| |  Firefox startet nicht mehr, Avira meldet tr/boigy.j
 Hallo liebe Forumleser
seit einigen Monaten ist mein Firefox immer wieder recht langsam und moniert nicht antwortende Skripte. Seit einigen Tagen stürzt er beim Start ab. Ich habe Firefox mehrfach neuinstaliert und dabei auch alle Nutzerdaten gelöscht aber es hat nichts geholfen. Momentan nutze ich Chrome. Dort kommt bei jedem Start allerdings von Avira die Meldung das ein tr/boigy.j gefunden wurde. Ich drücke dann immer auf "entfernen", aber die Meldung kommt immer wieder.
Die OTL.Exe hat folgendes ausgespuckt: Zitat:
OTL logfile created on: 10.07.2013 14:16:12 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\snoerer\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16618)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,90 Gb Total Physical Memory | 5,59 Gb Available Physical Memory | 70,80% Memory free
15,79 Gb Paging File | 13,54 Gb Available in Paging File | 85,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 679,00 Gb Total Space | 593,45 Gb Free Space | 87,40% Space Free | Partition Type: NTFS
Computer Name: SNOERER-PC | User Name: snoerer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.07.10 11:50:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\snoerer\Desktop\OTL.exe
PRC - [2013.06.27 13:30:53 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.06.27 13:30:37 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.06.27 13:30:37 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.05.10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.08.13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2012.07.13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.12.08 21:09:31 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.07.08 17:12:32 | 002,749,248 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
PRC - [2011.07.08 17:10:34 | 004,257,600 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
PRC - [2011.07.08 17:09:50 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
PRC - [2011.06.29 15:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
PRC - [2011.06.28 02:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
PRC - [2011.04.13 17:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2010.12.21 01:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.21 01:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.12.17 17:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2010.11.17 17:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
========== Modules (No Company Name) ==========
MOD - [2013.05.16 21:56:55 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\3c2ed368e1f3889997dfb42a5ca77284\System.Core.ni.dll
MOD - [2013.05.15 19:49:44 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll
MOD - [2013.05.15 19:49:30 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013.05.15 19:49:22 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll
MOD - [2013.05.15 19:49:12 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013.05.15 19:49:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013.01.09 19:39:28 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013.01.09 19:38:49 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.09 19:38:34 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.09 19:38:31 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.09 19:38:27 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.08.10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012.08.10 16:50:56 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
MOD - [2011.07.08 17:12:32 | 002,749,248 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
MOD - [2011.06.29 15:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
MOD - [2011.06.28 02:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
MOD - [2011.06.28 02:25:30 | 000,058,944 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\DataService.dll
MOD - [2011.06.25 06:32:36 | 000,323,136 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\de-DE\UI\ManagerUI.dll
MOD - [2011.06.25 06:20:26 | 000,565,968 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll
MOD - [2011.04.22 18:13:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
MOD - [2010.12.17 17:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2010.11.25 05:44:02 | 000,375,280 | ---- | M] () -- c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
MOD - [2010.11.17 17:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010.03.22 22:52:42 | 006,776,832 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll
MOD - [2010.03.17 03:28:28 | 000,326,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll
MOD - [2010.03.17 03:28:16 | 000,635,904 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll
MOD - [2010.03.17 03:28:04 | 001,926,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll
MOD - [2010.03.12 02:52:34 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll
MOD - [2010.03.12 02:52:34 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll
MOD - [2010.03.05 22:07:58 | 000,125,952 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll
MOD - [2010.03.05 22:07:58 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll
========== Services (SafeList) ==========
SRV:64bit: - [2011.08.08 14:39:18 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011.07.28 04:04:48 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011.07.28 03:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011.07.28 03:44:18 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011.06.03 19:51:38 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2010.11.29 22:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009.11.17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013.06.27 13:30:53 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.06.27 13:30:37 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.06.11 22:09:16 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.12.08 21:09:31 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.07.08 17:09:50 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010.12.21 01:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.12.21 01:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.11.25 12:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010.11.25 12:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013.03.27 12:11:46 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.27 12:11:46 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.27 12:11:46 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.05.15 12:48:00 | 000,249,152 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nvkflt.sys -- (nvkflt)
DRV:64bit: - [2012.05.15 12:48:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.22 23:49:58 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.10.22 23:49:58 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.08.08 14:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011.08.08 14:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011.08.04 03:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.07.20 15:39:58 | 012,287,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.07.05 21:44:42 | 000,412,024 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmnwim.sys -- (NWIM)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.04.23 21:30:18 | 000,033,160 | ---- | M] (WeOnlyDo Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wod0205.sys -- (wod0205)
