| |
| |||||||
Log-Analyse und Auswertung: Avast blockiert Datei (windows\system32\svchost.exe)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
14.07.2013, 15:59
| #1 |
 |  Avast blockiert Datei (windows\system32\svchost.exe) Hallo zusammen, ich habe heute für meine Mama im Internet nach diversen kleinen Spielen wie z.B. peggle, jewels quest usw. gesucht, weil sie gerne ein paar Spiele auf ihrem (nicht meinem infizierten) Laptop haben wollte. Nachdem ich das Spiel Jewel Quest Mysteries hier heruntergeladen, gestartet, beendet und wieder deinstalliert hatte, fingen die Probleme an. PROBLEM: Ich bekomme seit dem im etwa 30 Sekundentakt von meinem Avast diese Meldung  und in relativ unregelmäßigen Abständen diese zweite Meldung  Sobald ich die Verbindung zum Internet unterbreche bekomme ich auch keine Meldungen mehr. Ich habe einen Quickscan mit OTL gemacht, aber lediglich eine txt-Datei (otl.txt) erhalten aber keine extra.txt. Während des Scans mit GMER habe ich mehrfach eine Fehlermeldung bekommen, dass in Laufwerk H: kein Datenträger eingelegt ist und ich diesen bitte einlegen müsse. Ein Laufwerk H: habe ich gar nicht an meinem Rechner  Langsam werde ich noch irre von dieser Fehlermeldung. Ich bitte um Hilfe, sonst    Vielen Dank im Voraus für Eure Unterstützung!!! Gruß loewenherzl |
|
14.07.2013, 17:21
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Avast blockiert Datei (windows\system32\svchost.exe) Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
14.07.2013, 18:21
| #3 |
| | Avast blockiert Datei (windows\system32\svchost.exe) Hallo cosinus,
__________________vielen Dank schon mal für Deine sehr schnelle Rückmeldung. Weitere Logfiles habe ich nicht. Ich hatte heute Vormittag einen Quickscan mit Avast gemacht, da wurden zwei/drei Files angezeigt, die das Programm wohl nicht zuordnen konnte bzw. nicht darauf zugreifen konnte (Fehler). Die gepackten Logfiles habe ich nur in ein RAR-Archiv gepackt, weil der Beitrag über 123.000 Zeichen hatte und dies nicht möglich war zu posten. Soll ich noch einen Scan mit einer der im Beitrag Wichtig: Bitte alle Logs mit Funden posten genannten Programme machen und wenn ja mit welchem und wo bekomme ich die? Gruß loewenherzl EDIT: Bekomme heute immer wieder mal irgendwelche Fenster angezeigt, die sich im Hintergrund von Firefox öffnen und die ich erst rein zufällig in der Taskleiste (Win 8) sehe. z.B.  Geändert von loewenherzl (14.07.2013 um 18:27 Uhr) |
|
14.07.2013, 18:26
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avast blockiert Datei (windows\system32\svchost.exe)Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.07.2013, 18:31
| #5 |
| | Avast blockiert Datei (windows\system32\svchost.exe) OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.07.2013 14:46:57 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads Professional (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,08 Gb Available Physical Memory | 69,35% Memory free 6,00 Gb Paging File | 5,04 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 116,44 Gb Total Space | 67,32 Gb Free Space | 57,82% Space Free | Partition Type: NTFS Drive D: | 104,73 Gb Total Space | 54,45 Gb Free Space | 51,99% Space Free | Partition Type: NTFS Drive E: | 116,44 Gb Total Space | 69,39 Gb Free Space | 59,59% Space Free | Partition Type: NTFS Drive G: | 116,44 Gb Total Space | 116,16 Gb Free Space | 99,76% Space Free | Partition Type: NTFS Computer Name: LABTOP | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.14 14:46:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe PRC - [2013.07.03 09:57:31 | 000,257,136 | ---- | M] (Microsoft Corporation) -- C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe PRC - [2013.06.04 10:41:17 | 000,138,672 | ---- | M] (Microsoft Corporation) -- C:\Programme\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe PRC - [2013.05.27 13:48:52 | 000,312,608 | ---- | M] (Skillbrains) -- C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.0\LightShot.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2013.03.02 10:24:03 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhostex.exe PRC - [2013.01.09 18:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) -- C:\Programme\PDF Architect\HelperService.exe PRC - [2012.12.29 10:26:22 | 001,822,136 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe PRC - [2012.12.29 10:26:22 | 000,873,400 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2012.12.29 03:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.12.23 15:11:50 | 001,045,256 | ---- | M] (Acresso Software Inc.) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe PRC - [2012.10.11 07:56:41 | 002,115,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2012.09.14 14:14:16 | 000,328,064 | ---- | M] (ASUSTek Computer Inc.) -- C:\Programme\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2012.09.11 17:06:52 | 000,184,704 | ---- | M] (ASUSTek Computer Inc.) -- C:\Programme\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2012.09.11 12:41:14 | 000,106,880 | ---- | M] (ASUSTek Computer Inc.) -- C:\Programme\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe PRC - [2012.07.26 05:30:19 | 000,029,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RuntimeBroker.exe PRC - [2012.07.26 05:20:44 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dasHost.exe PRC - [2012.07.23 15:42:04 | 000,041,632 | ---- | M] (ASUSTek Computer Inc.) -- C:\Programme\ASUS\ATK Package\ATK Hotkey\SynptSync.exe PRC - [2012.07.17 17:54:20 | 000,178,848 | ---- | M] (ASUSTek Computer Inc.) -- C:\Programme\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2012.06.25 16:16:48 | 005,446,056 | ---- | M] () -- C:\Programme\SRS Labs\SRS Audio Essentials\AudioEssentials.exe PRC - [2012.06.25 16:16:44 | 000,548,768 | ---- | M] (SRS Labs, Inc.) -- C:\Programme\SRS Labs\SRS Audio Essentials\AENotifier.exe PRC - [2012.06.25 16:16:26 | 000,013,232 | ---- | M] (SRS Labs, Inc.) -- C:\Programme\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe PRC - [2012.01.20 22:03:48 | 000,719,672 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\MSOSYNC.EXE PRC - [2011.11.21 15:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Programme\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2006.10.23 00:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 8.0\Acrobat\acrotray.exe ========== Modules (No Company Name) ========== MOD - [2013.07.14 10:54:08 | 002,297,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\0db8aa5ffb4ab7d5051dc10101841f84\System.Core.ni.dll MOD - [2013.07.14 10:53:57 | 005,464,064 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\a74b6a2fbd1dff41aa83ce6b8de639e4\System.Xml.ni.dll MOD - [2013.07.14 10:53:50 | 012,436,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\dfa2cb72af0c0dfeb2b898b1b35c0077\System.Windows.Forms.ni.dll MOD - [2013.07.14 10:53:39 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\dfd1de460c7612ad1d02afc9d97bf78c\System.Drawing.ni.dll MOD - [2013.07.14 10:53:29 | 000,368,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\abb10610a31396b63a3cd6c4715b3780\PresentationFramework.Aero.ni.dll MOD - [2013.07.14 10:53:28 | 014,344,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a1eea172ca028963d0f09cecfe7f8402\PresentationFramework.ni.dll MOD - [2013.07.14 10:53:04 | 012,240,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\5688fe8c31c6dcefc0cd072867f4e980\PresentationCore.ni.dll MOD - [2013.07.14 10:52:48 | 003,350,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\5b1df3dd80d30a88e2f843c8498c83b8\WindowsBase.ni.dll MOD - [2013.07.14 10:52:44 | 007,988,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\1fe104e6fe551fea4435d29d219f19a7\System.ni.dll MOD - [2013.07.14 10:52:06 | 011,500,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\d1ce70bf6cbab6ab838cbd8b50e902c1\mscorlib.ni.dll MOD - [2013.05.15 03:04:36 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2013.04.20 00:05:22 | 005,283,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll MOD - [2012.10.11 07:06:45 | 000,289,280 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.DLL MOD - [2012.10.11 07:06:45 | 000,289,280 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll MOD - [2012.10.10 03:35:25 | 005,992,448 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll MOD - [2012.10.10 03:35:25 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll MOD - [2012.10.10 03:35:25 | 000,446,464 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll MOD - [2012.10.10 03:35:25 | 000,110,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMDiagnostics.dll MOD - [2012.09.14 00:04:12 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2012.09.14 00:03:49 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2012.07.06 04:01:14 | 000,385,024 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll MOD - [2012.07.06 04:01:14 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2012.07.06 04:01:07 | 000,249,856 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2012.07.06 04:01:00 | 000,569,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll MOD - [2012.07.06 04:01:00 | 000,507,904 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll MOD - [2012.06.25 16:16:48 | 005,446,056 | ---- | M] () -- C:\Programme\SRS Labs\SRS Audio Essentials\AudioEssentials.exe MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ========== Services (SafeList) ========== SRV - [2013.07.11 10:22:27 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.07.03 13:03:29 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2013.05.04 06:57:04 | 000,371,200 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofmsvc.dll -- (netprofm) SRV - [2013.05.04 06:56:05 | 000,143,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\bisrv.dll -- (BrokerInfrastructure) SRV - [2013.04.08 23:51:05 | 000,136,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV - [2013.03.02 10:23:17 | 000,114,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\TimeBrokerServer.dll -- (TimeBroker) SRV - [2013.03.02 10:23:15 | 000,117,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV - [2013.02.14 04:14:02 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.01.10 01:26:37 | 001,532,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlidsvc.dll -- (wlidsvc) SRV - [2013.01.10 01:26:01 | 000,349,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsm.dll -- (LSM) SRV - [2013.01.09 18:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) [Auto | Stopped] -- C:\Programme\PDF Architect\ConversionService.exe -- (PDF Architect Service) SRV - [2013.01.09 18:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Programme\PDF Architect\HelperService.exe -- (PDF Architect Helper Service) SRV - [2012.12.29 12:26:54 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.12.29 03:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.12.23 15:11:50 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.11.06 06:54:13 | 002,205,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\spool\drivers\w32x86\3\PrintConfig.dll -- (PrintNotify) SRV - [2012.09.20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2012.09.20 08:32:32 | 002,151,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WSService.dll -- (WSService) SRV - [2012.09.20 07:55:29 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2012.09.20 07:53:51 | 000,095,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\fhsvc.dll -- (fhsvc) SRV - [2012.09.11 12:41:14 | 000,106,880 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Programme\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService) SRV - [2012.07.26 05:20:19 | 000,051,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wiarpc.dll -- (WiaRpc) SRV - [2012.07.26 05:20:13 | 000,226,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wcmsvc.dll -- (Wcmsvc) SRV - [2012.07.26 05:20:11 | 000,192,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\vaultsvc.dll -- (VaultSvc) SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2012.07.26 05:20:04 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\svsvc.dll -- (svsvc) SRV - [2012.07.26 05:19:54 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2012.07.26 05:19:40 | 002,028,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2012.07.26 05:19:21 | 000,138,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\NcaSvc.dll -- (NcaSvc) SRV - [2012.07.26 05:19:21 | 000,062,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\NcdAutoSetup.dll -- (NcdAutoSetup) SRV - [2012.07.26 05:18:47 | 000,043,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\keyiso.dll -- (KeyIso) SRV - [2012.07.26 05:18:24 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\efssvc.dll -- (EFS) SRV - [2012.07.26 05:18:18 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\DeviceSetupManager.dll -- (DsmSvc) SRV - [2012.07.26 05:18:13 | 000,261,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\das.dll -- (DeviceAssociationService) SRV - [2012.07.26 05:17:58 | 000,109,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AUInstallAgent.dll -- (AllUserInstallAgent) SRV - [2012.07.26 02:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicvss) SRV - [2012.07.26 02:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmictimesync) SRV - [2012.07.26 02:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicshutdown) SRV - [2012.07.26 02:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicrdv) SRV - [2012.07.26 02:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmickvpexchange) SRV - [2012.07.26 02:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicheartbeat) SRV - [2012.06.25 16:16:26 | 000,013,232 | ---- | M] (SRS Labs, Inc.) [Auto | Running] -- C:\Programme\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe -- (SRSHDAudioService) SRV - [2011.11.21 15:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Programme\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) DRV - [2013.06.28 11:19:55 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm) DRV - [2013.06.28 11:19:54 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2013.06.28 11:19:47 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2013.05.09 10:59:10 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\Drivers\aswRdr2.sys -- (aswRdr) DRV - [2013.05.09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2013.05.09 10:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt) DRV - [2013.05.09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\Drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2013.05.09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2013.05.04 07:20:57 | 000,362,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\USBHUB3.SYS -- (USBHUB3) DRV - [2013.05.04 07:20:54 | 000,238,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\spaceport.sys -- (spaceport) DRV - [2013.05.04 07:20:54 | 000,180,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\UCX01000.SYS -- (UCX01000) DRV - [2013.03.02 11:54:25 | 000,121,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\tpm.sys -- (TPM) DRV - [2013.03.02 11:06:16 | 000,057,576 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\pdc.sys -- (pdc) DRV - [2013.03.02 10:52:49 | 000,268,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\USBXHCI.SYS -- (USBXHCI) DRV - [2013.03.02 10:52:47 | 000,066,280 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\storahci.sys -- (storahci) DRV - [2013.02.02 09:31:49 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV - [2013.01.29 02:02:46 | 000,029,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WdBoot.sys -- (WdBoot) DRV - [2013.01.29 01:07:34 | 000,193,936 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WdFilter.sys -- (WdFilter) DRV - [2013.01.10 03:07:00 | 000,024,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV - [2012.12.29 12:26:54 | 008,904,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.11.27 05:53:14 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BthhfHid.sys -- (bthhfhid) DRV - [2012.11.20 06:56:58 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hidi2c.sys -- (hidi2c) DRV - [2012.11.06 05:52:56 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\fxppm.sys -- (FxPPM) DRV - [2012.10.12 09:12:33 | 000,023,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012.10.11 07:45:31 | 000,050,920 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\dam.sys -- (dam) DRV - [2012.10.11 07:28:23 | 000,046,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\sdstor.sys -- (sdstor) DRV - [2012.10.11 06:40:26 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WSDScan.sys -- (WSDScan) DRV - [2012.09.20 09:09:32 | 000,031,464 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\cnghwassist.sys -- (cnghwassist) DRV - [2012.09.20 08:34:07 | 000,097,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV - [2012.07.26 06:17:18 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\condrv.sys -- (condrv) DRV - [2012.07.26 05:48:44 | 000,058,608 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\acpiex.sys -- (acpiex) DRV - [2012.07.26 05:42:33 | 000,068,848 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\lsi_sss.sys -- (LSI_SSS) DRV - [2012.07.26 05:42:32 | 000,099,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV - [2012.07.26 05:42:32 | 000,070,384 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\EhStorClass.sys -- (EhStorClass) DRV - [2012.07.26 05:42:31 | 000,085,232 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\3ware.sys -- (3ware) DRV - [2012.07.26 05:42:19 | 000,285,424 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV - [2012.07.26 05:42:19 | 000,080,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VerifierExt.sys -- (VerifierExt) DRV - [2012.07.26 05:42:18 | 000,076,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\uaspstor.sys -- (UASPStor) DRV - [2012.07.26 05:42:15 | 000,059,120 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\mvumis.sys -- (mvumis) DRV - [2012.07.26 05:40:36 | 000,038,640 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\wfplwfs.sys -- (WFPLWFS) DRV - [2012.07.26 05:40:10 | 000,256,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\clfs.sys -- (CLFS) DRV - [2012.07.26 05:39:55 | 000,029,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\terminpt.sys -- (terminpt) DRV - [2012.07.26 05:33:00 | 000,130,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\vmbus.sys -- (vmbus) DRV - [2012.07.26 05:33:00 | 000,042,344 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\vmstorfl.sys -- (storflt) DRV - [2012.07.26 05:33:00 | 000,032,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\storvsc.sys -- (storvsc) DRV - [2012.07.26 04:37:58 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2012.07.26 04:36:54 | 000,042,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV - [2012.07.26 04:36:49 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\mshidumdf.sys -- (mshidumdf) DRV - [2012.07.26 04:36:36 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\HyperVideo.sys -- (HyperVideo) DRV - [2012.07.26 04:36:35 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\BasicRender.sys -- (BasicRender) DRV - [2012.07.26 04:35:30 | 000,006,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\vms3cap.sys -- (s3cap) DRV - [2012.07.26 04:35:28 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\npsvctrig.sys -- (npsvctrig) DRV - [2012.07.26 04:35:10 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\kdnic.sys -- (kdnic) DRV - [2012.07.26 04:35:06 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\acpitime.sys -- (acpitime) DRV - [2012.07.26 04:35:04 | 000,009,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\vmgencounter.sys -- (gencounter) DRV - [2012.07.26 04:34:43 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\acpipagr.sys -- (acpipagr) DRV - [2012.07.26 04:34:42 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV - [2012.07.26 04:34:22 | 000,018,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VMBusHID.sys -- (VMBusHID) DRV - [2012.07.26 04:34:04 | 000,010,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hyperkbd.sys -- (hyperkbd) DRV - [2012.07.26 04:33:53 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SerCx.sys -- (SerCx) DRV - [2012.07.26 04:33:50 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SpbCx.sys -- (SpbCx) DRV - [2012.07.26 04:33:50 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\vwifimp.sys -- (vwifimp) DRV - [2012.07.26 04:33:29 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2012.07.26 04:33:16 | 000,044,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\bthhfenum.sys -- (BthHFEnum) DRV - [2012.07.26 04:32:54 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2012.07.26 04:32:53 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\dmvsc.sys -- (dmvsc) DRV - [2012.07.26 04:32:02 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\wpcfltr.sys -- (wpcfltr) DRV - [2012.07.26 04:31:11 | 000,110,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV - [2012.07.26 04:30:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\mslldp.sys -- (MsLldp) DRV - [2012.07.26 04:30:39 | 000,084,480 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\Ndu.sys -- (Ndu) DRV - [2012.06.21 17:04:52 | 000,407,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SRS_AE_i386.sys -- (SRS_AE_Service) DRV - [2012.06.02 16:32:04 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SiSGB6.sys -- (SiSGbeLH) DRV - [2012.06.02 16:31:30 | 002,273,280 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\athr.sys -- (athr) DRV - [2009.07.02 18:36:10 | 000,013,880 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Programme\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys -- (ASMMAP) DRV - [2009.05.13 10:06:48 | 000,014,392 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\ATKACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Google IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about blank" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.05.27 17:52:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files\PDF Architect\FFPDFArchitectExt [2013.02.25 13:08:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.03 17:05:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2013.05.25 15:38:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\90vhslw0.default-1369489056204\extensions [2013.05.25 15:38:19 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\90vhslw0.default-1369489056204\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.07.03 13:03:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.07.03 13:03:31 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2012.07.26 06:17:20 | 000,000,824 | ---- | M]) - C:\Windows\System32\Drivers\etc\hosts O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Programme\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [SRSAENotifier] C:\Programme\SRS Labs\SRS Audio Essentials\AENotifier.exe (SRS Labs, Inc.) O4 - HKCU..\Run: [Exetender_148] "C:\Program Files\FreeRide Games\GPlayer.exe" /schedule 300000 File not found O4 - HKCU..\Run: [LightShot] C:\Users\***\AppData\Local\Skillbrains\lightshot\LightShot.exe () O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation) O4 - HKCU..\Run: [SkyDrive] C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) O4 - HKCU..\Run: [SRSHDAudioLab] C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe () O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1 O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Free YouTube Download - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - %SystemRoot%\System32\winrnr.dll File not found O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EBF7F6B0-4688-4F9E-B8A5-5D4DD4E022D3}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\NVIDIA~1\3DVISI~1\nvStInit.dll) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\WINDOWS\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2012.12.08 20:12:58 | 000,000,000 | ---D | M] - D:\Autokauf -- [ NTFS ] O32 - AutoRun File - [2012.12.08 21:21:36 | 000,000,000 | ---D | M] - E:\Autokauf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.14 12:32:57 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\wildtangent_de [2013.07.14 12:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\FreeRide Games [2013.07.14 11:15:42 | 000,000,000 | ---D | C] -- C:\BigFishCache [2013.07.14 11:15:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Big Fish [2013.07.14 11:15:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\GetRightToGo [2013.07.12 09:48:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\pdfforge [2013.07.12 09:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2013.07.12 09:48:45 | 000,095,416 | ---- | C] (pdfforge GmbH) -- C:\WINDOWS\System32\pdfcmon.dll [2013.07.12 09:48:43 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator [2013.07.10 11:12:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2013.07.06 08:52:15 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.07.03 13:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.07.03 09:57:57 | 000,000,000 | -H-D | C] -- C:\SkyDriveTemp [2013.06.14 15:49:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java ========== Files - Modified Within 30 Days ========== [2013.07.14 14:43:54 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.07.14 14:21:05 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.07.14 14:19:50 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.07.14 13:44:17 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.07.14 13:44:17 | 2576,416,768 | -HS- | M] () -- C:\hiberfil.sys [2013.07.14 13:27:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\update-S-1-5-21-4171136491-575053196-1707953686-1000.job [2013.07.14 12:47:17 | 000,425,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.07.14 12:44:01 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\update-sys.job [2013.07.12 16:28:10 | 000,753,134 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.07.12 16:28:10 | 000,710,244 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.07.12 16:28:10 | 000,155,826 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.07.12 16:28:10 | 000,132,614 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.07.12 09:40:01 | 000,043,823 | ---- | M] () -- C:\Users\***\AppData\Local\recently-used.xbel [2013.07.11 17:47:57 | 000,000,442 | ---- | M] () -- C:\Users\***\AppData\Local\UserProducts.xml [2013.06.28 11:19:55 | 000,175,176 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys [2013.06.28 11:19:55 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum [2013.06.28 11:19:54 | 000,369,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2013.06.28 11:19:54 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum [2013.06.28 11:19:47 | 000,770,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2013.06.28 11:19:47 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum ========== Files Created - No Company Name ========== [2013.07.14 14:43:54 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.07.14 12:47:06 | 000,425,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.07.12 09:40:01 | 000,043,823 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel [2013.07.11 10:36:56 | 000,001,535 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free YouTube to MP3 Converter.lnk [2013.07.06 08:41:52 | 000,000,937 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zusammenarbeit im Betrieb (Herr Hagendorf).lnk [2013.07.06 08:41:50 | 000,001,018 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rechtssicheres Handeln - Umweltrecht (Herr Dr. Hedermann).lnk [2013.07.06 08:41:48 | 000,001,024 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IKP - Information, Kommunikation und Planung (Herr Rüßmann).lnk [2013.07.06 08:41:46 | 000,000,957 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Betriebswirtschaftliches Handeln (Herr Ziemer).lnk [2013.06.28 11:19:58 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum [2013.06.27 09:05:48 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum [2013.06.27 09:05:47 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum [2013.03.19 19:39:49 | 000,175,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys [2013.03.19 19:39:49 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys [2013.01.13 15:57:01 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2012.12.23 11:59:56 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\SAMSFPA.DAT [2012.12.21 17:49:20 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\OEMLicense.dll [2012.12.19 14:12:52 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\syndata.bin [2012.12.11 18:52:13 | 000,000,442 | ---- | C] () -- C:\Users\***\AppData\Local\UserProducts.xml [2012.12.10 19:34:33 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswnet.sys.sum [2012.07.26 10:41:52 | 000,753,134 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2012.07.26 10:41:52 | 000,305,546 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2012.07.26 10:41:52 | 000,155,826 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2012.07.26 10:41:52 | 000,040,390 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2012.07.26 08:55:27 | 000,710,244 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2012.07.26 08:55:27 | 000,296,742 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2012.07.26 08:55:27 | 000,132,614 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2012.07.26 08:55:27 | 000,033,362 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2012.07.26 08:53:47 | 000,215,943 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2012.07.26 08:53:46 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT [2012.07.26 08:03:55 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012.07.26 03:20:38 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\BthpanContextHandler.dll [2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\BWContextHandler.dll [2012.07.25 22:41:36 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin [2012.07.25 22:24:47 | 000,526,068 | ---- | C] () -- C:\WINDOWS\System32\staticurllist.bin [2012.07.14 04:00:46 | 000,043,882 | ---- | C] () -- C:\WINDOWS\System32\srms.dat [2012.06.21 17:04:52 | 000,407,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\SRS_AE_i386.sys [2012.06.02 22:25:24 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\settings.dat [2012.06.02 16:31:24 | 001,520,828 | ---- | C] () -- C:\WINDOWS\System32\WpcNBModel.bin [2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2009.04.28 07:35:21 | 000,000,000 | ---- | C] () -- C:\Users\***\ADSM_Backup.xml [2009.04.22 07:55:23 | 000,001,074 | RH-- | C] () -- C:\Users\***\XrxWm.ini [2009.04.22 07:55:23 | 000,000,522 | RH-- | C] () -- C:\Users\***\xw45cpdy.dyc ========== ZeroAccess Check ========== [2013.07.14 12:07:03 | 000,000,082 | ---- | M] () -- C:\Windows\$NtUninstallKB10095$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4D5EYE9F\t.cxt.ms\lso.swf\u.sol [2012.12.22 11:16:05 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.03.06 07:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2012.07.26 05:20:13 | 000,354,304 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.12.26 13:14:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cities3D [2012.12.26 10:56:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\driveridentifier [2012.12.22 11:16:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Drivers For Free [2013.07.10 11:12:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2013.07.10 11:14:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2012.12.28 11:37:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Epson [2012.12.26 13:09:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeOrion [2013.01.13 12:03:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Geek Uninstaller [2013.07.14 11:15:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo [2013.01.13 12:10:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GlarySoft [2013.07.12 17:27:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MediaMonkey [2013.01.10 20:19:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2012.12.24 13:23:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin [2013.02.25 13:11:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDF Architect [2013.07.12 09:48:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge [2012.12.11 18:24:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spacejock Software [2012.12.19 14:16:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Synaptics ========== Purity Check ========== ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\WINDOWS\$NtUninstallKB10095$] -> Error: Cannot create file handle -> Unknown point type < End of report > |
|
14.07.2013, 18:32
| #6 |
| | Avast blockiert Datei (windows\system32\svchost.exe) GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-07-14 16:47:49
Windows 6.2.9200 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1 ST9250320AS rev.0303 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\***\AppData\Local\Temp\uwldapow.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x9071176E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8F42680E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x9070FC42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x8F427CF6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x907118EA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8F426556]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x8F4281C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x8F428066]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8F42645C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8F4264CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8F4262F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x8F427D16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8F4267A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8F426742]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwReplyWaitReceivePortEx [0x8F42922A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwReplyWaitReceivePort [0x8F42D8B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x8F428506]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8F4287F8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x90711822]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8F4330DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x8F42B26E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8F432EF6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8F433036]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x8F42AE78]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8F432EAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8F433122]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8F432F86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8F432F42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8F42892C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8F42B98C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8F4266DC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x9070FC12]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x907116C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x8F42B596]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8F426676]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x8F427E9C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8F4330B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x8F427800]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x8F4275E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8F432ECE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x90711992]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8F432E86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8F4330FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8F432F64]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8F432F18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8F4270E6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAlpcSendWaitReceivePort [0x8F429256]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x907115FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8F426610]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x9072AE00]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!ZwCallbackReturn + 16C 81D404BC 12 Bytes [56, 65, 42, 8F, C8, 81, 42, ...]
.text ntoskrnl.exe!ZwCallbackReturn + 604 81D40954 12 Bytes [B8, 30, 43, 8F, 00, 78, 42, ...]
.text ntoskrnl.exe!ZwReplacePartitionUnit + 2673 81DB6135 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 66A 81DBAA1A 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE ntoskrnl.exe!SeOpenObjectAuditAlarmWithTransaction + 580 81E9DA07 5 Bytes JMP 907297CC \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 81F8A62E 5 Bytes JMP 90727C9A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8201F0ED 7 Bytes JMP 9072AE04 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.edata C:\WINDOWS\System32\DRIVERS\netbt.sys unknown last section [0x8F4FB000, 0x3B6B, 0xC8000040]
? C:\WINDOWS\System32\DRIVERS\netbt.sys suspicious PE modification
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\System32\svchost.exe[428] KERNEL32.DLL!GetBinaryTypeW + 6F 7670DDE0 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[452] kernel32.dll!GetBinaryTypeW + 6F 7670DDE0 1 Byte [62]
.text C:\WINDOWS\system32\wininit.exe[540] KERNEL32.DLL!GetBinaryTypeW + 6F 7670DDE0 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[612] KERNEL32.DLL!GetBinaryTypeW + 6F 7670DDE0 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[628] KERNEL32.DLL!GetBinaryTypeW + 6F 7670DDE0 1 Byte [62]
.text ...
.text C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.0\LightShot.exe[1700] ntdll.dll!LdrUnloadDll 77E62029 5 Bytes JMP 005603FC
.text C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.0\LightShot.exe[1700] ntdll.dll!LdrLoadDll 77E75D29 5 Bytes JMP 005601F8
.text C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.0\LightShot.exe[1700] USER32.dll!UnhookWindowsHookEx 761DA37A 5 Bytes JMP 00580A08
.text C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.0\LightShot.exe[1700] USER32.dll!SetWindowsHookExW 761DF223 5 Bytes JMP 00580804
.text C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.0\LightShot.exe[1700] USER32.dll!UnhookWinEvent 761DFE7F 5 Bytes JMP 005803FC
.text C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.0\LightShot.exe[1700] USER32.dll!SetWinEventHook 761E938E 5 Bytes JMP 005801F8
.text C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.0\LightShot.exe[1700] USER32.dll!SetWindowsHookExA 761F6F76 5 Bytes JMP 00580600
.text C:\WINDOWS\System32\spoolsv.exe[1964] KERNEL32.DLL!GetBinaryTypeW + 6F 7670DDE0 1 Byte [62]
.text C:\WINDOWS\system32\taskhostex.exe[1992] ntdll.dll!LdrUnloadDll 77E62029 5 Bytes JMP 008603FC
.text C:\WINDOWS\system32\taskhostex.exe[1992] ntdll.dll!LdrLoadDll 77E75D29 5 Bytes JMP 008601F8
