
[2013.06.18 13:11:10 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2013.06.18 13:04:51 | 000,001,351 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013.06.17 20:22:41 | 000,000,010 | ---- | M] () -- C:\Windows\GSetup.ini
[2013.06.17 19:45:02 | 000,001,327 | ---- | M] () -- C:\Users\Gondorin\Desktop\Ashampoo Burning Studio 2013.lnk
[2013.06.17 19:42:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.06.17 19:32:32 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\COMODO BackUp Wizard.lnk
[2013.06.17 19:32:32 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\COMODO BackUp.lnk
[2013.06.17 19:32:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_vdbus_01009.Wdf
[2013.06.17 19:31:11 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2013.06.17 19:31:11 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
[2013.06.17 19:29:03 | 001,672,858 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.06.17 19:22:49 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.06.17 19:22:49 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.06.17 19:22:49 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.06.17 19:22:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.06.17 19:22:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.06.17 19:22:49 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.06.17 19:14:30 | 000,177,271 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.06.17 19:14:30 | 000,177,271 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013.05.24 17:08:42 | 000,026,080 | ---- | M] (Zemana Ltd.) -- C:\Windows\SysNative\drivers\KeyCrypt64.sys
 
========== Files Created - No Company Name ==========
 
[2013.06.18 16:21:32 | 000,001,195 | ---- | C] () -- C:\Users\Gondorin\Desktop\BDUSBImmunizer2019Launcher - Verknüpfung.lnk
[2013.06.18 16:10:21 | 000,002,165 | ---- | C] () -- C:\Users\Public\Desktop\Secure Eraser.lnk
[2013.06.18 15:51:18 | 688,513,198 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.06.18 15:38:00 | 000,001,248 | ---- | C] () -- C:\Users\Gondorin\Desktop\OpenOffice.org 3.4.1.lnk
[2013.06.18 15:23:22 | 000,001,051 | ---- | C] () -- C:\Users\Gondorin\Desktop\KeePass - Verknüpfung.lnk
[2013.06.18 15:05:20 | 000,002,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2013.06.18 15:05:20 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2013.06.18 15:04:13 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.06.18 15:04:13 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.06.18 14:58:35 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.06.18 14:58:30 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.06.18 14:31:56 | 000,001,057 | ---- | C] () -- C:\Users\Public\Desktop\Geany.lnk
[2013.06.18 14:28:58 | 000,000,869 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2013.06.18 14:26:01 | 000,002,041 | ---- | C] () -- C:\Users\Gondorin\Desktop\JDownloader.lnk
[2013.06.18 14:25:56 | 000,002,005 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2013.06.18 14:25:56 | 000,001,949 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2013.06.18 14:25:56 | 000,001,928 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2013.06.18 14:22:20 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.06.18 14:18:07 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Clover.lnk
[2013.06.18 13:50:16 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\AntiLogger Free.lnk
[2013.06.18 13:36:14 | 000,000,504 | ---- | C] () -- C:\Windows\cce.INI
[2013.06.18 13:35:56 | 000,261,452 | ---- | C] () -- C:\Windows\SysNative\drivers\fvstore.dat
[2013.06.18 13:13:00 | 000,001,899 | ---- | C] () -- C:\Users\Public\Desktop\Virtual Comodo Dragon.lnk
[2013.06.18 13:13:00 | 000,001,838 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2013.06.18 13:13:00 | 000,000,593 | ---- | C] () -- C:\Users\Public\Desktop\Gemeinsamer Bereich.lnk
[2013.06.18 13:12:54 | 001,087,905 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2013.06.18 13:11:10 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2013.06.18 13:04:51 | 000,001,351 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013.06.18 13:03:12 | 003,165,737 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2013.06.18 13:02:34 | 000,020,536 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013.06.17 20:25:49 | 000,031,272 | ---- | C] () -- C:\Windows\SysNative\AppleChargerSrv.exe
[2013.06.17 20:25:49 | 000,021,616 | ---- | C] () -- C:\Windows\SysNative\drivers\AppleCharger.sys
[2013.06.17 20:23:53 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2013.06.17 20:20:55 | 000,150,996 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2013.06.17 20:20:16 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2013.06.17 19:45:02 | 000,001,327 | ---- | C] () -- C:\Users\Gondorin\Desktop\Ashampoo Burning Studio 2013.lnk
[2013.06.17 19:42:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.06.17 19:32:32 | 000,000,974 | ---- | C] () -- C:\Users\Public\Desktop\COMODO BackUp Wizard.lnk
[2013.06.17 19:32:32 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\COMODO BackUp.lnk
[2013.06.17 19:32:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_vdbus_01009.Wdf
[2013.06.17 19:30:02 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.17 19:26:52 | 001,672,858 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.06.17 19:18:40 | 000,001,413 | ---- | C] () -- C:\Users\Gondorin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.06.17 19:14:17 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013.06.17 19:14:02 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013.06.17 19:09:16 | 4293,042,174 | -HS- | C] () -- C:\hiberfil.sys
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.06.18 16:10:23 | 000,000,000 | ---D | M] -- C:\Users\Gondorin\AppData\Roaming\ASCOMP Software
[2013.06.17 19:45:15 | 000,000,000 | ---D | M] -- C:\Users\Gondorin\AppData\Roaming\Ashampoo
[2013.06.18 16:14:19 | 000,000,000 | ---D | M] -- C:\Users\Gondorin\AppData\Roaming\Thunderbird
 