DRV:64bit: - [2011.02.11 00:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.02.11 00:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.01.20 18:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.12.17 19:06:32 | 001,404,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.12.13 19:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010.12.12 16:18:36 | 000,121,960 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2010.11.29 22:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.16 02:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.08.20 11:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010.07.13 04:38:06 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt)
DRV:64bit: - [2010.03.19 10:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.02.27 17:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006.11.01 19:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {A834A5B1-5A5B-4CC1-A6FF-C024295AFCD6}
IE:64bit: - HKLM\..\SearchScopes\{A834A5B1-5A5B-4CC1-A6FF-C024295AFCD6}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {A834A5B1-5A5B-4CC1-A6FF-C024295AFCD6}
IE - HKLM\..\SearchScopes\{A834A5B1-5A5B-4CC1-A6FF-C024295AFCD6}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1746198383-1202492751-3021964975-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKU\S-1-5-21-1746198383-1202492751-3021964975-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8
IE - HKU\S-1-5-21-1746198383-1202492751-3021964975-1001\..\SearchScopes,DefaultScope = {A834A5B1-5A5B-4CC1-A6FF-C024295AFCD6}
IE - HKU\S-1-5-21-1746198383-1202492751-3021964975-1001\..\SearchScopes\{6F789A83-F06F-4114-9EC0-651C4F36EFB3}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=539F5209-556C-4920-8413-57CECEDF25BE&apn_sauid=2E5892FE-6A5C-4164-BC49-9CAC18EAD8B7
IE - HKU\S-1-5-21-1746198383-1202492751-3021964975-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK
[2013.07.03 13:14:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.07.03 13:14:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.07.03 13:14:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.07.03 13:14:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{go ogle:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParam eter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\snoerer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\snoerer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Bitdefender QuickScan = C:\Users\snoerer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.131_0\
CHR - Extension: Google Mail = C:\Users\snoerer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\snoerer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk = File not found
O4 - Startup: C:\Users\snoerer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{847F55B9-7337-4A01-939F-373D0F3702EC}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.07.10 11:50:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\snoerer\Desktop\OTL.exe
[2013.07.03 13:14:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
========== Files - Modified Within 30 Days ==========
[2013.07.10 14:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.10 13:41:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.10 13:34:55 | 000,033,258 | ---- | M] () -- C:\Users\snoerer\Desktop\Pferde.odt
[2013.07.10 13:15:08 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.10 13:15:08 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.10 13:07:54 | 000,001,917 | -HS- | M] () -- C:\ProgramData\174115fb-d56d-4c18-9136-c3f467168f02
[2013.07.10 13:07:29 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.10 13:07:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.10 13:07:18 | 2064,252,927 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.10 13:06:44 | 000,000,188 | ---- | M] () -- C:\Users\snoerer\defogger_reenable
[2013.07.10 12:54:31 | 000,001,206 | ---- | M] () -- C:\Users\snoerer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk
[2013.07.10 12:07:30 | 1056,483,334 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.07.10 11:50:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\snoerer\Desktop\OTL.exe
[2013.06.27 13:30:57 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.06.20 21:37:52 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.06.18 16:42:49 | 000,349,376 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.06.18 14:24:03 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.06.18 14:24:02 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
========== Files Created - No Company Name ==========
[2013.07.10 13:06:44 | 000,000,188 | ---- | C] () -- C:\Users\snoerer\defogger_reenable
[2013.07.10 12:43:16 | 000,033,258 | ---- | C] () -- C:\Users\snoerer\Desktop\Pferde.odt
[2013.06.18 14:24:03 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.06.18 14:24:02 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.30 15:46:48 | 000,004,501 | ---- | C] () -- C:\Users\snoerer\.heldEinstellungen4_1.xml
[2013.03.30 15:46:47 | 000,000,286 | ---- | C] () -- C:\Users\snoerer\.dsa4.properties
[2013.02.06 12:31:13 | 000,007,605 | ---- | C] () -- C:\Users\snoerer\AppData\Local\Resmon.ResmonCfg
[2013.01.16 17:29:14 | 000,001,917 | -HS- | C] () -- C:\ProgramData\174115fb-d56d-4c18-9136-c3f467168f02
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.12.08 21:09:34 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.12.08 21:09:31 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.11.05 18:14:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.10.22 23:35:14 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.10.22 23:34:29 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.10.22 23:34:27 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.10.22 23:34:26 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.10.22 23:34:25 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.10.22 23:34:24 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2011.12.10 17:49:14 | 000,000,000 | ---D | M] -- C:\Users\snoerer\AppData\Roaming\DAEMON Tools Lite
[2012.03.04 13:24:29 | 000,000,000 | ---D | M] -- C:\Users\snoerer\AppData\Roaming\Daulona
[2012.03.06 19:23:55 | 000,000,000 | ---D | M] -- C:\Users\snoerer\AppData\Roaming\Fingertapps
[2012.03.07 14:26:13 | 000,000,000 | ---D | M] -- C:\Users\snoerer\AppData\Roaming\Fyur
[2011.12.16 14:00:21 | 000,000,000 | ---D | M] -- C:\Users\snoerer\AppData\Roaming\OpenOffice.org
[2011.12.05 18:51:20 | 000,000,000 | ---D | M] -- C:\Users\snoerer\AppData\Roaming\Origin
[2011.12.10 03:45:11 | 000,000,000 | ---D | M] -- C:\Users\snoerer\AppData\Roaming\PCDr
[2013.07.10 09:47:45 | 000,000,000 | ---D | M] -- C:\Users\snoerer\AppData\Roaming\QuickScan