.text C:\WINDOWS\system32\taskhostex.exe[1992] KERNEL32.dll!GetBinaryTypeW + 6F 7670DDE0 1 Byte [62]
.text C:\WINDOWS\system32\taskhostex.exe[1992] user32.dll!UnhookWindowsHookEx 761DA37A 5 Bytes JMP 009B0A08
.text C:\WINDOWS\system32\taskhostex.exe[1992] user32.dll!SetWindowsHookExW 761DF223 5 Bytes JMP 009B0804
.text C:\WINDOWS\system32\taskhostex.exe[1992] user32.dll!UnhookWinEvent 761DFE7F 5 Bytes JMP 009B03FC
.text C:\WINDOWS\system32\taskhostex.exe[1992] user32.dll!SetWinEventHook 761E938E 5 Bytes JMP 009B01F8
.text C:\WINDOWS\system32\taskhostex.exe[1992] user32.dll!SetWindowsHookExA 761F6F76 5 Bytes JMP 009B0600
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2100] ntdll.dll!LdrUnloadDll 77E62029 5 Bytes JMP 00C603FC
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2100] ntdll.dll!LdrLoadDll 77E75D29 5 Bytes JMP 00C601F8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2100] KERNEL32.dll!GetBinaryTypeW + 6F 7670DDE0 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2100] USER32.dll!UnhookWindowsHookEx 761DA37A 5 Bytes JMP 00DA0A08
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2100] USER32.dll!SetWindowsHookExW 761DF223 5 Bytes JMP 00DA0804
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2100] USER32.dll!UnhookWinEvent 761DFE7F 5 Bytes JMP 00DA03FC
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2100] USER32.dll!SetWinEventHook 761E938E 5 Bytes JMP 00DA01F8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2100] USER32.dll!SetWindowsHookExA 761F6F76 5 Bytes JMP 00DA0600
.text C:\WINDOWS\system32\svchost.exe[2120] ntdll.dll!LdrUnloadDll 77E62029 5 Bytes JMP 00EC03FC
.text C:\WINDOWS\system32\svchost.exe[2120] ntdll.dll!LdrLoadDll 77E75D29 5 Bytes JMP 00EC01F8
.text C:\WINDOWS\system32\svchost.exe[2120] USER32.dll!UnhookWindowsHookEx 761DA37A 5 Bytes JMP 00EF0A08
.text C:\WINDOWS\system32\svchost.exe[2120] USER32.dll!SetWindowsHookExW 761DF223 5 Bytes JMP 00EF0804
.text C:\WINDOWS\system32\svchost.exe[2120] USER32.dll!UnhookWinEvent 761DFE7F 5 Bytes JMP 00EF03FC
.text C:\WINDOWS\system32\svchost.exe[2120] USER32.dll!SetWinEventHook 761E938E 5 Bytes JMP 00EF01F8
.text C:\WINDOWS\system32\svchost.exe[2120] USER32.dll!SetWindowsHookExA 761F6F76 5 Bytes JMP 00EF0600
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2384] ntdll.dll!LdrUnloadDll 77E62029 5 Bytes JMP 002003FC
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2384] ntdll.dll!LdrLoadDll 77E75D29 5 Bytes JMP 002001F8
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2384] USER32.dll!UnhookWindowsHookEx 761DA37A 5 Bytes JMP 00210A08
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2384] USER32.dll!SetWindowsHookExW 761DF223 5 Bytes JMP 00210804
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2384] USER32.dll!UnhookWinEvent 761DFE7F 5 Bytes JMP 002103FC
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2384] USER32.dll!SetWinEventHook 761E938E 5 Bytes JMP 002101F8
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2384] USER32.dll!SetWindowsHookExA 761F6F76 5 Bytes JMP 00210600
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2532] ntdll.dll!LdrUnloadDll 77E62029 5 Bytes JMP 00BA03FC
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2532] ntdll.dll!LdrLoadDll 77E75D29 5 Bytes JMP 00BA01F8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2532] KERNEL32.dll!GetBinaryTypeW + 6F 7670DDE0 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2532] USER32.dll!UnhookWindowsHookEx 761DA37A 5 Bytes JMP 00BC0A08
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2532] USER32.dll!SetWindowsHookExW 761DF223 5 Bytes JMP 00BC0804
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2532] USER32.dll!UnhookWinEvent 761DFE7F 5 Bytes JMP 00BC03FC
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2532] USER32.dll!SetWinEventHook 761E938E 5 Bytes JMP 00BC01F8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2532] USER32.dll!SetWindowsHookExA 761F6F76 5 Bytes JMP 00BC0600
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[2688] ntdll.dll!LdrUnloadDll 77E62029 5 Bytes JMP 009B03FC
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[2688] ntdll.dll!LdrLoadDll 77E75D29 5 Bytes JMP 009B01F8
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[2688] KERNEL32.dll!GetBinaryTypeW + 6F 7670DDE0 1 Byte [62]
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[2688] USER32.dll!UnhookWindowsHookEx 761DA37A 5 Bytes JMP 00B60A08
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[2688] USER32.dll!SetWindowsHookExW 761DF223 5 Bytes JMP 00B60804
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[2688] USER32.dll!UnhookWinEvent 761DFE7F 5 Bytes JMP 00B603FC
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[2688] USER32.dll!SetWinEventHook 761E938E 5 Bytes JMP 00B601F8
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[2688] USER32.dll!SetWindowsHookExA 761F6F76 5 Bytes JMP 00B60600
.text C:\WINDOWS\system32\svchost.exe[3224] ntdll.dll!LdrUnloadDll 77E62029 5 Bytes JMP 00C503FC
.text C:\WINDOWS\system32\svchost.exe[3224] ntdll.dll!LdrLoadDll 77E75D29 5 Bytes JMP 00C501F8
.text C:\WINDOWS\system32\svchost.exe[3224] user32.dll!UnhookWindowsHookEx 761DA37A 5 Bytes JMP 00C70A08
.text C:\WINDOWS\system32\svchost.exe[3224] user32.dll!SetWindowsHookExW 761DF223 5 Bytes JMP 00C70804
.text C:\WINDOWS\system32\svchost.exe[3224] user32.dll!UnhookWinEvent 761DFE7F 5 Bytes JMP 00C703FC
.text C:\WINDOWS\system32\svchost.exe[3224] user32.dll!SetWinEventHook 761E938E 5 Bytes JMP 00C701F8
.text C:\WINDOWS\system32\svchost.exe[3224] user32.dll!SetWindowsHookExA 761F6F76 5 Bytes JMP 00C70600
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[3356] ntdll.dll!LdrUnloadDll 77E62029 5 Bytes JMP 00B503FC
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[3356] ntdll.dll!LdrLoadDll 77E75D29 5 Bytes JMP 00B501F8
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[3356] KERNEL32.dll!GetBinaryTypeW + 6F 7670DDE0 1 Byte [62]
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[3356] USER32.dll!UnhookWindowsHookEx 761DA37A 5 Bytes JMP 00B70A08
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[3356] USER32.dll!SetWindowsHookExW 761DF223 5 Bytes JMP 00B70804
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[3356] USER32.dll!UnhookWinEvent 761DFE7F 5 Bytes JMP 00B703FC
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[3356] USER32.dll!SetWinEventHook 761E938E 5 Bytes JMP 00B701F8
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[3356] USER32.dll!SetWindowsHookExA 761F6F76 5 Bytes JMP 00B70600
.text C:\WINDOWS\system32\nvvsvc.exe[3380] ntdll.dll!LdrUnloadDll 77E62029 5 Bytes JMP 00E103FC
.text C:\WINDOWS\system32\nvvsvc.exe[3380] ntdll.dll!LdrLoadDll 77E75D29 5 Bytes JMP 00E101F8
.text C:\WINDOWS\system32\nvvsvc.exe[3380] USER32.dll!UnhookWindowsHookEx 761DA37A 5 Bytes JMP 00E40A08
.text C:\WINDOWS\system32\nvvsvc.exe[3380] USER32.dll!SetWindowsHookExW 761DF223 5 Bytes JMP 00E40804
.text C:\WINDOWS\system32\nvvsvc.exe[3380] USER32.dll!UnhookWinEvent 761DFE7F 5 Bytes JMP 00E403FC
.text C:\WINDOWS\system32\nvvsvc.exe[3380] USER32.dll!SetWinEventHook 761E938E 5 Bytes JMP 00E401F8
.text C:\WINDOWS\system32\nvvsvc.exe[3380] USER32.dll!SetWindowsHookExA 761F6F76 5 Bytes JMP 00E40600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3448] ntdll.dll!LdrUnloadDll 77E62029 5 Bytes JMP 001803FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3448] ntdll.dll!LdrLoadDll 77E75D29 5 Bytes JMP 001801F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3448] USER32.dll!UnhookWindowsHookEx 761DA37A 5 Bytes JMP 001A0A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3448] USER32.dll!SetWindowsHookExW 761DF223 5 Bytes JMP 001A0804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3448] USER32.dll!UnhookWinEvent 761DFE7F 5 Bytes JMP 001A03FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3448] USER32.dll!SetWinEventHook 761E938E 5 Bytes JMP 001A01F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3448] USER32.dll!SetWindowsHookExA 761F6F76 5 Bytes JMP 001A0600
.text C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[3580] ntdll.dll!LdrUnloadDll 77E62029 5 Bytes JMP 002103FC
.text C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[3580] ntdll.dll!LdrLoadDll 77E75D29 5 Bytes JMP 002101F8
.text C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[3580] KERNEL32.dll!GetBinaryTypeW + 6F 7670DDE0 1 Byte [62]
.text C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[3580] USER32.dll!UnhookWindowsHookEx 761DA37A 5 Bytes JMP 00230A08
.text C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[3580] USER32.dll!SetWindowsHookExW 761DF223 5 Bytes JMP 00230804
.text C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[3580] USER32.dll!UnhookWinEvent 761DFE7F 5 Bytes JMP 002303FC
.text C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[3580] USER32.dll!SetWinEventHook 761E938E 5 Bytes JMP 002301F8
.text C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[3580] USER32.dll!SetWindowsHookExA 761F6F76 5 Bytes JMP 00230600
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[3616] ntdll.dll!LdrUnloadDll 77E62029 5 Bytes JMP 001803FC
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[3616] ntdll.dll!LdrLoadDll 77E75D29 5 Bytes JMP 001801F8
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[3616] KERNEL32.dll!GetBinaryTypeW + 6F 7670DDE0 1 Byte [62]
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[3616] USER32.dll!UnhookWindowsHookEx 761DA37A 5 Bytes JMP 00320A08
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[3616] USER32.dll!SetWindowsHookExW 761DF223 5 Bytes JMP 00320804
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[3616] USER32.dll!UnhookWinEvent 761DFE7F 5 Bytes JMP 003203FC
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[3616] USER32.dll!SetWinEventHook 761E938E 5 Bytes JMP 003201F8
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[3616] USER32.dll!SetWindowsHookExA 761F6F76 5 Bytes JMP 00320600
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3712] ntdll.dll!LdrUnloadDll 77E62029 5 Bytes JMP 009503FC
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3712] ntdll.dll!LdrLoadDll 77E75D29 5 Bytes JMP 009501F8
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3712] USER32.dll!UnhookWindowsHookEx 761DA37A 5 Bytes JMP 00970A08
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3712] USER32.dll!SetWindowsHookExW 761DF223 5 Bytes JMP 00970804
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3712] USER32.dll!UnhookWinEvent 761DFE7F 5 Bytes JMP 009703FC
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3712] USER32.dll!SetWinEventHook 761E938E 5 Bytes JMP 009701F8
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3712] USER32.dll!SetWindowsHookExA 761F6F76 5 Bytes JMP 00970600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3764] ntdll.dll!LdrUnloadDll 77E62029 5 Bytes JMP 002003FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3764] ntdll.dll!LdrLoadDll 77E75D29 5 Bytes JMP 002001F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3764] USER32.dll!UnhookWindowsHookEx 761DA37A 5 Bytes JMP 00230A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3764] USER32.dll!SetWindowsHookExW 761DF223 5 Bytes JMP 00230804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3764] USER32.dll!UnhookWinEvent 761DFE7F 5 Bytes JMP 002303FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3764] USER32.dll!SetWinEventHook 761E938E 5 Bytes JMP 002301F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3764] USER32.dll!SetWindowsHookExA 761F6F76 5 Bytes JMP 00230600
.text C:\WINDOWS\system32\SearchIndexer.exe[3844] ntdll.dll!LdrUnloadDll 77E62029 5 Bytes JMP 006903FC
.text C:\WINDOWS\system32\SearchIndexer.exe[3844] ntdll.dll!LdrLoadDll 77E75D29 5 Bytes JMP 006901F8
.text C:\WINDOWS\system32\SearchIndexer.exe[3844] KERNEL32.dll!GetBinaryTypeW + 6F 7670DDE0 1 Byte [62]
.text C:\WINDOWS\system32\SearchIndexer.exe[3844] USER32.dll!UnhookWindowsHookEx 761DA37A 5 Bytes JMP 006C0A08
.text C:\WINDOWS\system32\SearchIndexer.exe[3844] USER32.dll!SetWindowsHookExW 761DF223 5 Bytes JMP 006C0804
.text C:\WINDOWS\system32\SearchIndexer.exe[3844] USER32.dll!UnhookWinEvent 761DFE7F 5 Bytes JMP 006C03FC
.text C:\WINDOWS\system32\SearchIndexer.exe[3844] USER32.dll!SetWinEventHook 761E938E 5 Bytes JMP 006C01F8
.text C:\WINDOWS\system32\SearchIndexer.exe[3844] USER32.dll!SetWindowsHookExA 761F6F76 5 Bytes JMP 006C0600
.text C:\WINDOWS\Explorer.EXE[3856] ntdll.dll!LdrUnloadDll 77E62029 5 Bytes JMP 009203FC
.text C:\WINDOWS\Explorer.EXE[3856] ntdll.dll!LdrLoadDll 77E75D29 5 Bytes JMP 009201F8
.text C:\WINDOWS\Explorer.EXE[3856] KERNEL32.dll!GetBinaryTypeW + 6F 7670DDE0 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[3856] USER32.dll!UnhookWindowsHookEx 761DA37A 5 Bytes JMP 00950A08
.text C:\WINDOWS\Explorer.EXE[3856] USER32.dll!SetWindowsHookExW 761DF223 5 Bytes JMP 00950804
.text C:\WINDOWS\Explorer.EXE[3856] USER32.dll!UnhookWinEvent 761DFE7F 5 Bytes JMP 009503FC
.text C:\WINDOWS\Explorer.EXE[3856] USER32.dll!SetWinEventHook 761E938E 5 Bytes JMP 009501F8
.text C:\WINDOWS\Explorer.EXE[3856] USER32.dll!SetWindowsHookExA 761F6F76 5 Bytes JMP 00950600
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[4052] ntdll.dll!LdrUnloadDll 77E62029 5 Bytes JMP 000103FC
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[4052] ntdll.dll!LdrLoadDll 77E75D29 5 Bytes JMP 000101F8
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[4052] KERNEL32.dll!GetBinaryTypeW + 6F 7670DDE0 1 Byte [62]
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[4052] USER32.dll!UnhookWindowsHookEx 761DA37A 5 Bytes JMP 00220A08
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[4052] USER32.dll!SetWindowsHookExW 761DF223 5 Bytes JMP 00220804
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[4052] USER32.dll!UnhookWinEvent 761DFE7F 5 Bytes JMP 002203FC
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[4052] USER32.dll!SetWinEventHook 761E938E 5 Bytes JMP 002201F8
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[4052] USER32.dll!SetWindowsHookExA 761F6F76 5 Bytes JMP 00220600
.text C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4136] ntdll.dll!LdrUnloadDll 77E62029 5 Bytes JMP 005A03FC
.text C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4136] ntdll.dll!LdrLoadDll 77E75D29 5 Bytes JMP 005A01F8
.text C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4136] KERNEL32.dll!GetBinaryTypeW + 6F 7670DDE0 1 Byte [62]
.text C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4136] USER32.dll!UnhookWindowsHookEx 761DA37A 5 Bytes JMP 005B0A08
.text C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4136] USER32.dll!SetWindowsHookExW 761DF223 5 Bytes JMP 005B0804
.text C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4136] USER32.dll!UnhookWinEvent 761DFE7F 5 Bytes JMP 005B03FC
.text C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4136] USER32.dll!SetWinEventHook 761E938E 5 Bytes JMP 005B01F8
.text C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4136] USER32.dll!SetWindowsHookExA 761F6F76 5 Bytes JMP 005B0600
.text C:\WINDOWS\System32\svchost.exe[4376] ntdll.dll!LdrUnloadDll 77E62029 5 Bytes JMP 010A03FC
.text C:\WINDOWS\System32\svchost.exe[4376] ntdll.dll!LdrLoadDll 77E75D29 5 Bytes JMP 010A01F8
.text C:\WINDOWS\System32\svchost.exe[4376] USER32.dll!GetCursorPos 761DA346 5 Bytes JMP 01A3000A
.text C:\WINDOWS\System32\svchost.exe[4376] USER32.dll!UnhookWindowsHookEx 761DA37A 5 Bytes JMP 010D0A08
.text C:\WINDOWS\System32\svchost.exe[4376] USER32.dll!SetWindowsHookExW 761DF223 5 Bytes JMP 010D0804
.text C:\WINDOWS\System32\svchost.exe[4376] USER32.dll!UnhookWinEvent 761DFE7F 5 Bytes JMP 010D03FC
.text C:\WINDOWS\System32\svchost.exe[4376] USER32.dll!SetWinEventHook 761E938E 5 Bytes JMP 010D01F8
.text C:\WINDOWS\System32\svchost.exe[4376] USER32.dll!SetWindowsHookExA 761F6F76 5 Bytes JMP 010D0600
.text C:\WINDOWS\System32\svchost.exe[4376] USER32.dll!DialogBoxIndirectParamAorW 761FC14B 5 Bytes JMP 01A4000A
.text C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[4400] ntdll.dll!LdrUnloadDll 77E62029 5 Bytes JMP 009003FC
.text C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[4400] ntdll.dll!LdrLoadDll 77E75D29 5 Bytes JMP 009001F8
.text C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[4400] USER32.dll!UnhookWindowsHookEx 761DA37A 5 Bytes JMP 009C0A08
.text C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[4400] USER32.dll!SetWindowsHookExW 761DF223 5 Bytes JMP 009C0804
.text C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[4400] USER32.dll!UnhookWinEvent 761DFE7F 5 Bytes JMP 009C03FC
.text C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[4400] USER32.dll!SetWinEventHook 761E938E 5 Bytes JMP 009C01F8
.text C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[4400] USER32.dll!SetWindowsHookExA 761F6F76 5 Bytes JMP 009C0600
.text C:\WINDOWS\System32\WinLogon.exe[4496] ntdll.dll!LdrUnloadDll 77E62029 5 Bytes JMP 00A803FC
.text C:\WINDOWS\System32\WinLogon.exe[4496] ntdll.dll!LdrLoadDll 77E75D29 5 Bytes JMP 00A801F8
.text C:\WINDOWS\System32\WinLogon.exe[4496] KERNEL32.dll!GetBinaryTypeW + 6F 7670DDE0 1 Byte [62]
.text C:\WINDOWS\System32\WinLogon.exe[4496] USER32.dll!UnhookWindowsHookEx 761DA37A 5 Bytes JMP 00B10A08
.text C:\WINDOWS\System32\WinLogon.exe[4496] USER32.dll!SetWindowsHookExW 761DF223 5 Bytes JMP 00B10804
.text C:\WINDOWS\System32\WinLogon.exe[4496] USER32.dll!UnhookWinEvent 761DFE7F 5 Bytes JMP 00B103FC
.text C:\WINDOWS\System32\WinLogon.exe[4496] USER32.dll!SetWinEventHook 761E938E 5 Bytes JMP 00B101F8
.text C:\WINDOWS\System32\WinLogon.exe[4496] USER32.dll!SetWindowsHookExA 761F6F76 5 Bytes JMP 00B10600
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[4552] ntdll.dll!LdrUnloadDll 77E62029 5 Bytes JMP 00E203FC
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[4552] ntdll.dll!LdrLoadDll 77E75D29 5 Bytes JMP 00E201F8
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[4552] USER32.dll!UnhookWindowsHookEx 761DA37A 5 Bytes JMP 00F50A08
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[4552] USER32.dll!SetWindowsHookExW 761DF223 5 Bytes JMP 00F50804
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[4552] USER32.dll!UnhookWinEvent 761DFE7F 5 Bytes JMP 00F503FC
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[4552] USER32.dll!SetWinEventHook 761E938E 5 Bytes JMP 00F501F8
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[4552] USER32.dll!SetWindowsHookExA 761F6F76 5 Bytes JMP 00F50600
.text C:\WINDOWS\system32\csrss.exe[4700] kernel32.dll!GetBinaryTypeW + 6F 7670DDE0 1 Byte [62]
.text C:\WINDOWS\System32\dwm.exe[4748] ntdll.dll!LdrUnloadDll 77E62029 5 Bytes JMP 005F03FC
.text C:\WINDOWS\System32\dwm.exe[4748] ntdll.dll!LdrLoadDll 77E75D29 5 Bytes JMP 005F01F8
.text C:\WINDOWS\System32\dwm.exe[4748] KERNEL32.dll!GetBinaryTypeW + 6F 7670DDE0 1 Byte [62]
.text C:\WINDOWS\System32\dwm.exe[4748] USER32.dll!UnhookWindowsHookEx 761DA37A 5 Bytes JMP 00610A08
.text C:\WINDOWS\System32\dwm.exe[4748] USER32.dll!SetWindowsHookExW 761DF223 5 Bytes JMP 00610804
.text C:\WINDOWS\System32\dwm.exe[4748] USER32.dll!UnhookWinEvent 761DFE7F 5 Bytes JMP 006103FC
.text C:\WINDOWS\System32\dwm.exe[4748] USER32.dll!SetWinEventHook 761E938E 5 Bytes JMP 006101F8
.text C:\WINDOWS\System32\dwm.exe[4748] USER32.dll!SetWindowsHookExA 761F6F76 5 Bytes JMP 00610600
.text C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4772] ntdll.dll!LdrUnloadDll 77E62029 5 Bytes JMP 001803FC