========== Purity Check ==========
 
 

< End of report >

Gondorin · 18.06.2013, 15:43

Code:

ATTFilter

OTL Extras logfile created on: 18.06.2013 16:34:49 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Programme\OTL
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16618)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
16,00 Gb Total Physical Memory | 13,05 Gb Available Physical Memory | 81,59% Memory free
31,99 Gb Paging File | 28,50 Gb Available in Paging File | 89,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,21 Gb Total Space | 144,30 Gb Free Space | 73,92% Space Free | Partition Type: NTFS
Drive D: | 736,20 Gb Total Space | 689,98 Gb Free Space | 93,72% Space Free | Partition Type: NTFS
 
Computer Name: FLAMEV1 | User Name: Gondorin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2106267325-1399569245-2908342380-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F16002A-B241-436A-933F-090F6C79E35C}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{132F3CA4-DEFE-4A9F-81DD-8BD07E5C6E96}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{20934C26-DC51-408D-82EB-80351C11101E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{2EFBAC89-1501-402A-BC66-3204D725C98E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3FA6D9ED-3C63-4F44-9567-4B0B4AC51B82}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4AF8FB80-E54B-4F1C-888C-85EB0AA2DA60}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4B182AE3-207B-4870-9A7F-CCBE7745EBC8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{50BE9FDC-92C6-4D9F-A285-C7404CC4E8EE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{688BCFB8-6973-4D11-B706-D5C0CDF27E9F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{73FB42B6-C0CD-4F7A-8CB7-CB74280FEAE6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{74C48592-1BC6-474F-A3DF-24FB7C210417}" = lport=139 | protocol=6 | dir=in | app=system | 
"{79D6BB0F-5770-4EE4-B23F-B58B914FD5B7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{7AD0CD26-A0E4-45DA-94C6-B20F32EAFCBC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{94F06C95-2BC5-4A82-9080-9B2C2ADB96CB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AD60693C-EF7E-448D-95FA-EEC78887D930}" = lport=138 | protocol=17 | dir=in | app=system | 
"{AFC43CD1-43FE-4CBC-AC97-066E9087DAD3}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B905940F-CB11-410A-81F0-FBE6CED645E1}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{B915CF65-0DC1-442F-A1BC-0C02489C3BEA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C95F129E-89CF-405F-950B-557F3C2A288B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{DA2E0F0D-623F-4697-8591-0C371F29E4E0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EDDE4E65-5045-436D-B6AF-BDC1D537661C}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07DB417D-E1B2-4880-AD41-C679D787F6FE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0EFF09F2-8593-419F-82DA-F89331A66B50}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{15540491-C3FC-440E-8636-7B24DEF10A09}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{22706569-6402-4A39-8652-F3DF5CBACF84}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{34B77E98-9A7B-4B94-B4DD-E538282B10EA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{6E9E1E2F-4F2F-4B6D-806C-DB8BC91E24D6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7B3FB887-D9DB-4FEB-AFE5-634CE3A695F3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7F5A9099-995C-43C6-AB69-C9AC7FCCE389}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{88E3AE6B-94F8-4134-A1D7-FB6ED2E83F5F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{95E36EC7-0862-4920-8227-082A83316859}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A199D728-C936-4A07-A387-AFFDD460AAA2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A37C7C40-C649-4A74-B219-14BC6D6A9389}" = protocol=6 | dir=out | app=system | 
"{A570BD42-7556-4EF4-A2EC-BA2DB997DDD6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B5876219-B362-40D4-9713-FA4001630E63}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B5D013CE-D153-45B2-AD60-D2A87A17F534}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B8169E99-46A1-41B7-9EEA-0BE7CA0C682F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D6C5ABEB-3886-40BB-90CF-AE15EC8A00BD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{DA8EC97F-D671-43A7-9B3A-8E9C20A04D2C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E16191A8-BA87-42CC-90B5-00E5992B6FE0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{120EC191-78F8-CA89-3511-7E90C23F5261}" = AMD Catalyst Install Manager
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170210}" = Java SE Development Kit 7 Update 21 (64-bit)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0A5A6EE-F8BA-48B1-BB32-BAC17E96C2B4}" = Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 4.11.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B79E9FF2-D932-4FD5-BCAF-4DE6F2FBE521}" = COMODO BackUp
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP1
"{F1EC4151-805B-4097-B9BB-7D71A417AAF1}" = COMODO Internet Security Premium
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.64.0
"M928366" = 
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1 SP1
"Microsoft Visual J# 2.0 Redistributable Package - SE (x64)" = Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
"Unlocker" = Unlocker 1.9.2
"VLC media player" = VLC media player 2.0.6
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{249d5ca2-4555-41b5-a112-d45aec69dffa}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.1102.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{58597FDC-CDF0-4760-A57C-250DF09F4A21}" = Adobe Shockwave Player 12.0
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1" = Ashampoo Burning Studio 2013 v.11.0.6
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A80DB23D-0618-405B-89D9-28F99814E287}_is1" = AntiLogger Free version 1.6.2.226
"{B94CD252-ACBB-36C7-133D-94BB87D70F91}" = Catalyst Control Center InstallProxy
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cde5fd82-4a8f-483e-adf0-ca7343d00433}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{DE7A5DDF-47B3-42FF-A082-E158DEA37392}" = EMET
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Clover" = Clover 3.0
"Comodo Dragon" = Comodo Dragon
"Geany" = Geany 1.23
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Secure Eraser_is1" = Secure Eraser
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.06.2013 07:31:19 | Computer Name = FlameV1 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 18.06.2013 07:31:19 | Computer Name = FlameV1 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 18.06.2013 07:48:53 | Computer Name = FlameV1 | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.06.2013 08:44:35 | Computer Name = FlameV1 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mscorsvw.exe, Version: 4.0.30319.17929,
 Zeitstempel: 0x4ffa55d9  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x73b66cdc  ID des fehlerhaften
 Prozesses: 0x120c  Startzeit der fehlerhaften Anwendung: 0x01ce6c19e3d1ca48  Pfad der
 fehlerhaften Anwendung: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: d3fa7baf-d814-11e2-91d3-94de8024a1a6
 