[2011.12.10 21:07:28 | 000,000,000 | ---D | M] -- C:\Users\snoerer\AppData\Roaming\Stardock
[2012.12.30 18:37:41 | 000,000,000 | ---D | M] -- C:\Users\snoerer\AppData\Roaming\TS3Client
[2012.12.15 22:34:49 | 000,000,000 | ---D | M] -- C:\Users\snoerer\AppData\Roaming\ts3overlay
[2012.12.15 22:50:05 | 000,000,000 | ---D | M] -- C:\Users\snoerer\AppData\Roaming\ts3overlay_hook_win64
[2012.12.16 20:39:46 | 000,000,000 | ---D | M] -- C:\Users\snoerer\AppData\Roaming\Wippien
[2011.10.28 13:06:22 | 000,000,000 | ---D | M] -- C:\Users\snoerer\AppData\Roaming\ZinioReader4
========== Purity Check ==========
< End of report >
| Dies kommt von Gmer: Zitat:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-10 14:06:52
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD75 rev.01.0 698,64GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\snoerer\AppData\Local\Temp\uwdirfow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076c8efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076cb99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076cc94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076cc9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076cea500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcc43460 7 bytes JMP 000007fffcc300d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcc490b0 5 bytes JMP 000007fffcc30180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcc49250 5 bytes JMP 000007fffcc30110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcc4b7b0 6 bytes JMP 000007fffcc30148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcf889e0 8 bytes JMP 000007fffcc301f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcf8be40 8 bytes JMP 000007fffcc301b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd0d7490 11 bytes JMP 000007fffcc30228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd0ebf00 7 bytes JMP 000007fffcc30260
.text C:\Windows\system32\Dwm.exe[1656] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcc43460 7 bytes JMP 000007fffcc300d8
.text C:\Windows\system32\Dwm.exe[1656] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcc490b0 5 bytes JMP 000007fffcc30180
.text C:\Windows\system32\Dwm.exe[1656] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcc49250 5 bytes JMP 000007fffcc30110
.text C:\Windows\system32\Dwm.exe[1656] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcc4b7b0 6 bytes JMP 000007fffcc30148
.text C:\Windows\system32\Dwm.exe[1656] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcf889e0 8 bytes JMP 000007fffcc301f0
.text C:\Windows\system32\Dwm.exe[1656] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcf8be40 8 bytes JMP 000007fffcc301b8
.text C:\Windows\system32\Dwm.exe[1656] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef883dc88 5 bytes JMP 000007fff86300d8
.text C:\Windows\system32\Dwm.exe[1656] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef883de10 5 bytes JMP 000007fff8630110
.text C:\Windows\SysWOW64\PnkBstrA.exe[2372] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000071eb1a22 2 bytes {JMP 0x73}
.text C:\Windows\SysWOW64\PnkBstrA.exe[2372] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000071eb1ad0 2 bytes {JMP 0x73}
.text C:\Windows\SysWOW64\PnkBstrA.exe[2372] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000071eb1b08 2 bytes {JMP 0x73}
.text C:\Windows\SysWOW64\PnkBstrA.exe[2372] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000071eb1bba 2 bytes {JMP 0x73}
.text C:\Windows\SysWOW64\PnkBstrA.exe[2372] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000071eb1bda 2 bytes {JMP 0x73}
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076361465 2 bytes [36, 76]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763614bb 2 bytes [36, 76]
.text ... * 2
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1208] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076c8efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1208] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076cb99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1208] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076cc94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1208] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076cc9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1208] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076cea500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1208] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcc43460 7 bytes JMP 000007fffcc300d8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1208] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcc490b0 5 bytes JMP 000007fffcc30180
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1208] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcc49250 5 bytes JMP 000007fffcc30110
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1208] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcc4b7b0 6 bytes JMP 000007fffcc30148
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1208] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcf889e0 8 bytes JMP 000007fffcc301f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1208] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcf8be40 8 bytes JMP 000007fffcc301b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1208] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd0d7490 11 bytes JMP 000007fffcc30228
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1208] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd0ebf00 7 bytes JMP 000007fffcc30260
.text C:\Windows\System32\igfxpers.exe[2468] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076c8efe0 5 bytes JMP 000000016fff0148
.text C:\Windows\System32\igfxpers.exe[2468] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076cb99b0 7 bytes JMP 000000016fff00d8
.text C:\Windows\System32\igfxpers.exe[2468] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076cc94d0 5 bytes JMP 000000016fff0180
.text C:\Windows\System32\igfxpers.exe[2468] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076cc9640 5 bytes JMP 000000016fff0110
.text C:\Windows\System32\igfxpers.exe[2468] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076cea500 7 bytes JMP 000000016fff01b8
.text C:\Windows\System32\igfxpers.exe[2468] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcc43460 7 bytes JMP 000007fffcc300d8
.text C:\Windows\System32\igfxpers.exe[2468] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcc490b0 5 bytes JMP 000007fffcc30180
.text C:\Windows\System32\igfxpers.exe[2468] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcc49250 5 bytes JMP 000007fffcc30110
.text C:\Windows\System32\igfxpers.exe[2468] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcc4b7b0 6 bytes JMP 000007fffcc30148
.text C:\Windows\System32\igfxpers.exe[2468] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcf889e0 8 bytes JMP 000007fffcc301f0
.text C:\Windows\System32\igfxpers.exe[2468] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcf8be40 8 bytes JMP 000007fffcc301b8