.text C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4772] ntdll.dll!LdrLoadDll 77E75D29 5 Bytes JMP 001801F8
.text C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4772] KERNEL32.dll!GetBinaryTypeW + 6F 7670DDE0 1 Byte [62]
.text C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4772] USER32.dll!UnhookWindowsHookEx 761DA37A 5 Bytes JMP 001B0A08
.text C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4772] USER32.dll!SetWindowsHookExW 761DF223 5 Bytes JMP 001B0804
.text C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4772] USER32.dll!UnhookWinEvent 761DFE7F 5 Bytes JMP 001B03FC
.text C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4772] USER32.dll!SetWinEventHook 761E938E 5 Bytes JMP 001B01F8
.text C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4772] USER32.dll!SetWindowsHookExA 761F6F76 5 Bytes JMP 001B0600
.text C:\Windows\System32\RuntimeBroker.exe[5144] ntdll.dll!LdrUnloadDll 77E62029 5 Bytes JMP 00A803FC
.text C:\Windows\System32\RuntimeBroker.exe[5144] ntdll.dll!LdrLoadDll 77E75D29 5 Bytes JMP 00A801F8
.text C:\Windows\System32\RuntimeBroker.exe[5144] KERNEL32.dll!GetBinaryTypeW + 6F 7670DDE0 1 Byte [62]
.text C:\Windows\System32\RuntimeBroker.exe[5144] USER32.dll!UnhookWindowsHookEx 761DA37A 5 Bytes JMP 00AA0A08
.text C:\Windows\System32\RuntimeBroker.exe[5144] USER32.dll!SetWindowsHookExW 761DF223 5 Bytes JMP 00AA0804
.text C:\Windows\System32\RuntimeBroker.exe[5144] USER32.dll!UnhookWinEvent 761DFE7F 5 Bytes JMP 00AA03FC
.text C:\Windows\System32\RuntimeBroker.exe[5144] USER32.dll!SetWinEventHook 761E938E 3 Bytes JMP 00AA01F8
.text C:\Windows\System32\RuntimeBroker.exe[5144] USER32.dll!SetWinEventHook + 4 761E9392 1 Byte [8A]
.text C:\Windows\System32\RuntimeBroker.exe[5144] USER32.dll!SetWindowsHookExA 761F6F76 5 Bytes JMP 00AA0600
.text C:\Users\***\Downloads\gmer_2.1.19163.exe[5560] ntdll.dll!LdrUnloadDll 77E62029 5 Bytes JMP 001803FC
.text C:\Users\***\Downloads\gmer_2.1.19163.exe[5560] ntdll.dll!LdrLoadDll 77E75D29 5 Bytes JMP 001801F8
.text C:\Users\***\Downloads\gmer_2.1.19163.exe[5560] KERNEL32.dll!GetBinaryTypeW + 6F 7670DDE0 1 Byte [62]
.text C:\Users\***\Downloads\gmer_2.1.19163.exe[5560] USER32.dll!UnhookWindowsHookEx 761DA37A 5 Bytes JMP 001B0A08
.text C:\Users\***\Downloads\gmer_2.1.19163.exe[5560] USER32.dll!SetWindowsHookExW 761DF223 5 Bytes JMP 001B0804
.text C:\Users\***\Downloads\gmer_2.1.19163.exe[5560] USER32.dll!UnhookWinEvent 761DFE7F 5 Bytes JMP 001B03FC
.text C:\Users\***\Downloads\gmer_2.1.19163.exe[5560] USER32.dll!SetWinEventHook 761E938E 5 Bytes JMP 001B01F8
.text C:\Users\***\Downloads\gmer_2.1.19163.exe[5560] USER32.dll!SetWindowsHookExA 761F6F76 5 Bytes JMP 001B0600
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[5708] ntdll.dll!LdrUnloadDll 77E62029 5 Bytes JMP 002003FC
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[5708] ntdll.dll!LdrLoadDll 77E75D29 5 Bytes JMP 002001F8
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[5708] KERNEL32.dll!GetBinaryTypeW + 6F 7670DDE0 1 Byte [62]
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[5708] USER32.dll!UnhookWindowsHookEx 761DA37A 5 Bytes JMP 00320A08
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[5708] USER32.dll!SetWindowsHookExW 761DF223 5 Bytes JMP 00320804
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[5708] USER32.dll!UnhookWinEvent 761DFE7F 5 Bytes JMP 003203FC
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[5708] USER32.dll!SetWinEventHook 761E938E 5 Bytes JMP 003201F8
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[5708] USER32.dll!SetWindowsHookExA 761F6F76 5 Bytes JMP 00320600
---- Devices - GMER 2.1 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Trace I/O - GMER 2.1 ----
Trace ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85ec2698]<< 85ec2698
Trace 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x85c76518] 85c76518
Trace 3 CLASSPNP.SYS[8b12a300] -> nt!IofCallDriver -> [0x86299028] 86299028
Trace \Driver\00000870[0x861215b0] -> IRP_MJ_CREATE -> 0x85ec2698 85ec2698
---- Processes - GMER 2.1 ----
Process C:\WINDOWS\System32\svchost.exe (*** hidden *** ) 4376
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 1230100402
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{E2BC2B90-0F7E-11DE-A5D3-806E6F6E6963} 8427099848
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk1\DR1 unknown MBR code
---- Files - GMER 2.1 ----
File C:\avast! sandbox 0 bytes
File C:\avast! sandbox\S-1-5-21-4171136491-575053196-1707953686-1000 0 bytes
File C:\avast! sandbox\S-1-5-21-4171136491-575053196-1707953686-1000\sfzone 0 bytes
File C:\avast! sandbox\S-1-5-21-4171136491-575053196-1707953686-1000\sfzone\C 0 bytes
File C:\avast! sandbox\S-1-5-21-4171136491-575053196-1707953686-1000\sfzone\snx_fs.dat 180 bytes
File C:\avast! sandbox\snx_rhive 262144 bytes
File C:\avast! sandbox\snx_rhive.LOG1 16384 bytes
File C:\avast! sandbox\snx_rhive.LOG2 0 bytes
File C:\avast! sandbox\snx_rhive{b8ea36b0-c204-11e1-b375-00248c645453}.TM.blf 65536 bytes
File C:\avast! sandbox\snx_rhive{b8ea36b0-c204-11e1-b375-00248c645453}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
File C:\avast! sandbox\snx_rhive{b8ea36b0-c204-11e1-b375-00248c645453}.TMContainer00000000000000000002.regtrans-ms 524288 bytes
File C:\Program Files\Windows Defender\de-DE\MpAsDesc.dll.mui 57424 bytes executable
File C:\Program Files\Windows Defender\de-DE\MpEvMsg.dll.mui 40528 bytes executable
File C:\Program Files\Windows Defender\de-DE\MsMpRes.dll.mui 109136 bytes executable
File C:\Windows\$NtUninstallKB10095$\207039288 0 bytes
File C:\Windows\$NtUninstallKB10095$\207039288\@ 2048 bytes
File C:\Windows\$NtUninstallKB10095$\207039288\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB10095$\207039288\L 0 bytes
File C:\Windows\$NtUninstallKB10095$\207039288\L\00000004.@ 804 bytes
File C:\Windows\$NtUninstallKB10095$\207039288\L\201d3dde 59 bytes
File C:\Windows\$NtUninstallKB10095$\207039288\L\6715e287 98 bytes
File C:\Windows\$NtUninstallKB10095$\207039288\L\76603ac3 2416 bytes
File C:\Windows\$NtUninstallKB10095$\207039288\L\kzoosnvr 254464 bytes
File C:\Windows\$NtUninstallKB10095$\207039288\U 0 bytes
File C:\Windows\$NtUninstallKB10095$\207039288\U\00000004.@ 2048 bytes
File C:\Windows\$NtUninstallKB10095$\207039288\U\00000008.@ 1024 bytes
File C:\Windows\$NtUninstallKB10095$\207039288\U\000000cb.@ 1632 bytes
File C:\Windows\$NtUninstallKB10095$\207039288\U\80000000.@ 11776 bytes
File C:\Windows\$NtUninstallKB10095$\207039288\U\80000032.@ 91648 bytes
File C:\Windows\$NtUninstallKB10095$\3920239710 0 bytes
---- EOF - GMER 2.1 ----
|
|
14.07.2013, 18:39
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avast blockiert Datei (windows\system32\svchost.exe)Code:
ATTFilter File C:\Windows\$NtUninstallKB10095$\207039288 0 bytes
File C:\Windows\$NtUninstallKB10095$\207039288\@ 2048 bytes
File C:\Windows\$NtUninstallKB10095$\207039288\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB10095$\207039288\L 0 bytes
File C:\Windows\$NtUninstallKB10095$\207039288\L\00000004.@ 804 bytes
File C:\Windows\$NtUninstallKB10095$\207039288\L\201d3dde 59 bytes
File C:\Windows\$NtUninstallKB10095$\207039288\L\6715e287 98 bytes
File C:\Windows\$NtUninstallKB10095$\207039288\L\76603ac3 2416 bytes
File C:\Windows\$NtUninstallKB10095$\207039288\L\kzoosnvr 254464 bytes
File C:\Windows\$NtUninstallKB10095$\207039288\U 0 bytes
File C:\Windows\$NtUninstallKB10095$\207039288\U\00000004.@ 2048 bytes
File C:\Windows\$NtUninstallKB10095$\207039288\U\00000008.@ 1024 bytes
File C:\Windows\$NtUninstallKB10095$\207039288\U\000000cb.@ 1632 bytes
File C:\Windows\$NtUninstallKB10095$\207039288\U\80000000.@ 11776 bytes
File C:\Windows\$NtUninstallKB10095$\207039288\U\80000032.@ 91648 bytes
File C:\Windows\$NtUninstallKB10095$\3920239710
ZeroAccess! Lesestoff:Rootkit-Warnung Dein Computer wurde mit einem besonderen Schädling infiziert, der sich vor herkömmlichen Virenscannern und dem Betriebssystem selbst verstecken kann. Zusätzlich hat so ein Schädling meist auch Backdoor-Funktionalität, reißt also ganz bewußt Löcher durch alle Schutzmaßnahmen, damit er weiteren Schadcode nachladen oder die Daten, die er so sammelt, an die "bösen Jungs" weiterleiten kann. Was heißt das jetzt für dich?
Teile mir also mit, wie du dich entschieden hast.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.07.2013, 19:42
| #8 |
| | Avast blockiert Datei (windows\system32\svchost.exe) Sorry wenn ich das sage ... ach Du scheiße ... Auf meinem Computer habe ich keine sensiblen Daten, da ich keinerlei Passwörter oder sonst was irgendwo speichere. Onlinebanking mache ich mit einem TAN-Generator, da habe ich keine Papierliste (schon seit ein paar Jahren). Wie groß sind denn die Chancen, dass der Rechner wieder 100% bereinigt wird ohne Neuinstallation? Auf meinem Rechner arbeite ich sehr viel, da ich mich in einer Meisterausbildung befinde brauche ich den nahezu täglich und so schnell wie möglich. Aber eine Neuinstallation, da habe ich nicht wirklich Lust und Zeit zu. Wie schaut es mit den Daten in meiner Cloud (SkyDrive) aus, sind die gefährdet oder kann ich dort ohne Probleme meine Daten weiterhin speichern? Zur Sicherung. Was muss ich ohne Neuinstallation machen? Denke das ist mir der liebste Weg, vorausgesetzt ich habe eine Chance, dass es sicher weiter geht. Wo kommt dieser Schädling denn her? Ich war doch nirgends  zudem ist mein Rechner so aktuell wie möglich und wird immer auf dem neusten Stand (Updatemäßig) gehalten.EDIT: hatte mich schon gewundert, warum der Rechner seit ein paar Tagen so langsam war und die Leistungskurve im Taskmanager sehr hoch ging. Kann das ein Indiz dafür sein, dass es den Virus schon etwas länger auf dem Rechner gibt und gar nichts mit der heutigen Aktion zu tun hat? Geändert von loewenherzl (14.07.2013 um 19:48 Uhr) |
|
14.07.2013, 19:46
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avast blockiert Datei (windows\system32\svchost.exe) Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.07.2013, 20:01
| #10 |
| | Avast blockiert Datei (windows\system32\svchost.exe) ADDITION: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-07-2013
Ran by *** at 2013-07-14 20:58:00
Running from C:\Users\***\Desktop
Boot Mode: Normal
==========================================================
Adobe Acrobat 8 Professional - English, Français, Deutsch (Version: 8.0.0)
Adobe Bridge 1.0 (Version: 001.000.001)
Adobe Common File Installer (Version: 1.00.001)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Help Center 1.0 (Version: 1.0.1)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03)
Adobe Stock Photos 1.0 (Version: 1.0.1)
ATK Package (Version: 1.0.0023)
avast! Free Antivirus (Version: 8.0.1489.0)
Catan - Städte und Ritter (Version: 1.229)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
EPSON BX305 Plus Series Printer Uninstall
Epson Easy Photo Print 2 (Version: 2.3.2.0)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (Version: 1.00.0000)
EPSON Scan
Free YouTube to MP3 Converter version 3.12.5.628 (Version: 3.12.5.628)
GIMP 2.8.4 (Version: 2.8.4)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
lightshot-4.3.0.0 (Version: 4.3.0.0)
MediaMonkey 4.0 (Version: 4.0)
Microsoft Expression Design 4 (Version: 8.0.31217.1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SkyDrive (HKCU Version: 17.0.2011.0627)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 22.0 (x86 de) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
Netzwerkhandbuch EPSON BX305 Plus Series
NVIDIA 3D Vision Treiber 310.90 (Version: 310.90)
NVIDIA Grafiktreiber 310.90 (Version: 310.90)
NVIDIA Install Application (Version: 2.1002.95.599)
NVIDIA PhysX (Version: 9.12.1031)
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1090)
NVIDIA Systemsteuerung 310.90 (Version: 310.90)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
Origin (Version: 9.1.3.2637)
PDF Architect (Version: 1.0.52.8917)
PDFCreator (Version: 1.7.0)
SRS Audio Essentials (Version: 1.02.0312)
Steam (Version: 1.0.0.0)
Synaptics Pointing Device Driver (Version: 16.2.21.0)
System Power Shortcuts (Version: 1.1.1029)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
WinRAR 4.20 (32-Bit) (Version: 4.20.0)
==================== Restore Points =========================
23-06-2013 13:01:54 Geplanter Prüfpunkt
03-07-2013 08:10:25 Geplanter Prüfpunkt
06-07-2013 06:51:08 Installed Java 7 Update 25
11-07-2013 14:52:48 Windows Update
==================== Hosts content: ==========================
2012-07-26 06:17 - 2012-07-26 06:17 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0E78FEE0-C387-4530-AC36-4D46887FBFD5} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {0FB9F3EA-4F42-41A0-B8CE-06CDEF09B849} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation)
Task: {159DA30B-9B91-4267-A71F-5B7ACC15230D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {174644D4-4E5F-4B13-893F-DC718163E165} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation)
Task: {1E84DCB8-8C84-4436-A108-209A65086823} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {21EBABC3-315E-4262-91EA-833D48E9208B} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {307D6D3E-9D87-4CFD-B668-C60E8C86B0E3} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {30AFB382-B450-4F01-B005-A373C9538063} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
Task: {311C4CC9-7320-42AB-B437-C1D02EEB6587} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {342D8E10-501F-4B38-A4C0-F2DE193B46E9} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {363B18FF-B363-4665-B1C4-DD7823139C45} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2012-07-26] (Microsoft Corporation)
Task: {3799C698-B9E2-4D51-86FC-B9B20E8DEF91} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {3979CF68-CD08-46D3-A340-CB769AE09013} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {3B292858-FAAA-4B61-9C76-6902AEB7607B} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {3E787B0D-8405-40CD-BC79-5BF41DAB734D} - System32\Tasks\update-S-1-5-21-4171136491-575053196-1707953686-1000 => C:\Program Files\Skillbrains\Updater\Updater.exe [2013-02-23] ()
Task: {3EC42D4C-09B0-49D9-A6A8-F2E1A94C0A74} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {4294B8A6-13BD-4733-8559-C8D558B6F597} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {44E19131-88E9-4238-9DCD-22306E438BB1} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: {4875C8FF-DF2A-4DBF-B93B-C18E351949B5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {4F2DA3E8-0B43-47C0-8811-45ECA435391F} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {545C008C-4471-44F8-AD15-96CB8BB2BB0C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {56F59500-C4D1-4720-859F-13B4998AA792} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {5986D1E8-C632-477C-8096-ECEBBDF07468} - System32\Tasks\update-sys => C:\Program Files\Skillbrains\Updater\Updater.exe [2013-02-23] ()
Task: {5B88CA1D-EEEA-4BAC-9E36-D94BA7D5CC37} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {5CB273A4-513A-4D26-9064-1880BFE98AD1} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {6495D7D8-52C0-4309-9097-247A7B9574CC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {67FF304D-1A11-4CB0-909A-A92DCFD95294} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {68070BBC-F2DE-4476-95C6-C2ED1ECE3D0F} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {6BB2238B-0B60-43CB-9FD7-30FC5D5758BA} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files\Desk 365\desk365.exe No File
Task: {6CEE63A4-32D4-473A-9615-35287493A8D0} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4171136491-575053196-1707953686-1000
Task: {74748E76-21FC-465C-ABE1-5E465834A900} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {753C8596-7415-46D3-AF5E-9EEC299E7D90} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {7EBC5A66-ABD2-4B81-872F-BC7CA4AD5D55} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {8E694376-21AC-46FA-8E80-C453341417E4} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {973628F1-FAD0-487A-B3EC-A318007483E8} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {99768757-32DC-4E02-BE1E-2FE4783695EE} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {9C3ADA14-4FAF-445F-B971-A69F60A7C497} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)
Task: {9D175E12-DB50-4682-9F62-F923B154AA57} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {A014EC55-F9EB-479D-9F4C-ACBE30C9E949} - System32\Tasks\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync
Task: {AAEB0B67-69E8-4F99-922A-28CB70F79E35} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {AFE9EACD-AC61-4642-A077-BB06D1147FC5} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {BB4910D3-79D9-461E-AC1B-915B8E8672A3} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {BC858B0C-7D0F-436F-B08B-50D51DF74306} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {C25EB31A-6966-4BF5-BAAB-9107993D54BD} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\WINDOWS\system32\sc.exe [2012-07-26] (Microsoft Corporation)
Task: {C465A656-3917-43C0-B40A-4EBBE8708BB9} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {C66B8D31-A32F-4AF7-800E-475B2C2BE27D} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {C7B00221-71A0-4FB5-84F5-F1A8A2CA1B2A} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {D1CDD09C-5F29-4A7F-8FB4-897B439CC9A9} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {E3F2C42C-4547-49CD-A14F-FDDA37794A75} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {E3FC5136-FFFE-42DA-BB1D-6C62CAEB4585} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {E60C98D3-B41B-482A-AC61-DD19EDF2841D} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {E6EF7532-3F7A-443F-8769-AED6CC439EC5} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {EF9592CE-7796-47A6-9CD5-8630640D45BB} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {F273F7E8-98FA-47D0-BFE3-8B71C8C3E9A8} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {F413C755-E3DC-4075-BB1E-AC60C1CA9AEA} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)
Task: {F69E710E-D481-4685-9A82-C1B0C2369EB5} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {F6E06073-27B2-48BB-8FA1-AAA8B50066D0} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {FB96BBB5-A5AD-4886-B14B-183EA8E08AD0} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-11] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-4171136491-575053196-1707953686-1000.job => C:\Program Files\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files\Skillbrains\Updater\Updater.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/14/2013 00:40:29 PM) (Source: Application on Demand - JQM2_ger) (User: )
Description: ALoggerFileCyclic: Failed to release mutex. Last error code: 288
Type:
ERROR
Location:
::(0) : error 0:
Computer:
Id: 0, Name:Null
Error: (07/14/2013 00:40:29 PM) (Source: Application on Demand - JQM2_ger) (User: )
Description: ALoggerFileCyclic: Failed to release mutex. Last error code: 288
Type:
ERROR
Location:
::(0) : error 0:
Computer:
Id: 0, Name:Null
Error: (07/14/2013 00:24:26 PM) (Source: Application on Demand - plugin-container) (User: )
Description: ALoggerFileCyclic: Failed to delete an old log file Last error code: 32
Type:
ERROR
Location:
::(0) : error 0:
Computer:
Id: 0, Name:Null
Error: (07/10/2013 08:44:54 AM) (Source: Desktop Window Manager) (User: )
Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d) festgestellt.