Error - 18.06.2013 08:44:38 | Computer Name = FlameV1 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: nvSCPAPISvr.exe, Version: 7.17.13.2018,
 Zeitstempel: 0x518ff8e2  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x73b66cdc  ID des fehlerhaften
 Prozesses: 0x8c  Startzeit der fehlerhaften Anwendung: 0x01ce6c1996141788  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: d5ebfb48-d814-11e2-91d3-94de8024a1a6
 
Error - 18.06.2013 08:44:41 | Computer Name = FlameV1 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: dragon_updater.exe, Version: 0.0.0.0,
 Zeitstempel: 0x51541c43  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x73b66cdc  ID des fehlerhaften
 Prozesses: 0x760  Startzeit der fehlerhaften Anwendung: 0x01ce6c199882a6ce  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: d7798115-d814-11e2-91d3-94de8024a1a6
 
Error - 18.06.2013 08:44:42 | Computer Name = FlameV1 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: daemonu.exe, Version: 4.11.9.1, Zeitstempel:
 0x5194eb80  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x73b66cdc  ID des fehlerhaften Prozesses:
 0x7e0  Startzeit der fehlerhaften Anwendung: 0x01ce6c19995b53a2  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: d8867c94-d814-11e2-91d3-94de8024a1a6
 
Error - 18.06.2013 08:47:25 | Computer Name = FlameV1 | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.06.2013 09:11:46 | Computer Name = FlameV1 | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.06.2013 09:53:01 | Computer Name = FlameV1 | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 17.06.2013 15:11:20 | Computer Name = FlameV1 | Source = Microsoft-Windows-FilterManager | ID = 3
Description = Der Filter-Manager konnte keine Verbindung mit dem Volume "\Device\HarddiskVolume6"
 herstellen. Dieses Volume ist erst nach einem Neustart für die Filterung verfügbar.
 Der letzte Status war "0xc03a001c".
 
Error - 18.06.2013 07:04:51 | Computer Name = FlameV1 | Source = DCOM | ID = 10010
Description = 
 
Error - 18.06.2013 08:44:39 | Computer Name = FlameV1 | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Microsoft .NET Framework NGEN v4.0.30319_X86" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 18.06.2013 08:44:40 | Computer Name = FlameV1 | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 18.06.2013 08:44:42 | Computer Name = FlameV1 | Source = Service Control Manager | ID = 7034
Description = Dienst "COMODO Dragon Update Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 18.06.2013 08:44:43 | Computer Name = FlameV1 | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 18.06.2013 08:47:25 | Computer Name = FlameV1 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler 
beendet:   %%16405
 
Error - 18.06.2013 09:51:34 | Computer Name = FlameV1 | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?18.?06.?2013 um 15:49:55 unerwartet heruntergefahren.
 
Error - 18.06.2013 09:51:35 | Computer Name = FlameV1 | Source = BugCheck | ID = 1001
Description = 
 
 
< End of report >

cosinus · 19.06.2013, 00:00

Zitat:

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Warum hast du eine Professional-Edition von Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?

Malware auf der Festplatte?

Log-Analyse und Auswertung: Malware auf der Festplatte?