.text C:\Windows\System32\igfxpers.exe[2468] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd0d7490 11 bytes JMP 000007fffcc30228
.text C:\Windows\System32\igfxpers.exe[2468] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd0ebf00 7 bytes JMP 000007fffcc30260
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[2752] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a41429 7 bytes JMP 00000001711e128a
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[2752] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076a5b223 5 bytes JMP 00000001711e158c
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[2752] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076ad88f4 7 bytes JMP 00000001711e1334
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[2752] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076ad8979 5 bytes JMP 00000001711e16a4
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[2752] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076ad8ccf 5 bytes JMP 00000001711e101e
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[2752] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000752a1d1b 5 bytes JMP 00000001711e11d1
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[2752] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000752a1dc9 5 bytes JMP 00000001711e1019
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[2752] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000752a2aa4 5 bytes JMP 00000001711e1546
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[2752] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000752a2d0a 5 bytes JMP 00000001711e1271
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[2752] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074a2e9a2 5 bytes JMP 00000001711e15a0
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[2752] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074a2ebdc 5 bytes JMP 00000001711e119f
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[2752] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076215ea5 5 bytes JMP 00000001711e15d2
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[2752] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076249d0b 5 bytes JMP 00000001711e122b
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3120] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000076a41429 7 bytes JMP 00000001711e128a
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3120] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 0000000076a5b223 5 bytes JMP 00000001711e158c
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3120] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000076ad88f4 7 bytes JMP 00000001711e1334
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3120] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000076ad8979 5 bytes JMP 00000001711e16a4
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3120] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000076ad8ccf 5 bytes JMP 00000001711e101e
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3120] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000752a1d1b 5 bytes JMP 00000001711e11d1
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3120] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000752a1dc9 5 bytes JMP 00000001711e1019
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3120] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000752a2aa4 5 bytes JMP 00000001711e1546
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3120] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000752a2d0a 5 bytes JMP 00000001711e1271
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3120] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074a2e9a2 5 bytes JMP 00000001711e15a0
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3120] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074a2ebdc 5 bytes JMP 00000001711e119f
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3120] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076215ea5 5 bytes JMP 00000001711e15d2
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3120] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076249d0b 5 bytes JMP 00000001711e122b
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076361465 2 bytes [36, 76]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763614bb 2 bytes [36, 76]
.text ... * 2
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3196] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076c8efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3196] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076cb99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3196] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076cc94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3196] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076cc9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3196] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076cea500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3196] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcc43460 7 bytes JMP 000007fffcc300d8
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3196] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcc490b0 5 bytes JMP 000007fffcc30180
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3196] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcc49250 5 bytes JMP 000007fffcc30110
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3196] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcc4b7b0 6 bytes JMP 000007fffcc30148
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3196] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcf889e0 8 bytes JMP 000007fffcc301f0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3196] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcf8be40 8 bytes JMP 000007fffcc301b8
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3196] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd0d7490 11 bytes JMP 000007fffcc30228
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3196] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd0ebf00 7 bytes JMP 000007fffcc30260
.text C:\Program Files\Dell\QuickSet\quickset.exe[3272] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076c8efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Dell\QuickSet\quickset.exe[3272] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076cb99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Dell\QuickSet\quickset.exe[3272] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076cc94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Dell\QuickSet\quickset.exe[3272] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076cc9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Dell\QuickSet\quickset.exe[3272] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076cea500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Dell\QuickSet\quickset.exe[3272] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcc43460 7 bytes JMP 000007fffcc300d8