Error: (06/29/2013 08:07:09 AM) (Source: Desktop Window Manager) (User: )
Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d) festgestellt.
Error: (06/22/2013 08:04:14 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
Error: (06/14/2013 04:10:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: LABTOP)
Description: Die App „microsoft.microsoftskydrive_8wekyb3d8bbwe!Microsoft.MicrosoftSkyDrive“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.
Error: (06/14/2013 02:56:03 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
Error: (06/13/2013 02:35:17 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
Error: (06/12/2013 00:53:05 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
System errors:
=============
Error: (07/14/2013 08:59:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%2147942405
Error: (07/14/2013 08:59:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%2147942405
Error: (07/14/2013 08:59:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%2147942405
Error: (07/14/2013 08:59:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%2147942405
Error: (07/14/2013 08:47:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1062
Error: (07/14/2013 08:47:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%2147942405
Error: (07/14/2013 08:47:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%2147942405
Error: (07/14/2013 08:35:10 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%2147942405
Error: (07/14/2013 08:35:10 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%2147942405
Error: (07/14/2013 08:35:09 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%2147942405
Microsoft Office Sessions:
=========================
Error: (07/14/2013 00:40:29 PM) (Source: Application on Demand - JQM2_ger)(User: )
Description: ALoggerFileCyclic: Failed to release mutex. Last error code: 288
Type:
ERROR
Location:
::(0) : error 0:
Computer:
Id: 0, Name:Null
Error: (07/14/2013 00:40:29 PM) (Source: Application on Demand - JQM2_ger)(User: )
Description: ALoggerFileCyclic: Failed to release mutex. Last error code: 288
Type:
ERROR
Location:
::(0) : error 0:
Computer:
Id: 0, Name:Null
Error: (07/14/2013 00:24:26 PM) (Source: Application on Demand - plugin-container)(User: )
Description: ALoggerFileCyclic: Failed to delete an old log file Last error code: 32
Type:
ERROR
Location:
::(0) : error 0:
Computer:
Id: 0, Name:Null
Error: (07/10/2013 08:44:54 AM) (Source: Desktop Window Manager)(User: )
Description: 0x8898008d
Error: (06/29/2013 08:07:09 AM) (Source: Desktop Window Manager)(User: )
Description: 0x8898008d
Error: (06/22/2013 08:04:14 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
Error: (06/14/2013 04:10:31 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: LABTOP)
Description: microsoft.microsoftskydrive_8wekyb3d8bbwe!Microsoft.MicrosoftSkyDrive
Error: (06/14/2013 02:56:03 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
Error: (06/13/2013 02:35:17 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
Error: (06/12/2013 00:53:05 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
==================== Memory info ===========================
Percentage of memory in use: 74%
Total physical RAM: 3071.33 MB
Available physical RAM: 786.73 MB
Total Pagefile: 6143.33 MB
Available Pagefile: 3486.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1839.45 MB
==================== Drives ================================
Drive c: (Windows 8) (Fixed) (Total:116.44 GB) (Free:67.42 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (***) (Fixed) (Total:104.73 GB) (Free:54.45 GB) NTFS
Drive e: () (Fixed) (Total:116.44 GB) (Free:69.39 GB) NTFS
Drive g: () (Fixed) (Total:116.44 GB) (Free:116.16 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 233 GB) (Disk ID: BBC58B91)
Partition 1: (Not Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=116 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 233 GB) (Disk ID: 97646C29)
Partition 1: (Not Active) - (Size=12 GB) - (Type=1C)
Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=105 GB) - (Type=OF Extended)
==================== End Of Log ============================
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-07-2013
Ran by *** (administrator) on 14-07-2013 20:56:34
Running from C:\Users\***\Desktop
Microsoft Windows 8 Pro (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(pdfforge GbR) C:\Program Files\PDF Architect\HelperService.exe
(SRS Labs, Inc.) C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe
(Acresso Software Inc.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Skillbrains) C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.0\LightShot.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
() C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe
(Microsoft Corporation) C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2383160 2012-11-06] (Synaptics Incorporated)
HKLM\...\Run: [SRSAENotifier] - C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe [548768 2012-06-25] (SRS Labs, Inc.)
HKLM\...\Run: [Acrobat Assistant 8.0] - "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [620152 2006-10-23] (Adobe Systems Inc.)
HKLM\...\Run: [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [LightShot] - C:\Users\***\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue [195072 2011-03-16] ()
HKCU\...\Run: [OfficeSyncProcess] - "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation)
HKCU\...\Run: [SRSHDAudioLab] - "C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe" auto [5446056 2012-06-25] ()
HKCU\...\Run: [Steam] - "C:\Program Files\Steam\Steam.exe" -silent [1597864 2013-02-14] (Valve Corporation)
HKCU\...\Run: [SkyDrive] - "C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background [257136 2013-07-03] (Microsoft Corporation)
HKCU\...\Run: [Exetender_148] - "C:\Program Files\FreeRide Games\GPlayer.exe" /schedule 300000 [x]
Lsa: [Notification Packages] scecli C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe"
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Winsock: Catalog5 04 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9 11 mswsock.dll File Not found ()
Winsock: Catalog9 12 mswsock.dll File Not found ()
Winsock: Catalog9 13 mswsock.dll File Not found ()
Winsock: Catalog9 14 mswsock.dll File Not found ()
Winsock: Catalog9 15 mswsock.dll File Not found ()
Winsock: Catalog9 16 mswsock.dll File Not found ()
Winsock: Catalog9 17 mswsock.dll File Not found ()
Winsock: Catalog9 18 mswsock.dll File Not found ()
Winsock: Catalog9 19 mswsock.dll File Not found ()
Winsock: Catalog9 20 mswsock.dll File Not found ()
Winsock: Catalog9 21 mswsock.dll File Not found ()
Winsock: Catalog9 22 mswsock.dll File Not found ()
Winsock: Catalog9 23 mswsock.dll File Not found ()
Winsock: Catalog9 24 mswsock.dll File Not found ()
Winsock: Catalog9 25 mswsock.dll File Not found ()
Winsock: Catalog9 26 mswsock.dll File Not found ()
Winsock: Catalog9 27 mswsock.dll File Not found ()
Winsock: Catalog9 28 mswsock.dll File Not found ()
Winsock: Catalog9 29 mswsock.dll File Not found ()
Winsock: Catalog9 30 mswsock.dll File Not found ()
Winsock: Catalog9 31 mswsock.dll File Not found ()
Winsock: Catalog9 32 mswsock.dll File Not found ()
Winsock: Catalog9 33 mswsock.dll File Not found ()
Winsock: Catalog9 34 mswsock.dll File Not found ()
Winsock: Catalog9 35 mswsock.dll File Not found ()
Winsock: Catalog9 36 mswsock.dll File Not found ()
Winsock: Catalog9 37 mswsock.dll File Not found ()
Winsock: Catalog9 38 mswsock.dll File Not found ()
Winsock: Catalog9 39 mswsock.dll File Not found ()
Winsock: Catalog9 40 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\90vhslw0.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt
========================== Services (Whitelisted) =================
R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [106880 2012-09-11] (ASUSTek Computer Inc.)
R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-21] (ASUS)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
S2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 SRSHDAudioService; C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe [13232 2012-06-25] (SRS Labs, Inc.)
==================== Drivers (Whitelisted) ====================
R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-28] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-06-28] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-06-28] ()
R3 athr; C:\Windows\system32\DRIVERS\athr.sys [2273280 2012-06-02] (Qualcomm Atheros Communications, Inc.)
R3 MTsensor; C:\Windows\System32\drivers\ATKACPI.sys [14392 2009-05-13] (ASUS)
R3 SRS_AE_Service; C:\Windows\system32\drivers\SRS_AE_i386.sys [407368 2012-06-21] ()
S3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHDA.sys [x]
U3 uwldapow; \??\C:\Users\***\AppData\Local\Temp\uwldapow.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-14 20:56 - 2013-07-14 20:56 - 00000000 ____D C:\FRST
2013-07-14 20:54 - 2013-07-14 20:54 - 01218214 _____ (Farbar) C:\Users\***\Desktop\FRST.exe
2013-07-14 16:48 - 2013-07-14 16:48 - 00602112 _____ (OldTimer Tools) C:\Users\***\Downloads\OTL(2).exe
2013-07-14 16:47 - 2013-07-14 16:49 - 00064652 _____ C:\Users\***\Desktop\gmer.log
2013-07-14 15:07 - 2013-07-14 15:07 - 00377856 _____ C:\Users\***\Downloads\gmer_2.1.19163.exe
2013-07-14 14:56 - 2013-07-14 14:56 - 00602112 _____ (OldTimer Tools) C:\Users\***\Downloads\OTL(1).exe
2013-07-14 14:54 - 2013-07-14 14:54 - 00115388 _____ C:\Users\***\Downloads\OTL.Txt
2013-07-14 14:54 - 2013-07-14 14:54 - 00115112 _____ C:\Users\***\Desktop\OTL.Txt
2013-07-14 14:46 - 2013-07-14 14:46 - 00602112 _____ (OldTimer Tools) C:\Users\***\Desktop\OTL.exe
2013-07-14 14:43 - 2013-07-14 14:45 - 00000474 _____ C:\Users\***\Downloads\defogger_disable.log
2013-07-14 14:43 - 2013-07-14 14:43 - 00050477 _____ C:\Users\***\Downloads\Defogger.exe
2013-07-14 14:43 - 2013-07-14 14:43 - 00000000 _____ C:\Users\***\defogger_reenable
2013-07-14 14:33 - 2013-07-14 14:33 - 00540072 _____ (Neuber Software) C:\Users\***\Downloads\SvchostAnalyzer.exe
2013-07-14 13:57 - 2013-07-14 13:57 - 04054000 _____ (LionSea Software ) C:\Users\***\Downloads\setup.exe
2013-07-14 12:47 - 2013-07-14 12:47 - 00425072 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-07-14 12:32 - 2013-07-14 12:32 - 00000000 ____D C:\Users\Public\Documents\wildtangent_de
2013-07-14 12:24 - 2013-07-14 12:24 - 00000000 ____D C:\ProgramData\FreeRide Games
2013-07-14 12:16 - 2013-07-14 12:16 - 15314304 _____ C:\Users\***\Downloads\PeggleSetup-en.exe
2013-07-14 11:43 - 2013-07-14 11:43 - 00605800 _____ C:\Users\***\Downloads\peggle-deluxe.exe
2013-07-14 11:15 - 2013-07-14 11:15 - 00369951 _____ (Freeware-Download) C:\Users\***\Downloads\get_Peggle_Deluxe.exe
2013-07-14 11:15 - 2013-07-14 11:15 - 00000000 ____D C:\Users\***\AppData\Roaming\GetRightToGo
2013-07-14 11:15 - 2013-07-14 11:15 - 00000000 ____D C:\Users\***\AppData\Local\Big Fish
2013-07-14 11:15 - 2013-07-14 11:15 - 00000000 ____D C:\BigFishCache
2013-07-14 11:08 - 2013-07-14 11:08 - 00235872 _____ (Big Fish Games) C:\Users\***\Downloads\peggle_s2_l2_gF1465T1L2_d2117874113.exe
2013-07-14 11:06 - 2013-07-14 11:06 - 00235872 _____ (Big Fish Games) C:\Users\***\Downloads\peggle_s2_l2_gF1465T1L2_d2117873080.exe
2013-07-12 09:48 - 2013-07-12 09:49 - 00000000 ____D C:\Program Files\PDFCreator
2013-07-12 09:48 - 2013-07-12 09:48 - 00000000 ____D C:\Users\***\AppData\Roaming\pdfforge
2013-07-12 09:48 - 2013-04-09 15:13 - 00095416 _____ (pdfforge GmbH) C:\WINDOWS\system32\pdfcmon.dll
2013-07-12 09:48 - 2012-05-05 11:54 - 00662288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSCOMCT2.OCX
2013-07-12 09:48 - 2012-05-05 11:54 - 00137000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMAPI32.OCX
2013-07-12 09:48 - 2012-05-05 11:54 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPIDE.DLL
2013-07-12 09:48 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\WINDOWS\system32\VB6DE.DLL
2013-07-12 09:48 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSCMCDE.DLL
2013-07-12 09:48 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSCC2DE.DLL
2013-07-12 09:46 - 2013-07-12 09:46 - 17502040 _____ (pdfforge GbR) C:\Users\***\Downloads\PDFCreator-1_7_0_setup.exe
2013-07-12 09:40 - 2013-07-12 09:40 - 00043823 _____ C:\Users\***\AppData\Local\recently-used.xbel
2013-07-11 16:18 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-07-11 16:18 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-07-11 16:18 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-07-11 16:18 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-07-11 16:18 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2013-07-11 16:18 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-07-11 16:18 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-07-11 16:18 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-07-11 16:18 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-07-11 16:18 - 2013-06-01 11:25 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2013-07-11 16:17 - 2013-05-31 01:09 - 03389952 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-07-11 16:17 - 2013-05-04 06:57 - 02620928 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2013-07-11 16:17 - 2013-04-12 00:30 - 01421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2013-07-11 10:36 - 2013-07-11 10:36 - 00001535 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free YouTube to MP3 Converter.lnk
2013-07-10 11:12 - 2013-07-10 11:12 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-07-10 11:10 - 2013-07-10 11:10 - 01211048 _____ (DVDVideoSoft Ltd. ) C:\Users\***\Downloads\FreeYouTubeToMP3Converter.exe
2013-07-06 08:52 - 2013-07-06 08:52 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-07-06 08:52 - 2013-07-06 08:52 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-07-06 08:52 - 2013-07-06 08:52 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-07-06 08:52 - 2013-07-06 08:52 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-07-06 08:52 - 2013-07-06 08:52 - 00000000 ____D C:\Program Files\Java
2013-07-06 08:50 - 2013-07-06 08:50 - 31714216 _____ (Oracle Corporation) C:\Users\***\Downloads\jre-7u25-windows-i586.exe
2013-07-06 08:41 - 2013-07-06 08:41 - 00001024 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IKP - Information, Kommunikation und Planung (Herr Rüßmann).lnk
2013-07-06 08:41 - 2013-07-06 08:41 - 00001018 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rechtssicheres Handeln - Umweltrecht (Herr Dr. Hedermann).lnk
2013-07-06 08:41 - 2013-07-06 08:41 - 00000957 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Betriebswirtschaftliches Handeln (Herr Ziemer).lnk
2013-07-06 08:41 - 2013-07-06 08:41 - 00000937 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zusammenarbeit im Betrieb (Herr Hagendorf).lnk
2013-07-03 13:03 - 2013-07-03 13:03 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-28 11:19 - 2013-06-28 11:19 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys.sum
2013-06-27 09:05 - 2013-06-28 11:19 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum
2013-06-27 09:05 - 2013-06-28 11:19 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSnx.sys.sum
2013-06-14 16:15 - 2013-06-14 16:15 - 03270960 _____ (Secunia) C:\Users\***\Downloads\PSISetup.exe
2013-06-14 15:57 - 2013-05-31 01:20 - 01011712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2013-06-14 15:57 - 2013-05-24 01:27 - 01075200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2013-06-14 15:57 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2013-06-14 15:57 - 2013-05-15 04:24 - 00793088 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2013-06-14 15:57 - 2013-05-15 04:24 - 00482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2013-06-14 15:57 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2013-06-14 15:57 - 2013-04-03 01:37 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdlg.dll
2013-06-14 15:49 - 2013-06-14 15:49 - 00000000 ____D C:\Program Files\Common Files\Java
2013-06-14 15:46 - 2013-06-14 15:46 - 31666592 _____ (Oracle Corporation) C:\Users\***\Downloads\jre-7u21-windows-i586.exe
2013-06-14 15:25 - 2013-05-04 07:45 - 05575424 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2013-06-14 15:11 - 2013-04-24 01:13 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2013-06-14 15:11 - 2013-04-24 01:12 - 01569792 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2013-06-14 15:11 - 2013-04-24 01:12 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptnet.dll
2013-06-14 15:11 - 2013-04-24 01:12 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
2013-06-14 09:05 - 2013-05-04 07:54 - 00103176 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2013-06-14 09:05 - 2013-05-04 07:37 - 00052056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2013-06-14 09:05 - 2013-05-04 07:20 - 00362240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2013-06-14 09:05 - 2013-05-04 07:20 - 00238336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2013-06-14 09:05 - 2013-05-04 07:20 - 00180488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS
2013-06-14 09:05 - 2013-05-04 06:58 - 02561536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2013-06-14 09:05 - 2013-05-04 06:58 - 01555456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2013-06-14 09:05 - 2013-05-04 06:58 - 01150976 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2013-06-14 09:05 - 2013-05-04 06:58 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2013-06-14 09:05 - 2013-05-04 06:58 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2013-06-14 09:05 - 2013-05-04 06:58 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2013-06-14 09:05 - 2013-05-04 06:58 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2013-06-14 09:05 - 2013-05-04 06:58 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2013-06-14 09:05 - 2013-05-04 06:58 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2013-06-14 09:05 - 2013-05-04 06:57 - 10788864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2013-06-14 09:05 - 2013-05-04 06:57 - 08857088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-06-14 09:05 - 2013-05-04 06:57 - 01049600 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2013-06-14 09:05 - 2013-05-04 06:57 - 00371200 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2013-06-14 09:05 - 2013-05-04 06:57 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2013-06-14 09:05 - 2013-05-04 06:57 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2013-06-14 09:05 - 2013-05-04 06:57 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2013-06-14 09:05 - 2013-05-04 06:57 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2013-06-14 09:05 - 2013-05-04 06:57 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll
2013-06-14 09:05 - 2013-05-04 06:57 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2013-06-14 09:05 - 2013-05-04 06:57 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2013-06-14 09:05 - 2013-05-04 06:57 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\muifontsetup.dll
2013-06-14 09:05 - 2013-05-04 06:56 - 02035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2013-06-14 09:05 - 2013-05-04 06:56 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2013-06-14 09:05 - 2013-05-04 06:56 - 00582144 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2013-06-14 09:05 - 2013-05-04 06:56 - 00554496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2013-06-14 09:05 - 2013-05-04 06:56 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2013-06-14 09:05 - 2013-05-04 06:56 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2013-06-14 09:05 - 2013-05-04 06:56 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\BCP47Langs.dll
2013-06-14 09:05 - 2013-05-04 06:56 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2013-06-14 09:05 - 2013-05-04 06:56 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\biwinrt.dll
2013-06-14 09:05 - 2013-05-04 06:55 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2013-06-14 09:05 - 2013-05-04 06:10 - 00014848 _____ (Microsoft) C:\WINDOWS\system32\rars.rs
2013-06-14 09:05 - 2013-05-04 06:08 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2013-06-14 09:05 - 2013-05-04 06:08 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2013-06-14 09:05 - 2013-05-04 06:06 - 00320512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2013-06-14 09:05 - 2013-05-03 00:04 - 00386646 _____ C:\WINDOWS\system32\ApnDatabase.xml
2013-06-14 07:44 - 2013-05-04 07:14 - 01801472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2013-06-14 07:09 - 2013-04-27 05:21 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
==================== One Month Modified Files and Folders =======
2013-07-14 20:56 - 2013-07-14 20:56 - 00000000 ____D C:\FRST
2013-07-14 20:55 - 2012-12-09 12:43 - 00000000 ___RD C:\Users\***\Desktop
2013-07-14 20:54 - 2013-07-14 20:54 - 01218214 _____ (Farbar) C:\Users\***\Desktop\FRST.exe
2013-07-14 20:44 - 2012-12-11 18:52 - 00000392 _____ C:\WINDOWS\Tasks\update-sys.job
2013-07-14 19:21 - 2012-12-26 15:18 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-07-14 19:07 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\sru
2013-07-14 17:27 - 2012-12-11 18:52 - 00000392 _____ C:\WINDOWS\Tasks\update-S-1-5-21-4171136491-575053196-1707953686-1000.job
2013-07-14 16:49 - 2013-07-14 16:47 - 00064652 _____ C:\Users\***\Desktop\gmer.log
2013-07-14 16:48 - 2013-07-14 16:48 - 00602112 _____ (OldTimer Tools) C:\Users\***\Downloads\OTL(2).exe
2013-07-14 16:40 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-07-14 15:07 - 2013-07-14 15:07 - 00377856 _____ C:\Users\***\Downloads\gmer_2.1.19163.exe
2013-07-14 14:56 - 2013-07-14 14:56 - 00602112 _____ (OldTimer Tools) C:\Users\***\Downloads\OTL(1).exe
2013-07-14 14:54 - 2013-07-14 14:54 - 00115388 _____ C:\Users\***\Downloads\OTL.Txt
2013-07-14 14:54 - 2013-07-14 14:54 - 00115112 _____ C:\Users\***\Desktop\OTL.Txt
2013-07-14 14:46 - 2013-07-14 14:46 - 00602112 _____ (OldTimer Tools) C:\Users\***\Desktop\OTL.exe
2013-07-14 14:45 - 2013-07-14 14:43 - 00000474 _____ C:\Users\***\Downloads\defogger_disable.log
2013-07-14 14:43 - 2013-07-14 14:43 - 00050477 _____ C:\Users\***\Downloads\Defogger.exe
2013-07-14 14:43 - 2013-07-14 14:43 - 00000000 _____ C:\Users\***\defogger_reenable
2013-07-14 14:43 - 2012-12-09 12:43 - 00000000 ____D C:\Users\***
2013-07-14 14:33 - 2013-07-14 14:33 - 00540072 _____ (Neuber Software) C:\Users\***\Downloads\SvchostAnalyzer.exe
2013-07-14 14:21 - 2013-02-06 15:51 - 00000000 ___RD C:\Users\***\SkyDrive
2013-07-14 14:07 - 2012-07-26 08:53 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-14 13:57 - 2013-07-14 13:57 - 04054000 _____ (LionSea Software ) C:\Users\***\Downloads\setup.exe
2013-07-14 13:44 - 2012-12-27 13:08 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-14 13:44 - 2012-07-26 08:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-07-14 13:43 - 2012-07-26 06:17 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2013-07-14 12:47 - 2013-07-14 12:47 - 00425072 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-07-14 12:32 - 2013-07-14 12:32 - 00000000 ____D C:\Users\Public\Documents\wildtangent_de
2013-07-14 12:24 - 2013-07-14 12:24 - 00000000 ____D C:\ProgramData\FreeRide Games
2013-07-14 12:24 - 2012-12-19 14:50 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-07-14 12:16 - 2013-07-14 12:16 - 15314304 _____ C:\Users\***\Downloads\PeggleSetup-en.exe
2013-07-14 11:43 - 2013-07-14 11:43 - 00605800 _____ C:\Users\***\Downloads\peggle-deluxe.exe
2013-07-14 11:15 - 2013-07-14 11:15 - 00369951 _____ (Freeware-Download) C:\Users\***\Downloads\get_Peggle_Deluxe.exe
2013-07-14 11:15 - 2013-07-14 11:15 - 00000000 ____D C:\Users\***\AppData\Roaming\GetRightToGo
2013-07-14 11:15 - 2013-07-14 11:15 - 00000000 ____D C:\Users\***\AppData\Local\Big Fish
2013-07-14 11:15 - 2013-07-14 11:15 - 00000000 ____D C:\BigFishCache
2013-07-14 11:08 - 2013-07-14 11:08 - 00235872 _____ (Big Fish Games) C:\Users\***\Downloads\peggle_s2_l2_gF1465T1L2_d2117874113.exe
2013-07-14 11:06 - 2013-07-14 11:06 - 00235872 _____ (Big Fish Games) C:\Users\***\Downloads\peggle_s2_l2_gF1465T1L2_d2117873080.exe
2013-07-14 08:59 - 2012-12-28 12:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-14 08:59 - 2012-12-09 12:37 - 00024662 _____ C:\WINDOWS\PFRO.log
2013-07-12 18:51 - 2012-07-26 10:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 18:50 - 2012-12-09 12:51 - 01187502 _____ C:\WINDOWS\WindowsUpdate.log
2013-07-12 17:27 - 2012-12-11 18:31 - 00000000 ____D C:\Users\***\AppData\Roaming\MediaMonkey
2013-07-12 16:28 - 2012-12-09 12:52 - 01745416 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-07-12 16:15 - 2013-01-18 12:11 - 00000000 ____D C:\Users\***\.gimp-2.8
2013-07-12 09:50 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2013-07-12 09:49 - 2013-07-12 09:48 - 00000000 ____D C:\Program Files\PDFCreator
2013-07-12 09:48 - 2013-07-12 09:48 - 00000000 ____D C:\Users\***\AppData\Roaming\pdfforge
2013-07-12 09:46 - 2013-07-12 09:46 - 17502040 _____ (pdfforge GbR) C:\Users\***\Downloads\PDFCreator-1_7_0_setup.exe
2013-07-12 09:40 - 2013-07-12 09:40 - 00043823 _____ C:\Users\***\AppData\Local\recently-used.xbel
2013-07-11 17:47 - 2012-12-11 18:52 - 00000442 _____ C:\Users\***\AppData\Local\UserProducts.xml
2013-07-11 17:47 - 2012-12-11 18:52 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LightShot
2013-07-11 17:02 - 2012-12-10 19:41 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 16:57 - 2012-12-13 17:42 - 75699896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-07-11 16:08 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-07-11 10:36 - 2013-07-11 10:36 - 00001535 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free YouTube to MP3 Converter.lnk
2013-07-11 10:22 - 2012-12-12 18:47 - 00000000 ____D C:\Users\***\AppData\Local\Adobe
2013-07-10 11:14 - 2013-05-20 12:12 - 00000000 ____D C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
2013-07-10 11:12 - 2013-07-10 11:12 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-07-10 11:12 - 2012-12-11 18:55 - 00000000 ____D C:\Users\***\AppData\Roaming\DVDVideoSoft
2013-07-10 11:10 - 2013-07-10 11:10 - 01211048 _____ (DVDVideoSoft Ltd. ) C:\Users\***\Downloads\FreeYouTubeToMP3Converter.exe
2013-07-06 08:52 - 2013-07-06 08:52 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-07-06 08:52 - 2013-07-06 08:52 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-07-06 08:52 - 2013-07-06 08:52 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-07-06 08:52 - 2013-07-06 08:52 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-07-06 08:52 - 2013-07-06 08:52 - 00000000 ____D C:\Program Files\Java
2013-07-06 08:52 - 2012-12-21 15:46 - 00867240 _____ (Oracle Corporation) C:\WINDOWS\system32\npDeployJava1.dll
2013-07-06 08:52 - 2012-12-21 15:46 - 00789416 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll
2013-07-06 08:50 - 2013-07-06 08:50 - 31714216 _____ (Oracle Corporation) C:\Users\***\Downloads\jre-7u25-windows-i586.exe
2013-07-06 08:41 - 2013-07-06 08:41 - 00001024 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IKP - Information, Kommunikation und Planung (Herr Rüßmann).lnk
2013-07-06 08:41 - 2013-07-06 08:41 - 00001018 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rechtssicheres Handeln - Umweltrecht (Herr Dr. Hedermann).lnk
2013-07-06 08:41 - 2013-07-06 08:41 - 00000957 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Betriebswirtschaftliches Handeln (Herr Ziemer).lnk
2013-07-06 08:41 - 2013-07-06 08:41 - 00000937 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zusammenarbeit im Betrieb (Herr Hagendorf).lnk
2013-07-04 18:08 - 2012-12-11 19:35 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-03 13:03 - 2013-07-03 13:03 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-03 09:57 - 2013-02-06 15:51 - 00002251 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2013-07-01 17:04 - 2012-07-26 08:03 - 00080005 _____ C:\WINDOWS\setupact.log
2013-06-28 11:19 - 2013-06-28 11:19 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys.sum
2013-06-28 11:19 - 2013-06-27 09:05 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum
2013-06-28 11:19 - 2013-06-27 09:05 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSnx.sys.sum
2013-06-28 11:19 - 2013-03-19 19:39 - 00175176 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-06-28 11:19 - 2012-12-09 13:39 - 00770344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-06-28 11:19 - 2012-12-09 13:39 - 00369584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-06-28 00:04 - 2013-04-14 13:34 - 00693112 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-06-28 00:04 - 2013-04-14 13:34 - 00078200 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-06-16 12:48 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\rescache
2013-06-15 16:03 - 2012-12-10 19:45 - 00001536 _____ C:\Users\***\Desktop\Produktkey.txt
2013-06-14 16:15 - 2013-06-14 16:15 - 03270960 _____ (Secunia) C:\Users\***\Downloads\PSISetup.exe
2013-06-14 16:00 - 2012-07-26 08:53 - 00000000 ___RD C:\WINDOWS\ToastData
2013-06-14 16:00 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\WinStore
2013-06-14 16:00 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\de-DE
2013-06-14 16:00 - 2012-07-26 08:53 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-06-14 16:00 - 2012-07-26 08:49 - 00000000 ____D C:\WINDOWS\system32\DriverStore
2013-06-14 15:49 - 2013-06-14 15:49 - 00000000 ____D C:\Program Files\Common Files\Java
2013-06-14 15:46 - 2013-06-14 15:46 - 31666592 _____ (Oracle Corporation) C:\Users\***\Downloads\jre-7u21-windows-i586.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\de-DE => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
LastRegBack: 2013-07-11 10:35
==================== End Of Log ============================
--- --- --- Wie soll ich mich jetzt eigentlich verhalten? Was darf ich noch auf dem Rechner und was nicht solange das nicht bereinigt ist? |
|
14.07.2013, 20:13
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avast blockiert Datei (windows\system32\svchost.exe) Du machst erstmal garnix am Rechner bis wir durch sind.... Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Anschließend bitte ein frisches Log mit GMER machen: Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.07.2013, 21:53
| #12 |
| | Avast blockiert Datei (windows\system32\svchost.exe) GMER: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-14 22:50:30
Windows 6.2.9200 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-2 ST9250320AS rev.0303 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\***\AppData\Local\Temp\uwldapow.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x9031276E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x9042280E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x90310C42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x90423CF6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x903128EA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x90422556]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x904241C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x90424066]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x9042245C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x904224CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x904222F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x90423D16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x904227A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x90422742]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwReplyWaitReceivePortEx [0x9042522A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwReplyWaitReceivePort [0x904298B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x90424506]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x904247F8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x90312822]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x9042F0DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x9042726E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x9042EEF6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x9042F036]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x90426E78]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x9042EEAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x9042F122]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x9042EF86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x9042EF42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x9042492C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x9042798C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x904226DC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x90310C12]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x903126C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x90427596]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x90422676]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x90423E9C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x9042F0B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x90423800]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x904235E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x9042EECE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x90312992]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x9042EE86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x9042F0FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x9042EF64]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x9042EF18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x904230E6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAlpcSendWaitReceivePort [0x90425256]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x903125FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x90422610]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x9032BE00]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!ZwCallbackReturn + 16C 812EC4BC 12 Bytes [56, 25, 42, 90, C8, 41, 42, ...] {PUSH ESI; AND EAX, 0x41c89042; INC EDX; NOP ; INC AX; INC EDX; NOP }
.text ntoskrnl.exe!ZwCallbackReturn + 1B4 812EC504 2 Bytes [CE, 24]
.text ntoskrnl.exe!ZwCallbackReturn + 1B7 812EC507 5 Bytes [90, F8, 22, 42, 90] {NOP ; CLC ; AND AL, [EDX-0x70]}
.text ntoskrnl.exe!ZwCallbackReturn + 604 812EC954 12 Bytes [B8, F0, 42, 90, 00, 38, 42, ...] {MOV EAX, 0x9042f0; CMP [EDX-0x70], AL; IN AL, 0x35; INC EDX; NOP }
.text ntoskrnl.exe!ZwReplacePartitionUnit + 2673 81362135 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 66A 81366A1A 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE ntoskrnl.exe!SeOpenObjectAuditAlarmWithTransaction + 580 81449A07 5 Bytes JMP 9032A7CC \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 8153662E 5 Bytes JMP 90328C9A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 815CB0ED 7 Bytes JMP 9032BE04 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? System32\drivers\imofugc.sys Das System kann den angegebenen Pfad nicht finden. !