.text C:\Program Files\Dell\QuickSet\quickset.exe[3272] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcc490b0 5 bytes JMP 000007fffcc30180
.text C:\Program Files\Dell\QuickSet\quickset.exe[3272] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcc49250 5 bytes JMP 000007fffcc30110
.text C:\Program Files\Dell\QuickSet\quickset.exe[3272] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcc4b7b0 6 bytes JMP 000007fffcc30148
.text C:\Program Files\Dell\QuickSet\quickset.exe[3272] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcf889e0 8 bytes JMP 000007fffcc301f0
.text C:\Program Files\Dell\QuickSet\quickset.exe[3272] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcf8be40 8 bytes JMP 000007fffcc301b8
.text C:\Program Files\Dell\QuickSet\quickset.exe[3272] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd0d7490 11 bytes JMP 000007fffcc30228
.text C:\Program Files\Dell\QuickSet\quickset.exe[3272] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd0ebf00 7 bytes JMP 000007fffcc30260
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[3368] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a41429 7 bytes JMP 00000001711e128a
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[3368] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076a5b223 5 bytes JMP 00000001711e158c
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[3368] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076ad88f4 7 bytes JMP 00000001711e1334
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[3368] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076ad8979 5 bytes JMP 00000001711e16a4
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[3368] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076ad8ccf 5 bytes JMP 00000001711e101e
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[3368] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000752a1d1b 5 bytes JMP 00000001711e11d1
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[3368] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000752a1dc9 5 bytes JMP 00000001711e1019
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[3368] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000752a2aa4 5 bytes JMP 00000001711e1546
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[3368] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000752a2d0a 5 bytes JMP 00000001711e1271
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[3368] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074a2e9a2 5 bytes JMP 00000001711e15a0
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[3368] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074a2ebdc 5 bytes JMP 00000001711e119f
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[3368] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076215ea5 5 bytes JMP 00000001711e15d2
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[3368] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076249d0b 5 bytes JMP 00000001711e122b
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3436] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076c8efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3436] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076cb99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3436] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076cc94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3436] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076cc9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3436] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076cea500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3436] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcc43460 7 bytes JMP 000007fffcc300d8
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3436] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcc490b0 5 bytes JMP 000007fffcc30180
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3436] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcc49250 5 bytes JMP 000007fffcc30110
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3436] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcc4b7b0 6 bytes JMP 000007fffcc30148
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3436] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcf889e0 8 bytes JMP 000007fffcc301f0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3436] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcf8be40 8 bytes JMP 000007fffcc301b8
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3436] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd0d7490 11 bytes JMP 000007fffcc30228
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3436] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd0ebf00 7 bytes JMP 000007fffcc30260
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3484] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076c8efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3484] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076cb99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3484] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076cc94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3484] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076cc9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3484] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076cea500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3484] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcc43460 7 bytes JMP 000007fffcc300d8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3484] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcc490b0 5 bytes JMP 000007fffcc30180
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3484] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcc49250 5 bytes JMP 000007fffcc30110
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3484] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcc4b7b0 6 bytes JMP 000007fffcc30148
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3484] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd0d7490 11 bytes JMP 000007fffcc30228
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3484] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd0ebf00 7 bytes JMP 000007fffcc30260
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3484] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcf889e0 8 bytes JMP 000007fffcc301f0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3484] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcf8be40 8 bytes JMP 000007fffcc301b8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3732] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076c8efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3732] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076cb99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3732] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076cc94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3732] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076cc9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3732] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076cea500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3732] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcc43460 7 bytes JMP 000007fffcc300d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3732] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcc490b0 5 bytes JMP 000007fffcc30180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3732] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcc49250 5 bytes JMP 000007fffcc30110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3732] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcc4b7b0 6 bytes JMP 000007fffcc30148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3732] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcf889e0 8 bytes JMP 000007fffcc301f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3732] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcf8be40 8 bytes JMP 000007fffcc301b8
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3876] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a41429 7 bytes JMP 00000001711e128a
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3876] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076a5b223 5 bytes JMP 00000001711e158c
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3876] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076ad88f4 7 bytes JMP 00000001711e1334
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3876] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076ad8979 5 bytes JMP 00000001711e16a4
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3876] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076ad8ccf 5 bytes JMP 00000001711e101e
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3876] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000752a1d1b 5 bytes JMP 00000001711e11d1
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3876] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000752a1dc9 5 bytes JMP 00000001711e1019
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3876] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000752a2aa4 5 bytes JMP 00000001711e1546
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3876] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000752a2d0a 5 bytes JMP 00000001711e1271
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3876] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074a2e9a2 5 bytes JMP 00000001711e15a0
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3876] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074a2ebdc 5 bytes JMP 00000001711e119f
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3876] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076215ea5 5 bytes JMP 00000001711e15d2
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3876] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076249d0b 5 bytes JMP 00000001711e122b
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3884] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a41429 7 bytes JMP 00000001711e128a
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3884] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076a5b223 5 bytes JMP 00000001711e158c
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3884] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076ad88f4 7 bytes JMP 00000001711e1334
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3884] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076ad8979 5 bytes JMP 00000001711e16a4
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3884] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076ad8ccf 5 bytes JMP 00000001711e101e
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3884] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000752a1d1b 5 bytes JMP 00000001711e11d1
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3884] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000752a1dc9 5 bytes JMP 00000001711e1019
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3884] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000752a2aa4 5 bytes JMP 00000001711e1546
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3884] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000752a2d0a 5 bytes JMP 00000001711e1271
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3884] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074a2e9a2 5 bytes JMP 00000001711e15a0
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3884] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074a2ebdc 5 bytes JMP 00000001711e119f
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3884] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076215ea5 5 bytes JMP 00000001711e15d2
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3884] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076249d0b 5 bytes JMP 00000001711e122b
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076361465 2 bytes [36, 76]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763614bb 2 bytes [36, 76]
.text ... * 2
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3652] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a41429 7 bytes JMP 00000001711e128a
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3652] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076a5b223 5 bytes JMP 00000001711e158c
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3652] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076ad88f4 7 bytes JMP 00000001711e1334
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3652] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076ad8979 5 bytes JMP 00000001711e16a4
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3652] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076ad8ccf 5 bytes JMP 00000001711e101e
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3652] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000752a1d1b 5 bytes JMP 00000001711e11d1
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3652] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000752a1dc9 5 bytes JMP 00000001711e1019
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3652] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000752a2aa4 5 bytes JMP 00000001711e1546
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3652] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000752a2d0a 5 bytes JMP 00000001711e1271
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3652] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074a2e9a2 5 bytes JMP 00000001711e15a0
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3652] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074a2ebdc 5 bytes JMP 00000001711e119f
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3652] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076215ea5 5 bytes JMP 00000001711e15d2
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3652] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076249d0b 5 bytes JMP 00000001711e122b
.text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[3712] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a41429 7 bytes JMP 00000001711e128a