.edata C:\WINDOWS\System32\DRIVERS\netbt.sys unknown last section [0x90A20000, 0x3B6B, 0xC8000040]
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\csrss.exe[460] kernel32.dll!GetBinaryTypeW + 6F 7541DDE0 1 Byte [62]
.text C:\WINDOWS\system32\dashost.exe[472] ntdll.dll!LdrUnloadDll 77992029 5 Bytes JMP 00E903FC
.text C:\WINDOWS\system32\dashost.exe[472] ntdll.dll!LdrLoadDll 779A5D29 5 Bytes JMP 00E901F8
.text C:\WINDOWS\system32\dashost.exe[472] KERNEL32.dll!GetBinaryTypeW + 6F 7541DDE0 1 Byte [62]
.text C:\WINDOWS\system32\AUDIODG.EXE[480] KERNEL32.DLL!GetBinaryTypeW + 6F 7541DDE0 1 Byte [62]
.text C:\WINDOWS\system32\wininit.exe[532] KERNEL32.DLL!GetBinaryTypeW + 6F 7541DDE0 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[540] kernel32.dll!GetBinaryTypeW + 6F 7541DDE0 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[628] KERNEL32.DLL!GetBinaryTypeW + 6F 7541DDE0 1 Byte [62]
.text ...
.text C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.0\LightShot.exe[1068] ntdll.dll!LdrUnloadDll 77992029 5 Bytes JMP 00F803FC
.text C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.0\LightShot.exe[1068] ntdll.dll!LdrLoadDll 779A5D29 5 Bytes JMP 00F801F8
.text C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.0\LightShot.exe[1068] KERNEL32.dll!GetBinaryTypeW + 6F 7541DDE0 1 Byte [62]
.text C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.0\LightShot.exe[1068] USER32.dll!UnhookWindowsHookEx 76DFA37A 5 Bytes JMP 010A0A08
.text C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.0\LightShot.exe[1068] USER32.dll!SetWindowsHookExW 76DFF223 5 Bytes JMP 010A0804
.text C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.0\LightShot.exe[1068] USER32.dll!UnhookWinEvent 76DFFE7F 5 Bytes JMP 010A03FC
.text C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.0\LightShot.exe[1068] USER32.dll!SetWinEventHook 76E0938E 5 Bytes JMP 010A01F8
.text C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.0\LightShot.exe[1068] USER32.dll!SetWindowsHookExA 76E16F76 5 Bytes JMP 010A0600
.text C:\WINDOWS\system32\svchost.exe[1104] KERNEL32.DLL!GetBinaryTypeW + 6F 7541DDE0 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1204] KERNEL32.DLL!GetBinaryTypeW + 6F 7541DDE0 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1268] KERNEL32.DLL!GetBinaryTypeW + 6F 7541DDE0 1 Byte [62]
.text C:\WINDOWS\system32\nvvsvc.exe[1280] KERNEL32.DLL!GetBinaryTypeW + 6F 7541DDE0 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1472] KERNEL32.DLL!GetBinaryTypeW + 6F 7541DDE0 1 Byte [62]
.text ...
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[1704] ntdll.dll!LdrUnloadDll 77992029 5 Bytes JMP 005B03FC
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[1704] ntdll.dll!LdrLoadDll 779A5D29 5 Bytes JMP 005B01F8
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[1704] USER32.dll!UnhookWindowsHookEx 76DFA37A 5 Bytes JMP 005D0A08
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[1704] USER32.dll!SetWindowsHookExW 76DFF223 5 Bytes JMP 005D0804
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[1704] USER32.dll!UnhookWinEvent 76DFFE7F 5 Bytes JMP 005D03FC
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[1704] USER32.dll!SetWinEventHook 76E0938E 5 Bytes JMP 005D01F8
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[1704] USER32.dll!SetWindowsHookExA 76E16F76 5 Bytes JMP 005D0600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1964] ntdll.dll!LdrUnloadDll 77992029 5 Bytes JMP 00BC03FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1964] ntdll.dll!LdrLoadDll 779A5D29 5 Bytes JMP 00BC01F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1964] KERNEL32.dll!GetBinaryTypeW + 6F 7541DDE0 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1964] USER32.dll!UnhookWindowsHookEx 76DFA37A 5 Bytes JMP 00BE0A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1964] USER32.dll!SetWindowsHookExW 76DFF223 5 Bytes JMP 00BE0804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1964] USER32.dll!UnhookWinEvent 76DFFE7F 5 Bytes JMP 00BE03FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1964] USER32.dll!SetWinEventHook 76E0938E 5 Bytes JMP 00BE01F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1964] USER32.dll!SetWindowsHookExA 76E16F76 5 Bytes JMP 00BE0600
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2104] ntdll.dll!LdrUnloadDll 77992029 5 Bytes JMP 004A03FC
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2104] ntdll.dll!LdrLoadDll 779A5D29 5 Bytes JMP 004A01F8
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2104] KERNEL32.dll!GetBinaryTypeW + 6F 7541DDE0 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2104] USER32.dll!UnhookWindowsHookEx 76DFA37A 5 Bytes JMP 005D0A08
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2104] USER32.dll!SetWindowsHookExW 76DFF223 5 Bytes JMP 005D0804
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2104] USER32.dll!UnhookWinEvent 76DFFE7F 5 Bytes JMP 005D03FC
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2104] USER32.dll!SetWinEventHook 76E0938E 5 Bytes JMP 005D01F8
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2104] USER32.dll!SetWindowsHookExA 76E16F76 5 Bytes JMP 005D0600
.text C:\Users\***\Desktop\gmer_2.1.19163.exe[2240] KERNEL32.DLL!GetBinaryTypeW + 6F 7541DDE0 1 Byte [62]
.text C:\WINDOWS\system32\taskhostex.exe[2264] ntdll.dll!LdrUnloadDll 77992029 5 Bytes JMP 00AB03FC
.text C:\WINDOWS\system32\taskhostex.exe[2264] ntdll.dll!LdrLoadDll 779A5D29 5 Bytes JMP 00AB01F8
.text C:\WINDOWS\system32\taskhostex.exe[2264] KERNEL32.dll!GetBinaryTypeW + 6F 7541DDE0 1 Byte [62]
.text C:\WINDOWS\system32\taskhostex.exe[2264] user32.dll!UnhookWindowsHookEx 76DFA37A 5 Bytes JMP 00AE0A08
.text C:\WINDOWS\system32\taskhostex.exe[2264] user32.dll!SetWindowsHookExW 76DFF223 5 Bytes JMP 00AE0804
.text C:\WINDOWS\system32\taskhostex.exe[2264] user32.dll!UnhookWinEvent 76DFFE7F 5 Bytes JMP 00AE03FC
.text C:\WINDOWS\system32\taskhostex.exe[2264] user32.dll!SetWinEventHook 76E0938E 5 Bytes JMP 00AE01F8
.text C:\WINDOWS\system32\taskhostex.exe[2264] user32.dll!SetWindowsHookExA 76E16F76 5 Bytes JMP 00AE0600
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2308] ntdll.dll!LdrUnloadDll 77992029 5 Bytes JMP 00C403FC
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2308] ntdll.dll!LdrLoadDll 779A5D29 5 Bytes JMP 00C401F8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2308] USER32.dll!UnhookWindowsHookEx 76DFA37A 5 Bytes JMP 00C80A08
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2308] USER32.dll!SetWindowsHookExW 76DFF223 5 Bytes JMP 00C80804
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2308] USER32.dll!UnhookWinEvent 76DFFE7F 5 Bytes JMP 00C803FC
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2308] USER32.dll!SetWinEventHook 76E0938E 5 Bytes JMP 00C801F8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2308] USER32.dll!SetWindowsHookExA 76E16F76 5 Bytes JMP 00C80600
.text C:\WINDOWS\Explorer.EXE[2392] ntdll.dll!LdrUnloadDll 77992029 5 Bytes JMP 007303FC
.text C:\WINDOWS\Explorer.EXE[2392] ntdll.dll!LdrLoadDll 779A5D29 5 Bytes JMP 007301F8
.text C:\WINDOWS\Explorer.EXE[2392] KERNEL32.dll!GetBinaryTypeW + 6F 7541DDE0 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[2392] USER32.dll!UnhookWindowsHookEx 76DFA37A 5 Bytes JMP 00760A08
.text C:\WINDOWS\Explorer.EXE[2392] USER32.dll!SetWindowsHookExW 76DFF223 5 Bytes JMP 00760804
.text C:\WINDOWS\Explorer.EXE[2392] USER32.dll!UnhookWinEvent 76DFFE7F 5 Bytes JMP 007603FC
.text C:\WINDOWS\Explorer.EXE[2392] USER32.dll!SetWinEventHook 76E0938E 5 Bytes JMP 007601F8
.text C:\WINDOWS\Explorer.EXE[2392] USER32.dll!SetWindowsHookExA 76E16F76 5 Bytes JMP 00760600
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[2420] ntdll.dll!LdrUnloadDll 77992029 5 Bytes JMP 014303FC
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[2420] ntdll.dll!LdrLoadDll 779A5D29 5 Bytes JMP 014301F8
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[2420] USER32.dll!UnhookWindowsHookEx 76DFA37A 5 Bytes JMP 01470A08
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[2420] USER32.dll!SetWindowsHookExW 76DFF223 5 Bytes JMP 01470804
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[2420] USER32.dll!UnhookWinEvent 76DFFE7F 5 Bytes JMP 014703FC
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[2420] USER32.dll!SetWinEventHook 76E0938E 5 Bytes JMP 014701F8
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[2420] USER32.dll!SetWindowsHookExA 76E16F76 5 Bytes JMP 01470600
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[2452] ntdll.dll!LdrUnloadDll 77992029 5 Bytes JMP 002003FC
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[2452] ntdll.dll!LdrLoadDll 779A5D29 5 Bytes JMP 002001F8
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[2452] KERNEL32.dll!GetBinaryTypeW + 6F 7541DDE0 1 Byte [62]
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[2452] USER32.dll!UnhookWindowsHookEx 76DFA37A 5 Bytes JMP 00220A08
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[2452] USER32.dll!SetWindowsHookExW 76DFF223 5 Bytes JMP 00220804
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[2452] USER32.dll!UnhookWinEvent 76DFFE7F 5 Bytes JMP 002203FC
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[2452] USER32.dll!SetWinEventHook 76E0938E 5 Bytes JMP 002201F8
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[2452] USER32.dll!SetWindowsHookExA 76E16F76 5 Bytes JMP 00220600
.text C:\Program Files\PDF Architect\HelperService.exe[2460] ntdll.dll!LdrUnloadDll 77992029 5 Bytes JMP 00B203FC
.text C:\Program Files\PDF Architect\HelperService.exe[2460] ntdll.dll!LdrLoadDll 779A5D29 5 Bytes JMP 00B201F8
.text C:\Program Files\PDF Architect\HelperService.exe[2460] KERNEL32.dll!GetBinaryTypeW + 6F 7541DDE0 1 Byte [62]
.text C:\Program Files\PDF Architect\HelperService.exe[2460] USER32.dll!UnhookWindowsHookEx 76DFA37A 5 Bytes JMP 00B50A08
.text C:\Program Files\PDF Architect\HelperService.exe[2460] USER32.dll!SetWindowsHookExW 76DFF223 5 Bytes JMP 00B50804
.text C:\Program Files\PDF Architect\HelperService.exe[2460] USER32.dll!UnhookWinEvent 76DFFE7F 5 Bytes JMP 00B503FC
.text C:\Program Files\PDF Architect\HelperService.exe[2460] USER32.dll!SetWinEventHook 76E0938E 5 Bytes JMP 00B501F8
.text C:\Program Files\PDF Architect\HelperService.exe[2460] USER32.dll!SetWindowsHookExA 76E16F76 5 Bytes JMP 00B50600
.text C:\WINDOWS\system32\SearchIndexer.exe[2480] ntdll.dll!LdrUnloadDll 77992029 5 Bytes JMP 001603FC
.text C:\WINDOWS\system32\SearchIndexer.exe[2480] ntdll.dll!LdrLoadDll 779A5D29 5 Bytes JMP 001601F8
.text C:\WINDOWS\system32\SearchIndexer.exe[2480] USER32.dll!UnhookWindowsHookEx 76DFA37A 5 Bytes JMP 001A0A08
.text C:\WINDOWS\system32\SearchIndexer.exe[2480] USER32.dll!SetWindowsHookExW 76DFF223 5 Bytes JMP 001A0804
.text C:\WINDOWS\system32\SearchIndexer.exe[2480] USER32.dll!UnhookWinEvent 76DFFE7F 5 Bytes JMP 001A03FC
.text C:\WINDOWS\system32\SearchIndexer.exe[2480] USER32.dll!SetWinEventHook 76E0938E 5 Bytes JMP 001A01F8
.text C:\WINDOWS\system32\SearchIndexer.exe[2480] USER32.dll!SetWindowsHookExA 76E16F76 5 Bytes JMP 001A0600
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[2484] ntdll.dll!LdrUnloadDll 77992029 5 Bytes JMP 002003FC
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[2484] ntdll.dll!LdrLoadDll 779A5D29 5 Bytes JMP 002001F8
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[2484] KERNEL32.dll!GetBinaryTypeW + 6F 7541DDE0 1 Byte [62]
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[2484] USER32.dll!UnhookWindowsHookEx 76DFA37A 5 Bytes JMP 00220A08
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[2484] USER32.dll!SetWindowsHookExW 76DFF223 5 Bytes JMP 00220804
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[2484] USER32.dll!UnhookWinEvent 76DFFE7F 5 Bytes JMP 002203FC
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[2484] USER32.dll!SetWinEventHook 76E0938E 5 Bytes JMP 002201F8
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[2484] USER32.dll!SetWindowsHookExA 76E16F76 5 Bytes JMP 00220600
.text C:\WINDOWS\system32\svchost.exe[2696] ntdll.dll!LdrUnloadDll 77992029 5 Bytes JMP 00E103FC
.text C:\WINDOWS\system32\svchost.exe[2696] ntdll.dll!LdrLoadDll 779A5D29 5 Bytes JMP 00E101F8
.text C:\WINDOWS\system32\svchost.exe[2696] KERNEL32.dll!GetBinaryTypeW + 6F 7541DDE0 1 Byte [62]
.text C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe[2720] ntdll.dll!LdrUnloadDll 77992029 5 Bytes JMP 009503FC
.text C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe[2720] ntdll.dll!LdrLoadDll 779A5D29 5 Bytes JMP 009501F8
.text C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe[2720] USER32.dll!UnhookWindowsHookEx 76DFA37A 5 Bytes JMP 00980A08
.text C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe[2720] USER32.dll!SetWindowsHookExW 76DFF223 5 Bytes JMP 00980804
.text C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe[2720] USER32.dll!UnhookWinEvent 76DFFE7F 5 Bytes JMP 009803FC
.text C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe[2720] USER32.dll!SetWinEventHook 76E0938E 5 Bytes JMP 009801F8
.text C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe[2720] USER32.dll!SetWindowsHookExA 76E16F76 5 Bytes JMP 00980600
.text C:\WINDOWS\system32\svchost.exe[2768] ntdll.dll!LdrUnloadDll 77992029 5 Bytes JMP 007203FC
.text C:\WINDOWS\system32\svchost.exe[2768] ntdll.dll!LdrLoadDll 779A5D29 5 Bytes JMP 007201F8
.text C:\WINDOWS\system32\svchost.exe[2768] KERNEL32.dll!GetBinaryTypeW + 6F 7541DDE0 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2768] USER32.dll!UnhookWindowsHookEx 76DFA37A 5 Bytes JMP 00850A08
.text C:\WINDOWS\system32\svchost.exe[2768] USER32.dll!SetWindowsHookExW 76DFF223 5 Bytes JMP 00850804
.text C:\WINDOWS\system32\svchost.exe[2768] USER32.dll!UnhookWinEvent 76DFFE7F 5 Bytes JMP 008503FC
.text C:\WINDOWS\system32\svchost.exe[2768] USER32.dll!SetWinEventHook 76E0938E 5 Bytes JMP 008501F8
.text C:\WINDOWS\system32\svchost.exe[2768] USER32.dll!SetWindowsHookExA 76E16F76 5 Bytes JMP 00850600
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2820] ntdll.dll!LdrUnloadDll 77992029 5 Bytes JMP 002003FC
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2820] ntdll.dll!LdrLoadDll 779A5D29 5 Bytes JMP 002001F8