.text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[3712] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076a5b223 5 bytes JMP 00000001711e158c
.text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[3712] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076ad88f4 7 bytes JMP 00000001711e1334
.text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[3712] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076ad8979 5 bytes JMP 00000001711e16a4
.text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[3712] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076ad8ccf 5 bytes JMP 00000001711e101e
.text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[3712] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000752a1d1b 5 bytes JMP 00000001711e11d1
.text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[3712] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000752a1dc9 5 bytes JMP 00000001711e1019
.text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[3712] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000752a2aa4 5 bytes JMP 00000001711e1546
.text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[3712] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000752a2d0a 5 bytes JMP 00000001711e1271
.text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[3712] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074a2e9a2 5 bytes JMP 00000001711e15a0
.text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[3712] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074a2ebdc 5 bytes JMP 00000001711e119f
.text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[3712] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076215ea5 5 bytes JMP 00000001711e15d2
.text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[3712] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076249d0b 5 bytes JMP 00000001711e122b
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[4336] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a41429 7 bytes JMP 00000001711e128a
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[4336] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076a5b223 5 bytes JMP 00000001711e158c
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[4336] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076ad88f4 7 bytes JMP 00000001711e1334
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[4336] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076ad8979 5 bytes JMP 00000001711e16a4
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[4336] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076ad8ccf 5 bytes JMP 00000001711e101e
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[4336] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000752a1d1b 5 bytes JMP 00000001711e11d1
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[4336] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000752a1dc9 5 bytes JMP 00000001711e1019
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[4336] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000752a2aa4 5 bytes JMP 00000001711e1546
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[4336] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000752a2d0a 5 bytes JMP 00000001711e1271
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[4336] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074a2e9a2 5 bytes JMP 00000001711e15a0
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[4336] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074a2ebdc 5 bytes JMP 00000001711e119f
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[4336] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076215ea5 5 bytes JMP 00000001711e15d2
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[4336] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076249d0b 5 bytes JMP 00000001711e122b
.text C:\Windows\system32\wbem\unsecapp.exe[4600] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcc43460 7 bytes JMP 000007fffcc300d8
.text C:\Windows\system32\wbem\unsecapp.exe[4600] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcc490b0 5 bytes JMP 000007fffcc30180
.text C:\Windows\system32\wbem\unsecapp.exe[4600] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcc49250 5 bytes JMP 000007fffcc30110
.text C:\Windows\system32\wbem\unsecapp.exe[4600] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcc4b7b0 6 bytes JMP 000007fffcc30148
.text C:\Windows\system32\wbem\unsecapp.exe[4600] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd0d7490 11 bytes JMP 000007fffcc30228
.text C:\Windows\system32\wbem\unsecapp.exe[4600] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd0ebf00 7 bytes JMP 000007fffcc30260
.text C:\Windows\system32\wbem\unsecapp.exe[4600] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcf889e0 8 bytes JMP 000007fffcc301f0
.text C:\Windows\system32\wbem\unsecapp.exe[4600] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcf8be40 8 bytes JMP 000007fffcc301b8
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4700] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a41429 7 bytes JMP 00000001711e128a
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4700] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076a5b223 5 bytes JMP 00000001711e158c
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4700] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076ad88f4 7 bytes JMP 00000001711e1334
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4700] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076ad8979 5 bytes JMP 00000001711e16a4
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4700] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076ad8ccf 5 bytes JMP 00000001711e101e
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4700] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000752a1d1b 5 bytes JMP 00000001711e11d1
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4700] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000752a1dc9 5 bytes JMP 00000001711e1019
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4700] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000752a2aa4 5 bytes JMP 00000001711e1546
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4700] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000752a2d0a 5 bytes JMP 00000001711e1271
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4700] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074a2e9a2 5 bytes JMP 00000001711e15a0
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4700] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074a2ebdc 5 bytes JMP 00000001711e119f
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4700] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076215ea5 5 bytes JMP 00000001711e15d2
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4700] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076249d0b 5 bytes JMP 00000001711e122b
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4876] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcc43460 7 bytes JMP 000007fffcc300d8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4876] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcc490b0 5 bytes JMP 000007fffcc30180
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4876] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcc49250 5 bytes JMP 000007fffcc30110
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4876] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcc4b7b0 6 bytes JMP 000007fffcc30148
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4876] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcf889e0 8 bytes JMP 000007fffcc301f0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4876] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcf8be40 8 bytes JMP 000007fffcc301b8
.text C:\Users\snoerer\Downloads\gmer_2.1.19163.exe[5456] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a41429 7 bytes JMP 00000001711e128a
.text C:\Users\snoerer\Downloads\gmer_2.1.19163.exe[5456] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076a5b223 5 bytes JMP 00000001711e158c
.text C:\Users\snoerer\Downloads\gmer_2.1.19163.exe[5456] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076ad88f4 7 bytes JMP 00000001711e1334
.text C:\Users\snoerer\Downloads\gmer_2.1.19163.exe[5456] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076ad8979 5 bytes JMP 00000001711e16a4
.text C:\Users\snoerer\Downloads\gmer_2.1.19163.exe[5456] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076ad8ccf 5 bytes JMP 00000001711e101e
.text C:\Users\snoerer\Downloads\gmer_2.1.19163.exe[5456] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000752a1d1b 5 bytes JMP 00000001711e11d1
.text C:\Users\snoerer\Downloads\gmer_2.1.19163.exe[5456] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000752a1dc9 5 bytes JMP 00000001711e1019
.text C:\Users\snoerer\Downloads\gmer_2.1.19163.exe[5456] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000752a2aa4 5 bytes JMP 00000001711e1546
.text C:\Users\snoerer\Downloads\gmer_2.1.19163.exe[5456] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000752a2d0a 5 bytes JMP 00000001711e1271
.text C:\Users\snoerer\Downloads\gmer_2.1.19163.exe[5456] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074a2e9a2 5 bytes JMP 00000001711e15a0
.text C:\Users\snoerer\Downloads\gmer_2.1.19163.exe[5456] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074a2ebdc 5 bytes JMP 00000001711e119f
---- Threads - GMER 2.1 ----
Thread C:\Windows\Explorer.EXE [1756:4080] 00000000079f1168
Thread C:\Windows\Explorer.EXE [1756:4084] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:3252] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:3256] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:3268] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:3512] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:3596] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:1076] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:1904] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:3644] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:3296] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:3728] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:3848] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:1896] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:3916] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:3356] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:4052] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:3680] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:4060] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:3664] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:3668] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:3656] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:3504] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:3564] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:3364] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:3444] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:3496] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:3348] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:1084] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:3400] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:3460] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:3412] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:1120] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:3188] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:3604] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:3280] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:2072] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:3860] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:3868] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:3308] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:3264] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:1404] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:1116] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:3856] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:1392] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:3844] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:3840] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:2636] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:2952] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:1548] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:3176] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:3112] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:2692] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:2648] 00000000079f98ec
Thread C:\Windows\Explorer.EXE [1756:3632] 00000000079f98ec
Thread C:\Windows\Explorer.EXE [1756:1644] 00000000079f98ec
Thread C:\Windows\Explorer.EXE [1756:3956] 00000000079f98ec
Thread C:\Windows\Explorer.EXE [1756:2412] 00000000079f98ec
Thread C:\Windows\Explorer.EXE [1756:3692] 00000000079f98ec
Thread C:\Windows\Explorer.EXE [1756:4100] 00000000079f98ec
Thread C:\Windows\Explorer.EXE [1756:4104] 00000000079f98ec
Thread C:\Windows\Explorer.EXE [1756:4108] 00000000079f98ec
Thread C:\Windows\Explorer.EXE [1756:4112] 00000000079f98ec
Thread C:\Windows\Explorer.EXE [1756:4116] 0000000007a515e0
Thread C:\Windows\Explorer.EXE [1756:4120] 0000000007a3fc90
Thread C:\Windows\Explorer.EXE [1756:4124] 00000000079feed0
Thread C:\Windows\Explorer.EXE [1756:4404] 0000000007a515e0
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x63 0xCD 0x23 0xD6 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFA 0x4C 0x22 0xA7 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB2 0xEA 0x0F 0x6F ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x63 0xCD 0x23 0xD6 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFA 0x4C 0x22 0xA7 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB2 0xEA 0x0F 0x6F ...
---- EOF - GMER 2.1 ----
| Es wäre sehr nett wenn ihr mir damit helfen könntet.
Vielen Dank!
|
10.07.2013, 13:33
Baum-Darstellung