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2820] USER32.dll!UnhookWindowsHookEx 76DFA37A 5 Bytes JMP 00210A08
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2820] USER32.dll!SetWindowsHookExW 76DFF223 5 Bytes JMP 00210804
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2820] USER32.dll!UnhookWinEvent 76DFFE7F 5 Bytes JMP 002103FC
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2820] USER32.dll!SetWinEventHook 76E0938E 5 Bytes JMP 002101F8
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2820] USER32.dll!SetWindowsHookExA 76E16F76 5 Bytes JMP 00210600
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[2852] ntdll.dll!LdrUnloadDll 77992029 5 Bytes JMP 008403FC
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[2852] ntdll.dll!LdrLoadDll 779A5D29 5 Bytes JMP 008401F8
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[2852] USER32.dll!UnhookWindowsHookEx 76DFA37A 5 Bytes JMP 00860A08
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[2852] USER32.dll!SetWindowsHookExW 76DFF223 5 Bytes JMP 00860804
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[2852] USER32.dll!UnhookWinEvent 76DFFE7F 5 Bytes JMP 008603FC
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[2852] USER32.dll!SetWinEventHook 76E0938E 5 Bytes JMP 008601F8
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[2852] USER32.dll!SetWindowsHookExA 76E16F76 5 Bytes JMP 00860600
.text C:\WINDOWS\system32\svchost.exe[2964] ntdll.dll!LdrUnloadDll 77992029 5 Bytes JMP 010E03FC
.text C:\WINDOWS\system32\svchost.exe[2964] ntdll.dll!LdrLoadDll 779A5D29 5 Bytes JMP 010E01F8
.text C:\WINDOWS\system32\svchost.exe[2964] KERNEL32.dll!GetBinaryTypeW + 6F 7541DDE0 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2964] user32.dll!UnhookWindowsHookEx 76DFA37A 5 Bytes JMP 01200A08
.text C:\WINDOWS\system32\svchost.exe[2964] user32.dll!SetWindowsHookExW 76DFF223 5 Bytes JMP 01200804
.text C:\WINDOWS\system32\svchost.exe[2964] user32.dll!UnhookWinEvent 76DFFE7F 5 Bytes JMP 012003FC
.text C:\WINDOWS\system32\svchost.exe[2964] user32.dll!SetWinEventHook 76E0938E 5 Bytes JMP 012001F8
.text C:\WINDOWS\system32\svchost.exe[2964] user32.dll!SetWindowsHookExA 76E16F76 5 Bytes JMP 01200600
.text C:\WINDOWS\system32\DllHost.exe[3024] ntdll.dll!LdrUnloadDll 77992029 5 Bytes JMP 00F503FC
.text C:\WINDOWS\system32\DllHost.exe[3024] ntdll.dll!LdrLoadDll 779A5D29 5 Bytes JMP 00F501F8
.text C:\WINDOWS\system32\DllHost.exe[3024] KERNEL32.dll!GetBinaryTypeW + 6F 7541DDE0 1 Byte [62]
.text C:\WINDOWS\system32\DllHost.exe[3024] user32.dll!UnhookWindowsHookEx 76DFA37A 5 Bytes JMP 00FA0A08
.text C:\WINDOWS\system32\DllHost.exe[3024] user32.dll!SetWindowsHookExW 76DFF223 5 Bytes JMP 00FA0804
.text C:\WINDOWS\system32\DllHost.exe[3024] user32.dll!UnhookWinEvent 76DFFE7F 5 Bytes JMP 00FA03FC
.text C:\WINDOWS\system32\DllHost.exe[3024] user32.dll!SetWinEventHook 76E0938E 5 Bytes JMP 00FA01F8
.text C:\WINDOWS\system32\DllHost.exe[3024] user32.dll!SetWindowsHookExA 76E16F76 5 Bytes JMP 00FA0600
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[3124] ntdll.dll!LdrUnloadDll 77992029 5 Bytes JMP 001803FC
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[3124] ntdll.dll!LdrLoadDll 779A5D29 5 Bytes JMP 001801F8
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[3124] USER32.dll!UnhookWindowsHookEx 76DFA37A 5 Bytes JMP 00330A08
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[3124] USER32.dll!SetWindowsHookExW 76DFF223 5 Bytes JMP 00330804
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[3124] USER32.dll!UnhookWinEvent 76DFFE7F 5 Bytes JMP 003303FC
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[3124] USER32.dll!SetWinEventHook 76E0938E 5 Bytes JMP 003301F8
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[3124] USER32.dll!SetWindowsHookExA 76E16F76 5 Bytes JMP 00330600
.text C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[3472] ntdll.dll!LdrUnloadDll 77992029 5 Bytes JMP 002003FC
.text C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[3472] ntdll.dll!LdrLoadDll 779A5D29 5 Bytes JMP 002001F8
.text C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[3472] KERNEL32.dll!GetBinaryTypeW + 6F 7541DDE0 1 Byte [62]
.text C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[3472] USER32.dll!UnhookWindowsHookEx 76DFA37A 5 Bytes JMP 00220A08
.text C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[3472] USER32.dll!SetWindowsHookExW 76DFF223 5 Bytes JMP 00220804
.text C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[3472] USER32.dll!UnhookWinEvent 76DFFE7F 5 Bytes JMP 002203FC
.text C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[3472] USER32.dll!SetWinEventHook 76E0938E 5 Bytes JMP 002201F8
.text C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[3472] USER32.dll!SetWindowsHookExA 76E16F76 5 Bytes JMP 00220600
.text C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3516] ntdll.dll!LdrUnloadDll 77992029 5 Bytes JMP 002003FC
.text C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3516] ntdll.dll!LdrLoadDll 779A5D29 5 Bytes JMP 002001F8
.text C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3516] KERNEL32.dll!GetBinaryTypeW + 6F 7541DDE0 1 Byte [62]
.text C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3516] USER32.dll!UnhookWindowsHookEx 76DFA37A 5 Bytes JMP 00220A08
.text C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3516] USER32.dll!SetWindowsHookExW 76DFF223 5 Bytes JMP 00220804
.text C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3516] USER32.dll!UnhookWinEvent 76DFFE7F 5 Bytes JMP 002203FC
.text C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3516] USER32.dll!SetWinEventHook 76E0938E 5 Bytes JMP 002201F8
.text C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3516] USER32.dll!SetWindowsHookExA 76E16F76 5 Bytes JMP 00220600
.text C:\Windows\System32\WUDFHost.exe[3540] ntdll.dll!LdrUnloadDll 77992029 5 Bytes JMP 00EA03FC
.text C:\Windows\System32\WUDFHost.exe[3540] ntdll.dll!LdrLoadDll 779A5D29 5 Bytes JMP 00EA01F8
.text C:\Windows\System32\WUDFHost.exe[3540] USER32.dll!UnhookWindowsHookEx 76DFA37A 5 Bytes JMP 00EE0A08
.text C:\Windows\System32\WUDFHost.exe[3540] USER32.dll!SetWindowsHookExW 76DFF223 5 Bytes JMP 00EE0804
.text C:\Windows\System32\WUDFHost.exe[3540] USER32.dll!UnhookWinEvent 76DFFE7F 5 Bytes JMP 00EE03FC
.text C:\Windows\System32\WUDFHost.exe[3540] USER32.dll!SetWinEventHook 76E0938E 5 Bytes JMP 00EE01F8
.text C:\Windows\System32\WUDFHost.exe[3540] USER32.dll!SetWindowsHookExA 76E16F76 5 Bytes JMP 00EE0600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3648] ntdll.dll!LdrUnloadDll 77992029 5 Bytes JMP 002003FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3648] ntdll.dll!LdrLoadDll 779A5D29 5 Bytes JMP 002001F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3648] USER32.dll!UnhookWindowsHookEx 76DFA37A 5 Bytes JMP 00220A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3648] USER32.dll!SetWindowsHookExW 76DFF223 5 Bytes JMP 00220804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3648] USER32.dll!UnhookWinEvent 76DFFE7F 5 Bytes JMP 002203FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3648] USER32.dll!SetWinEventHook 76E0938E 5 Bytes JMP 002201F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3648] USER32.dll!SetWindowsHookExA 76E16F76 5 Bytes JMP 00220600
.text C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3668] ntdll.dll!LdrUnloadDll 77992029 5 Bytes JMP 008703FC
.text C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3668] ntdll.dll!LdrLoadDll 779A5D29 5 Bytes JMP 008701F8
.text C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3668] USER32.dll!UnhookWindowsHookEx 76DFA37A 5 Bytes JMP 00880A08
.text C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3668] USER32.dll!SetWindowsHookExW 76DFF223 5 Bytes JMP 00880804
.text C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3668] USER32.dll!UnhookWinEvent 76DFFE7F 5 Bytes JMP 008803FC
.text C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3668] USER32.dll!SetWinEventHook 76E0938E 5 Bytes JMP 008801F8
.text C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3668] USER32.dll!SetWindowsHookExA 76E16F76 5 Bytes JMP 00880600
.text C:\Windows\System32\RuntimeBroker.exe[3872] ntdll.dll!LdrUnloadDll 77992029 5 Bytes JMP 003603FC
.text C:\Windows\System32\RuntimeBroker.exe[3872] ntdll.dll!LdrLoadDll 779A5D29 5 Bytes JMP 003601F8
.text C:\Windows\System32\RuntimeBroker.exe[3872] USER32.dll!UnhookWindowsHookEx 76DFA37A 5 Bytes JMP 00380A08
.text C:\Windows\System32\RuntimeBroker.exe[3872] USER32.dll!SetWindowsHookExW 76DFF223 5 Bytes JMP 00380804
.text C:\Windows\System32\RuntimeBroker.exe[3872] USER32.dll!UnhookWinEvent 76DFFE7F 5 Bytes JMP 003803FC
.text C:\Windows\System32\RuntimeBroker.exe[3872] USER32.dll!SetWinEventHook 76E0938E 5 Bytes JMP 003801F8
.text C:\Windows\System32\RuntimeBroker.exe[3872] USER32.dll!SetWindowsHookExA 76E16F76 5 Bytes JMP 00380600
.text C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[4012] ntdll.dll!LdrUnloadDll 77992029 5 Bytes JMP 010303FC
.text C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[4012] ntdll.dll!LdrLoadDll 779A5D29 5 Bytes JMP 010301F8
.text C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[4012] KERNEL32.dll!GetBinaryTypeW + 6F 7541DDE0 1 Byte [62]
.text C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[4012] USER32.dll!UnhookWindowsHookEx 76DFA37A 5 Bytes JMP 011F0A08
.text C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[4012] USER32.dll!SetWindowsHookExW 76DFF223 5 Bytes JMP 011F0804
.text C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[4012] USER32.dll!UnhookWinEvent 76DFFE7F 5 Bytes JMP 011F03FC
.text C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[4012] USER32.dll!SetWinEventHook 76E0938E 5 Bytes JMP 011F01F8
.text C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[4012] USER32.dll!SetWindowsHookExA 76E16F76 5 Bytes JMP 011F0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4044] ntdll.dll!LdrUnloadDll 77992029 5 Bytes JMP 002103FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4044] ntdll.dll!LdrLoadDll 779A5D29 5 Bytes JMP 002101F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4044] KERNEL32.dll!GetBinaryTypeW + 6F 7541DDE0 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4044] USER32.dll!UnhookWindowsHookEx 76DFA37A 5 Bytes JMP 00340A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4044] USER32.dll!SetWindowsHookExW 76DFF223 5 Bytes JMP 00340804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4044] USER32.dll!UnhookWinEvent 76DFFE7F 5 Bytes JMP 003403FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4044] USER32.dll!SetWinEventHook 76E0938E 5 Bytes JMP 003401F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4044] USER32.dll!SetWindowsHookExA 76E16F76 5 Bytes JMP 00340600
.text C:\WINDOWS\system32\ctfmon.exe[4620] ntdll.dll!LdrUnloadDll 77992029 5 Bytes JMP 004603FC
.text C:\WINDOWS\system32\ctfmon.exe[4620] ntdll.dll!LdrLoadDll 779A5D29 5 Bytes JMP 004601F8
.text C:\WINDOWS\system32\ctfmon.exe[4620] KERNEL32.dll!GetBinaryTypeW + 6F 7541DDE0 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[4620] USER32.dll!UnhookWindowsHookEx 76DFA37A 5 Bytes JMP 00490A08
.text C:\WINDOWS\system32\ctfmon.exe[4620] USER32.dll!SetWindowsHookExW 76DFF223 5 Bytes JMP 00490804
.text C:\WINDOWS\system32\ctfmon.exe[4620] USER32.dll!UnhookWinEvent 76DFFE7F 5 Bytes JMP 004903FC
.text C:\WINDOWS\system32\ctfmon.exe[4620] USER32.dll!SetWinEventHook 76E0938E 5 Bytes JMP 004901F8
.text C:\WINDOWS\system32\ctfmon.exe[4620] USER32.dll!SetWindowsHookExA 76E16F76 5 Bytes JMP 00490600
.text C:\Program Files\Mozilla Firefox\firefox.exe[5900] ntdll.dll!LdrUnloadDll 77992029 5 Bytes JMP 002F03FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[5900] ntdll.dll!LdrLoadDll 779A5D29 5 Bytes JMP 5885EEB0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5900] KERNEL32.dll!InterlockedExchange + 11 7540153B 7 Bytes JMP 58E6979B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5900] KERNEL32.dll!GetStdHandle + C 75401B37 7 Bytes JMP 58E69778 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5900] KERNEL32.dll!CreateProcessW + 69 75404798 7 Bytes JMP 58864CE9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5900] KERNEL32.dll!GetBinaryTypeW + 6F 7541DDE0 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5900] USER32.dll!UnhookWindowsHookEx 76DFA37A 5 Bytes JMP 00300A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[5900] USER32.dll!SetWindowsHookExW 76DFF223 5 Bytes JMP 00300804
.text C:\Program Files\Mozilla Firefox\firefox.exe[5900] USER32.dll!UnhookWinEvent 76DFFE7F 5 Bytes JMP 003003FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[5900] USER32.dll!SetWinEventHook 76E0938E 5 Bytes JMP 003001F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[5900] USER32.dll!SetWindowsHookExA 76E16F76 5 Bytes JMP 00300600
.text C:\Program Files\Mozilla Firefox\firefox.exe[5900] GDI32.dll!SetWindowOrgEx + 3C7 771C8C9D 7 Bytes JMP 58E696F9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- Devices - GMER 2.1 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -2134714711
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk1\DR1 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
14.07.2013, 21:58
| #14 |
| | Avast blockiert Datei (windows\system32\svchost.exe) MBAR: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org
Database version: v2013.07.14.06
Windows 8 x86 NTFS
Internet Explorer 10.0.9200.16635
Sascha :: LABTOP [administrator]
14.07.2013 21:56:12
mbar-log-2013-07-14 (21-56-12).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 230630
Time elapsed: 16 minute(s), 3 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
 |
|
14.07.2013, 21:59
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avast blockiert Datei (windows\system32\svchost.exe) Hat MBAR wirklich nix gefunden?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Avast blockiert Datei (windows\system32\svchost.exe) |
| avast, beendet, blockiert, datei, datenträger, diverse, fehlermeldung, gen, gmer, infizierte, internet, langsam, laptop, laufwerk, meldung, probleme, rechner, sekunden, spiele, spielen, svchost.exe, system, system32, unregelmäßige, verbindung, windows |
Linear-Darstellung
